{ "Event": { "analysis": "0", "date": "2018-04-16", "extends_uuid": "", "info": "OSINT - Roaming Mantis uses DNS hijacking to infect Android smartphones", "publish_timestamp": "1528904237", "published": true, "threat_level_id": "3", "timestamp": "1528891813", "uuid": "5b1e79b9-cf9c-4072-b420-4be0950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#3a7300", "local": "0", "name": "circl:incident-classification=\"malware\"", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#211c1c", "local": "0", "name": "Android Malware", "relationship_type": "" }, { "colour": "#5f0077", "local": "0", "name": "ms-caro-malware:malware-platform=\"AndroidOS\"", "relationship_type": "" }, { "colour": "#001a40", "local": "0", "name": "ms-caro-malware-full:malware-platform=\"AndroidOS\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"Roaming Mantis\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1528723939", "to_ids": false, "type": "link", "uuid": "5b1e79cc-e98c-46ed-93cb-4c23950d210f", "value": "https://securelist.com/roaming-mantis-uses-dns-hijacking-to-infect-android-smartphones/85178/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1528723970", "to_ids": false, "type": "comment", "uuid": "5b1e79f5-aff8-412a-a634-453e950d210f", "value": "n March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to our telemetry data, this malware was detected more than 6,000 times, though the reports came from just 150 unique users (from February 9 to April 9, 2018). Of course, this is down to the nature of the malware distribution, but it also suggests a very painful experience for some users, who saw the same malware appear again and again in their network. More than half of the detections were observed targeting the Asian region.\r\n\r\nDuring our research we received some invaluable information about the true scale of this attack. There were thousands of daily connections to the command and control (C2) infrastructure, with the device locale for the majority of victims set to Korean. Since we didn\u00e2\u20ac\u2122t find a pre-existing name for this malware operation, we decided to assign a new one for future reference. Based on its propagation via smartphones roaming between Wi-Fi networks, potentially carrying and spreading the infection, we decided to call it \u00e2\u20ac\u02dcRoaming Mantis\u00e2\u20ac\u2122.", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724025", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a39-c0d0-416b-a377-495e950d210f", "value": "114.44.37.112" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724025", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a39-eafc-442e-8e89-4925950d210f", "value": "118.166.1.124" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724026", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a3a-4acc-4136-9640-48b9950d210f", "value": "118.168.193.123" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724027", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a3b-ddc4-4396-8481-46a6950d210f", "value": "128.14.50.146" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724027", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a3b-73cc-4c50-bfb7-4cbf950d210f", "value": "128.14.50.147" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724027", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a3b-0948-4c99-8daf-4115950d210f", "value": "220.136.111.66" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724028", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a3c-b3bc-489d-bd9f-436c950d210f", "value": "220.136.179.5" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724029", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a3d-59a8-4d91-8cf3-4159950d210f", "value": "220.136.76.200" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724029", "to_ids": true, "type": "ip-dst", "uuid": "5b1e7a3d-a4cc-46b1-b27a-4b57950d210f", "value": "43.240.14.44" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724030", "to_ids": true, "type": "hostname", "uuid": "5b1e7a3e-caa8-486d-b084-420d950d210f", "value": "haoxingfu01.ddns.net" }, { "category": "Network activity", "comment": "Malicious hosts", "deleted": false, "disable_correlation": false, "timestamp": "1528724031", "to_ids": true, "type": "hostname", "uuid": "5b1e7a3f-d154-48fe-b4b0-4add950d210f", "value": "shaoye11.hopto.org" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724232", "to_ids": true, "type": "md5", "uuid": "5b1e7b08-e348-4cc8-a3de-ef08950d210f", "value": "03108e7f426416b0eaca9132f082d568" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724233", "to_ids": true, "type": "md5", "uuid": "5b1e7b09-e690-4abf-a0be-ef08950d210f", "value": "1cc88a79424091121a83d58b6886ea7a" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724233", "to_ids": true, "type": "md5", "uuid": "5b1e7b09-8488-4e07-ac20-ef08950d210f", "value": "2a1da7e17edaefc0468dbf25a0f60390" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724235", "to_ids": true, "type": "md5", "uuid": "5b1e7b0b-c3d0-44da-bf91-ef08950d210f", "value": "31e61e52d38f19cf3958df2239fba1a7" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724235", "to_ids": true, "type": "md5", "uuid": "5b1e7b0b-8c9c-400e-99cb-ef08950d210f", "value": "34efc3ebf51a6511c0d12cce7592db73" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724236", "to_ids": true, "type": "md5", "uuid": "5b1e7b0c-8b64-4d60-acfd-ef08950d210f", "value": "4d9a7e425f8c8b02d598ef0a0a776a58" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724236", "to_ids": true, "type": "md5", "uuid": "5b1e7b0c-b198-4ba7-a0f3-ef08950d210f", "value": "808b186ddfa5e62ee882d5bdb94cc6e2" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724237", "to_ids": true, "type": "md5", "uuid": "5b1e7b0d-91c8-46e7-8595-ef08950d210f", "value": "904b4d615c05952bcf58f35acadee5c1" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724237", "to_ids": true, "type": "md5", "uuid": "5b1e7b0d-126c-4f8e-82c0-ef08950d210f", "value": "a21322b2416fce17a1877542d16929d5" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724238", "to_ids": true, "type": "md5", "uuid": "5b1e7b0e-7b30-4993-9ae7-ef08950d210f", "value": "b84b0d5f128a8e0621733a6f3b412e19" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724238", "to_ids": true, "type": "md5", "uuid": "5b1e7b0e-06a4-466d-a5ac-ef08950d210f", "value": "bd90279ad5c5a813bc34c06093665e55" }, { "category": "Payload delivery", "comment": "Malicious apks", "deleted": false, "disable_correlation": false, "timestamp": "1528724239", "to_ids": true, "type": "md5", "uuid": "5b1e7b0f-b210-471d-b5da-ef08950d210f", "value": "ff163a92f2622f2b8330a5730d3d636c" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724813", "to_ids": true, "type": "md5", "uuid": "5b1e7d4d-f590-41cc-a20e-4a8c950d210f", "value": "19e3daf40460aea22962d98de4bc32d2" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724814", "to_ids": true, "type": "md5", "uuid": "5b1e7d4e-0dbc-4091-be32-465a950d210f", "value": "36b2609a98aa39c730c2f5b49097d0ad" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724815", "to_ids": true, "type": "md5", "uuid": "5b1e7d4f-c838-4b57-b76f-4017950d210f", "value": "3ba4882dbf2dd6bd4fc0f54ec1373f4c" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724816", "to_ids": true, "type": "md5", "uuid": "5b1e7d50-3de4-44b8-acca-4886950d210f", "value": "6cac4c9eda750a69e435c801a7ca7b8d" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724817", "to_ids": true, "type": "md5", "uuid": "5b1e7d51-61c4-47c2-9e1e-4695950d210f", "value": "8a4ed9c4a66d7ccb3d155f85383ea3b3" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724817", "to_ids": true, "type": "md5", "uuid": "5b1e7d51-8dd8-481b-aa0b-4ef6950d210f", "value": "b43335b043212355619fd827b01be9a0" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724818", "to_ids": true, "type": "md5", "uuid": "5b1e7d52-1c88-4857-bd0e-4c9e950d210f", "value": "b7afa4b2dafb57886fc47a1355824199" }, { "category": "Payload delivery", "comment": "class.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528724819", "to_ids": true, "type": "md5", "uuid": "5b1e7d53-d158-407d-a141-46ab950d210f", "value": "f89214bfa4b4ac9000087e4253e7f754" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725335", "to_ids": true, "type": "md5", "uuid": "5b1e7f57-9470-4e10-b576-47cb950d210f", "value": "1bd7815bece1b54b7728b8dd16f1d3a9" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725336", "to_ids": true, "type": "md5", "uuid": "5b1e7f58-fe1c-4183-89d3-4c7a950d210f", "value": "307d2780185ba2b8c5ad4c9256407504" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725336", "to_ids": true, "type": "md5", "uuid": "5b1e7f58-5938-41ef-9274-4767950d210f", "value": "3e4bff0e8ed962f3c420692a35d2e503" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725336", "to_ids": true, "type": "md5", "uuid": "5b1e7f58-0268-40b9-bcc1-417a950d210f", "value": "57abbe642b85fa00b1f76f62acad4d3b" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725337", "to_ids": true, "type": "md5", "uuid": "5b1e7f59-772c-4467-8c2e-42ef950d210f", "value": "6e1926d548ffac0f6cedfb4a4f49196e" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725338", "to_ids": true, "type": "md5", "uuid": "5b1e7f5a-d1a8-405b-8bd0-40e4950d210f", "value": "7714321baf6a54b09baa6a777b9742ef" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725339", "to_ids": true, "type": "md5", "uuid": "5b1e7f5b-2e0c-4982-b9d3-4b88950d210f", "value": "7aa46b4d67c3ab07caa53e8d8df3005c" }, { "category": "Payload delivery", "comment": "test.dex", "deleted": false, "disable_correlation": false, "timestamp": "1528725340", "to_ids": true, "type": "md5", "uuid": "5b1e7f5c-4e44-4842-b85a-4f14950d210f", "value": "a0f88c77b183da227b9902968862c2b9" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528725962", "uuid": "5b1e81ca-59cc-4694-a29e-49c6950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1528725962", "to_ids": true, "type": "md5", "uuid": "5b1e81ca-8624-4111-9c6b-4c2e950d210f", "value": "f3ca571b2d1f0ecff371fb82119d1afe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1528725963", "to_ids": true, "type": "filename", "uuid": "5b1e81cb-f43c-4c57-a058-4b1f950d210f", "value": "chrome.apk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1528725963", "to_ids": false, "type": "text", "uuid": "5b1e81cb-a278-48da-9576-44a1950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874686", "uuid": "7895e457-0624-4c5c-8088-f94060e0ed2a", "ObjectReference": [ { "comment": "", "object_uuid": "7895e457-0624-4c5c-8088-f94060e0ed2a", "referenced_uuid": "5d5975f7-733d-4fcf-8bab-79244beb3c16", "relationship_type": "analysed-with", "timestamp": "1528874751", "uuid": "5b20c6ff-4280-4db8-8aca-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874685", "uuid": "5d5975f7-733d-4fcf-8bab-79244beb3c16", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874688", "uuid": "c5db4c67-486b-4072-b0a8-9ea072601c69", "ObjectReference": [ { "comment": "", "object_uuid": "c5db4c67-486b-4072-b0a8-9ea072601c69", "referenced_uuid": "482ef333-17f7-4369-9af1-4536fae21f48", "relationship_type": "analysed-with", "timestamp": "1528874751", "uuid": "5b20c6ff-3e5c-416c-a540-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874687", "uuid": "482ef333-17f7-4369-9af1-4536fae21f48", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874691", "uuid": "8b23deac-1eff-4145-9654-6efc48bc6a97", "ObjectReference": [ { "comment": "", "object_uuid": "8b23deac-1eff-4145-9654-6efc48bc6a97", "referenced_uuid": "5cd53d38-3a6e-4eaa-8487-77d44ccc6f81", "relationship_type": "analysed-with", "timestamp": "1528874751", "uuid": "5b20c6ff-f1a4-4b27-af64-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874690", "uuid": "5cd53d38-3a6e-4eaa-8487-77d44ccc6f81", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874694", "uuid": "b57d5a1e-1383-49f6-b9b3-37428f881e5a", "ObjectReference": [ { "comment": "", "object_uuid": "b57d5a1e-1383-49f6-b9b3-37428f881e5a", "referenced_uuid": "e55d60e9-260d-4a88-bb1e-5684e543500f", "relationship_type": "analysed-with", "timestamp": "1528874752", "uuid": "5b20c700-ae24-4081-b4ec-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874692", "uuid": "e55d60e9-260d-4a88-bb1e-5684e543500f", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874696", "uuid": "30574377-3a6c-4e77-bdb4-61579753e382", "ObjectReference": [ { "comment": "", "object_uuid": "30574377-3a6c-4e77-bdb4-61579753e382", "referenced_uuid": "e181ed3a-699b-4b04-b58c-278508c22b08", "relationship_type": "analysed-with", "timestamp": "1528874752", "uuid": "5b20c700-0fec-40de-8fa3-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874694", "uuid": "e181ed3a-699b-4b04-b58c-278508c22b08", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874698", "uuid": "e7bb4bfe-107d-40cf-b825-3e4c9381089a", "ObjectReference": [ { "comment": "", "object_uuid": "e7bb4bfe-107d-40cf-b825-3e4c9381089a", "referenced_uuid": "7d628547-f5fe-492c-a7be-f8e6b7a3c126", "relationship_type": "analysed-with", "timestamp": "1528874752", "uuid": "5b20c700-77cc-435e-9c89-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874696", "uuid": "7d628547-f5fe-492c-a7be-f8e6b7a3c126", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874701", "uuid": "f00d242d-95f7-4953-a20c-86d3d0ac0876", "ObjectReference": [ { "comment": "", "object_uuid": "f00d242d-95f7-4953-a20c-86d3d0ac0876", "referenced_uuid": "a0309f0e-4ab2-414b-94e6-4c3d42e69d63", "relationship_type": "analysed-with", "timestamp": "1528874752", "uuid": "5b20c700-03a0-4c1c-a8aa-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874699", "uuid": "a0309f0e-4ab2-414b-94e6-4c3d42e69d63", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874703", "uuid": "1e6d34b0-4124-44b9-825c-a43babb1fdd7", "ObjectReference": [ { "comment": "", "object_uuid": "1e6d34b0-4124-44b9-825c-a43babb1fdd7", "referenced_uuid": "1451c9ad-c553-4684-9f21-0ca69508b635", "relationship_type": "analysed-with", "timestamp": "1528874752", "uuid": "5b20c700-c8ec-4b43-8f2c-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874701", "uuid": "1451c9ad-c553-4684-9f21-0ca69508b635", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874705", "uuid": "387bc28f-7365-4468-b905-aa97603e6716", "ObjectReference": [ { "comment": "", "object_uuid": "387bc28f-7365-4468-b905-aa97603e6716", "referenced_uuid": "94181920-5615-453e-b15e-3d00e486ba33", "relationship_type": "analysed-with", "timestamp": "1528874752", "uuid": "5b20c700-c4a0-409d-9248-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874704", "uuid": "94181920-5615-453e-b15e-3d00e486ba33", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874708", "uuid": "716a2596-713d-4a82-9f0f-caa5e7f30083", "ObjectReference": [ { "comment": "", "object_uuid": "716a2596-713d-4a82-9f0f-caa5e7f30083", "referenced_uuid": "8347b39e-3e12-4464-93a3-d8537266d53e", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-2000-4343-a4cd-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874706", "uuid": "8347b39e-3e12-4464-93a3-d8537266d53e", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874710", "uuid": "2a5b4e41-d9a5-485a-8fbf-985c28e79496", "ObjectReference": [ { "comment": "", "object_uuid": "2a5b4e41-d9a5-485a-8fbf-985c28e79496", "referenced_uuid": "db97fe12-c0c4-4642-9676-4a41b873011c", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-af30-498a-80bf-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874708", "uuid": "db97fe12-c0c4-4642-9676-4a41b873011c", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874712", "uuid": "57d626b8-a358-44c7-a05f-a4cd3317c728", "ObjectReference": [ { "comment": "", "object_uuid": "57d626b8-a358-44c7-a05f-a4cd3317c728", "referenced_uuid": "95ada4d5-b381-45a1-849d-a4f63c529ff9", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-836c-4c2f-82a2-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874710", "uuid": "95ada4d5-b381-45a1-849d-a4f63c529ff9", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874714", "uuid": "98056eaf-23b8-4e84-b835-4107362aae17", "ObjectReference": [ { "comment": "", "object_uuid": "98056eaf-23b8-4e84-b835-4107362aae17", "referenced_uuid": "c5f108b7-9885-4360-b659-64e5a4615790", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-868c-4006-a57f-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874713", "uuid": "c5f108b7-9885-4360-b659-64e5a4615790", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874717", "uuid": "72d92fc7-ab0f-4d77-b79b-bd7ceb901a5b", "ObjectReference": [ { "comment": "", "object_uuid": "72d92fc7-ab0f-4d77-b79b-bd7ceb901a5b", "referenced_uuid": "b01ac61c-5dd4-45d8-b413-b93ce0d4b225", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-6420-439c-86e8-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874715", "uuid": "b01ac61c-5dd4-45d8-b413-b93ce0d4b225", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874719", "uuid": "89f1910f-40e3-456d-9d55-611ac7b06f6f", "ObjectReference": [ { "comment": "", "object_uuid": "89f1910f-40e3-456d-9d55-611ac7b06f6f", "referenced_uuid": "1683e823-d894-473f-8672-92a02b0c15ad", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-8b90-4d6d-a10a-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874717", "uuid": "1683e823-d894-473f-8672-92a02b0c15ad", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874721", "uuid": "758eea54-b3b9-44a5-b21d-6ab24868087f", "ObjectReference": [ { "comment": "", "object_uuid": "758eea54-b3b9-44a5-b21d-6ab24868087f", "referenced_uuid": "36c393b6-08ec-47e2-9801-1afeaa353e53", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-2b10-499a-bc0e-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874720", "uuid": "36c393b6-08ec-47e2-9801-1afeaa353e53", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874724", "uuid": "5801ede4-b4a9-48c7-8431-a185df616fef", "ObjectReference": [ { "comment": "", "object_uuid": "5801ede4-b4a9-48c7-8431-a185df616fef", "referenced_uuid": "cf9c0b8f-5b53-496c-afff-a98242ce0e8c", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-8868-4d01-b0d1-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874722", "uuid": "cf9c0b8f-5b53-496c-afff-a98242ce0e8c", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874726", "uuid": "a08a8414-3d11-44c2-9477-af49dc306da9", "ObjectReference": [ { "comment": "", "object_uuid": "a08a8414-3d11-44c2-9477-af49dc306da9", "referenced_uuid": "91ab5779-0629-4b3b-9647-35eca7084ea5", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-220c-44ef-94c9-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874724", "uuid": "91ab5779-0629-4b3b-9647-35eca7084ea5", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874728", "uuid": "9dc5223e-3a11-4fb9-bb5e-3dc048def096", "ObjectReference": [ { "comment": "", "object_uuid": "9dc5223e-3a11-4fb9-bb5e-3dc048def096", "referenced_uuid": "5b9d8777-dffd-4b06-9ac3-29c61edbca1d", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-e8b8-4930-920e-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874726", "uuid": "5b9d8777-dffd-4b06-9ac3-29c61edbca1d", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874730", "uuid": "e8ce9f63-d621-42b1-a3fb-0012c7ff6ec4", "ObjectReference": [ { "comment": "", "object_uuid": "e8ce9f63-d621-42b1-a3fb-0012c7ff6ec4", "referenced_uuid": "02127bbe-1c57-4f73-bea8-3c478482304f", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-73cc-4fb4-8518-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874729", "uuid": "02127bbe-1c57-4f73-bea8-3c478482304f", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874732", "uuid": "fce42428-c55d-460f-ac00-77ec2c153a7a", "ObjectReference": [ { "comment": "", "object_uuid": "fce42428-c55d-460f-ac00-77ec2c153a7a", "referenced_uuid": "e7967874-9983-4ffe-88e9-ff04a191f4f7", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-053c-4e88-a68b-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874731", "uuid": "e7967874-9983-4ffe-88e9-ff04a191f4f7", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874735", "uuid": "143b8d09-b19c-433d-b23c-c950160d1aa0", "ObjectReference": [ { "comment": "", "object_uuid": "143b8d09-b19c-433d-b23c-c950160d1aa0", "referenced_uuid": "c85ff102-0020-4710-9921-e99dcb5ca588", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-d658-4c7f-8e5a-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874733", "uuid": "c85ff102-0020-4710-9921-e99dcb5ca588", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874737", "uuid": "efb63dbe-b6ef-41c9-b491-c3fc374121b0", "ObjectReference": [ { "comment": "", "object_uuid": "efb63dbe-b6ef-41c9-b491-c3fc374121b0", "referenced_uuid": "c6e0b765-789b-4e5a-b239-e708f068662e", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-f39c-4257-9845-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874736", "uuid": "c6e0b765-789b-4e5a-b239-e708f068662e", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874740", "uuid": "b84b8a41-7607-44f9-929f-84af754f63a2", "ObjectReference": [ { "comment": "", "object_uuid": "b84b8a41-7607-44f9-929f-84af754f63a2", "referenced_uuid": "8b706858-0316-41da-be85-d5ed4c9cdbba", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-c5d0-4868-8b28-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874738", "uuid": "8b706858-0316-41da-be85-d5ed4c9cdbba", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874742", "uuid": "bfa0503f-b4cd-4957-a0b2-e298e4ca94bb", "ObjectReference": [ { "comment": "", "object_uuid": "bfa0503f-b4cd-4957-a0b2-e298e4ca94bb", "referenced_uuid": "42851761-8f1f-489b-b602-be5584e8236f", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-2774-4e04-89db-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874741", "uuid": "42851761-8f1f-489b-b602-be5584e8236f", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874745", "uuid": "e141c73c-c72c-432f-ba63-cc0d885b7ffc", "ObjectReference": [ { "comment": "", "object_uuid": "e141c73c-c72c-432f-ba63-cc0d885b7ffc", "referenced_uuid": "335fa9a0-2553-41db-8574-23ef5764e8b3", "relationship_type": "analysed-with", "timestamp": "1528874753", "uuid": "5b20c701-351c-4f19-be2b-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874743", "uuid": "335fa9a0-2553-41db-8574-23ef5764e8b3", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874747", "uuid": "d04fe5a4-45fc-48b1-8e34-c459f4286e2d", "ObjectReference": [ { "comment": "", "object_uuid": "d04fe5a4-45fc-48b1-8e34-c459f4286e2d", "referenced_uuid": "e73f228a-4dc0-4ea7-8d9c-8d1ea347c077", "relationship_type": "analysed-with", "timestamp": "1528874754", "uuid": "5b20c702-1448-4bb8-9e42-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874745", "uuid": "e73f228a-4dc0-4ea7-8d9c-8d1ea347c077", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874749", "uuid": "20b0f636-5acb-4d7a-97a5-301603dc165c", "ObjectReference": [ { "comment": "", "object_uuid": "20b0f636-5acb-4d7a-97a5-301603dc165c", "referenced_uuid": "52e2d3a7-3f65-48c5-a51a-367f0278f35d", "relationship_type": "analysed-with", "timestamp": "1528874754", "uuid": "5b20c702-0930-4fa9-b702-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874747", "uuid": "52e2d3a7-3f65-48c5-a51a-367f0278f35d", "Attribute": [] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1528874751", "uuid": "e6c069c8-7e93-4aa9-9c13-f5b1c5c21cbb", "ObjectReference": [ { "comment": "", "object_uuid": "e6c069c8-7e93-4aa9-9c13-f5b1c5c21cbb", "referenced_uuid": "36fbb8b3-2919-49f9-aea1-a5b762650f67", "relationship_type": "analysed-with", "timestamp": "1528874754", "uuid": "5b20c702-862c-412b-803b-a61602de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1528874750", "uuid": "36fbb8b3-2919-49f9-aea1-a5b762650f67", "Attribute": [] } ] } }