{ "Event": { "analysis": "0", "date": "2019-03-27", "extends_uuid": "", "info": "OSINT- WinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns", "publish_timestamp": "1554375618", "published": true, "threat_level_id": "3", "timestamp": "1554375589", "uuid": "5c9b46dc-f354-4e45-b44a-4966950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:malpedia=\"Azorult\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:malpedia=\"Quasar RAT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-malware=\"NETWIRE - S0198\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"Razy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:rat=\"Netwire\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:rat=\"Quasar RAT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:stealer=\"AZORult\"", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": "0", "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": "0", "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554199776", "to_ids": false, "type": "text", "uuid": "5ca334cd-3c38-4206-b4bd-44f8950d210f", "value": "WinRAR, an over 20-year-old file archival utility used by over 500 million users worldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability, disclosed in CVE-2018-20250 by Check Point Research, enables attackers to specify arbitrary destinations during file extraction of \u00e2\u20ac\u02dcACE\u00e2\u20ac\u2122 formatted files, regardless of user input. Attackers can easily achieve persistence and code execution by creating malicious archives that extract files to sensitive locations, like the Windows \u00e2\u20ac\u0153Startup\u00e2\u20ac\u009d Start Menu folder. While this vulnerability has been fixed in the latest version of WinRAR (5.70), WinRAR itself does not contain auto-update features, increasing the likelihood that many existing users remain running out-of-date versions.", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1554210403", "to_ids": true, "type": "ip-dst", "uuid": "5ca34188-a4c0-4be1-a512-4809950d210f", "value": "185.162.131.92" }, { "category": "Network activity", "comment": "Payload download", "deleted": false, "disable_correlation": false, "timestamp": "1554203782", "to_ids": true, "type": "url", "uuid": "5ca34486-c174-4835-a726-43cf950d210f", "value": "http://185.49.71.101/i/pwi_crs.exe" }, { "category": "Network activity", "comment": "Netwire C2", "deleted": false, "disable_correlation": false, "timestamp": "1554210433", "to_ids": true, "type": "ip-dst", "uuid": "5ca35e81-e368-425f-9334-4c26950d210f", "value": "89.34.111.113" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554213604", "to_ids": true, "type": "filename", "uuid": "5ca36ae4-99c8-4929-8075-472a950d210f", "value": "%USERPROFILE%\\Desktop\\100m.bat" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554281779", "to_ids": true, "type": "url", "uuid": "5ca47533-79f4-4c4a-b7a3-4c9e950d210f", "value": "www.alahbabgroup.com/bakala/verify.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554281782", "to_ids": true, "type": "url", "uuid": "5ca47536-ecbc-43b5-9e7c-474a950d210f", "value": "103.225.168.159/admin/verify.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554281782", "to_ids": true, "type": "url", "uuid": "5ca47536-1d78-46c4-bcea-491c950d210f", "value": "www.khuyay.org/odin_backup/public/loggoff.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554281782", "to_ids": true, "type": "url", "uuid": "5ca47536-e118-4430-a1bc-4eba950d210f", "value": "47.91.56.21/verify.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1554286287", "to_ids": true, "type": "ip-dst", "uuid": "5ca486cf-f20c-40e1-acd4-4be7950d210f", "value": "31.148.220.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554286287", "to_ids": true, "type": "url", "uuid": "5ca486cf-e3c4-4378-a2bf-4429950d210f", "value": "http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554365037", "to_ids": true, "type": "url", "uuid": "5ca5ba6d-a63c-4e1b-8207-4c96950d210f", "value": "http://103.225.168.159/admin/verify.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554365038", "to_ids": true, "type": "url", "uuid": "5ca5ba6e-c3d4-4e66-bc47-4b73950d210f", "value": "http://185.162.131.92" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554365038", "to_ids": true, "type": "url", "uuid": "5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f", "value": "http://47.91.56.21/verify.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554365038", "to_ids": true, "type": "url", "uuid": "5ca5ba6e-35a8-484e-b044-4986950d210f", "value": "http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554365038", "to_ids": true, "type": "url", "uuid": "5ca5ba6e-01fc-4117-8ff6-4d6f950d210f", "value": "http://www.alahbabgroup.com/bakala/verify.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554365038", "to_ids": true, "type": "url", "uuid": "5ca5ba6e-be44-4314-b8e5-4c12950d210f", "value": "http://www.khuyay.org/odin_backup/public/loggoff.php" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "5", "timestamp": "1553697780", "uuid": "5c9b8bf4-11d4-4450-882b-4d83950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1553697780", "to_ids": false, "type": "text", "uuid": "5c9b8bf4-81a0-484a-94aa-4524950d210f", "value": "\u00e2\u0161\u00a0\r\n WARNING \r\n\u00e2\u0161\u00a0\r\n\r\nWinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns\r\n(link: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html) fireeye.com/blog/threat-re\u00e2\u20ac\u00a6\r\nAll IOCs:\r\n(link: https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a) otx.alienvault.com/pulse/5c9a4ff3\u00e2\u20ac\u00a6\r\nExploit Details:\r\n(link: https://research.checkpoint.com/extracting-code-execution-from-winrar/) research.checkpoint.com/extracting-cod\u00e2\u20ac\u00a6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1553697780", "to_ids": false, "type": "text", "uuid": "5c9b8bf4-b480-4cf3-80c3-4e97950d210f", "value": "Twitter" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1553697780", "to_ids": true, "type": "url", "uuid": "5c9b8bf4-0bfc-4d15-9eca-4640950d210f", "value": "https://mobile.twitter.com/Bank_Security/status/1110795166762307585" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1553698134", "to_ids": true, "type": "link", "uuid": "5c9b8bf4-b578-4b65-ab12-4f46950d210f", "value": "https://t.co/WXbZ8UEIUY?amp=1" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1553698104", "to_ids": true, "type": "link", "uuid": "5c9b8bf4-daa4-45d3-949e-4814950d210f", "value": "https://t.co/4QpF7PmDLH?amp=1" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1553698109", "to_ids": true, "type": "link", "uuid": "5c9b8bf4-da6c-4fd2-a520-4e67950d210f", "value": "https://t.co/arJH9cqHID?amp=1" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1554374942", "to_ids": true, "type": "link", "uuid": "5c9b8bf4-f79c-4eab-8203-4699950d210f", "value": "https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html", "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": "0", "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": "0", "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1554374999", "to_ids": true, "type": "link", "uuid": "5c9b8bf4-a76c-4085-914a-4fa0950d210f", "value": "https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a", "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": "0", "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": "0", "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1554375000", "to_ids": true, "type": "link", "uuid": "5c9b8bf4-7c20-48fc-9447-4dd3950d210f", "value": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": "0", "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": "0", "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "creation-date", "timestamp": "1553697780", "to_ids": false, "type": "datetime", "uuid": "5c9b8bf4-aa90-4700-8335-43c2950d210f", "value": "2019-03-27T07:46:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1553697780", "to_ids": false, "type": "text", "uuid": "5c9b8bf4-f9d0-4d81-8a45-4059950d210f", "value": "Bank_Security" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554204429", "uuid": "5ca3352d-5220-47a1-acbf-4da1950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554204429", "to_ids": true, "type": "filename", "uuid": "5ca3352d-fe40-4df4-aa41-4f09950d210f", "value": "Scan_Letter_of_Approval.rar" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554204429", "to_ids": false, "type": "text", "uuid": "5ca3352d-6d04-4b13-8ff1-438b950d210f", "value": "Malicious" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554204432", "to_ids": true, "type": "md5", "uuid": "5ca34710-d240-4483-9fba-4cd8950d210f", "value": "8e067e4cda99299b0bf2481cc1fd8e12" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554207363", "uuid": "5ca33543-c790-4983-b1bb-4663950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554207363", "to_ids": true, "type": "filename", "uuid": "5ca33543-4910-49a0-bcb9-49ca950d210f", "value": "winSrvHost.vbs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554207363", "to_ids": false, "type": "text", "uuid": "5ca33543-a95c-4e6c-8c8c-4551950d210f", "value": "Malicious" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554207363", "to_ids": true, "type": "md5", "uuid": "5ca35283-f62c-4978-97e5-4bc8950d210f", "value": "3aabc9767d02c75ef44df6305bc6a41f" } ] }, { "comment": "decoy document", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554208790", "uuid": "5ca3355c-383c-4caa-be6c-4c46950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554208790", "to_ids": true, "type": "filename", "uuid": "5ca3355c-1e60-46af-b5a9-49f5950d210f", "value": "Letter of Approval.pdf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554208790", "to_ids": false, "type": "text", "uuid": "5ca3355c-f078-46b5-986d-4ea2950d210f", "value": "Malicious" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554208790", "to_ids": true, "type": "md5", "uuid": "5ca35816-bbdc-48dc-96be-4351950d210f", "value": "dc63d5affde0db95128dac52f9d19578" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554210292", "uuid": "5ca35df4-911c-46d0-a997-43f9950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554210292", "to_ids": true, "type": "filename", "uuid": "5ca35df4-5dc8-429b-bdf8-4dcc950d210f", "value": "pwi_crs.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554210292", "to_ids": true, "type": "md5", "uuid": "5ca35df4-0358-40b3-902c-4000950d210f", "value": "12def981952667740eb06ee91168e643" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554210292", "to_ids": false, "type": "text", "uuid": "5ca35df4-4a08-42ec-950a-4e55950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554213946", "uuid": "5ca36c3a-433c-4a6f-a46e-4084950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554213946", "to_ids": true, "type": "filename", "uuid": "5ca36c3a-5338-461b-9f48-4084950d210f", "value": "SysAid-Documentation.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554213946", "to_ids": true, "type": "md5", "uuid": "5ca36c3a-bca4-4f5e-878a-4084950d210f", "value": "062801f6fdbda4dd67b77834c62e82a4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554213946", "to_ids": false, "type": "text", "uuid": "5ca36c3a-8870-4f77-b7ec-4084950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554214721", "uuid": "5ca36f41-1ccc-4fd2-82b8-4062950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554214721", "to_ids": true, "type": "filename", "uuid": "5ca36f41-9e38-4ac2-8a91-4062950d210f", "value": "SysAid-Documentation.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554214721", "to_ids": true, "type": "md5", "uuid": "5ca36f41-ca18-487c-9586-4062950d210f", "value": "49419d84076b13e96540fdd911f1c2f0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554214721", "to_ids": false, "type": "text", "uuid": "5ca36f41-efec-4c1b-8c3d-4062950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554278919", "uuid": "5ca46a07-81c0-4819-91b2-d709950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554278919", "to_ids": true, "type": "filename", "uuid": "5ca46a07-94a0-4fdf-bdc6-d709950d210f", "value": "ekrnview.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554278920", "to_ids": true, "type": "md5", "uuid": "5ca46a08-f3f8-42f0-976f-d709950d210f", "value": "96986b18a8470f4020ea78df0b3db7d4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554278920", "to_ids": false, "type": "text", "uuid": "5ca46a08-c240-485f-a69e-d709950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554279888", "uuid": "5ca46dd0-955c-47b9-9511-ced9950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554279888", "to_ids": true, "type": "filename", "uuid": "5ca46dd0-eb5c-42e5-9016-ced9950d210f", "value": "Thumbs.db.lnk" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554279890", "to_ids": true, "type": "md5", "uuid": "5ca46dd2-ae64-4386-9716-ced9950d210f", "value": "31718d7b9b3261688688bdc4e026db99" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554279894", "to_ids": false, "type": "text", "uuid": "5ca46dd6-9b28-4a0f-a280-ced9950d210f", "value": "Malicious" } ] }, { "comment": "Email", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554281669", "uuid": "5ca474c5-95f8-435f-aff2-8a88950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554281670", "to_ids": true, "type": "md5", "uuid": "5ca474c6-c9a4-4a0e-9c9f-8a88950d210f", "value": "8c93e024fc194f520e4e72e761c0942d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554281676", "to_ids": false, "type": "text", "uuid": "5ca474cc-ef7c-4629-adf2-8a88950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554285781", "uuid": "5ca484d5-7b60-46fe-851d-41f7950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554285781", "to_ids": true, "type": "filename", "uuid": "5ca484d5-5304-40f8-b382-4afe950d210f", "value": "zakon.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554285781", "to_ids": true, "type": "md5", "uuid": "5ca484d5-6554-4b71-a8fd-407d950d210f", "value": "9b19753369b6ed1187159b95fc8a81cd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554285781", "to_ids": false, "type": "text", "uuid": "5ca484d5-4a10-49bd-aa54-4acc950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554286191", "uuid": "5ca4866f-f878-4e2d-84dc-4095950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554286191", "to_ids": true, "type": "filename", "uuid": "5ca4866f-2808-4f01-ba46-4713950d210f", "value": "mssconf.bat" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554286191", "to_ids": true, "type": "md5", "uuid": "5ca4866f-13c0-4909-bd5d-4083950d210f", "value": "79b53b4555c1fb39ba3c7b8ce9a4287e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554286191", "to_ids": false, "type": "text", "uuid": "5ca4866f-8a3c-453b-8968-474b950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554288808", "uuid": "5ca490a8-46c0-4464-8d48-456d950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554288809", "to_ids": true, "type": "filename", "uuid": "5ca490a9-8e18-467a-b8dd-4370950d210f", "value": "leaks copy.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554288809", "to_ids": true, "type": "md5", "uuid": "5ca490a9-4bf8-4ca2-95d2-405e950d210f", "value": "e9815dfb90776ab449539a2be7c16de5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554288809", "to_ids": false, "type": "text", "uuid": "5ca490a9-c0b4-4a29-ad71-4d26950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554293937", "uuid": "5ca4a4b1-b8cc-40d3-95a9-4090950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554293937", "to_ids": true, "type": "filename", "uuid": "5ca4a4b1-fe08-4297-8fe1-49d2950d210f", "value": "cc.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554293937", "to_ids": true, "type": "md5", "uuid": "5ca4a4b1-00ac-44bf-9996-4448950d210f", "value": "9b81b3174c9b699f594d725cf89ffaa4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554293937", "to_ids": false, "type": "text", "uuid": "5ca4a4b1-ae38-4e86-8f8b-4a8a950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554294283", "uuid": "5ca4a60b-9d04-4f5c-93f2-4d91950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554294283", "to_ids": true, "type": "filename", "uuid": "5ca4a60b-489c-42f0-90a1-433e950d210f", "value": "zabugor.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294283", "to_ids": true, "type": "md5", "uuid": "5ca4a60b-9fd8-4b69-90fe-4cee950d210f", "value": "914ac7ecf2557d5836f26a151c1b9b62" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554294283", "to_ids": false, "type": "text", "uuid": "5ca4a60b-cc90-46c2-bb49-4fcf950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554294764", "uuid": "5ca4a7ec-7f2c-437a-a124-4b84950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554294764", "to_ids": true, "type": "filename", "uuid": "5ca4a7ec-732c-4c62-8b60-429f950d210f", "value": "zabugorV.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294764", "to_ids": true, "type": "md5", "uuid": "5ca4a7ec-eea4-4f2a-957e-45ee950d210f", "value": "eca09fe8dcbc9d1c097277f2b3ef1081" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554294764", "to_ids": false, "type": "text", "uuid": "5ca4a7ec-fe1c-4daf-b0bc-4f3c950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554294796", "uuid": "5ca4a80c-2170-4c49-b18e-4018950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554294797", "to_ids": true, "type": "filename", "uuid": "5ca4a80d-ce34-4f89-b5b1-43c2950d210f", "value": "Combolist.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294797", "to_ids": true, "type": "md5", "uuid": "5ca4a80d-d078-4c34-a694-46cb950d210f", "value": "1f5fa51ac9517d70f136e187d45f69de" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554294797", "to_ids": false, "type": "text", "uuid": "5ca4a80d-6728-4ed0-8532-4ee4950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554294829", "uuid": "5ca4a82d-0f6c-4877-b8a4-4073950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554294829", "to_ids": true, "type": "filename", "uuid": "5ca4a82d-58ec-4299-8f74-4c0a950d210f", "value": "Nulled2019.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294829", "to_ids": true, "type": "md5", "uuid": "5ca4a82d-fb34-4a85-b92d-4650950d210f", "value": "f36404fb24a640b40e2d43c72c18e66b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554294829", "to_ids": false, "type": "text", "uuid": "5ca4a82d-5e0c-4674-8947-446c950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554296565", "uuid": "5ca4aef5-a100-4a27-bc1d-43b1950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554296565", "to_ids": true, "type": "filename", "uuid": "5ca4aef5-b590-4678-91f0-4920950d210f", "value": "IT.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554296569", "to_ids": true, "type": "md5", "uuid": "5ca4aef9-30bc-4579-a6b7-4754950d210f", "value": "0f56b04a4e9a0df94c7f89c1bccf830c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554296573", "to_ids": false, "type": "text", "uuid": "5ca4aefd-489c-4d83-9ab2-4622950d210f", "value": "Malicious" } ] }, { "comment": "QuasarRAT", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554300197", "uuid": "5ca4bd25-7734-4740-bac3-4cab950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554300197", "to_ids": true, "type": "filename", "uuid": "5ca4bd25-3378-4916-bfa1-4f17950d210f", "value": "explorer.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300198", "to_ids": true, "type": "md5", "uuid": "5ca4bd26-b850-4b8a-8ee3-490f950d210f", "value": "1ba398b0a14328b9604eeb5ebf139b40" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554300198", "to_ids": false, "type": "text", "uuid": "5ca4bd26-d76c-4599-9727-448c950d210f", "value": "Malicious" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554300221", "uuid": "5ca4bd3d-3320-411a-86ce-48fc950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554300221", "to_ids": true, "type": "filename", "uuid": "5ca4bd3d-fa18-475b-8c96-42cf950d210f", "value": "explorer.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300221", "to_ids": true, "type": "md5", "uuid": "5ca4bd3d-c5e0-4eab-9c7b-4a2f950d210f", "value": "aac00312a961e81c4af4664c49b4a2b2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554300221", "to_ids": false, "type": "text", "uuid": "5ca4bd3d-956c-457c-927a-4dc7950d210f", "value": "Malicious" } ] }, { "comment": "Netwire", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554300248", "uuid": "5ca4bd58-9274-4fc3-9eae-424e950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554300248", "to_ids": true, "type": "filename", "uuid": "5ca4bd58-dd34-4802-8111-49eb950d210f", "value": "IntelAudio.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300249", "to_ids": true, "type": "md5", "uuid": "5ca4bd59-d288-4ea4-b6ea-479f950d210f", "value": "2961c52f04b7fdf7ccf6c01ac259d767" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554300249", "to_ids": false, "type": "text", "uuid": "5ca4bd59-04dc-4c35-8047-4a35950d210f", "value": "Malicious" } ] }, { "comment": "Razy", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554300276", "uuid": "5ca4bd74-949c-45b2-9290-4e09950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554300276", "to_ids": true, "type": "filename", "uuid": "5ca4bd74-2764-4dfe-ba20-492f950d210f", "value": "Discord.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300276", "to_ids": true, "type": "md5", "uuid": "5ca4bd74-81f8-405b-b459-458a950d210f", "value": "97d74671d0489071baa21f38f456eb74" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554300276", "to_ids": false, "type": "text", "uuid": "5ca4bd74-f748-466c-8d1d-4add950d210f", "value": "Malicious" } ] }, { "comment": "Buzy", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554300303", "uuid": "5ca4bd8f-6bac-4726-87b5-49ef950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554300303", "to_ids": true, "type": "filename", "uuid": "5ca4bd8f-491c-49f6-a8d7-40c3950d210f", "value": "Discord.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300312", "to_ids": true, "type": "md5", "uuid": "5ca4bd98-d874-4eed-ab8c-472f950d210f", "value": "bcc49643833a4d8545ed4145fb6fdfd2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554300313", "to_ids": false, "type": "text", "uuid": "5ca4bd99-4ed4-41ff-a4c0-4932950d210f", "value": "Malicious" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554302428", "uuid": "5ca4c5dc-542c-48e1-91be-4b39950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1554302428", "to_ids": true, "type": "filename", "uuid": "5ca4c5dc-1d24-45a3-a121-4edc950d210f", "value": "old.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554302428", "to_ids": true, "type": "md5", "uuid": "5ca4c5dc-f3e4-47e0-816f-49e8950d210f", "value": "119a0fd733bc1a013b0d4399112b8626" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554302428", "to_ids": false, "type": "text", "uuid": "5ca4c5dc-e128-42c4-afa9-449a950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1554368840", "uuid": "5ca5c948-d538-4f46-850c-4867950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554368840", "to_ids": true, "type": "md5", "uuid": "5ca5c948-6308-4c7c-9400-4438950d210f", "value": "7dae2d144dae4447a152bef586520ef8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1554368840", "to_ids": false, "type": "text", "uuid": "5ca5c948-a84c-481c-be5d-41b7950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375558", "uuid": "93cde704-eb81-46a1-bf16-412a7c6abbdf", "ObjectReference": [ { "comment": "", "object_uuid": "93cde704-eb81-46a1-bf16-412a7c6abbdf", "referenced_uuid": "bb78d9ea-99dd-4557-8135-d577734bdace", "relationship_type": "analysed-with", "timestamp": "1554375564", "uuid": "5ca5e38c-1ef0-40d7-ac41-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554302428", "to_ids": true, "type": "md5", "uuid": "8c9f104c-fcb9-4583-b414-6869383edc6a", "value": "119a0fd733bc1a013b0d4399112b8626" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554302428", "to_ids": true, "type": "sha1", "uuid": "8314350d-9f25-4c9a-9e93-d0f60cc0a84b", "value": "092e7d2aa0c518a499e8cc5aaf3e827ad3b66512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554302428", "to_ids": true, "type": "sha256", "uuid": "f985c436-aec4-4a6d-830c-94964de578ab", "value": "87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375558", "uuid": "bb78d9ea-99dd-4557-8135-d577734bdace", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554302428", "to_ids": false, "type": "datetime", "uuid": "9beab9c9-b030-42d5-963a-07948cc15406", "value": "2019-03-27T21:41:06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554302428", "to_ids": false, "type": "link", "uuid": "96552c73-8407-4a1b-b581-1d8a1f67e8bc", "value": "https://www.virustotal.com/file/87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0/analysis/1553722866/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554302428", "to_ids": false, "type": "text", "uuid": "6229267a-31f2-4c37-a98f-fcad7f56d641", "value": "50/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375559", "uuid": "e6a06d80-1a38-4b89-8be3-0242f4f284be", "ObjectReference": [ { "comment": "", "object_uuid": "e6a06d80-1a38-4b89-8be3-0242f4f284be", "referenced_uuid": "382da157-8d8e-479d-8449-2a7a7c54b674", "relationship_type": "analysed-with", "timestamp": "1554375564", "uuid": "5ca5e38c-878c-4b26-8654-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294797", "to_ids": true, "type": "md5", "uuid": "e133f567-a1d3-4756-8519-8603ac348dfa", "value": "1f5fa51ac9517d70f136e187d45f69de" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554294797", "to_ids": true, "type": "sha1", "uuid": "1f3c34da-dbc4-41f1-a890-c8a6d1e5f25c", "value": "fddc26459a6c6055a320f282a5ac51d1b74f2fd3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554294797", "to_ids": true, "type": "sha256", "uuid": "3d38637a-7545-4a83-80a9-9cbc3e096100", "value": "6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375559", "uuid": "382da157-8d8e-479d-8449-2a7a7c54b674", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554294797", "to_ids": false, "type": "datetime", "uuid": "fcc179d9-1bd5-410d-99fa-718daee19a8d", "value": "2019-03-27T21:40:58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554294797", "to_ids": false, "type": "link", "uuid": "f29a7f37-dd60-4a5d-8591-8b002722574c", "value": "https://www.virustotal.com/file/6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f/analysis/1553722858/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554294797", "to_ids": false, "type": "text", "uuid": "c6e43a6d-edf5-48a5-b634-1c79b8ff11b1", "value": "31/56" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375559", "uuid": "f6d2b694-c79b-465e-979a-cb05135b5a97", "ObjectReference": [ { "comment": "", "object_uuid": "f6d2b694-c79b-465e-979a-cb05135b5a97", "referenced_uuid": "ecd4d490-5fe8-46c8-8434-ecdaf383d422", "relationship_type": "analysed-with", "timestamp": "1554375564", "uuid": "5ca5e38c-7d64-4a8b-adc8-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554210292", "to_ids": true, "type": "md5", "uuid": "741ebd2e-bb0e-4cef-aac2-35725bdf9dfe", "value": "12def981952667740eb06ee91168e643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554210292", "to_ids": true, "type": "sha1", "uuid": "ad271343-b160-4ff9-9e07-296444724260", "value": "1df08806e39ed6f9f3a5cb228f3be744936e201e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554210292", "to_ids": true, "type": "sha256", "uuid": "b33a14f5-aa8a-4d4a-ac13-f0523d01d912", "value": "c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375559", "uuid": "ecd4d490-5fe8-46c8-8434-ecdaf383d422", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554210292", "to_ids": false, "type": "datetime", "uuid": "565b6568-d456-4e2e-acf6-5d67b8b522f5", "value": "2019-04-04T06:32:35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554210292", "to_ids": false, "type": "link", "uuid": "c4b3f8ec-089e-4ea0-8c3f-c9da23acd89e", "value": "https://www.virustotal.com/file/c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b/analysis/1554359555/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554210292", "to_ids": false, "type": "text", "uuid": "76664654-df97-4498-997b-dd21a0e35b7e", "value": "43/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375559", "uuid": "b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7", "ObjectReference": [ { "comment": "", "object_uuid": "b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7", "referenced_uuid": "54777b78-ec4c-4356-8e7e-47c9bf4cdcda", "relationship_type": "analysed-with", "timestamp": "1554375564", "uuid": "5ca5e38c-0eb4-4aa6-a170-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294764", "to_ids": true, "type": "md5", "uuid": "08d5cbe0-46a5-4113-8a0c-873eaaf3eb91", "value": "eca09fe8dcbc9d1c097277f2b3ef1081" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554294764", "to_ids": true, "type": "sha1", "uuid": "4be583dc-4e17-4cd5-82e0-de5510b68b8a", "value": "a4185a50ccac29056e2e56ad85b8d74adc8ec7ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554294764", "to_ids": true, "type": "sha256", "uuid": "6bf9d606-8171-4ddf-a307-aed9a1302ad0", "value": "83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375559", "uuid": "54777b78-ec4c-4356-8e7e-47c9bf4cdcda", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554294764", "to_ids": false, "type": "datetime", "uuid": "ca8a2227-5e14-449f-992f-103c90818e66", "value": "2019-03-27T21:41:05" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554294764", "to_ids": false, "type": "link", "uuid": "4bde1856-53a3-4a92-a62a-e087a5257d82", "value": "https://www.virustotal.com/file/83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce/analysis/1553722865/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554294764", "to_ids": false, "type": "text", "uuid": "cc548348-c570-441e-aacb-63ce091ad1a8", "value": "33/55" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375559", "uuid": "c945a6c0-c445-4c44-be12-83436bcfd415", "ObjectReference": [ { "comment": "", "object_uuid": "c945a6c0-c445-4c44-be12-83436bcfd415", "referenced_uuid": "94d10499-0534-45c0-8ecf-770f73b5db6c", "relationship_type": "analysed-with", "timestamp": "1554375564", "uuid": "5ca5e38c-5cb0-49d6-8ba4-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300276", "to_ids": true, "type": "md5", "uuid": "16842bfe-8993-4130-b60a-1f123150c538", "value": "97d74671d0489071baa21f38f456eb74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554300276", "to_ids": true, "type": "sha1", "uuid": "15558512-09f1-4c84-8d73-a3f44818bf0f", "value": "3bb63aa0b92cc1bde8d027112e5b037cc65ca9cb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554300276", "to_ids": true, "type": "sha256", "uuid": "d223bb7c-cec3-444c-87ab-679d29c3459f", "value": "73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375559", "uuid": "94d10499-0534-45c0-8ecf-770f73b5db6c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554300276", "to_ids": false, "type": "datetime", "uuid": "bb8a1c29-37ad-4712-8597-af71d8026d8f", "value": "2019-04-02T04:08:58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554300276", "to_ids": false, "type": "link", "uuid": "f77ff9ca-1dbc-4c38-be3b-8825ba4b08e9", "value": "https://www.virustotal.com/file/73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9/analysis/1554178138/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554300276", "to_ids": false, "type": "text", "uuid": "dbe53327-a8b6-4672-b914-156659f88f9e", "value": "51/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375560", "uuid": "9328597f-c9b9-417d-8c35-0a3a6c45d73b", "ObjectReference": [ { "comment": "", "object_uuid": "9328597f-c9b9-417d-8c35-0a3a6c45d73b", "referenced_uuid": "36ac2225-5a1d-4974-b50b-0867497073fc", "relationship_type": "analysed-with", "timestamp": "1554375564", "uuid": "5ca5e38c-9ae0-4f14-8f19-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554204432", "to_ids": true, "type": "md5", "uuid": "09ef8dac-712e-4354-ae34-ab09598f2d62", "value": "8e067e4cda99299b0bf2481cc1fd8e12" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554204432", "to_ids": true, "type": "sha1", "uuid": "2760db2c-5fea-4d9e-9233-bbf726aed4ef", "value": "3a92a121201c209d3e091b795274c22a4ea71963" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554204432", "to_ids": true, "type": "sha256", "uuid": "5c6deb0c-4d5b-4f95-b3fd-ce2ea22126d5", "value": "e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375560", "uuid": "36ac2225-5a1d-4974-b50b-0867497073fc", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554204432", "to_ids": false, "type": "datetime", "uuid": "cda7e557-6ee3-4683-81fe-b8720b5b641b", "value": "2019-03-29T05:20:01" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554204432", "to_ids": false, "type": "link", "uuid": "e24d4bfd-ae1d-4397-a389-8645acbf8d90", "value": "https://www.virustotal.com/file/e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649/analysis/1553836801/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554204432", "to_ids": false, "type": "text", "uuid": "942e32c4-826a-4e1c-b527-aed28d14a14f", "value": "28/56" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375560", "uuid": "550a0ca7-ccf5-4143-96dd-b372c9d532f3", "ObjectReference": [ { "comment": "", "object_uuid": "550a0ca7-ccf5-4143-96dd-b372c9d532f3", "referenced_uuid": "99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a", "relationship_type": "analysed-with", "timestamp": "1554375564", "uuid": "5ca5e38c-a4a4-4532-8cfd-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554288809", "to_ids": true, "type": "md5", "uuid": "2cbaa580-2cba-4fe2-8ec1-8fca9ce11cb6", "value": "e9815dfb90776ab449539a2be7c16de5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554288809", "to_ids": true, "type": "sha1", "uuid": "efaa759b-f294-475e-a99f-52ad0487a89b", "value": "178b02f21efd10a7c98f654fc68c88468738042e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554288809", "to_ids": true, "type": "sha256", "uuid": "47eff58e-c35f-44c2-8b96-267e38986963", "value": "c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375560", "uuid": "99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554288809", "to_ids": false, "type": "datetime", "uuid": "e7dec0a9-afee-44ae-823c-12179dc2ad7e", "value": "2019-03-27T21:41:31" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554288809", "to_ids": false, "type": "link", "uuid": "3e484ad3-5997-4ccf-b1a6-3a5d891365be", "value": "https://www.virustotal.com/file/c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c/analysis/1553722891/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554288809", "to_ids": false, "type": "text", "uuid": "e82b82e1-cc43-4eb8-bf51-b1158a1cc0ec", "value": "28/55" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375560", "uuid": "ff40c2e7-d34c-4542-a26c-17e782a6fafb", "ObjectReference": [ { "comment": "", "object_uuid": "ff40c2e7-d34c-4542-a26c-17e782a6fafb", "referenced_uuid": "947c136b-e247-4529-849b-09ddeea124f0", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-a610-4f01-a173-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554208790", "to_ids": true, "type": "md5", "uuid": "a3992e22-9023-406c-b82e-b9ee8dbbd704", "value": "dc63d5affde0db95128dac52f9d19578" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554208790", "to_ids": true, "type": "sha1", "uuid": "78597b69-4c97-4e9c-98a5-8e053ea43943", "value": "539efdad458cf6563d1735632df1fb2c39acfedd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554208790", "to_ids": true, "type": "sha256", "uuid": "79fbb42d-a4db-4397-9e11-085fd2e4d568", "value": "17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375560", "uuid": "947c136b-e247-4529-849b-09ddeea124f0", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554208790", "to_ids": false, "type": "datetime", "uuid": "d4e3ba49-f61e-4e67-8187-7474cc86df81", "value": "2019-03-29T12:43:20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554208790", "to_ids": false, "type": "link", "uuid": "0e086d43-d432-448f-b93f-a3b9837cba45", "value": "https://www.virustotal.com/file/17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6/analysis/1553863400/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554208790", "to_ids": false, "type": "text", "uuid": "712ff8c6-b9e0-4729-91fc-ff6ccab2a2a0", "value": "0/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375560", "uuid": "6d055204-92e1-440c-9a0b-6e0fd09d72e9", "ObjectReference": [ { "comment": "", "object_uuid": "6d055204-92e1-440c-9a0b-6e0fd09d72e9", "referenced_uuid": "f517121e-0639-45a7-a0ce-7d7e1826730a", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-ddc8-42bc-ab5e-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554281670", "to_ids": true, "type": "md5", "uuid": "f7b08be2-c0b6-4469-8521-2e5377f66454", "value": "8c93e024fc194f520e4e72e761c0942d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554281670", "to_ids": true, "type": "sha1", "uuid": "e787a6ec-fef9-4e94-89a7-977559dbe0b9", "value": "b7dd83d96a480e2f8c653f5339764dd3fe38ce81" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554281670", "to_ids": true, "type": "sha256", "uuid": "fb923894-ac5e-48c2-8336-8d025003e449", "value": "5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375560", "uuid": "f517121e-0639-45a7-a0ce-7d7e1826730a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554281670", "to_ids": false, "type": "datetime", "uuid": "350bd5bd-90e5-4b64-b8f3-7c854166a4a2", "value": "2019-03-29T05:29:07" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554281670", "to_ids": false, "type": "link", "uuid": "05677bc0-97e1-4004-8169-6db4587a5b4e", "value": "https://www.virustotal.com/file/5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c/analysis/1553837347/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554281670", "to_ids": false, "type": "text", "uuid": "e6f88c2a-7758-4953-a88b-1ee84a1e99d4", "value": "29/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375560", "uuid": "eb0a6c2c-53fb-4aef-a7fd-da6c154281e9", "ObjectReference": [ { "comment": "", "object_uuid": "eb0a6c2c-53fb-4aef-a7fd-da6c154281e9", "referenced_uuid": "ef1af813-b308-4fb3-89ad-b57491d76acb", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-99ec-4f20-b560-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554207363", "to_ids": true, "type": "md5", "uuid": "a267ec4f-0e9d-41e0-b257-b41b47afb899", "value": "3aabc9767d02c75ef44df6305bc6a41f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554207363", "to_ids": true, "type": "sha1", "uuid": "5f79ad02-5c58-4f4a-b134-d675434c8e98", "value": "1210766d7137be26f84d1882357559841b698cef" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554207363", "to_ids": true, "type": "sha256", "uuid": "da3d7193-f067-4da7-be09-2e4d1e1ac22d", "value": "e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375560", "uuid": "ef1af813-b308-4fb3-89ad-b57491d76acb", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554207363", "to_ids": false, "type": "datetime", "uuid": "109fdc32-8735-4b87-a3d2-503b63da577b", "value": "2019-04-01T20:02:27" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554207363", "to_ids": false, "type": "link", "uuid": "36eb457b-417a-44cd-a001-d228d29c6b6f", "value": "https://www.virustotal.com/file/e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967/analysis/1554148947/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554207363", "to_ids": false, "type": "text", "uuid": "2829ad9f-6b97-4d49-92e0-68243c3d4bd0", "value": "22/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375561", "uuid": "dd29a4a3-c07e-4a56-9f27-410b1e070559", "ObjectReference": [ { "comment": "", "object_uuid": "dd29a4a3-c07e-4a56-9f27-410b1e070559", "referenced_uuid": "2681a029-e095-4a15-a60e-5b39bb9cf743", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-8c5c-4b40-bdef-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554286191", "to_ids": true, "type": "md5", "uuid": "3aa41c9e-942d-44fd-9146-3cc00fd659a8", "value": "79b53b4555c1fb39ba3c7b8ce9a4287e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554286191", "to_ids": true, "type": "sha1", "uuid": "d9a12014-ed87-469c-a1e7-b2de06c6d0a4", "value": "90764c28ce62b6ea005dd7e616f7ada4fcd170ad" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554286191", "to_ids": true, "type": "sha256", "uuid": "fe4c1661-ddf2-4529-b764-6d93c0041423", "value": "08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375561", "uuid": "2681a029-e095-4a15-a60e-5b39bb9cf743", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554286191", "to_ids": false, "type": "datetime", "uuid": "14e0668a-3a17-4bf4-b32d-3ba02a2049ac", "value": "2019-03-29T05:35:29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554286191", "to_ids": false, "type": "link", "uuid": "20e3fd93-1dd9-4456-9948-f99675ea9dd3", "value": "https://www.virustotal.com/file/08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf/analysis/1553837729/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554286191", "to_ids": false, "type": "text", "uuid": "dcd9fa6f-0f51-4a76-835c-be1653c74242", "value": "26/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375561", "uuid": "996e8502-42f2-46ce-a819-264bd1c0374e", "ObjectReference": [ { "comment": "", "object_uuid": "996e8502-42f2-46ce-a819-264bd1c0374e", "referenced_uuid": "5508860a-3775-4c49-a97c-234666b38510", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-a9b8-4780-b19b-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294829", "to_ids": true, "type": "md5", "uuid": "798ccebb-f6bd-488a-acc0-6c34699b49c9", "value": "f36404fb24a640b40e2d43c72c18e66b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554294829", "to_ids": true, "type": "sha1", "uuid": "b0051f49-ec1c-4a1f-bc3f-698b58e6e6d7", "value": "ed6b9c876a8a4fe01623972e8733ec2a90177ad1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554294829", "to_ids": true, "type": "sha256", "uuid": "5b7a830c-7fe6-4f89-9936-06eacb77dbb6", "value": "6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375561", "uuid": "5508860a-3775-4c49-a97c-234666b38510", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554294829", "to_ids": false, "type": "datetime", "uuid": "192f5431-d8c0-430a-a04b-bb1afbb10f4d", "value": "2019-03-27T21:40:57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554294829", "to_ids": false, "type": "link", "uuid": "494ad934-586f-49c7-9fe4-1cb4b357a506", "value": "https://www.virustotal.com/file/6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2/analysis/1553722857/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554294829", "to_ids": false, "type": "text", "uuid": "e0cce08c-a0d6-4eaf-aad6-7c377cc0e74f", "value": "34/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375561", "uuid": "ffebb241-ef81-48b2-91e3-fe715182f904", "ObjectReference": [ { "comment": "", "object_uuid": "ffebb241-ef81-48b2-91e3-fe715182f904", "referenced_uuid": "ace2107f-3ab5-4b01-a221-521235ac2753", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-883c-413b-9c0d-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554278920", "to_ids": true, "type": "md5", "uuid": "688a80dc-8b95-4ca3-9c35-9900ff90badc", "value": "96986b18a8470f4020ea78df0b3db7d4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554278920", "to_ids": true, "type": "sha1", "uuid": "02430c61-5e25-44d4-b380-46a075b3ebaa", "value": "431c792fcc8ba9b58f0ffde5c8fe6fd93066ec45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554278920", "to_ids": true, "type": "sha256", "uuid": "2a2156ce-6abe-4714-9929-0336aa005ba4", "value": "2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375561", "uuid": "ace2107f-3ab5-4b01-a221-521235ac2753", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554278920", "to_ids": false, "type": "datetime", "uuid": "cf481ea6-dd65-435c-8e37-e4554834e0e1", "value": "2019-04-02T15:27:29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554278920", "to_ids": false, "type": "link", "uuid": "1c745f93-920c-44e0-9d4e-f226b5351a46", "value": "https://www.virustotal.com/file/2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e/analysis/1554218849/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554278920", "to_ids": false, "type": "text", "uuid": "026dd833-b81e-4428-8adc-145c79c1a7d2", "value": "50/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375561", "uuid": "5565b852-a761-4c28-b520-91f0eac10203", "ObjectReference": [ { "comment": "", "object_uuid": "5565b852-a761-4c28-b520-91f0eac10203", "referenced_uuid": "0c6ca9fc-6775-4329-819b-0af00f86b722", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-377c-4a63-8bf2-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300249", "to_ids": true, "type": "md5", "uuid": "8d663d77-0e7e-41e3-aa08-22f34c53c1fd", "value": "2961c52f04b7fdf7ccf6c01ac259d767" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554300249", "to_ids": true, "type": "sha1", "uuid": "1acee4fe-87c3-47b9-8128-6060fbce24f8", "value": "2c1ff2f2d463fd66bb630e02a4596e42f73f3ea9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554300249", "to_ids": true, "type": "sha256", "uuid": "25337546-0af5-4792-9a66-6c993e5e0027", "value": "bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375561", "uuid": "0c6ca9fc-6775-4329-819b-0af00f86b722", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554300249", "to_ids": false, "type": "datetime", "uuid": "ae154983-4c39-4a58-aa86-95e0573452df", "value": "2019-04-01T15:09:35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554300249", "to_ids": false, "type": "link", "uuid": "9731d4df-bede-4c7b-a84f-e3409931ef31", "value": "https://www.virustotal.com/file/bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283/analysis/1554131375/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554300249", "to_ids": false, "type": "text", "uuid": "13d3e396-14a1-4642-9dea-e61e30a2c7bf", "value": "33/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375561", "uuid": "4226488e-3eca-40fe-b7cd-7cd72eac36ed", "ObjectReference": [ { "comment": "", "object_uuid": "4226488e-3eca-40fe-b7cd-7cd72eac36ed", "referenced_uuid": "f42cd377-f5d2-4495-a22b-e072af84b53d", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-ec34-4e2c-9dde-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554296569", "to_ids": true, "type": "md5", "uuid": "dfe0429d-e71b-4f9e-a626-bff95708742c", "value": "0f56b04a4e9a0df94c7f89c1bccf830c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554296569", "to_ids": true, "type": "sha1", "uuid": "878a67a9-4ce2-4ab6-860d-b62f011ca7c9", "value": "73895da7b3f1780eeca9750172e1a9545fa63782" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554296569", "to_ids": true, "type": "sha256", "uuid": "eb7df52e-3a53-45d7-a17b-d3bfb01b3f47", "value": "d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375561", "uuid": "f42cd377-f5d2-4495-a22b-e072af84b53d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554296569", "to_ids": false, "type": "datetime", "uuid": "9c7704c6-2d0d-44e5-9a55-f7a5459016dc", "value": "2019-03-27T21:41:37" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554296569", "to_ids": false, "type": "link", "uuid": "6a2896ea-9cdf-4461-b8cc-b02fa1353e37", "value": "https://www.virustotal.com/file/d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c/analysis/1553722897/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554296569", "to_ids": false, "type": "text", "uuid": "f45ebe03-d435-4aef-a6ae-8b4a83142f23", "value": "31/54" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375562", "uuid": "b218ae1a-0d6c-4a65-8fca-502b578fe1b7", "ObjectReference": [ { "comment": "", "object_uuid": "b218ae1a-0d6c-4a65-8fca-502b578fe1b7", "referenced_uuid": "e846f5c4-79f6-4e64-b744-222508aad1f8", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-8b70-48a5-a35f-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554294283", "to_ids": true, "type": "md5", "uuid": "f46e90d9-b96c-4fc2-a662-2c81fac59cd9", "value": "914ac7ecf2557d5836f26a151c1b9b62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554294283", "to_ids": true, "type": "sha1", "uuid": "9cb9336e-b263-44b2-b5ea-6e37755314c2", "value": "49b7c035cead28573b793b3947621a330b216b2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554294283", "to_ids": true, "type": "sha256", "uuid": "7eedffe8-a464-404c-9ba2-381252b45150", "value": "245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375562", "uuid": "e846f5c4-79f6-4e64-b744-222508aad1f8", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554294283", "to_ids": false, "type": "datetime", "uuid": "f04f4c69-06c2-4ae6-b54c-103f2ea7b273", "value": "2019-03-26T01:43:50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554294283", "to_ids": false, "type": "link", "uuid": "74ab99c3-0e96-43f9-b286-6058716bd1e5", "value": "https://www.virustotal.com/file/245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc/analysis/1553564630/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554294283", "to_ids": false, "type": "text", "uuid": "75cff71b-ee95-4f7a-aae1-06e70db035f8", "value": "35/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375562", "uuid": "1d235ad4-9ff2-465f-b0c3-59401db6a1ba", "ObjectReference": [ { "comment": "", "object_uuid": "1d235ad4-9ff2-465f-b0c3-59401db6a1ba", "referenced_uuid": "67497812-2875-4d21-b39b-84c4814b8589", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-75ac-47f5-962a-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300221", "to_ids": true, "type": "md5", "uuid": "c28c87af-8f66-4af0-a914-fee188788177", "value": "aac00312a961e81c4af4664c49b4a2b2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554300221", "to_ids": true, "type": "sha1", "uuid": "b64b27f4-4f80-4454-9cb2-6bf2fe50eaa9", "value": "ab4fb9d8f917d2c45f3792c05c29799bf27cdd9f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554300221", "to_ids": true, "type": "sha256", "uuid": "49000e3a-6c75-4e9b-91ce-fca1e7f2191d", "value": "a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375562", "uuid": "67497812-2875-4d21-b39b-84c4814b8589", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554300221", "to_ids": false, "type": "datetime", "uuid": "f5b5ee0e-d5ea-48b9-bbd6-b7ca034d1926", "value": "2019-03-27T21:41:15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554300221", "to_ids": false, "type": "link", "uuid": "02fc2be9-9f6a-4e0f-bfde-4d104ce30909", "value": "https://www.virustotal.com/file/a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14/analysis/1553722875/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554300221", "to_ids": false, "type": "text", "uuid": "e13fd81b-0e00-4ede-83e3-d81894abf9e5", "value": "53/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375562", "uuid": "e540d071-510e-4aa4-a9b2-9bc49249b5d9", "ObjectReference": [ { "comment": "", "object_uuid": "e540d071-510e-4aa4-a9b2-9bc49249b5d9", "referenced_uuid": "99640379-c5b4-4f87-9607-87df8a39953c", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-11c8-40b1-81ff-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554300312", "to_ids": true, "type": "md5", "uuid": "9a7edd40-d1a7-4c3e-9786-034dda8c6f3b", "value": "bcc49643833a4d8545ed4145fb6fdfd2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554300312", "to_ids": true, "type": "sha1", "uuid": "9e7398f9-61b8-40d8-a284-937b2e447f80", "value": "a88113c715c8ee254057bc7926d3535ab841e122" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554300312", "to_ids": true, "type": "sha256", "uuid": "a126247a-9fcc-4be2-94af-e8275ff97040", "value": "98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375562", "uuid": "99640379-c5b4-4f87-9607-87df8a39953c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554300312", "to_ids": false, "type": "datetime", "uuid": "c84221c1-2109-44be-80bb-c2ba345a8982", "value": "2019-04-02T03:51:02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554300312", "to_ids": false, "type": "link", "uuid": "1bf2ee69-ee15-46ba-bdd4-50bd88c487c5", "value": "https://www.virustotal.com/file/98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad/analysis/1554177062/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554300312", "to_ids": false, "type": "text", "uuid": "96e1c7d8-951a-4d53-9c3d-3a63867a2545", "value": "49/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375562", "uuid": "2f03f8ef-703c-4570-9f50-3a5819b28a8f", "ObjectReference": [ { "comment": "", "object_uuid": "2f03f8ef-703c-4570-9f50-3a5819b28a8f", "referenced_uuid": "41e4fe85-b192-4277-b98a-00b4a08132bc", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-c93c-4a37-9a2a-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554285781", "to_ids": true, "type": "md5", "uuid": "72d87698-f4b1-43dd-a87e-fee4b1142d0f", "value": "9b19753369b6ed1187159b95fc8a81cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554285781", "to_ids": true, "type": "sha1", "uuid": "5ffa4482-0107-4725-a754-c6beed1d5716", "value": "cafb67eeb2de076e7e6b0143dac87bb11f7134ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554285781", "to_ids": true, "type": "sha256", "uuid": "d57c3f47-e49b-48d0-8701-fb3dba1295ad", "value": "6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375562", "uuid": "41e4fe85-b192-4277-b98a-00b4a08132bc", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554285781", "to_ids": false, "type": "datetime", "uuid": "3ece6471-807f-4c4d-b89c-79398038f291", "value": "2019-04-03T06:46:43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554285781", "to_ids": false, "type": "link", "uuid": "d09276c9-1ad3-45d7-8c11-ce53d55b1260", "value": "https://www.virustotal.com/file/6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c/analysis/1554274003/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554285781", "to_ids": false, "type": "text", "uuid": "85c82a65-c099-4c8b-925c-86dccbcb56c4", "value": "27/51" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375563", "uuid": "a5e8c39c-fb23-4ef1-9eb8-437d87e73067", "ObjectReference": [ { "comment": "", "object_uuid": "a5e8c39c-fb23-4ef1-9eb8-437d87e73067", "referenced_uuid": "2af039b9-991a-4586-8fda-41e7098a1803", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-bcb4-4108-9c0c-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554213946", "to_ids": true, "type": "md5", "uuid": "76f75e7e-0d23-45ca-8d6f-ae6c4d282d03", "value": "062801f6fdbda4dd67b77834c62e82a4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554213946", "to_ids": true, "type": "sha1", "uuid": "4b65f7d9-6670-4695-991f-604f925f750b", "value": "c02e298f63acb20246683c302f0a71bfd7081f88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554213946", "to_ids": true, "type": "sha256", "uuid": "eda98cc1-f4f7-4db4-b6b7-0bea3f654923", "value": "eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375563", "uuid": "2af039b9-991a-4586-8fda-41e7098a1803", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554213946", "to_ids": false, "type": "datetime", "uuid": "27d9d610-e0f2-4341-b907-c0c9f30cba10", "value": "2019-04-04T01:15:33" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554213946", "to_ids": false, "type": "link", "uuid": "4720cca9-9ec5-4768-b5ae-212af40fe5e0", "value": "https://www.virustotal.com/file/eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0/analysis/1554340533/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554213946", "to_ids": false, "type": "text", "uuid": "4e900f7c-0a63-48f0-8b15-ad1f62b94084", "value": "36/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375563", "uuid": "adc64a31-03f0-414f-9a20-51da35e8f47d", "ObjectReference": [ { "comment": "", "object_uuid": "adc64a31-03f0-414f-9a20-51da35e8f47d", "referenced_uuid": "23fa7a2f-f0b6-4dd1-91d5-64fd38f60409", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-25c8-4f20-96dc-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554293937", "to_ids": true, "type": "md5", "uuid": "465c1a40-fa43-4db1-9b07-3c37052e220a", "value": "9b81b3174c9b699f594d725cf89ffaa4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554293937", "to_ids": true, "type": "sha1", "uuid": "b6f8eebc-36fa-47db-923c-cd1b25512cdd", "value": "c9967af445a3416d0ff3701555e83529ff482ff9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554293937", "to_ids": true, "type": "sha256", "uuid": "4ef01858-98b8-4152-8201-de49fc274584", "value": "4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375563", "uuid": "23fa7a2f-f0b6-4dd1-91d5-64fd38f60409", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554293937", "to_ids": false, "type": "datetime", "uuid": "2ed2edb7-aaa6-4812-9244-fd3fc3919580", "value": "2019-03-29T05:33:11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554293937", "to_ids": false, "type": "link", "uuid": "a77aacfd-49a3-4eaf-8962-ff0fae0b7eea", "value": "https://www.virustotal.com/file/4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22/analysis/1553837591/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554293937", "to_ids": false, "type": "text", "uuid": "488706c1-fcfa-4db9-af64-9e79cc1748e8", "value": "33/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554375563", "uuid": "631d6673-b540-4d35-891c-0583af76d3cc", "ObjectReference": [ { "comment": "", "object_uuid": "631d6673-b540-4d35-891c-0583af76d3cc", "referenced_uuid": "86d59c0c-a662-4aa5-8dcb-34823bc70f44", "relationship_type": "analysed-with", "timestamp": "1554375565", "uuid": "5ca5e38d-33b0-463f-8e76-3771950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554214721", "to_ids": true, "type": "md5", "uuid": "514f51a2-dbe8-4cf0-a839-21fe606a6091", "value": "49419d84076b13e96540fdd911f1c2f0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554214721", "to_ids": true, "type": "sha1", "uuid": "e167f6d6-c023-494a-bae0-3619c739cf97", "value": "35749e82cd605e07b4145b48ef677721a113ae20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554214721", "to_ids": true, "type": "sha256", "uuid": "f5a6c128-0d32-4483-98b2-c7ebc863862a", "value": "e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554375564", "uuid": "86d59c0c-a662-4aa5-8dcb-34823bc70f44", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554214721", "to_ids": false, "type": "datetime", "uuid": "e7fd965e-5fbe-4d19-8861-6bb7aecad60e", "value": "2019-03-29T03:27:04" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554214721", "to_ids": false, "type": "link", "uuid": "b65b97c1-4007-41e6-a420-eb82e6db6754", "value": "https://www.virustotal.com/file/e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b/analysis/1553830024/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554214721", "to_ids": false, "type": "text", "uuid": "9eb24880-f920-444d-963e-624562a666d9", "value": "29/58" } ] } ] } }