{ "Event": { "analysis": "1", "date": "2018-01-12", "extends_uuid": "", "info": "OSINT - Suspicious binary delivered as fake jpeg", "publish_timestamp": "1518770853", "published": true, "threat_level_id": "3", "timestamp": "1515812467", "uuid": "5a587e74-2218-498e-ba91-4165950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#002642", "name": "osint:source-type=\"microblog-post\"" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1515748991", "to_ids": true, "type": "sha256", "uuid": "5a587e7f-b82c-4292-b9c3-49b5950d210f", "value": "abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "4", "timestamp": "1515749655", "uuid": "5a587f43-fb74-48b6-8dfa-44fe950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a587f43-fb74-48b6-8dfa-44fe950d210f", "referenced_uuid": "5a588060-95f8-42ed-83aa-4484950d210f", "relationship_type": "indicates", "timestamp": "1518770853", "uuid": "5a588114-6544-4ca9-9b89-41ac950d210f" } ], "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1515749187", "to_ids": false, "type": "text", "uuid": "5a587f43-eedc-435f-b31f-4a21950d210f", "value": "Don\u00e2\u20ac\u2122t panic! Stay zen! :) VT Score is only 5/67 btw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1515749187", "to_ids": false, "type": "text", "uuid": "5a587f44-8448-42b3-a221-4672950d210f", "value": "Twitter" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1515749188", "to_ids": true, "type": "url", "uuid": "5a587f44-19d8-430b-9fe1-49b7950d210f", "value": "https://twitter.com/xme/status/951395985707675649" } ] }, { "comment": "", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "5", "timestamp": "1515749621", "uuid": "5a588060-95f8-42ed-83aa-4484950d210f", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1515749621", "to_ids": true, "type": "url", "uuid": "5a588060-4014-4fe0-97f1-4178950d210f", "value": "http://80.82.67.217/xanax.jpg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1515749621", "to_ids": true, "type": "hostname", "uuid": "5a588060-9c60-4493-a915-439e950d210f", "value": "80.82.67.217" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "scheme", "timestamp": "1515749621", "to_ids": false, "type": "text", "uuid": "5a588060-50cc-4638-b4b6-4fcf950d210f", "value": "http" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "resource_path", "timestamp": "1515749621", "to_ids": false, "type": "text", "uuid": "5a588060-6254-43ed-bb79-405e950d210f", "value": "xanax.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515749686", "uuid": "0fe6c4d6-f582-4098-89d9-d183b03b4b24", "ObjectReference": [ { "comment": "", "object_uuid": "0fe6c4d6-f582-4098-89d9-d183b03b4b24", "referenced_uuid": "5d071e50-add7-4859-ad1f-38657dee81ce", "relationship_type": "analysed-with", "timestamp": "1518770853", "uuid": "5a588133-c258-4b12-bfa7-481402de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515749683", "to_ids": true, "type": "sha1", "uuid": "5a588133-da20-485d-80ba-4c2702de0b81", "value": "9fec9b390a304fb810a5f31644e8003016bf8b45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515749683", "to_ids": true, "type": "md5", "uuid": "5a588133-a798-4d4d-8f11-4b2d02de0b81", "value": "071d734036a4ce8a1913d48715f26001" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515749683", "to_ids": true, "type": "sha256", "uuid": "5a588133-1534-4d90-9f06-451102de0b81", "value": "abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515749683", "uuid": "5d071e50-add7-4859-ad1f-38657dee81ce", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515749683", "to_ids": false, "type": "link", "uuid": "5a588133-e654-4dae-95f5-48ff02de0b81", "value": "https://www.virustotal.com/file/abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045/analysis/1515742614/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515749683", "to_ids": false, "type": "text", "uuid": "5a588133-1e18-4c55-87db-4db202de0b81", "value": "24/67" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515749683", "to_ids": false, "type": "datetime", "uuid": "5a588133-f488-40d4-87e7-4c3102de0b81", "value": "2018-01-12T07:36:54" } ] } ] } }