{ "Event": { "analysis": "2", "date": "2017-12-19", "extends_uuid": "", "info": "OSINT - North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group", "publish_timestamp": "1514468225", "published": true, "threat_level_id": "3", "timestamp": "1513911661", "uuid": "5a3b6be0-1924-4671-8829-d895950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "name": "misp-galaxy:rat=\"Gh0st RAT\"" }, { "colour": "#075800", "name": "misp-galaxy:tool=\"Gh0st Rat\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"gh0st\"" }, { "colour": "#13eb00", "name": "misp-galaxy:threat-actor=\"Lazarus Group\"" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" }, { "colour": "#002b4a", "name": "osint:source-type=\"technical-report\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"PowerRatankba\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"PowerSpritz\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": false, "type": "link", "uuid": "5a3b6d7d-f078-4a39-a907-d89c950d210f", "value": "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": false, "type": "link", "uuid": "5a3b6d7d-3ea4-4753-a1d2-d89c950d210f", "value": "https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf", "Tag": [ { "colour": "#002b4a", "name": "osint:source-type=\"technical-report\"" } ] }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-ce88-4719-8e60-4768950d210f", "value": "http://skype.2.vu/1" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-102c-477c-8786-40b8950d210f", "value": "http://skype.2.vu/k" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-9f68-400a-a279-4c1c950d210f", "value": "http://skypeupdate.2.vu/1" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-c5fc-47b1-ac3a-4939950d210f", "value": "http://telegramupdate.2.vu/5" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-3b0c-4dfb-8a92-4920950d210f", "value": "https://doc-00-64-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/39cbphg8k5qve4q5rr6nonee1bueiu8o/1499428800000/13030420262846080952/*/0B63J1WTZC49hX1JnZUo4Y1pnRG8?e=download" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-84f8-45b2-8ce3-4cfa950d210f", "value": "https://drive.google.com/uc?export=download&id=0B63J1WTZC49hdDR0clR3cFpITVE" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-aa2c-45b3-ab64-4852950d210f", "value": "http://201.211.183.215:8080/update.php?t=Skype&r=update" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e62-b95c-48de-a86f-40d3950d210f", "value": "http://122.248.34.23/lndex.php?t=SkypeSetup&r=mail_new" }, { "category": "Network activity", "comment": "PowerSpritz ITW URL", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b6e63-c8b0-46af-8b48-435d950d210f", "value": "http://122.248.34.23/lndex.php?t=Telegram&r=1.1.9" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "timestamp": "1513844465", "to_ids": true, "type": "sha256", "uuid": "5a3b6ef1-1190-4a1f-b820-41e6950d210f", "value": "cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "timestamp": "1513844465", "to_ids": true, "type": "sha256", "uuid": "5a3b6ef1-38d4-4c1e-aa75-40aa950d210f", "value": "9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "timestamp": "1513844465", "to_ids": true, "type": "sha256", "uuid": "5a3b6ef1-0614-40e6-b027-44a4950d210f", "value": "5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07" }, { "category": "Network activity", "comment": "PowerSpritz C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b7017-6038-4a51-aa3d-4155950d210f", "value": "http://dogecoin.deaftone.com:8080/mainls.cs" }, { "category": "Network activity", "comment": "PowerSpritz C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "url", "uuid": "5a3b7017-0d8c-4ceb-a36d-4e5c950d210f", "value": "http://macintosh.linkpc.net:8080/mainls.cs" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-b038-42db-8077-48d2950d210f", "value": "81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-feb0-48aa-8aa9-43b0950d210f", "value": "d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-d3dc-4e70-9962-4366950d210f", "value": "4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-cba0-44f4-95e7-401f950d210f", "value": "01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-536c-4957-b446-49cc950d210f", "value": "9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-4ee4-4fc2-be34-4175950d210f", "value": "85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-f974-4f08-a635-4a22950d210f", "value": "6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-ec48-4de3-916a-4ed7950d210f", "value": "772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-1bb0-45e3-9392-44c7950d210f", "value": "6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "timestamp": "1513844829", "to_ids": true, "type": "sha256", "uuid": "5a3b705d-2674-42df-acfe-44f9950d210f", "value": "030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863" }, { "category": "Network activity", "comment": "Microsoft Compiled HTML Help (CHM) C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "url", "uuid": "5a3b7225-3578-4cc8-9805-4eaa950d210f", "value": "http://92.222.106.229/theme.gif" }, { "category": "Network activity", "comment": "Microsoft Compiled HTML Help (CHM) C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "url", "uuid": "5a3b7225-6db0-41a5-980c-452e950d210f", "value": "http://www.businesshop.net/hide.gif" }, { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "timestamp": "1513845330", "to_ids": true, "type": "sha256", "uuid": "5a3b7252-a444-404d-8f58-d89a950d210f", "value": "beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe" }, { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "timestamp": "1513845330", "to_ids": true, "type": "sha256", "uuid": "5a3b7252-0bd0-4158-a789-d89a950d210f", "value": "8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c" }, { "category": "Network activity", "comment": "MS Shortcut Link (LNK) C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "url", "uuid": "5a3b7252-2954-4669-b2af-d89a950d210f", "value": "http://tinyurl.com/y9jbk8cg" }, { "category": "Network activity", "comment": "MS Shortcut Link (LNK) C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "url", "uuid": "5a3b7252-ed2c-4cd7-9f37-d89a950d210f", "value": "http://201.211.183.215:8080/pdfviewer.php?o=0&t=report&m=0" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "timestamp": "1513845819", "to_ids": true, "type": "sha256", "uuid": "5a3b743b-55e8-4e64-a5c8-4a82950d210f", "value": "e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "timestamp": "1513845819", "to_ids": true, "type": "sha256", "uuid": "5a3b743b-cbcc-41e3-9a05-4217950d210f", "value": "7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "timestamp": "1513845819", "to_ids": true, "type": "sha256", "uuid": "5a3b743b-3c9c-4600-a3e8-4871950d210f", "value": "100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "timestamp": "1513845819", "to_ids": true, "type": "sha256", "uuid": "5a3b743b-0104-4f3b-a337-4744950d210f", "value": "8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "timestamp": "1513845819", "to_ids": true, "type": "sha256", "uuid": "5a3b743b-312c-4091-bc28-4408950d210f", "value": "97c6c69405ed721a64c158f18ab4386e3ade19841b0dea3dcce6b521faf3a660" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "timestamp": "1513845819", "to_ids": true, "type": "sha256", "uuid": "5a3b743b-0550-4eb6-b378-4b26950d210f", "value": "41ee2947356b26e4d8aca826ae392be932cd8800476840713e9b6c630972604f" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "timestamp": "1513845819", "to_ids": true, "type": "sha256", "uuid": "5a3b743b-7ea8-444e-b7da-41b0950d210f", "value": "25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-e1f0-4a5d-8e55-47a7950d210f", "value": "http://51.255.219.82/files/download/falconcoin.zip" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-fd30-42dc-aaeb-4f6c950d210f", "value": "http://51.255.219.82/theme.gif" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-5ae4-4707-a8d3-4406950d210f", "value": "http://51.255.219.82/files/download/falconcoin.pdf" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-8634-4291-83b4-4384950d210f", "value": "http://apps.got-game.org/images/character.gif" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-bc10-4329-8905-4240950d210f", "value": "http://apps.got-game.org/files/download/transaction.pdf" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-d248-477e-894a-44fb950d210f", "value": "http://www.energydonate.com/files/download/bithumb.zip" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-aeb0-4f70-977c-48fe950d210f", "value": "http://www.energydonate.com/images/character.gif" }, { "category": "Network activity", "comment": "JavaScript C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852263", "to_ids": true, "type": "url", "uuid": "5a3b74a3-dd20-4a97-b5b5-4f28950d210f", "value": "http://www.energydonate.com/files/download/bithumb.pdf" }, { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "timestamp": "1513846618", "to_ids": true, "type": "sha256", "uuid": "5a3b775a-2584-41ea-a2fe-40ac950d210f", "value": "b3235a703026b2077ccfa20b3dabd82d65c6b5645f7f15e7bbad1ce8173c7960" }, { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "timestamp": "1513846618", "to_ids": true, "type": "sha256", "uuid": "5a3b775a-38f4-4a8f-9baf-42d4950d210f", "value": "b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d" }, { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "timestamp": "1513846618", "to_ids": true, "type": "sha256", "uuid": "5a3b775a-3798-4861-9fdb-4685950d210f", "value": "972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee" }, { "category": "Network activity", "comment": "MS Office Docs C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "ip-dst", "uuid": "5a3b775a-8868-491f-a074-41b4950d210f", "value": "198.100.157.239" }, { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "timestamp": "1513846778", "to_ids": true, "type": "sha256", "uuid": "5a3b77fa-96cc-4e05-939c-4b90950d210f", "value": "b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e" }, { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "timestamp": "1513846778", "to_ids": true, "type": "sha256", "uuid": "5a3b77fa-ba64-412b-873a-4ef0950d210f", "value": "eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1" }, { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "timestamp": "1513846778", "to_ids": true, "type": "sha256", "uuid": "5a3b77fa-8e24-4966-ab98-40cf950d210f", "value": "eb372423e4dcd4665cc03ffc384ff625ae4afd13f6d0589e4568354be271f86e" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-ca8c-414b-8d85-4a56950d210f", "value": "xn--bitcin-zxa.org" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-9918-42db-986a-4523950d210f", "value": "xn--electrm-s2a.org" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-814c-4ca4-92d3-4f59950d210f", "value": "xn--bitcingold-hcb.org" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-5540-4536-b2c0-4e56950d210f", "value": "xn--bitcoigold-o1b.com" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-9dc0-44ba-8081-4b2b950d210f", "value": "xn--bitcoingld-lcb.com" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-6e54-4dc6-ba00-43b3950d210f", "value": "xn--bitcoingld-lcb.org" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-6e2c-41c4-9107-4aca950d210f", "value": "xn--bitcoingod-8yb.com" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-d160-4a5b-88ae-459f950d210f", "value": "xn--btcongold-54ad.com" }, { "category": "Network activity", "comment": "PyInstaller Hosting or Email IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7813-7a80-412c-8f49-4188950d210f", "value": "xn--btcongold-g5ad.com" }, { "category": "Network activity", "comment": "Likely Related IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7866-992c-4c27-b1bd-4a22950d210f", "value": "xn--6fgp.com" }, { "category": "Network activity", "comment": "Likely Related IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7866-f09c-405e-9b03-4498950d210f", "value": "xn--bitcingold-jbb.com" }, { "category": "Network activity", "comment": "Likely Related IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7866-c288-492e-9fbd-4f30950d210f", "value": "xn--bitcingold-t3b.com" }, { "category": "Network activity", "comment": "Likely Related IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7866-05c4-46dc-9a1c-4a00950d210f", "value": "xn--bitcoingol-4kb.com" }, { "category": "Network activity", "comment": "Likely Related IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7866-1d3c-4c6c-9341-4964950d210f", "value": "xn--bitoingold-1ib.com" }, { "category": "Network activity", "comment": "Likely Related IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7866-1b50-4b5c-9cdb-499c950d210f", "value": "xn--btcoingold-v8a.com" }, { "category": "Network activity", "comment": "Likely Related IDNA", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "domain", "uuid": "5a3b7866-f014-4528-b170-45bd950d210f", "value": "xn--bitcoingldwallet-twb.org" }, { "category": "Network activity", "comment": "PyInstaller C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "url", "uuid": "5a3b7883-d7f4-489a-9bf1-4586950d210f", "value": "http://www.btc-gold.us/images/top_bar.gif" }, { "category": "Network activity", "comment": "PyInstaller C&C", "deleted": false, "disable_correlation": false, "timestamp": "1513852264", "to_ids": true, "type": "url", "uuid": "5a3b7883-7a50-4c6f-9ed8-4fa4950d210f", "value": "http://trade.publicvm.com/images/top_bar.gif" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-cc40-4c48-a9d5-468b950d210f", "value": "41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-8710-4016-bd90-48e6950d210f", "value": "20f7e342a5f3224cab8f0439e2ba02bb051cd3e1afcd603142a60ac8af9699ba" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-42dc-48ed-bd98-4d49950d210f", "value": "db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-6718-43c8-93b1-44b0950d210f", "value": "3cd0689b2bae5109caedeb2cf9dd4b3a975ab277fadbbb26065e489565470a5c" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-5728-45aa-ae7e-49d4950d210f", "value": "b265a5d984c4654ac0b25ddcf8048d0aabc28e36d3e2439d1c08468842857f46" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-3c7c-45c1-96af-4d68950d210f", "value": "1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-1ca0-4ad0-8150-40b4950d210f", "value": "99ad06cca4910c62e8d6b68801c6122137cf8458083bb58cbc767eebc220180d" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-ae1c-44e3-8cda-4e69950d210f", "value": "f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "timestamp": "1513846981", "to_ids": true, "type": "sha256", "uuid": "5a3b78c5-7494-4a75-b733-4906950d210f", "value": "d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "3", "timestamp": "1513844060", "uuid": "5a3b6d4c-b11c-45f6-b5e3-d89b950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1513844060", "to_ids": false, "type": "text", "uuid": "5a3b6d4c-ce18-4291-b614-d89b950d210f", "value": "Just published my paper on largely undocumented #LazarusGroup/#DPRK campaigns targeting cryptocurrency individuals/orgs (both big and small). The research covers new implants/tactics not currently covered in the media regarding 'fake jobs' campaigns. (link: https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new) proofpoint.com/us/threat-insi\u00e2\u20ac\u00a6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1513844060", "to_ids": false, "type": "text", "uuid": "5a3b6d4d-90c4-489c-9302-d89b950d210f", "value": "Twitter" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1513844060", "to_ids": true, "type": "url", "uuid": "5a3b6d4d-9cb0-4312-9b63-d89b950d210f", "value": "https://mobile.twitter.com/darienhuss/status/943300245554958337" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1513844060", "to_ids": true, "type": "url", "uuid": "5a3b6d4d-488c-4acd-9e92-d89b950d210f", "value": "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1513844060", "to_ids": false, "type": "text", "uuid": "5a3b6d4d-c010-43e6-af1e-d89b950d210f", "value": "@darienhuss" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "creation-date", "timestamp": "1513844060", "to_ids": false, "type": "datetime", "uuid": "5a3b6d5c-9334-4586-bbf3-d898950d210f", "value": "2017-12-20T03:01:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852267", "uuid": "88c0c9e5-6f55-4434-86f5-57ccf1ab779e", "ObjectReference": [ { "comment": "", "object_uuid": "88c0c9e5-6f55-4434-86f5-57ccf1ab779e", "referenced_uuid": "551d26ea-0d49-4a3d-8b80-61f1c2d46b4c", "relationship_type": "analysed-with", "timestamp": "1514468222", "uuid": "5a3b8d72-c6d0-418c-8866-43d602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852265", "to_ids": true, "type": "sha1", "uuid": "5a3b8d69-209c-41ed-b860-440c02de0b81", "value": "2ef42ad9c43fc58c48de409414568c27b904fd79" }, { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852265", "to_ids": true, "type": "md5", "uuid": "5a3b8d69-7014-4c04-9bc6-453902de0b81", "value": "d2a565e6c31ee18380c410e8cc4abbb0" }, { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852265", "to_ids": true, "type": "sha256", "uuid": "5a3b8d69-6410-45e5-96f0-45f702de0b81", "value": "8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852265", "uuid": "551d26ea-0d49-4a3d-8b80-61f1c2d46b4c", "Attribute": [ { "category": "External analysis", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852265", "to_ids": false, "type": "link", "uuid": "5a3b8d69-51a4-489c-89d2-45bc02de0b81", "value": "https://www.virustotal.com/file/8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c/analysis/1513817274/" }, { "category": "Other", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852265", "to_ids": false, "type": "text", "uuid": "5a3b8d69-db68-412e-a182-49dd02de0b81", "value": "26/58" }, { "category": "Other", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852265", "to_ids": false, "type": "datetime", "uuid": "5a3b8d69-43cc-44f0-adfe-47f802de0b81", "value": "2017-12-21T00:47:54" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852268", "uuid": "e831a382-f6bf-43db-b38c-421df1ea3875", "ObjectReference": [ { "comment": "", "object_uuid": "e831a382-f6bf-43db-b38c-421df1ea3875", "referenced_uuid": "ef5cfba8-a647-4887-8626-5b716d830d90", "relationship_type": "analysed-with", "timestamp": "1514468222", "uuid": "5a3b8d72-d09c-479d-bf3e-49d302de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852265", "to_ids": true, "type": "sha1", "uuid": "5a3b8d69-1584-46d4-9676-4e6402de0b81", "value": "de201a51f96af1405f58ec02b7802088ecae6a2d" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852265", "to_ids": true, "type": "md5", "uuid": "5a3b8d69-1a68-4649-8ee0-492602de0b81", "value": "a3487b13cbda458bf91c7e802a1ea4f5" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852265", "to_ids": true, "type": "sha256", "uuid": "5a3b8d69-8e84-4c36-8324-43ae02de0b81", "value": "030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852265", "uuid": "ef5cfba8-a647-4887-8626-5b716d830d90", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852266", "to_ids": false, "type": "link", "uuid": "5a3b8d6a-d570-4c24-a644-4ea302de0b81", "value": "https://www.virustotal.com/file/030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863/analysis/1513799414/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852266", "to_ids": false, "type": "text", "uuid": "5a3b8d6a-d444-4801-a69e-407802de0b81", "value": "7/60" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852266", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6a-ec4c-4cd8-8150-4d9302de0b81", "value": "2017-12-20T19:50:14" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852269", "uuid": "4b8c3132-e355-4ee4-91c9-e06a69a36da1", "ObjectReference": [ { "comment": "", "object_uuid": "4b8c3132-e355-4ee4-91c9-e06a69a36da1", "referenced_uuid": "b1b7f438-e55c-4b57-b42d-503d60b57d4f", "relationship_type": "analysed-with", "timestamp": "1514468222", "uuid": "5a3b8d72-9b5c-4b74-9c80-478c02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852266", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6a-7030-4c2d-a5b2-43dd02de0b81", "value": "5d796909d5da1f6f86cfe37962cc9c69d76836c5" }, { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852266", "to_ids": true, "type": "md5", "uuid": "5a3b8d6a-62f4-4635-9e31-460d02de0b81", "value": "6431f46fd8353cb30cd573fc887d8aa8" }, { "category": "Payload delivery", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852266", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6a-d02c-4e31-965b-41ba02de0b81", "value": "beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852266", "uuid": "b1b7f438-e55c-4b57-b42d-503d60b57d4f", "Attribute": [ { "category": "External analysis", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852266", "to_ids": false, "type": "link", "uuid": "5a3b8d6a-21a8-4ce7-a915-433f02de0b81", "value": "https://www.virustotal.com/file/beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe/analysis/1513838639/" }, { "category": "Other", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852266", "to_ids": false, "type": "text", "uuid": "5a3b8d6a-54d4-46b0-aa20-4ed702de0b81", "value": "21/60" }, { "category": "Other", "comment": "MS Shortcut Link (LNK)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852266", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6a-c26c-4bf2-999f-48f502de0b81", "value": "2017-12-21T06:43:59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852269", "uuid": "1f87943e-6f0e-4b12-87b5-3116a0f725c0", "ObjectReference": [ { "comment": "", "object_uuid": "1f87943e-6f0e-4b12-87b5-3116a0f725c0", "referenced_uuid": "789535f0-ec61-4de1-9988-165ac6c1ba5c", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-fef4-4384-b9fb-456002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852266", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6a-5004-4ccc-8a80-467a02de0b81", "value": "53b079072c81f7c879ea1f808c18dcd6134afc5c" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852266", "to_ids": true, "type": "md5", "uuid": "5a3b8d6a-07f4-4aa2-a173-4ca702de0b81", "value": "7a27da13bbdfc34118a30ecd83a75614" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852266", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6a-0a64-4a9b-9133-4af402de0b81", "value": "01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852266", "uuid": "789535f0-ec61-4de1-9988-165ac6c1ba5c", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852267", "to_ids": false, "type": "link", "uuid": "5a3b8d6b-1590-40bb-a85d-44f502de0b81", "value": "https://www.virustotal.com/file/01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49/analysis/1513817106/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852267", "to_ids": false, "type": "text", "uuid": "5a3b8d6b-7afc-4547-8c18-44a402de0b81", "value": "1/58" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852267", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6b-b87c-462f-b376-488002de0b81", "value": "2017-12-21T00:45:06" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852270", "uuid": "cb269eaa-70e8-4564-b7f8-902352959fe6", "ObjectReference": [ { "comment": "", "object_uuid": "cb269eaa-70e8-4564-b7f8-902352959fe6", "referenced_uuid": "9296c8a4-2d34-48e4-af42-15e57470eb84", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-2344-4dc7-bcf6-415302de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852267", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6b-dee4-4e54-b8e8-428e02de0b81", "value": "8fe0adbc9024c6fa8872bfe30d71e780ca2e21a4" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852267", "to_ids": true, "type": "md5", "uuid": "5a3b8d6b-c84c-4b2c-8c16-4bd002de0b81", "value": "4ed7389843781268f9dbf8d222be52ba" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852267", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6b-a194-45cd-8ef4-4a8902de0b81", "value": "85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852267", "uuid": "9296c8a4-2d34-48e4-af42-15e57470eb84", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852267", "to_ids": false, "type": "link", "uuid": "5a3b8d6b-7040-4974-82f5-4cdc02de0b81", "value": "https://www.virustotal.com/file/85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51/analysis/1513817183/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852267", "to_ids": false, "type": "text", "uuid": "5a3b8d6b-a9d0-47fe-ba6e-4e2e02de0b81", "value": "0/59" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852267", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6b-4520-4710-a59e-47ec02de0b81", "value": "2017-12-21T00:46:23" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852270", "uuid": "1bae070e-81ad-4cfb-a316-00f6dd358a7d", "ObjectReference": [ { "comment": "", "object_uuid": "1bae070e-81ad-4cfb-a316-00f6dd358a7d", "referenced_uuid": "4117fdf6-6c7c-4e4c-b695-d2b7214b42f4", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-f160-4dbb-bd25-43c602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852268", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6c-eb34-41ea-8ba8-43f202de0b81", "value": "2abfd795397a343596c9f95ecb721250f80eda61" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852268", "to_ids": true, "type": "md5", "uuid": "5a3b8d6c-2f1c-4cbf-9d22-402102de0b81", "value": "980272269926a187ec4fe17ec9505a5f" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852268", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6c-f218-49e9-8a61-443802de0b81", "value": "25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852268", "uuid": "4117fdf6-6c7c-4e4c-b695-d2b7214b42f4", "Attribute": [ { "category": "External analysis", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852268", "to_ids": false, "type": "link", "uuid": "5a3b8d6c-6a0c-4316-b58f-4c5302de0b81", "value": "https://www.virustotal.com/file/25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66/analysis/1513799416/" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852268", "to_ids": false, "type": "text", "uuid": "5a3b8d6c-2d54-4a48-8945-4fa402de0b81", "value": "11/60" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852268", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6c-2790-4efd-ae32-4ef502de0b81", "value": "2017-12-20T19:50:16" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852271", "uuid": "08352cd7-5beb-4bdf-b9df-3ae69f4f3084", "ObjectReference": [ { "comment": "", "object_uuid": "08352cd7-5beb-4bdf-b9df-3ae69f4f3084", "referenced_uuid": "7151d2df-fc05-4f72-8afe-b5c9db8e893e", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-b4f0-4921-9ecc-45ee02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852268", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6c-1494-473a-b2a0-413802de0b81", "value": "1983b60d923b01fcb14ba813532b2f41f2d6c2fe" }, { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852268", "to_ids": true, "type": "md5", "uuid": "5a3b8d6c-9120-407b-aea6-4e5402de0b81", "value": "d253d65adf4285fa5004cd96e647a11f" }, { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852268", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6c-9714-4c63-8a79-40d602de0b81", "value": "972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852268", "uuid": "7151d2df-fc05-4f72-8afe-b5c9db8e893e", "Attribute": [ { "category": "External analysis", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852269", "to_ids": false, "type": "link", "uuid": "5a3b8d6d-ed08-4dcb-a63f-427302de0b81", "value": "https://www.virustotal.com/file/972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee/analysis/1513818403/" }, { "category": "Other", "comment": "MS Office Docs", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852269", "to_ids": false, "type": "text", "uuid": "5a3b8d6d-9964-40b2-ad0f-49c402de0b81", "value": "32/59" }, { "category": "Other", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852269", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6d-8bd0-44b1-801c-4cb402de0b81", "value": "2017-12-21T01:06:43" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852272", "uuid": "fa7170ec-f0f6-4900-922c-fce4d2eef064", "ObjectReference": [ { "comment": "", "object_uuid": "fa7170ec-f0f6-4900-922c-fce4d2eef064", "referenced_uuid": "27d3ea8e-4cae-4f1a-96c8-fcf4a788439f", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-55bc-4ac5-928b-49ca02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852269", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6d-fdbc-44cd-a881-416602de0b81", "value": "be2e900c64cd985cde9e8515fb4e5b5d70c853f0" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852269", "to_ids": true, "type": "md5", "uuid": "5a3b8d6d-3680-468e-aa66-487d02de0b81", "value": "ddabaa2740f590ac964996fd4b691880" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852269", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6d-c104-42f0-9a8f-41c502de0b81", "value": "6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852269", "uuid": "27d3ea8e-4cae-4f1a-96c8-fcf4a788439f", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852270", "to_ids": false, "type": "link", "uuid": "5a3b8d6e-b944-42a1-a2dc-421402de0b81", "value": "https://www.virustotal.com/file/6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d/analysis/1513838568/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852270", "to_ids": false, "type": "text", "uuid": "5a3b8d6e-9c08-402b-a774-492d02de0b81", "value": "5/58" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852270", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6e-51ac-4ac0-a07c-4eb602de0b81", "value": "2017-12-21T06:42:48" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852273", "uuid": "37b63b78-21dd-47c0-9d23-3630e7cf8646", "ObjectReference": [ { "comment": "", "object_uuid": "37b63b78-21dd-47c0-9d23-3630e7cf8646", "referenced_uuid": "e69882c0-3bc4-47cc-a0bb-c0656d6b9d56", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-dacc-4d9c-9a62-4d1f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852270", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6e-e4d0-413c-adea-4ab002de0b81", "value": "d9476b3018be277da1aa2b03543166a1a8d1ff03" }, { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852270", "to_ids": true, "type": "md5", "uuid": "5a3b8d6e-33d0-441a-aadb-414d02de0b81", "value": "2dfebcb60dfa706e2a9c6e73709ebff5" }, { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852270", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6e-3f3c-47b9-a64c-4b4802de0b81", "value": "eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852270", "uuid": "e69882c0-3bc4-47cc-a0bb-c0656d6b9d56", "Attribute": [ { "category": "External analysis", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852270", "to_ids": false, "type": "link", "uuid": "5a3b8d6e-6c80-4b21-b06d-4fea02de0b81", "value": "https://www.virustotal.com/file/eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1/analysis/1513817527/" }, { "category": "Other", "comment": "PyInstaller", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852270", "to_ids": false, "type": "text", "uuid": "5a3b8d6e-f208-4343-8b16-4e0e02de0b81", "value": "5/67" }, { "category": "Other", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852270", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6e-b7ec-4657-9534-422a02de0b81", "value": "2017-12-21T00:52:07" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852273", "uuid": "c126b790-4339-4aae-ae09-8907102e1a25", "ObjectReference": [ { "comment": "", "object_uuid": "c126b790-4339-4aae-ae09-8907102e1a25", "referenced_uuid": "2b6f8da3-f975-46ce-b203-b6a2f7db28ff", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-8174-48c1-a73d-4bc502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852270", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6e-733c-453f-8b79-412d02de0b81", "value": "2e344cb889843233ff54e95dd0c5956489d07b7d" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852270", "to_ids": true, "type": "md5", "uuid": "5a3b8d6e-2930-4e59-a960-453402de0b81", "value": "239aaff9c0c7b0317df0d0c409780d11" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852270", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6e-ace8-4ac9-9760-4c3402de0b81", "value": "e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852270", "uuid": "2b6f8da3-f975-46ce-b203-b6a2f7db28ff", "Attribute": [ { "category": "External analysis", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852270", "to_ids": false, "type": "link", "uuid": "5a3b8d6e-4490-4dc7-aba8-4b3f02de0b81", "value": "https://www.virustotal.com/file/e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d/analysis/1513838712/" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852270", "to_ids": false, "type": "text", "uuid": "5a3b8d6e-45e8-4092-81fb-47ec02de0b81", "value": "13/60" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852270", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6e-7044-4462-82ac-4c3b02de0b81", "value": "2017-12-21T06:45:12" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852273", "uuid": "4abea3bf-4859-444d-9735-ef6c73e34c7f", "ObjectReference": [ { "comment": "", "object_uuid": "4abea3bf-4859-444d-9735-ef6c73e34c7f", "referenced_uuid": "b3041cbd-a853-482a-af11-4b0b34855339", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d72-4310-4b8b-81dc-4a0f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852270", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6e-c598-42bd-8a4a-418602de0b81", "value": "46a1d019c1069a8da16224ba6e964d929f42f204" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852270", "to_ids": true, "type": "md5", "uuid": "5a3b8d6e-ea60-4ea8-815b-432f02de0b81", "value": "e3fc2fbc512b90c54d81989cf42bb885" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852270", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6e-6364-4736-8513-445602de0b81", "value": "6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852270", "uuid": "b3041cbd-a853-482a-af11-4b0b34855339", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852270", "to_ids": false, "type": "link", "uuid": "5a3b8d6e-5b08-4536-9383-406602de0b81", "value": "https://www.virustotal.com/file/6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984/analysis/1513799413/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852270", "to_ids": false, "type": "text", "uuid": "5a3b8d6e-06dc-40b3-a095-430002de0b81", "value": "1/60" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852270", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6e-b828-4f2b-967d-406902de0b81", "value": "2017-12-20T19:50:13" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852273", "uuid": "1c816f49-c77c-4c10-8f5a-c738b2f91fd2", "ObjectReference": [ { "comment": "", "object_uuid": "1c816f49-c77c-4c10-8f5a-c738b2f91fd2", "referenced_uuid": "a15c3c61-18d5-4e2c-a4e6-f783b2dbb325", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d73-35a4-4181-89f3-465202de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852270", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6e-a964-486c-ba41-4e9002de0b81", "value": "88554b0b8066cb059f9fc06d2620d84737251a29" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852270", "to_ids": true, "type": "md5", "uuid": "5a3b8d6e-4d8c-491b-b485-46a202de0b81", "value": "9e36b094d9769025699804f10c9a6523" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852270", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6e-15a4-433b-ad8b-420202de0b81", "value": "d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852270", "uuid": "a15c3c61-18d5-4e2c-a4e6-f783b2dbb325", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852270", "to_ids": false, "type": "link", "uuid": "5a3b8d6e-ea9c-4bfb-b455-4ce102de0b81", "value": "https://www.virustotal.com/file/d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48/analysis/1513838389/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852270", "to_ids": false, "type": "text", "uuid": "5a3b8d6e-51d4-49fd-90c6-4f9102de0b81", "value": "2/58" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852270", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6e-5724-489a-b982-418e02de0b81", "value": "2017-12-21T06:39:49" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852273", "uuid": "179729f6-02e1-4594-b57f-f7db7e366b4b", "ObjectReference": [ { "comment": "", "object_uuid": "179729f6-02e1-4594-b57f-f7db7e366b4b", "referenced_uuid": "6271f662-ebe5-449b-a28c-21625cb04c44", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d73-c474-4c0d-901f-4f7702de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852271", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6f-8544-462a-ba97-4c4902de0b81", "value": "cc90c650a08de597b12620627dd89cc83741a889" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852271", "to_ids": true, "type": "md5", "uuid": "5a3b8d6f-15e4-4d43-b9e5-459302de0b81", "value": "b82f3e54bb97d4f92dc7c777f2e765ab" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852271", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6f-0764-458a-aae0-414e02de0b81", "value": "5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852271", "uuid": "6271f662-ebe5-449b-a28c-21625cb04c44", "Attribute": [ { "category": "External analysis", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852271", "to_ids": false, "type": "link", "uuid": "5a3b8d6f-7efc-47e1-be51-4cbc02de0b81", "value": "https://www.virustotal.com/file/5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07/analysis/1513817159/" }, { "category": "Other", "comment": "PowerSpritz", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852271", "to_ids": false, "type": "text", "uuid": "5a3b8d6f-2e30-4086-a21b-4f7f02de0b81", "value": "20/67" }, { "category": "Other", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852271", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6f-5c18-4049-adc0-4f3502de0b81", "value": "2017-12-21T00:45:59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852274", "uuid": "0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea", "ObjectReference": [ { "comment": "", "object_uuid": "0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea", "referenced_uuid": "75f57830-e3b2-4daf-bd31-5b69941c370d", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d73-7288-44b8-be2e-4b3502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852271", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6f-dd38-41ee-8df9-499502de0b81", "value": "8fd089df71a5f48098dc41886631ea6604f108e9" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852271", "to_ids": true, "type": "md5", "uuid": "5a3b8d6f-8480-47ec-a9e6-4ebf02de0b81", "value": "dc688e6ddd3a1298dd372ec7d0ccb1fb" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852271", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6f-c678-4461-b51c-4f7802de0b81", "value": "9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852271", "uuid": "75f57830-e3b2-4daf-bd31-5b69941c370d", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852271", "to_ids": false, "type": "link", "uuid": "5a3b8d6f-0184-44c0-826a-4d4202de0b81", "value": "https://www.virustotal.com/file/9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5/analysis/1513817043/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852271", "to_ids": false, "type": "text", "uuid": "5a3b8d6f-3270-4051-bd93-4f5702de0b81", "value": "1/59" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852271", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6f-07d0-4732-bb27-404d02de0b81", "value": "2017-12-21T00:44:03" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852274", "uuid": "3529ee04-a201-4e52-a164-1e5c4a096897", "ObjectReference": [ { "comment": "", "object_uuid": "3529ee04-a201-4e52-a164-1e5c4a096897", "referenced_uuid": "24b51380-5e74-4cc3-9d40-a9bf23181402", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d73-d7f4-4610-959c-44e602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852271", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6f-c2fc-4d0e-aff0-4bff02de0b81", "value": "d851ff7b371d15bf03a670e45ec5df327406ab45" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852271", "to_ids": true, "type": "md5", "uuid": "5a3b8d6f-b1c0-4667-8fe6-44d002de0b81", "value": "6c360e9a6f933bf172591a81881ca79b" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852271", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6f-9dc8-4dda-86f6-480902de0b81", "value": "f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852271", "uuid": "24b51380-5e74-4cc3-9d40-a9bf23181402", "Attribute": [ { "category": "External analysis", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852271", "to_ids": false, "type": "link", "uuid": "5a3b8d6f-6bb4-4ed4-b0db-447202de0b81", "value": "https://www.virustotal.com/file/f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b/analysis/1513799419/" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852271", "to_ids": false, "type": "text", "uuid": "5a3b8d6f-4e5c-4ba9-a6bc-41e902de0b81", "value": "1/60" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852271", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6f-22f4-49de-b3a4-4fa202de0b81", "value": "2017-12-20T19:50:19" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852274", "uuid": "685f8167-ca1f-4f25-8ba4-cdf2aa6dae57", "ObjectReference": [ { "comment": "", "object_uuid": "685f8167-ca1f-4f25-8ba4-cdf2aa6dae57", "referenced_uuid": "c1983f91-67eb-48b3-a8dc-df000704bef3", "relationship_type": "analysed-with", "timestamp": "1514468223", "uuid": "5a3b8d73-ae44-4540-b4ff-425102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852271", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6f-b4fc-4a72-b66a-48f502de0b81", "value": "9cc396887f57d1d266644cbefed48f33880fb218" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852271", "to_ids": true, "type": "md5", "uuid": "5a3b8d6f-8b88-4c30-a87a-4d5d02de0b81", "value": "ed2cace34381b6bbeb98af31e73e7904" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852271", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6f-ab60-4697-8347-4bf402de0b81", "value": "db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852271", "uuid": "c1983f91-67eb-48b3-a8dc-df000704bef3", "Attribute": [ { "category": "External analysis", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852271", "to_ids": false, "type": "link", "uuid": "5a3b8d6f-4c64-4ff9-8527-482d02de0b81", "value": "https://www.virustotal.com/file/db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471/analysis/1513799418/" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852271", "to_ids": false, "type": "text", "uuid": "5a3b8d6f-f958-4988-a7fb-449202de0b81", "value": "2/60" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852271", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6f-86e4-4884-96da-434202de0b81", "value": "2017-12-20T19:50:18" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852274", "uuid": "4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36", "ObjectReference": [ { "comment": "", "object_uuid": "4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36", "referenced_uuid": "42454a41-4382-4b9b-bfb4-41c779793cd0", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-5a00-4e7d-8980-4f3b02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852271", "to_ids": true, "type": "sha1", "uuid": "5a3b8d6f-e688-4200-b11d-42ba02de0b81", "value": "97936a1225622bf61f916c629882aab19ff1f1a6" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852271", "to_ids": true, "type": "md5", "uuid": "5a3b8d6f-a798-4a03-8609-487302de0b81", "value": "5d06ff8f43f631cd2a71a565dd10b7a5" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852271", "to_ids": true, "type": "sha256", "uuid": "5a3b8d6f-a020-4005-8bd5-4ccb02de0b81", "value": "d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852271", "uuid": "42454a41-4382-4b9b-bfb4-41c779793cd0", "Attribute": [ { "category": "External analysis", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852271", "to_ids": false, "type": "link", "uuid": "5a3b8d6f-1174-4c32-aa95-45ba02de0b81", "value": "https://www.virustotal.com/file/d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a/analysis/1513799419/" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852271", "to_ids": false, "type": "text", "uuid": "5a3b8d6f-ce28-432d-8ddf-4cda02de0b81", "value": "1/60" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852271", "to_ids": false, "type": "datetime", "uuid": "5a3b8d6f-cdcc-4677-83af-44bc02de0b81", "value": "2017-12-20T19:50:19" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852274", "uuid": "a6e3a25b-f46a-4ed8-b0ac-d15d4772c156", "ObjectReference": [ { "comment": "", "object_uuid": "a6e3a25b-f46a-4ed8-b0ac-d15d4772c156", "referenced_uuid": "e26a7bae-50f5-4b9f-a908-c09d124b96d5", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-0238-46ee-ba04-4b8102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852272", "to_ids": true, "type": "sha1", "uuid": "5a3b8d70-60e0-462c-9ba8-4aaa02de0b81", "value": "3d34eb23728f443e930885e89485cfc78cc34e07" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852272", "to_ids": true, "type": "md5", "uuid": "5a3b8d70-1c14-44a2-be35-45cd02de0b81", "value": "cba175498af45dca6970aeee83a6d9f4" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852272", "to_ids": true, "type": "sha256", "uuid": "5a3b8d70-3b6c-4207-a94f-401b02de0b81", "value": "41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852272", "uuid": "e26a7bae-50f5-4b9f-a908-c09d124b96d5", "Attribute": [ { "category": "External analysis", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852272", "to_ids": false, "type": "link", "uuid": "5a3b8d70-0120-4008-a176-46a002de0b81", "value": "https://www.virustotal.com/file/41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b/analysis/1513817542/" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852272", "to_ids": false, "type": "text", "uuid": "5a3b8d70-8ce4-4780-a75e-487102de0b81", "value": "0/59" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852272", "to_ids": false, "type": "datetime", "uuid": "5a3b8d70-ec8c-4775-8013-4ea402de0b81", "value": "2017-12-21T00:52:22" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852275", "uuid": "7d9cca50-8758-408a-8b14-ed4a9a4d430c", "ObjectReference": [ { "comment": "", "object_uuid": "7d9cca50-8758-408a-8b14-ed4a9a4d430c", "referenced_uuid": "ab3d3480-cd31-477a-b4ea-86c6b2c6b49e", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-97b0-4b3f-b1f1-4c7102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852272", "to_ids": true, "type": "sha1", "uuid": "5a3b8d70-4ca0-490a-be44-475302de0b81", "value": "537cf4311fb66b3740c0a1dc9ba073132d9e0d04" }, { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852272", "to_ids": true, "type": "md5", "uuid": "5a3b8d70-697c-4b7e-9451-4a2102de0b81", "value": "f3dd79ffb45d226dd029da7c61192e26" }, { "category": "Payload delivery", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852272", "to_ids": true, "type": "sha256", "uuid": "5a3b8d70-76dc-4c67-bb67-4b2c02de0b81", "value": "b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852272", "uuid": "ab3d3480-cd31-477a-b4ea-86c6b2c6b49e", "Attribute": [ { "category": "External analysis", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852272", "to_ids": false, "type": "link", "uuid": "5a3b8d70-ce14-4855-b70d-4cf502de0b81", "value": "https://www.virustotal.com/file/b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e/analysis/1513817428/" }, { "category": "Other", "comment": "PyInstaller", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852272", "to_ids": false, "type": "text", "uuid": "5a3b8d70-fb58-45a6-9234-456702de0b81", "value": "9/66" }, { "category": "Other", "comment": "PyInstaller", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852272", "to_ids": false, "type": "datetime", "uuid": "5a3b8d70-1858-4553-a6f7-468802de0b81", "value": "2017-12-21T00:50:28" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852275", "uuid": "6eb3baa6-0a6b-49d7-bedd-38b80630776a", "ObjectReference": [ { "comment": "", "object_uuid": "6eb3baa6-0a6b-49d7-bedd-38b80630776a", "referenced_uuid": "95dea47f-9eef-42d6-96c9-ac3d27d67d27", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-15b8-4148-acbb-4be802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852272", "to_ids": true, "type": "sha1", "uuid": "5a3b8d70-e85c-45a8-a7ae-493402de0b81", "value": "e57713866a28487098d6b735a55468a1570d00a1" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852272", "to_ids": true, "type": "md5", "uuid": "5a3b8d70-9db0-4894-aaea-46a802de0b81", "value": "985d627f638bbd89ba48676625ec9073" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852272", "to_ids": true, "type": "sha256", "uuid": "5a3b8d70-3e7c-4521-96e1-408902de0b81", "value": "4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852272", "uuid": "95dea47f-9eef-42d6-96c9-ac3d27d67d27", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852272", "to_ids": false, "type": "link", "uuid": "5a3b8d70-e83c-4834-9b37-4cf302de0b81", "value": "https://www.virustotal.com/file/4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212/analysis/1513838441/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852272", "to_ids": false, "type": "text", "uuid": "5a3b8d70-ce40-435e-a877-433e02de0b81", "value": "2/59" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852272", "to_ids": false, "type": "datetime", "uuid": "5a3b8d70-ebf0-4628-a2e6-4cef02de0b81", "value": "2017-12-21T06:40:41" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852275", "uuid": "4923113d-bb45-4277-8e0f-4bcfd995292d", "ObjectReference": [ { "comment": "", "object_uuid": "4923113d-bb45-4277-8e0f-4bcfd995292d", "referenced_uuid": "b9d97deb-ca5d-4825-b6ff-084898e27f88", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-d308-455c-921e-4eba02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852272", "to_ids": true, "type": "sha1", "uuid": "5a3b8d70-40b4-49ed-a54a-4aa702de0b81", "value": "0d64b1157efb689f75a0c92d475e960ecd139304" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852272", "to_ids": true, "type": "md5", "uuid": "5a3b8d70-dd70-4ad0-be00-47c302de0b81", "value": "ad99fd5711dbec2520f62385a595ee3b" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852272", "to_ids": true, "type": "sha256", "uuid": "5a3b8d70-482c-42f5-be9f-4d8302de0b81", "value": "cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852272", "uuid": "b9d97deb-ca5d-4825-b6ff-084898e27f88", "Attribute": [ { "category": "External analysis", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852272", "to_ids": false, "type": "link", "uuid": "5a3b8d70-a6a0-4633-a1cd-46cf02de0b81", "value": "https://www.virustotal.com/file/cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411/analysis/1513838218/" }, { "category": "Other", "comment": "PowerSpritz", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852272", "to_ids": false, "type": "text", "uuid": "5a3b8d70-7d90-40d0-8f35-4c0902de0b81", "value": "11/67" }, { "category": "Other", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852272", "to_ids": false, "type": "datetime", "uuid": "5a3b8d70-b308-4584-8dee-436302de0b81", "value": "2017-12-21T06:36:58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852275", "uuid": "499ec873-7210-418a-ac7a-9c473e7cee8f", "ObjectReference": [ { "comment": "", "object_uuid": "499ec873-7210-418a-ac7a-9c473e7cee8f", "referenced_uuid": "dbff892b-e51d-4ce6-ba0b-e0bbdc82c787", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-5664-4b03-9c15-42f102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852272", "to_ids": true, "type": "sha1", "uuid": "5a3b8d70-7fec-4da9-99f6-4cb402de0b81", "value": "234600a43a957672b8145ea6566f9613a1906899" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852272", "to_ids": true, "type": "md5", "uuid": "5a3b8d70-3418-419d-98e9-463902de0b81", "value": "ec264b9c938355f1a7d1dc97c73fa9a6" }, { "category": "Payload delivery", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852272", "to_ids": true, "type": "sha256", "uuid": "5a3b8d70-c260-470b-8391-45cf02de0b81", "value": "1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852272", "uuid": "dbff892b-e51d-4ce6-ba0b-e0bbdc82c787", "Attribute": [ { "category": "External analysis", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852272", "to_ids": false, "type": "link", "uuid": "5a3b8d70-2010-4867-bece-42a102de0b81", "value": "https://www.virustotal.com/file/1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666/analysis/1513799418/" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852272", "to_ids": false, "type": "text", "uuid": "5a3b8d70-8248-4966-9e4c-462302de0b81", "value": "1/60" }, { "category": "Other", "comment": "PowerRatankba", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852272", "to_ids": false, "type": "datetime", "uuid": "5a3b8d70-f2e0-425c-8ee3-477402de0b81", "value": "2017-12-20T19:50:18" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852275", "uuid": "1a66fd87-8b0c-4eae-b17e-c03d830646ea", "ObjectReference": [ { "comment": "", "object_uuid": "1a66fd87-8b0c-4eae-b17e-c03d830646ea", "referenced_uuid": "3fc5fed1-7742-4f62-86d7-18a0b15c6b67", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-99d4-48ff-949e-44d702de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852272", "to_ids": true, "type": "sha1", "uuid": "5a3b8d70-1fa4-4bdc-861b-41ef02de0b81", "value": "6ab10bd838f9b060f2380caafdea5ff09080f536" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852272", "to_ids": true, "type": "md5", "uuid": "5a3b8d70-c06c-4e4f-a086-4bd102de0b81", "value": "43f7512685e72de1e8c0201ee4e189a7" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852272", "to_ids": true, "type": "sha256", "uuid": "5a3b8d70-7a74-4aa4-ae9f-40de02de0b81", "value": "81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852272", "uuid": "3fc5fed1-7742-4f62-86d7-18a0b15c6b67", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852273", "to_ids": false, "type": "link", "uuid": "5a3b8d71-e804-44c4-b574-417302de0b81", "value": "https://www.virustotal.com/file/81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf/analysis/1513838347/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852273", "to_ids": false, "type": "text", "uuid": "5a3b8d71-dd6c-416c-aef4-43ee02de0b81", "value": "2/60" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852273", "to_ids": false, "type": "datetime", "uuid": "5a3b8d71-d52c-4c0c-b61c-46e202de0b81", "value": "2017-12-21T06:39:07" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852276", "uuid": "12376fcf-03df-4dd3-b86d-f205b2cd0333", "ObjectReference": [ { "comment": "", "object_uuid": "12376fcf-03df-4dd3-b86d-f205b2cd0333", "referenced_uuid": "c798e259-325d-43d9-b3c5-080f027612e0", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-7e98-492f-b8d1-4b3602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852273", "to_ids": true, "type": "sha1", "uuid": "5a3b8d71-8088-4998-93b6-4ae202de0b81", "value": "4a084d8245706683d4e4cd5797a2a9f35fa89749" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852273", "to_ids": true, "type": "md5", "uuid": "5a3b8d71-637c-4443-8c46-4b3602de0b81", "value": "0518ca7a8bd6d93bbafc6022669d5459" }, { "category": "Payload delivery", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852273", "to_ids": true, "type": "sha256", "uuid": "5a3b8d71-b664-4dbd-b2dd-487002de0b81", "value": "9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852273", "uuid": "c798e259-325d-43d9-b3c5-080f027612e0", "Attribute": [ { "category": "External analysis", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852273", "to_ids": false, "type": "link", "uuid": "5a3b8d71-f348-471f-8ceb-4c0602de0b81", "value": "https://www.virustotal.com/file/9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453/analysis/1513838282/" }, { "category": "Other", "comment": "PowerSpritz", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852273", "to_ids": false, "type": "text", "uuid": "5a3b8d71-3090-496d-bf48-452402de0b81", "value": "12/67" }, { "category": "Other", "comment": "PowerSpritz", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852273", "to_ids": false, "type": "datetime", "uuid": "5a3b8d71-9ccc-4e71-8385-47d602de0b81", "value": "2017-12-21T06:38:02" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852276", "uuid": "05d3637e-62f6-4c54-b66a-3eac1319941a", "ObjectReference": [ { "comment": "", "object_uuid": "05d3637e-62f6-4c54-b66a-3eac1319941a", "referenced_uuid": "4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-e1ac-432d-bc9e-48d102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852273", "to_ids": true, "type": "sha1", "uuid": "5a3b8d71-9558-42ba-80af-454802de0b81", "value": "50420970d17af649affaee6be801968aa4c01e46" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852273", "to_ids": true, "type": "md5", "uuid": "5a3b8d71-c490-4c18-9ce6-42b702de0b81", "value": "23cbc415d94b1841a8a737295dc651ce" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852273", "to_ids": true, "type": "sha256", "uuid": "5a3b8d71-a2b4-412f-85eb-43c002de0b81", "value": "8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852273", "uuid": "4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8", "Attribute": [ { "category": "External analysis", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852273", "to_ids": false, "type": "link", "uuid": "5a3b8d71-7164-42ea-a052-437502de0b81", "value": "https://www.virustotal.com/file/8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3/analysis/1513776239/" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852273", "to_ids": false, "type": "text", "uuid": "5a3b8d71-d878-4b50-92d5-426202de0b81", "value": "12/59" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852273", "to_ids": false, "type": "datetime", "uuid": "5a3b8d71-1c64-41fb-8817-43d702de0b81", "value": "2017-12-20T13:23:59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852276", "uuid": "5ea86c44-3d9c-471f-a447-cc02b208592c", "ObjectReference": [ { "comment": "", "object_uuid": "5ea86c44-3d9c-471f-a447-cc02b208592c", "referenced_uuid": "d098ecd3-4e1e-4602-92b9-45f53956eead", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-83a4-4a41-ac49-4cf502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852273", "to_ids": true, "type": "sha1", "uuid": "5a3b8d71-5b54-4646-a2d8-4ed802de0b81", "value": "a07dc261645c7b3ff5f37f5ae7ee0b629ab8f109" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852273", "to_ids": true, "type": "md5", "uuid": "5a3b8d71-d6b8-4e2e-af51-4bec02de0b81", "value": "01118e4cd8adec69c84e0311ec677971" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852273", "to_ids": true, "type": "sha256", "uuid": "5a3b8d71-ea90-49d2-82b0-4e4a02de0b81", "value": "7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852273", "uuid": "d098ecd3-4e1e-4602-92b9-45f53956eead", "Attribute": [ { "category": "External analysis", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852273", "to_ids": false, "type": "link", "uuid": "5a3b8d71-4590-4fa4-a7d2-489902de0b81", "value": "https://www.virustotal.com/file/7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e/analysis/1513838753/" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852273", "to_ids": false, "type": "text", "uuid": "5a3b8d71-69b0-41dd-9a3a-4d9f02de0b81", "value": "10/58" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852273", "to_ids": false, "type": "datetime", "uuid": "5a3b8d71-78fc-465c-9dba-473302de0b81", "value": "2017-12-21T06:45:53" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852276", "uuid": "95eca2e7-7290-4557-8b1c-72a9e7b68da4", "ObjectReference": [ { "comment": "", "object_uuid": "95eca2e7-7290-4557-8b1c-72a9e7b68da4", "referenced_uuid": "a4526f04-cb6e-4349-ab34-5587cf9dbf19", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-be34-49a7-a331-447502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852273", "to_ids": true, "type": "sha1", "uuid": "5a3b8d71-1b78-4729-9bc6-41c102de0b81", "value": "688183a9b36993c6dcc93d7be7a3e96a364447c9" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852273", "to_ids": true, "type": "md5", "uuid": "5a3b8d71-6cec-4cf9-9e05-4f4802de0b81", "value": "9ed66ef9fba9984fe7788eb1ec09d4ba" }, { "category": "Payload delivery", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852273", "to_ids": true, "type": "sha256", "uuid": "5a3b8d71-6380-453e-861c-453502de0b81", "value": "100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852273", "uuid": "a4526f04-cb6e-4349-ab34-5587cf9dbf19", "Attribute": [ { "category": "External analysis", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852273", "to_ids": false, "type": "link", "uuid": "5a3b8d71-55e8-418d-8a37-446202de0b81", "value": "https://www.virustotal.com/file/100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7/analysis/1513838920/" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852273", "to_ids": false, "type": "text", "uuid": "5a3b8d71-81fc-48ff-b858-477402de0b81", "value": "14/60" }, { "category": "Other", "comment": "JavaScript", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852273", "to_ids": false, "type": "datetime", "uuid": "5a3b8d71-09bc-4555-ad45-441502de0b81", "value": "2017-12-21T06:48:40" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852276", "uuid": "b593d6b3-0289-4c29-8448-2bb4d2de9d5e", "ObjectReference": [ { "comment": "", "object_uuid": "b593d6b3-0289-4c29-8448-2bb4d2de9d5e", "referenced_uuid": "2c9f7b5e-b7c1-45ee-bb59-facc1784a78f", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d73-8cbc-476e-b945-42d602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852273", "to_ids": true, "type": "sha1", "uuid": "5a3b8d71-eb5c-4a51-a15d-42e602de0b81", "value": "fb17a710aa690d939d74a6687ae04787fb6324ca" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852273", "to_ids": true, "type": "md5", "uuid": "5a3b8d71-6210-4c65-a11c-4aa102de0b81", "value": "878ececefc811b91361b69ff25290a6e" }, { "category": "Payload delivery", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852273", "to_ids": true, "type": "sha256", "uuid": "5a3b8d72-4dd8-47fc-9d5c-452102de0b81", "value": "772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852274", "uuid": "2c9f7b5e-b7c1-45ee-bb59-facc1784a78f", "Attribute": [ { "category": "External analysis", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852274", "to_ids": false, "type": "link", "uuid": "5a3b8d72-8988-43a0-b1c4-488302de0b81", "value": "https://www.virustotal.com/file/772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01/analysis/1513799414/" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852274", "to_ids": false, "type": "text", "uuid": "5a3b8d72-cea0-44c3-929e-461602de0b81", "value": "1/60" }, { "category": "Other", "comment": "Microsoft Compiled HTML Help (CHM)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852274", "to_ids": false, "type": "datetime", "uuid": "5a3b8d72-a658-47d9-996e-443602de0b81", "value": "2017-12-20T19:50:14" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1513852277", "uuid": "5dc053d0-4cc0-4b36-b940-2552b8c9ec30", "ObjectReference": [ { "comment": "", "object_uuid": "5dc053d0-4cc0-4b36-b940-2552b8c9ec30", "referenced_uuid": "50c5355f-02d7-4b0b-8116-332325c74894", "relationship_type": "analysed-with", "timestamp": "1514468224", "uuid": "5a3b8d74-adcc-418a-9992-41ba02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1513852274", "to_ids": true, "type": "sha1", "uuid": "5a3b8d72-1658-4801-92aa-4aa202de0b81", "value": "ef263466563037c4f358e6467157194eb0752bdf" }, { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1513852274", "to_ids": true, "type": "md5", "uuid": "5a3b8d72-6660-4479-8eff-4a5702de0b81", "value": "157074713fc886e3632acc6f040982dd" }, { "category": "Payload delivery", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1513852274", "to_ids": true, "type": "sha256", "uuid": "5a3b8d72-6bcc-4f0c-a841-401a02de0b81", "value": "b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1513852274", "uuid": "50c5355f-02d7-4b0b-8116-332325c74894", "Attribute": [ { "category": "External analysis", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1513852274", "to_ids": false, "type": "link", "uuid": "5a3b8d72-f83c-4200-8813-47e402de0b81", "value": "https://www.virustotal.com/file/b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d/analysis/1513839053/" }, { "category": "Other", "comment": "MS Office Docs", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1513852274", "to_ids": false, "type": "text", "uuid": "5a3b8d72-1408-4805-b520-48d002de0b81", "value": "26/61" }, { "category": "Other", "comment": "MS Office Docs", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1513852274", "to_ids": false, "type": "datetime", "uuid": "5a3b8d72-e134-4dbc-894e-419202de0b81", "value": "2017-12-21T06:50:53" } ] } ] } }