{"Event": {"info": "Bulletin d\u2019actualit\u00e9 CERTFR-2019-ACT-005", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Ryuk\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"LockerGoga\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Ryuk ransomware\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-tool=\"Cobalt Strike\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:rat=\"Cobalt Strike\""}], "publish_timestamp": "0", "timestamp": "1554446032", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9c866a-b3b4-41e8-9594-f646950d210f", "sharing_group_id": "0", "timestamp": "1554375766", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9c866a-b3b4-41e8-9594-f646950d210f", "uuid": "5c9c8839-9dcc-4a9c-956a-ee7a950d210f", "timestamp": "1553762361", "referenced_uuid": "5c9c882a-a40c-46db-a3f5-f383950d210f", "relationship_type": "creator-of"}, {"comment": "", "object_uuid": "5c9c866a-b3b4-41e8-9594-f646950d210f", "uuid": "5ca5e45b-ec54-4654-b5a7-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "3ba890fa-43c6-4805-a7ab-2fba74c0ced0", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9c866a-7bac-4b33-853b-f646950d210f", "timestamp": "1553761898", "to_ids": true, "value": "52340664fe59e030790c48b66924b5bd", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9c866a-b3f4-4075-bc7c-f646950d210f", "timestamp": "1553761898", "to_ids": true, "value": "bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9c866a-9e38-448e-8bfd-f646950d210f", "timestamp": "1553761898", "to_ids": true, "value": "73171ffa6dfee5f9264e3d20a1b6926ec1b60897", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9c866a-0458-402e-bee4-f646950d210f", "timestamp": "1553761898", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9c866a-0750-43bf-8e6a-f646950d210f", "timestamp": "1553761898", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9c882a-a40c-46db-a3f5-f383950d210f", "sharing_group_id": "0", "timestamp": "1553762346", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9c882b-a1b0-45c1-9345-f383950d210f", "timestamp": "1553762347", "to_ids": true, "value": "README-NOW.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c9c882b-e844-4144-9c16-f383950d210f", "timestamp": "1553762347", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9c882b-f7a0-4714-8997-f383950d210f", "timestamp": "1553762347", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cb1a2-817c-414b-b7be-43cd950d210f", "sharing_group_id": "0", "timestamp": "1554375766", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9cb1a2-817c-414b-b7be-43cd950d210f", "uuid": "5ca5e45b-a23c-435b-953d-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "83d90e56-d8fd-4fb2-bb57-580a66a57ee2", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cb1a2-4b0c-4b26-927e-4c4b950d210f", "timestamp": "1553772962", "to_ids": true, "value": "164f72dfb729ca1e15f99d456b7cf811", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb1a2-7ad8-42e4-836b-43a7950d210f", "timestamp": "1553772962", "to_ids": true, "value": "8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb1a2-2184-442e-a693-4fec950d210f", "timestamp": "1553772962", "to_ids": true, "value": "f92339e73c7e901c0c852d8e65615cfb588a4ff6", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9cb1a2-0cd8-46d1-ad7c-4a78950d210f", "timestamp": "1553772962", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cb1a2-a400-4370-8584-445c950d210f", "timestamp": "1553772962", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cb1c2-6f04-4808-99d0-4d8f950d210f", "sharing_group_id": "0", "timestamp": "1554375766", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9cb1c2-6f04-4808-99d0-4d8f950d210f", "uuid": "5ca5e45b-9a3c-4b7a-8f88-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "c4efd0bd-ca37-4e9a-9669-b284391231d0", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cb1c2-a414-47c5-88e1-4df3950d210f", "timestamp": "1553772994", "to_ids": true, "value": "9cad8641ac79688e09c5fa350aef2094", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb1c2-32d4-40c3-9036-48d2950d210f", "timestamp": "1553772994", "to_ids": true, "value": "5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb1c2-b3e8-4550-9224-46b4950d210f", "timestamp": "1553772994", "to_ids": true, "value": "3da0a217bbda09561780f52f163a6aafeb721d60", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9cb1c2-f938-46e0-bfc1-48e9950d210f", "timestamp": "1553772994", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cb1c2-6cd4-4f5b-bd90-4878950d210f", "timestamp": "1553772994", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cb1dc-7ee8-4a94-adef-41cb950d210f", "sharing_group_id": "0", "timestamp": "1554375766", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9cb1dc-7ee8-4a94-adef-41cb950d210f", "uuid": "5ca5e45b-91d8-4d5a-8721-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "c186be47-3752-42e1-89d5-1e5b3d5223de", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cb1dc-9924-4a3d-af3c-4df7950d210f", "timestamp": "1553773020", "to_ids": true, "value": "3ebca21b1d4e2f482b3eda6634e89211", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb1dc-a2b0-4731-83fb-4139950d210f", "timestamp": "1553773020", "to_ids": true, "value": "6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb1dc-1704-4b04-a990-468f950d210f", "timestamp": "1553773020", "to_ids": true, "value": "37cdd1e3225f8da596dc13779e902d8d13637360", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9cb1dc-3950-413e-946e-44be950d210f", "timestamp": "1553773020", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cb1dc-c28c-4e39-8004-466d950d210f", "timestamp": "1553773020", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cb2c5-c444-4380-9cd7-4c8a950d210f", "sharing_group_id": "0", "timestamp": "1554375766", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9cb2c5-c444-4380-9cd7-4c8a950d210f", "uuid": "5ca5e45b-04d8-48d3-b916-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cb2c5-db4c-45e9-a11f-45f3950d210f", "timestamp": "1553773253", "to_ids": true, "value": "a5bc1f94e7505a2e73c866551f7996f9", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb2c5-4fa8-487f-b600-420c950d210f", "timestamp": "1553773253", "to_ids": true, "value": "14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cb2c5-a0b8-44c5-9a05-4dcd950d210f", "timestamp": "1553773253", "to_ids": true, "value": "7dea7ff735023418b902d093964028aefbc486a5", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9cb2c5-4cf0-4a0f-bbe4-4625950d210f", "timestamp": "1553773253", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cb2c5-916c-4611-9634-4595950d210f", "timestamp": "1553773253", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cdbf4-ea34-4d13-90a4-4ce6950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9cdbf4-ea34-4d13-90a4-4ce6950d210f", "uuid": "5ca5e45b-6018-4b75-ad6d-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "90999cf4-f049-48cc-b058-7218d5e66a87", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cdbf4-53b0-4d91-85b9-49d4950d210f", "timestamp": "1553783796", "to_ids": true, "value": "a1d732aa27e1ca2ae45a189451419ed5", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdbf4-2b38-4002-8774-4684950d210f", "timestamp": "1553783796", "to_ids": true, "value": "c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdbf4-f8c0-4b3e-a887-4ed6950d210f", "timestamp": "1553783796", "to_ids": true, "value": "50f5a5ec13d21d4df119140547d63bc40f93b079", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9cdbf4-2f40-4790-812a-485d950d210f", "timestamp": "1553783796", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cdbf4-4d10-4b9c-b6ae-44dc950d210f", "timestamp": "1553783796", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cdc5e-12f4-4dfc-9918-4108950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9cdc5e-12f4-4dfc-9918-4108950d210f", "uuid": "5ca5e45b-daa4-4d5c-aaa9-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "4a8c1dc6-773d-4883-be6f-8c7008a56ba7", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cdc5e-9720-44fb-8de4-40cf950d210f", "timestamp": "1553783902", "to_ids": true, "value": "b3d3da12ca3b9efd042953caa6c3b8cd", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdc5e-1110-4cd8-adc9-4637950d210f", "timestamp": "1553783902", "to_ids": true, "value": "7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdc5e-1f4c-4c66-a256-44ac950d210f", "timestamp": "1553783902", "to_ids": true, "value": "34fb03a35e723d27e99776ed3e81967229b3afe1", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9cdc5e-c7b8-479b-b0aa-45ed950d210f", "timestamp": "1553783902", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cdc5e-1444-4f65-afaf-4d96950d210f", "timestamp": "1553783902", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cdc7d-4d18-4cc8-b36e-4c83950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9cdc7d-4d18-4cc8-b36e-4c83950d210f", "uuid": "5ca5e45b-3390-4ddb-b551-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "62d88faa-c81c-4ee2-a031-950e7b8e74eb", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cdc7d-b8a4-4967-a3be-4769950d210f", "timestamp": "1553783933", "to_ids": true, "value": "faf4de4e1c5d8e4241088c90cfe8eddd", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdc7d-b564-4655-886f-4130950d210f", "timestamp": "1553783933", "to_ids": true, "value": "47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdc7d-44b4-419c-b2d7-4ddc950d210f", "timestamp": "1553783933", "to_ids": true, "value": "fcd241fdcd462199f2907ca34c73ce9c89b03e5f", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9cdc7d-92ac-4d62-b794-48a4950d210f", "timestamp": "1553783933", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cdc7d-c318-44a4-ab81-464d950d210f", "timestamp": "1553783933", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9cdeef-4adc-461d-9b72-4062950d210f", "sharing_group_id": "0", "timestamp": "1553784559", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9cdeef-d458-4203-8f86-40d4950d210f", "timestamp": "1553784559", "to_ids": true, "value": "READ-ME-NOW.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c9cdeef-1bd8-44e1-96f6-4a06950d210f", "timestamp": "1553784559", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cdeef-f6b8-4036-9ed7-46b0950d210f", "timestamp": "1553784559", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9cdeef-cc84-40c4-861a-4e0d950d210f", "timestamp": "1553784559", "to_ids": false, "value": "E:\\goga\\", "disable_correlation": true, "object_relation": "path", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9e3862-4960-4ec0-a6fc-4f4e950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9e3862-4960-4ec0-a6fc-4f4e950d210f", "uuid": "5ca5e45b-83bc-48d4-9e63-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "5e8bc41a-f1de-4db9-99ce-f8e2d360a71e", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9e3862-2064-4980-b7ae-4324950d210f", "timestamp": "1553872994", "to_ids": true, "value": "174e3d9c7b0380dd7576187c715c4681", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e3868-01d0-4438-86e7-46c1950d210f", "timestamp": "1553873000", "to_ids": true, "value": "c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e386f-e9d0-433c-814b-49a9950d210f", "timestamp": "1553873007", "to_ids": true, "value": "31fbfe814628db3b459ddc87bf5ed538700db17a", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9e386f-37b0-4b29-a64b-4bd8950d210f", "timestamp": "1553873007", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9e386f-bbfc-486d-bb9f-4270950d210f", "timestamp": "1553873007", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9e3895-b9dc-4d74-baa0-4e3e950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9e3895-b9dc-4d74-baa0-4e3e950d210f", "uuid": "5ca5e45b-5260-4a9f-a1a9-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "6ec3241c-a53a-4b24-ad19-b37fe1926ca3", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9e3895-0e98-48ff-a505-4344950d210f", "timestamp": "1553873045", "to_ids": true, "value": "a52f26575556d3c4eccd3b51265cb4e6", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e3897-458c-4464-ba5f-49ec950d210f", "timestamp": "1553873047", "to_ids": true, "value": "97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e3897-555c-48aa-9414-42fd950d210f", "timestamp": "1553873047", "to_ids": true, "value": "61fdebb3c9dfa880b54e82579256acfcd4d6d406", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9e3897-3ffc-4943-bff4-4ae6950d210f", "timestamp": "1553873047", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9e3897-c9c0-4caf-9901-4d38950d210f", "timestamp": "1553873047", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9e38d2-e5ac-42e6-8787-4c7a950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9e38d2-e5ac-42e6-8787-4c7a950d210f", "uuid": "5ca5e45b-7ea4-435a-9e64-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "0bc1a3db-aa59-4e3e-962c-0141a9507044", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9e38d3-8580-4e3b-a895-484e950d210f", "timestamp": "1553873107", "to_ids": true, "value": "ba53d8910ec3e46864c3c86ebd628796", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e38d6-be54-4984-a46e-400c950d210f", "timestamp": "1553873110", "to_ids": true, "value": "a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e38d9-eb88-43b8-a153-48cb950d210f", "timestamp": "1553873113", "to_ids": true, "value": "d1c2dfedc602f5d5f2036b0ba5541cac8f8b4b95", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9e38dc-bb20-48fc-8beb-486f950d210f", "timestamp": "1553873116", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9e38dd-f3e8-488f-b5a5-4d44950d210f", "timestamp": "1553873117", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9e3b43-3128-4838-8d63-4a69950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9e3b43-3128-4838-8d63-4a69950d210f", "uuid": "5ca5e45c-d300-4b5c-8207-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "91238841-2e89-4fd8-a8e8-eda64827b73d", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9e3b44-9938-49fd-8a80-42d5950d210f", "timestamp": "1553873732", "to_ids": true, "value": "871aa15f4d61c85e1284e1be3f99f705", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e3b44-b434-416e-80a2-4f3f950d210f", "timestamp": "1553873732", "to_ids": true, "value": "b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e3b44-d064-44b9-99e6-4c10950d210f", "timestamp": "1553873732", "to_ids": true, "value": "236eac0b19f91117b27f1b198a4d8490d99ec2e5", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9e3b44-ca98-4ea0-a30c-4218950d210f", "timestamp": "1553873732", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9e3b44-0228-4621-93f3-4406950d210f", "timestamp": "1553873732", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9e3bc2-5a24-4d69-a335-4793950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9e3bc2-5a24-4d69-a335-4793950d210f", "uuid": "5ca5e45c-561c-4185-be23-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "dff728c7-5c19-4f03-86c3-da8de2fb5fe9", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9e3bc3-866c-498c-9ace-45f9950d210f", "timestamp": "1554100072", "to_ids": true, "value": "34187a34d0a3c5d63016c26346371b54", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e3bc6-479c-4fd1-b3b5-4d77950d210f", "timestamp": "1554100072", "to_ids": true, "value": "5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9e3bc9-80e8-4644-b065-4cdb950d210f", "timestamp": "1554100072", "to_ids": true, "value": "ce8209ff9828aa8cb095bd7d1589fc4d394c298c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9e3bcd-e764-4813-81d4-4c92950d210f", "timestamp": "1554100072", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9e3bd0-3914-44a7-9761-47d5950d210f", "timestamp": "1554100072", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1af69-f0a8-4044-bba6-428f950d210f", "timestamp": "1554100073", "to_ids": true, "value": "kill.bat", "disable_correlation": true, "object_relation": "filename", "type": "filename"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5ca1b7ca-7424-4d99-8c46-4095950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5ca1b7ca-7424-4d99-8c46-4095950d210f", "uuid": "5ca5e45c-5bb0-485a-b2b5-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "655b355a-d27a-47e7-953c-e518814e77d1", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5ca1b7ca-3f54-4366-8723-43ae950d210f", "timestamp": "1554102218", "to_ids": true, "value": "cob93.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1b7cb-9744-456b-94ff-44bc950d210f", "timestamp": "1554102219", "to_ids": true, "value": "644087ccca16d2a728ef7685a4106f09", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1b7cb-95f8-4a1d-b87f-4047950d210f", "timestamp": "1554102219", "to_ids": true, "value": "385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1b7cb-5844-4602-a2ef-498d950d210f", "timestamp": "1554102219", "to_ids": true, "value": "eabd6974ac71efd72d9e0688d5a6131f336d169c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5ca1b7cb-4f78-4365-9bfc-46be950d210f", "timestamp": "1554102219", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5ca1b7cb-c618-4e70-a554-493f950d210f", "timestamp": "1554102219", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5ca1ce80-3410-445c-9a8c-20d7950d210f", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5ca1ce80-3410-445c-9a8c-20d7950d210f", "uuid": "5ca5e45c-2da0-4ac1-9af5-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "15d2637f-5587-422e-9c0d-b5765db3b370", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5ca1ce80-8bdc-475a-8f82-20d7950d210f", "timestamp": "1554108032", "to_ids": true, "value": "test.bat", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1ce80-7b58-4a95-86dc-20d7950d210f", "timestamp": "1554108032", "to_ids": true, "value": "7b792de1468a70cfe990b65034d5f3ac", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1ce80-2b94-4564-81ea-20d7950d210f", "timestamp": "1554108032", "to_ids": true, "value": "a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1ce80-91bc-45f5-a283-20d7950d210f", "timestamp": "1554108032", "to_ids": true, "value": "320f1fc66054e98681fd291415ff17b2e1a71b61", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5ca1ce80-0d84-4121-a675-20d7950d210f", "timestamp": "1554108032", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5ca1ce80-438c-4fc9-b459-20d7950d210f", "timestamp": "1554108032", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5ca5e3be-9cc4-4a68-939e-bac6950d210f", "sharing_group_id": "0", "timestamp": "1554375614", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5ca5e3be-eed8-4921-93a0-bac6950d210f", "timestamp": "1554375614", "to_ids": true, "value": "AD.zip", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca5e3be-ee58-49eb-8ac0-bac6950d210f", "timestamp": "1554375614", "to_ids": true, "value": "06457b317d5624590803a77d3770bff2", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5ca5e3bf-ecdc-4a3f-8092-bac6950d210f", "timestamp": "1554375615", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5ca5e3bf-c6f8-4597-adf9-bac6950d210f", "timestamp": "1554375615", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5ca5e3bf-743c-4a58-8f70-bac6950d210f", "timestamp": "1554375615", "to_ids": false, "value": "472243", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "f9ccc29b-21e0-4670-bd40-9ddb5e77097a", "sharing_group_id": "0", "timestamp": "1554375767", "description": "File object describing a file with meta-information", "template_version": "15", "ObjectReference": [{"comment": "", "object_uuid": "f9ccc29b-21e0-4670-bd40-9ddb5e77097a", "uuid": "5ca5e45c-15e8-4c62-bee0-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "35c21dc1-1c39-413c-946a-f8bb9b26b6f7", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "490ad4e9-54f8-4be8-9c96-d93b64e56a83", "timestamp": "1554112642", "to_ids": true, "value": "ecf535c505b7752b0af188a915a23786", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "00f80b1e-24f4-49bb-bc52-004a9ad3cbe3", "timestamp": "1554112642", "to_ids": true, "value": "736a4dc679d682da321563647c60f699f0dfc268", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "505e5c89-dc92-4427-8410-1a5ff299b2e5", "timestamp": "1554112642", "to_ids": true, "value": "bfdf4cf3f143ad0db912d8ab3a7c12f617b9ea60ce8b1f4e44f74270fb21b19b", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "35c21dc1-1c39-413c-946a-f8bb9b26b6f7", "sharing_group_id": "0", "timestamp": "1554375768", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "a3fa831d-a38e-413e-bb19-1910b97fec2a", "timestamp": "1554112642", "to_ids": false, "value": "2018-12-05 00:08:31", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "7ad826d7-4477-4290-9dd7-a0d29a060c1f", "timestamp": "1554112642", "to_ids": false, "value": "https://www.virustotal.com/file/bfdf4cf3f143ad0db912d8ab3a7c12f617b9ea60ce8b1f4e44f74270fb21b19b/analysis/1543968511/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "f0291f05-fdde-4969-8684-db393699dea4", "timestamp": "1554112642", "to_ids": false, "value": "0/58", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1", "sharing_group_id": "0", "timestamp": "1554375768", "description": "File object describing a file with meta-information", "template_version": "15", "ObjectReference": [{"comment": "", "object_uuid": "72d7def0-5a71-4c2c-b37c-4a3e4e8b12a1", "uuid": "5ca5e45c-8db0-47a3-99b9-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "5108ef6e-6e11-42eb-b04b-c98a3baf0989", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "8b4a32f9-d878-4761-a966-88a49efc190b", "timestamp": "1554112642", "to_ids": true, "value": "83e10465b722ef33ff0b6f535e8d996b", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "2dc1b067-7c0e-445c-a683-9586e415f562", "timestamp": "1554112642", "to_ids": true, "value": "339cdd57cfd5b141169b615ff31428782d1da639", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "2d6ee2ec-9c72-4f25-888d-fc33f0ade67d", "timestamp": "1554112642", "to_ids": true, "value": "02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "5108ef6e-6e11-42eb-b04b-c98a3baf0989", "sharing_group_id": "0", "timestamp": "1554375768", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "f59d8322-50b5-4d3b-a2e4-eb219bcf694b", "timestamp": "1554112642", "to_ids": false, "value": "2019-04-03 11:56:47", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "270cedd4-baf8-4281-b6fc-0f949fc211ca", "timestamp": "1554112642", "to_ids": false, "value": "https://www.virustotal.com/file/02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0/analysis/1554292607/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "ebb52bad-6f2a-4b1b-a485-43be41a61f93", "timestamp": "1554112642", "to_ids": false, "value": "0/58", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "f267dc71-bbf0-4cc5-9b5b-3fa211e28a18", "sharing_group_id": "0", "timestamp": "1554375768", "description": "File object describing a file with meta-information", "template_version": "15", "ObjectReference": [{"comment": "", "object_uuid": "f267dc71-bbf0-4cc5-9b5b-3fa211e28a18", "uuid": "5ca5e45c-f6f0-4c81-b9cc-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "f0ef8684-416a-4769-ad67-0b01c27351f8", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "3b02cb10-dc48-4ec0-95ea-698eaa41dae1", "timestamp": "1554112642", "to_ids": true, "value": "1d3554048578b03f42424dbf20730a3f", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "280bd43d-242d-4977-a13f-c0fdb95878f7", "timestamp": "1554112642", "to_ids": true, "value": "02faf3e291435468607857694df5e45b68851868", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "c7680186-462a-421a-b94d-e2f3e3ec013f", "timestamp": "1554112642", "to_ids": true, "value": "687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "f0ef8684-416a-4769-ad67-0b01c27351f8", "sharing_group_id": "0", "timestamp": "1554375768", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "3576524b-3254-41ac-ac75-478ebe162909", "timestamp": "1554112642", "to_ids": false, "value": "2019-03-30 09:28:42", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "f5c8e926-2ac1-49ef-8bb4-6f237baaf112", "timestamp": "1554112642", "to_ids": false, "value": "https://www.virustotal.com/file/687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2/analysis/1553938122/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "458c15ba-a1ca-4e47-8901-0500a4203afc", "timestamp": "1554112642", "to_ids": false, "value": "0/58", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "aea6e39a-79e2-459d-bcc5-4a1ea6a2a033", "sharing_group_id": "0", "timestamp": "1554375768", "description": "File object describing a file with meta-information", "template_version": "15", "ObjectReference": [{"comment": "", "object_uuid": "aea6e39a-79e2-459d-bcc5-4a1ea6a2a033", "uuid": "5ca5e45c-2048-4f61-b99e-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "9d450a87-d02c-4ca7-8e63-51de5717eac9", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "8a6b4725-9238-44ab-96c7-06d714c0992c", "timestamp": "1554112642", "to_ids": true, "value": "1edaf9ae99ce2920667d0e9a8b3f8c9c", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "a51c0ee8-e044-4630-9352-c581ce4b94ed", "timestamp": "1554112642", "to_ids": true, "value": "f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "f1750a7d-8181-4bcf-9359-53c99928f85c", "timestamp": "1554112642", "to_ids": true, "value": "4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "9d450a87-d02c-4ca7-8e63-51de5717eac9", "sharing_group_id": "0", "timestamp": "1554375768", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "615d556b-f37c-400f-88e2-020eb673be6d", "timestamp": "1554112642", "to_ids": false, "value": "2019-03-20 15:20:14", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "3b2c4cbb-41d9-4954-b0dd-4b6a52b87303", "timestamp": "1554112642", "to_ids": false, "value": "https://www.virustotal.com/file/4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da/analysis/1553095214/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "8d33693b-a8e3-4c60-9df0-6bb18c7686e8", "timestamp": "1554112642", "to_ids": false, "value": "0/54", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "a1a98fae-2b40-4d36-bd5c-5b601c2ca216", "sharing_group_id": "0", "timestamp": "1554375768", "description": "File object describing a file with meta-information", "template_version": "15", "ObjectReference": [{"comment": "", "object_uuid": "a1a98fae-2b40-4d36-bd5c-5b601c2ca216", "uuid": "5ca5e45c-b948-45c2-bca9-c89d950d210f", "timestamp": "1554375772", "referenced_uuid": "e3d0d58a-ba39-4023-9f87-abc23fee99ab", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "19e16fd8-1487-4c95-8c7e-4c1797d890bf", "timestamp": "1554112642", "to_ids": true, "value": "3e455215095192e1b75d379fb187298a", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "e2a4097b-594f-40d6-b925-430ec59a8306", "timestamp": "1554112642", "to_ids": true, "value": "b1bc968bd4f49d622aa89a81f2150152a41d829c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "bdec52fd-b446-4918-8796-e91f62530f4a", "timestamp": "1554112642", "to_ids": true, "value": "ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "e3d0d58a-ba39-4023-9f87-abc23fee99ab", "sharing_group_id": "0", "timestamp": "1554375769", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "a5771217-664e-468a-b883-963967688281", "timestamp": "1554112642", "to_ids": false, "value": "2019-02-28 21:20:19", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9d5e47-d971-4bd4-a0e2-55df09eb31f0", "timestamp": "1554112642", "to_ids": false, "value": "https://www.virustotal.com/file/ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99/analysis/1551388819/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "9b3526d2-e054-419d-b3f6-b36588aa00fb", "timestamp": "1554112642", "to_ids": false, "value": "0/54", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "83d90e56-d8fd-4fb2-bb57-580a66a57ee2", "sharing_group_id": "0", "timestamp": "1554375769", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "c221b793-ca91-4ea5-9ba9-3a08b8d153b0", "timestamp": "1553772962", "to_ids": false, "value": "2019-04-04 07:10:19", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "e62b032c-b748-43cf-9663-7bf43b7c811e", "timestamp": "1553772962", "to_ids": false, "value": "https://www.virustotal.com/file/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29/analysis/1554361819/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "0903cfac-7124-4138-b7ca-350ccf89ef78", "timestamp": "1553772962", "to_ids": false, "value": "49/68", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "15d2637f-5587-422e-9c0d-b5765db3b370", "sharing_group_id": "0", "timestamp": "1554375769", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "95dd2a05-d5e2-4ca5-9b63-950965df87d7", "timestamp": "1554108032", "to_ids": false, "value": "2019-04-03 10:15:05", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "92fa1fda-791f-4245-b42c-bf14fc0fb1d5", "timestamp": "1554108032", "to_ids": false, "value": "https://www.virustotal.com/file/a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b/analysis/1554286505/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "9e9cd2ac-2699-4da9-befb-53651ad2aaa6", "timestamp": "1554108032", "to_ids": false, "value": "21/58", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "62d88faa-c81c-4ee2-a031-950e7b8e74eb", "sharing_group_id": "0", "timestamp": "1554375769", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "8a4b82c6-9892-4c00-9855-b521648e574a", "timestamp": "1553783933", "to_ids": false, "value": "2019-04-03 10:14:59", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "c8a542e8-a2cb-4cf9-a070-d0b25ee49519", "timestamp": "1553783933", "to_ids": false, "value": "https://www.virustotal.com/file/47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4/analysis/1554286499/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "9263cb76-ef44-45ae-972c-fe3b90a4b2ff", "timestamp": "1553783933", "to_ids": false, "value": "52/71", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "655b355a-d27a-47e7-953c-e518814e77d1", "sharing_group_id": "0", "timestamp": "1554375769", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "5871b620-bb9b-4dc1-ac8f-2f1c4e0840fd", "timestamp": "1554102219", "to_ids": false, "value": "2019-04-04 06:54:10", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "1e73fc65-f7ce-4262-8463-0f80f93da9ae", "timestamp": "1554102219", "to_ids": false, "value": "https://www.virustotal.com/file/385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e/analysis/1554360850/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "796a7fb7-65cf-4b5f-85a8-0a097520d3cb", "timestamp": "1554102219", "to_ids": false, "value": "53/70", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "aa4a78fa-47d0-4ec6-bcb8-1ff43d2e612d", "sharing_group_id": "0", "timestamp": "1554375769", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "112fad1f-774e-4b50-8947-9657406c3627", "timestamp": "1553773253", "to_ids": false, "value": "2019-04-04 07:24:59", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "8b0c280c-7c10-4b30-9fd0-4c073c4ea048", "timestamp": "1553773253", "to_ids": false, "value": "https://www.virustotal.com/file/14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca/analysis/1554362699/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "b138d431-1a16-4779-813e-b149a3421b4b", "timestamp": "1553773253", "to_ids": false, "value": "56/71", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "dff728c7-5c19-4f03-86c3-da8de2fb5fe9", "sharing_group_id": "0", "timestamp": "1554375769", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "96719cd4-a3be-42f9-9edd-7551a3d10efa", "timestamp": "1554100072", "to_ids": false, "value": "2019-04-04 06:59:47", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "7f6155ce-dd15-474a-9b1e-b183b029e656", "timestamp": "1554100072", "to_ids": false, "value": "https://www.virustotal.com/file/5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3/analysis/1554361187/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "33b779b8-ad32-4a69-8bbd-9fe21046e36b", "timestamp": "1554100072", "to_ids": false, "value": "10/57", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "5e8bc41a-f1de-4db9-99ce-f8e2d360a71e", "sharing_group_id": "0", "timestamp": "1554375770", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "7d9c017b-8edd-49dd-ac87-83ede8411029", "timestamp": "1553873000", "to_ids": false, "value": "2019-04-01 16:37:44", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "e9bd4bc8-d8ec-4185-90ed-7e5786a6bce9", "timestamp": "1553873000", "to_ids": false, "value": "https://www.virustotal.com/file/c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4/analysis/1554136664/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "83263b7e-8059-46d2-8b99-5b0b43a37e90", "timestamp": "1553873000", "to_ids": false, "value": "43/71", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "90999cf4-f049-48cc-b058-7218d5e66a87", "sharing_group_id": "0", "timestamp": "1554375770", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "4553a71a-776c-4461-8a66-c7cd64e44318", "timestamp": "1553783796", "to_ids": false, "value": "2019-04-04 07:05:59", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "da933654-16fb-498a-8640-44e69146f078", "timestamp": "1553783796", "to_ids": false, "value": "https://www.virustotal.com/file/c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a/analysis/1554361559/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "a03d25eb-08d2-4ff8-87b8-e8f2c98eb179", "timestamp": "1553783796", "to_ids": false, "value": "45/61", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "6ec3241c-a53a-4b24-ad19-b37fe1926ca3", "sharing_group_id": "0", "timestamp": "1554375770", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "b5672881-9c3c-44f9-8db2-298d466a4dd9", "timestamp": "1553873047", "to_ids": false, "value": "2019-04-02 23:51:08", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "ed5167e6-ce8b-4816-888d-18b7cf9a9b4f", "timestamp": "1553873047", "to_ids": false, "value": "https://www.virustotal.com/file/97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43/analysis/1554249068/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "a4480342-e0bc-4292-bd67-5bcbe6369375", "timestamp": "1553873047", "to_ids": false, "value": "44/72", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "0bc1a3db-aa59-4e3e-962c-0141a9507044", "sharing_group_id": "0", "timestamp": "1554375770", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "19057350-70ca-4b61-bf3a-ccfe54f0490a", "timestamp": "1553873110", "to_ids": false, "value": "2019-04-02 23:53:36", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "021bca0d-21c1-4af3-ad1d-9ede46c96d73", "timestamp": "1553873110", "to_ids": false, "value": "https://www.virustotal.com/file/a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a/analysis/1554249216/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "1d711364-ad24-4f60-a406-579fc420984f", "timestamp": "1553873110", "to_ids": false, "value": "51/68", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "c4efd0bd-ca37-4e9a-9669-b284391231d0", "sharing_group_id": "0", "timestamp": "1554375770", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "a3ef3a8c-2c5b-469a-ba3a-232ea3d646b4", "timestamp": "1553772994", "to_ids": false, "value": "2019-04-04 07:16:09", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "3431a2b3-15e0-4e7b-81e8-3a8a4467c58a", "timestamp": "1553772994", "to_ids": false, "value": "https://www.virustotal.com/file/5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c/analysis/1554362169/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "2fd75f6e-a29d-4193-83af-07e23cc7565e", "timestamp": "1553772994", "to_ids": false, "value": "53/70", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "91238841-2e89-4fd8-a8e8-eda64827b73d", "sharing_group_id": "0", "timestamp": "1554375770", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "101cf662-c46e-4335-8eef-189b488e4a31", "timestamp": "1553873732", "to_ids": false, "value": "2019-04-03 17:13:07", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "15db5590-265b-4922-b1fd-352d2725bebc", "timestamp": "1553873732", "to_ids": false, "value": "https://www.virustotal.com/file/b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262/analysis/1554311587/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "93ca72df-1be0-455f-a1cd-cf769e550da5", "timestamp": "1553873732", "to_ids": false, "value": "51/66", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "4a8c1dc6-773d-4883-be6f-8c7008a56ba7", "sharing_group_id": "0", "timestamp": "1554375770", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "0023fe73-0980-46e0-9556-46bbfe5fdec4", "timestamp": "1553783902", "to_ids": false, "value": "2019-04-04 07:26:59", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "383e14be-cdda-4969-99ae-3adae2fa7b7f", "timestamp": "1553783902", "to_ids": false, "value": "https://www.virustotal.com/file/7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125/analysis/1554362819/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "ab2852d7-9aae-4a0f-aa4b-549583563ce7", "timestamp": "1553783902", "to_ids": false, "value": "51/68", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "3ba890fa-43c6-4805-a7ab-2fba74c0ced0", "sharing_group_id": "0", "timestamp": "1554375771", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "d4aea7f7-e340-4e76-89c1-2546884db901", "timestamp": "1553761898", "to_ids": false, "value": "2019-04-04 07:21:45", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "bcc766b7-352e-4241-b3ba-4dab52c02065", "timestamp": "1553761898", "to_ids": false, "value": "https://www.virustotal.com/file/bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f/analysis/1554362505/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "401b939c-ce2c-426b-9505-0554136fa85c", "timestamp": "1553761898", "to_ids": false, "value": "55/70", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "c186be47-3752-42e1-89d5-1e5b3d5223de", "sharing_group_id": "0", "timestamp": "1554375771", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "29971556-1f8f-491a-bc22-607f26e0cdcf", "timestamp": "1553773020", "to_ids": false, "value": "2019-04-04 07:20:30", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "088b3a1d-f7d5-4bf0-9998-7fa00b4d1177", "timestamp": "1553773020", "to_ids": false, "value": "https://www.virustotal.com/file/6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77/analysis/1554362430/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "de0d2c55-e16b-426a-95ef-f04995cada4f", "timestamp": "1553773020", "to_ids": false, "value": "55/71", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "b6346b5e-5482-4314-9d7b-8671c4155bf1", "sharing_group_id": "0", "timestamp": "1554386921", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "3f83340b-c9fe-4667-9bcf-b68ec5176062", "timestamp": "1554386921", "to_ids": true, "value": "2a030cc6d84d5785f5e84d0f5888a411d4b06d01", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5676651e-f747-416d-9acb-db7ddcb4b2d5", "timestamp": "1554386924", "to_ids": true, "value": "soft.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "6be9ee45-6c6c-4e0c-b76d-7f42187b6d1c", "timestamp": "1554386925", "to_ids": false, "value": "45568", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "d74356f9-39d2-4c30-9711-8ed1a401acd3", "sharing_group_id": "0", "timestamp": "1554387102", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "d22b1baf-8132-443f-afbe-49168b1ea4e0", "timestamp": "1554387102", "to_ids": true, "value": "2abae839362edfe52d9ebe282fb61113d22b331f", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "cc7f5d2d-f0bf-4df2-95ec-04dff281b35d", "timestamp": "1554387102", "to_ids": true, "value": "sttager.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "0264f288-59c0-4ac1-9601-1efaac2f9998", "timestamp": "1554387102", "to_ids": false, "value": "20480", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "e668ce8c-af43-4832-89b2-9c08e3f5124c", "sharing_group_id": "0", "timestamp": "1554387102", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "44795622-54f4-408e-bafb-59269f4c3908", "timestamp": "1554387102", "to_ids": true, "value": "6995a32e0a4d4f6d0c9b2a00a96d69bff4b83ea7", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5291bca4-74e5-4ed2-acab-74b4e0ea20ad", "timestamp": "1554387102", "to_ids": true, "value": "test443.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "a28f9eaf-16ac-460d-b8d7-624914a6c141", "timestamp": "1554387102", "to_ids": false, "value": "373911", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "6e1a65fa-acb6-4ea6-a06b-636c428138b5", "sharing_group_id": "0", "timestamp": "1554387103", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "45e876a5-88e5-4930-be9e-92e7cd4ada42", "timestamp": "1554387103", "to_ids": true, "value": "87b1f17fbb4a1e8eef4cb31c1c0194b1426c868c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "ccc5979a-99bd-420d-a9aa-37a794dcc0b5", "timestamp": "1554387103", "to_ids": true, "value": "veil.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "206c571e-66ca-4a76-99b3-76b5c53bf44a", "timestamp": "1554387103", "to_ids": false, "value": "345761", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "f7e26e48-37f4-45a8-8a1c-2ecc11dec53a", "sharing_group_id": "0", "timestamp": "1554387103", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "67c9bcad-0570-4258-a84d-f07c999d5789", "timestamp": "1554387103", "to_ids": true, "value": "afc36916a4df934446681ea28bef6add4decb98a", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "0b98cdb6-34a4-4489-b914-d33eea0797c4", "timestamp": "1554387103", "to_ids": true, "value": "80_http.exe.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "3a25dc26-65af-4eca-83af-d8bb69263475", "timestamp": "1554387103", "to_ids": false, "value": "411850", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "d4db8abd-f691-4927-9e28-14ce0ee7d430", "sharing_group_id": "0", "timestamp": "1554387103", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "b65112d3-a772-4e94-a05d-045e47e7d5cc", "timestamp": "1554387104", "to_ids": true, "value": "f832d94391a8d2d5cf92773e6c912905ec7c40c7", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "cf59fb56-7d0f-4950-bc8c-51b9eea1c06a", "timestamp": "1554387104", "to_ids": true, "value": "test1.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "ab5e28a4-0174-4aa9-a6e1-c9f35de580b8", "timestamp": "1554387104", "to_ids": false, "value": "406636", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "3d49a49b-5bc6-49be-a0e6-ab3b72ccfe46", "sharing_group_id": "0", "timestamp": "1554387104", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "7842b13c-53a9-4e6e-bffb-ca975c3bfebf", "timestamp": "1554387104", "to_ids": true, "value": "056823c7891a04b2fec8903eb401ae3291743a54", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "cc0388eb-ec84-48da-a948-25e03c95a5f4", "timestamp": "1554387104", "to_ids": true, "value": "beca.exe.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "3be23a30-f411-4aab-88d4-2f9f68008aa9", "timestamp": "1554387104", "to_ids": false, "value": "23808", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "f898f5e1-93e1-458b-996c-ebc6dba13222", "sharing_group_id": "0", "timestamp": "1554387104", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "1671349f-6743-44e1-a3c6-8d82e98e5b1e", "timestamp": "1554387104", "to_ids": true, "value": "b7afa7acf1b7ded2c4e3d0884b5cdaa230d9f82e", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "1f68e962-4b84-4ce2-9084-e4995e5bff17", "timestamp": "1554387105", "to_ids": true, "value": "shell1.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "a23a0fbb-bb74-4bb3-8e9b-9f4d0773d818", "timestamp": "1554387105", "to_ids": false, "value": "24576", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "89b53bf3-e0c4-4f48-8e25-ff54844fae43", "sharing_group_id": "0", "timestamp": "1554387105", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "d73d1b29-e821-4fb9-ac11-831f47c17e1f", "timestamp": "1554387105", "to_ids": true, "value": "4b50b6b9157026ab408d966ece02d1cef8045f82", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "eb2ffaaa-90d8-4bd8-9275-1657d1a0d9cc", "timestamp": "1554387105", "to_ids": true, "value": "starggge.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "290858b3-354e-4b9b-bfd5-677f8d86010d", "timestamp": "1554387105", "to_ids": false, "value": "27136", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "1162a78a-804d-4856-82b3-0b77509bcfe7", "sharing_group_id": "0", "timestamp": "1554387105", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5f0bec4e-8246-4e5d-bd5a-dd5c99453945", "timestamp": "1554387105", "to_ids": true, "value": "6042dfd50d33da40e383baec4a7ef7c75bf17481", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "f671f816-0464-46e7-831d-efaac44378db", "timestamp": "1554387105", "to_ids": true, "value": "8_32.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "b07e2f79-0792-4706-9b89-1bb34c9f6e00", "timestamp": "1554387105", "to_ids": false, "value": "24064", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "bf5439e4-3e35-44a0-9ff3-129042947aad", "sharing_group_id": "0", "timestamp": "1554387105", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "8b2a5686-3f20-4ce7-bc6d-00ca8afd0464", "timestamp": "1554387106", "to_ids": true, "value": "9b50fae63f4d8d402f30c487ca7216f610413642", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "f541275a-6732-4c05-846c-b970f3ab39a3", "timestamp": "1554387106", "to_ids": true, "value": "payload.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "2fb9e040-dd69-4fd5-95f1-43a07ab8f534", "timestamp": "1554387106", "to_ids": false, "value": "6144", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "02af3be3-4a7e-4a84-81eb-83f604a3f0a5", "sharing_group_id": "0", "timestamp": "1554387106", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "598af6c1-d589-4199-999a-a5f1d88a6b82", "timestamp": "1554387106", "to_ids": true, "value": "781778f789185889259d2a8dec981e80098fa490", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "93b8c8be-89e9-481a-9d39-39a64243830c", "timestamp": "1554387106", "to_ids": true, "value": "443_12.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "fe7e1917-767a-4fc0-b81f-18350ed88437", "timestamp": "1554387106", "to_ids": false, "value": "28904", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "dae97fa0-3eb3-4915-82cc-e7e489d64dd1", "sharing_group_id": "0", "timestamp": "1554387106", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "43f9203b-b047-49f9-a3eb-38637d1664bf", "timestamp": "1554387106", "to_ids": true, "value": "153d37f0f0660734a1e05cb67721c4ceff54919f", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "a8d433f9-f889-448b-aba1-a4382e22e18c", "timestamp": "1554387107", "to_ids": true, "value": "test.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "4752b1a0-0f22-461c-bc7a-8bfceefc53c5", "timestamp": "1554387107", "to_ids": false, "value": "370807", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "24e6319c-f91c-43b2-a9d3-7b0bfd5a76a7", "sharing_group_id": "0", "timestamp": "1554387107", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "ff948390-92c9-4b82-a6eb-668c32e87e85", "timestamp": "1554387107", "to_ids": true, "value": "2d038fcd5987b2e7008b2e269b0a9ff968063ee8", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "b4ee3f4e-f3ae-4a32-9eaf-1bf126bf6034", "timestamp": "1554387107", "to_ids": true, "value": "test_1.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "84cbea7d-306b-4063-a5f9-1743b6ed795d", "timestamp": "1554387107", "to_ids": false, "value": "601039", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "3dac003b-a958-48e2-8a96-6d0fdba7875d", "sharing_group_id": "0", "timestamp": "1554387107", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "2e8aa5df-4a98-455c-9b00-54936cefed72", "timestamp": "1554387108", "to_ids": true, "value": "9d2148cd22c245fc3ba7861a560d223f72f34414", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "ca8b10e7-4758-4e55-94e3-1caad3f986b8", "timestamp": "1554387108", "to_ids": true, "value": "synack_network_noinject_x86.ps1", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "b4e08a5d-09c3-41e0-98e5-a8d23571ddc6", "timestamp": "1554387108", "to_ids": false, "value": "302611", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "c01e648d-7f49-45f7-b7d7-48ce5a507a47", "sharing_group_id": "0", "timestamp": "1554387108", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "b5b8a04d-820b-4acb-a585-8c1a6abfa2ce", "timestamp": "1554387109", "to_ids": true, "value": "c8207144f89c9d775ff5565888dbbc8167e09330", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "8e2b14fd-2255-4eeb-a0fe-98f5d51bb421", "timestamp": "1554387109", "to_ids": true, "value": "synack_network_noinject_x64.ps1", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "9b8cb7eb-3619-4768-bf01-68ddba3c9a28", "timestamp": "1554387109", "to_ids": false, "value": "390311", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "ac91f1d9-024c-44e2-8a7c-06172796ea12", "sharing_group_id": "0", "timestamp": "1554387109", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "c725505c-534c-453d-999b-611a1345fa46", "timestamp": "1554387109", "to_ids": true, "value": "5131a7a011041e88b32a2a98e5170c42d5c57250", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "3d035a30-60d4-4b22-853d-8396b2bf007e", "timestamp": "1554387109", "to_ids": true, "value": "synack_network_x64.ps1", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "65a05dd8-b899-4114-bf03-a0b0e55d3b7b", "timestamp": "1554387110", "to_ids": false, "value": "423995", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "2ba4112d-7327-4b19-8035-a2e6eb73d573", "sharing_group_id": "0", "timestamp": "1554387110", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "53913546-3c09-4e90-8b70-4ba76220d9a6", "timestamp": "1554387110", "to_ids": true, "value": "e925c3ba15f007363ad32b84df7da9b299b9b100", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "b28106f8-e826-454e-8550-2670a088008d", "timestamp": "1554387110", "to_ids": true, "value": "synack_x64.ps1", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "cd1c1e26-fbce-4d89-8bbe-59929b6a8604", "timestamp": "1554387110", "to_ids": false, "value": "423995", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "7f430f07-3ff9-4553-b81a-36681949c447", "sharing_group_id": "0", "timestamp": "1554387111", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "2a5eeb1c-b37d-48c5-a149-82f423721992", "timestamp": "1554387111", "to_ids": true, "value": "481b18bcbd9d32c5363bb56ab212d57d78497c05", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "1f529aee-38e6-4822-86a9-2735a7689d08", "timestamp": "1554387111", "to_ids": true, "value": "synack_network_x86.ps1", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "b47b3d0a-364c-40cb-8096-1653cd434b41", "timestamp": "1554387111", "to_ids": false, "value": "327187", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "6fe2ec22-3ff6-4a79-af8e-30e6a5253e45", "sharing_group_id": "0", "timestamp": "1554387111", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "683fb997-7446-490a-8cf2-1024706334d7", "timestamp": "1554387111", "to_ids": true, "value": "2bcfd0679726f0110545b47b4512a8a4ddcb830f", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "4517bef8-e323-4698-a762-1b38853c811b", "timestamp": "1554387111", "to_ids": true, "value": "synack_x86.ps1", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "e165300a-803c-4d14-ab9b-bcbe93fa8d52", "timestamp": "1554387111", "to_ids": false, "value": "327187", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "b14e7307-30f6-49c8-b4fe-0b6735a3a94d", "sharing_group_id": "0", "timestamp": "1554387112", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "52b7d170-8b6b-48d5-bf3d-a96143f7946d", "timestamp": "1554387112", "to_ids": true, "value": "eaefb5e9ea2e0d301ee594e6358ea136442cd075", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "e657f0ec-8576-4a3b-82aa-dd86d8bae43c", "timestamp": "1554387112", "to_ids": true, "value": "test.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "bd4a8092-d05d-4c68-a3cc-f4d609c28e6a", "timestamp": "1554387112", "to_ids": false, "value": "529477", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "3549d1ed-c1c7-4066-a9cc-9d0a86cd8e0a", "sharing_group_id": "0", "timestamp": "1554387112", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "169120a5-b1ba-4315-88fe-4b7b391975e4", "timestamp": "1554387112", "to_ids": true, "value": "237b19af7c867b21f46793dd7257dff2f3be1513", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "63ecd043-d5c4-42d1-82c8-ed32a65992f6", "timestamp": "1554387112", "to_ids": true, "value": "encryptor.zip", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "95a86bbc-3627-4d94-8c91-24f69ee25397", "timestamp": "1554387112", "to_ids": false, "value": "18211", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "eaa8dc3c-16ef-45eb-add4-3d736d1bd330", "sharing_group_id": "0", "timestamp": "1554387112", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "1e3c8e6c-719b-4a93-9111-e2c3ed58dd7f", "timestamp": "1554387113", "to_ids": true, "value": "f5619064f2d8aebfdba0fc3f566cb60f599f9f6e", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "ae96057e-1dec-4a6d-b817-cec9f7eb22d4", "timestamp": "1554387113", "to_ids": true, "value": "encryptor.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "8a875e34-3f5c-417c-8bfa-55d8f0ad2420", "timestamp": "1554387113", "to_ids": false, "value": "29696", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "7e91cd8c-c822-43fe-ac0b-5d137f57bc3a", "sharing_group_id": "0", "timestamp": "1554387113", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "b03d0313-cbdc-488a-9313-c165b78447ef", "timestamp": "1554387113", "to_ids": true, "value": "399d4d5ab0bdbe0b1a61bac007d56adff005486d", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "a95a9542-6f09-45b7-a0c7-93b8ccc2a247", "timestamp": "1554387113", "to_ids": true, "value": "tung2901_AU3_EXE_6cr22.rar", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "9355af2e-b443-4da1-9334-0af78716dc97", "timestamp": "1554387113", "to_ids": false, "value": "277412", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "7b59d923-d374-41bc-89b7-e68498bacc72", "sharing_group_id": "0", "timestamp": "1554387574", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "40330fb9-903f-4c6c-b37f-c719983f26b8", "timestamp": "1554387574", "to_ids": true, "value": "644087ccca16d2a728ef7685a4106f09", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "d5e456e9-4ceb-4dc2-82b7-eb92b55a4abb", "timestamp": "1554387574", "to_ids": true, "value": "eabd6974ac71efd72d9e0688d5a6131f336d169c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "31ad9189-54d1-4e58-a4e3-058a12f0cde4", "timestamp": "1554387574", "to_ids": true, "value": "385e31c97e3a07bbb81513f0cd0979e64e6b014943902efd002f57b21eadd41e", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "4b9fdc52-1ce3-45d7-85cc-60215eb30f0c", "sharing_group_id": "0", "timestamp": "1554387574", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "17dc10ec-a20c-44d9-ae31-96597a8e02ae", "timestamp": "1554387574", "to_ids": true, "value": "34187a34d0a3c5d63016c26346371b54", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "9dbdf40e-edaa-4018-870f-e9f75d04ce10", "timestamp": "1554387575", "to_ids": true, "value": "ce8209ff9828aa8cb095bd7d1589fc4d394c298c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "b9b542b4-a85c-4031-85d7-24a4e6c06abb", "timestamp": "1554387575", "to_ids": true, "value": "5f815b8a8e77731c9ca2b3a07a27f880ef24d54e458d77bdabbbaf2269fe96c3", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "fa63b93f-2201-4f6c-8341-4a86980805b3", "sharing_group_id": "0", "timestamp": "1554387575", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "6a27d70a-142d-4b4c-b843-18a009d2bf50", "timestamp": "1554387575", "to_ids": true, "value": "871aa15f4d61c85e1284e1be3f99f705", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "55486ed8-738f-45d5-9749-cfe710ba8a5d", "timestamp": "1554387575", "to_ids": true, "value": "236eac0b19f91117b27f1b198a4d8490d99ec2e5", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "cbb03e65-53a9-4cf5-b1b3-1c9e4b929b52", "timestamp": "1554387575", "to_ids": true, "value": "b434bccf0a5ff75b27184e661df751466aef69f35fbd7b8b8692302b8b886262", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "c73504a4-60da-4107-adef-c10a0f52266b", "sharing_group_id": "0", "timestamp": "1554387575", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "78dc7c5d-4bc3-4261-94c0-0b21df1a2b5b", "timestamp": "1554387575", "to_ids": true, "value": "a1d732aa27e1ca2ae45a189451419ed5", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "58ba4880-6f59-4ecf-8895-c2eea4f83571", "timestamp": "1554387575", "to_ids": true, "value": "50f5a5ec13d21d4df119140547d63bc40f93b079", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "12830569-3e5e-4ea7-87c3-9694413cc2f0", "timestamp": "1554387575", "to_ids": true, "value": "c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "edbac896-cf24-4628-9064-7bac3c8e8d58", "sharing_group_id": "0", "timestamp": "1554387576", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "c8f8b3a4-47e4-4cef-8f17-9969307634bd", "timestamp": "1554387576", "to_ids": true, "value": "164f72dfb729ca1e15f99d456b7cf811", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "a99d759c-7ef3-48a1-9b06-3a80b94d9436", "timestamp": "1554387576", "to_ids": true, "value": "f92339e73c7e901c0c852d8e65615cfb588a4ff6", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "f77ce639-bb83-4643-a849-c33adf6eb5bf", "timestamp": "1554387576", "to_ids": true, "value": "8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "d91eacd1-efda-4eaf-ae5a-f815869b10dd", "sharing_group_id": "0", "timestamp": "1554387576", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "ffda5f7a-3307-4c7f-a1dd-f7453c739d94", "timestamp": "1554387576", "to_ids": true, "value": "9cad8641ac79688e09c5fa350aef2094", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "108f9add-83e1-478e-8bd8-e33798a1ec4a", "timestamp": "1554387576", "to_ids": true, "value": "3da0a217bbda09561780f52f163a6aafeb721d60", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "f9010dc9-9d4e-4d45-b70c-3c7ca50b05c0", "timestamp": "1554387576", "to_ids": true, "value": "5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "a1a25873-3445-4873-8b6b-7dca2e15615a", "sharing_group_id": "0", "timestamp": "1554387576", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "4216a131-8ad4-473c-a57b-a38af4fa0ddb", "timestamp": "1554387577", "to_ids": true, "value": "3ebca21b1d4e2f482b3eda6634e89211", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "b52ca21f-332d-4963-9604-ccf0ee915a8c", "timestamp": "1554387577", "to_ids": true, "value": "37cdd1e3225f8da596dc13779e902d8d13637360", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "f0470d7a-c237-4f1a-b4c8-13e03b69bb5d", "timestamp": "1554387577", "to_ids": true, "value": "6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "9aa33ad7-9f08-4774-b109-cedaed81cd60", "sharing_group_id": "0", "timestamp": "1554387577", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "bdb26be9-9735-445d-8fa3-792d39f26abb", "timestamp": "1554387578", "to_ids": true, "value": "52340664fe59e030790c48b66924b5bd", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "38c82e7d-9e54-4bdb-8e1a-c452dae87d70", "timestamp": "1554387578", "to_ids": true, "value": "73171ffa6dfee5f9264e3d20a1b6926ec1b60897", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "4f1ef948-b9ca-4b96-b71f-4ce1248be0c9", "timestamp": "1554387578", "to_ids": true, "value": "bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "dc691061-1ee8-46b1-b3ef-488f082e45c8", "sharing_group_id": "0", "timestamp": "1554387578", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "74282501-92e7-42a8-abad-ef1c5c7c5c75", "timestamp": "1554387578", "to_ids": true, "value": "a5bc1f94e7505a2e73c866551f7996f9", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "fde3e7e4-4139-4c65-807c-4ae071fe31ff", "timestamp": "1554387578", "to_ids": true, "value": "7dea7ff735023418b902d093964028aefbc486a5", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "6d958830-0070-4043-af4f-3db02f953b04", "timestamp": "1554387578", "to_ids": true, "value": "14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "8d31887c-d4a7-4e7f-899c-df1d3a41e15f", "sharing_group_id": "0", "timestamp": "1554387578", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5f73af58-a5df-43e5-9400-5d9b86d3863d", "timestamp": "1554387578", "to_ids": true, "value": "b3d3da12ca3b9efd042953caa6c3b8cd", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "e034a75d-82b9-42ec-9939-bd1d3edc42cd", "timestamp": "1554387579", "to_ids": true, "value": "34fb03a35e723d27e99776ed3e81967229b3afe1", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5e32e4c7-85e2-4b0c-93d6-3b9d9c7bc963", "timestamp": "1554387579", "to_ids": true, "value": "7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "febd2cf8-35c9-49d2-9963-21b43acb6f04", "sharing_group_id": "0", "timestamp": "1554387579", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "13fb674d-1ced-4fb1-a55b-125293d33797", "timestamp": "1554387579", "to_ids": true, "value": "faf4de4e1c5d8e4241088c90cfe8eddd", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "15a38c25-1e87-4ad9-9e4c-d216317877a7", "timestamp": "1554387579", "to_ids": true, "value": "fcd241fdcd462199f2907ca34c73ce9c89b03e5f", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "73e99fb0-04ba-409c-96d9-9438661ba3cf", "timestamp": "1554387579", "to_ids": true, "value": "47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "f63b62d9-f5f1-4c51-9488-139d016e7660", "sharing_group_id": "0", "timestamp": "1554387579", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "7c02589a-1b88-42f5-a74a-f2357929c1a8", "timestamp": "1554387579", "to_ids": true, "value": "7b792de1468a70cfe990b65034d5f3ac", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "82c932de-644c-43ed-836b-d504ea7f3205", "timestamp": "1554387579", "to_ids": true, "value": "320f1fc66054e98681fd291415ff17b2e1a71b61", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "f5dfb0fe-c56f-47c4-a462-9273d308ab73", "timestamp": "1554387579", "to_ids": true, "value": "a89eac79ff230f3c270b465cd2d8c1225b8937bd4b069ac27872ac883082d82b", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5c9c7c27-f578-43fb-8950-f682950d210f", "timestamp": "1554446032", "to_ids": false, "value": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2019-ACT-005/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5c9c80a8-de8c-4737-92ae-4250950d210f", "timestamp": "1553760440", "to_ids": false, "value": "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-005.pdf", "Tag": [{"colour": "#002b4a", "exportable": true, "name": "osint:source-type=\"technical-report\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9c9c28-b844-44bf-91d9-45c5950d210f", "timestamp": "1553767464", "to_ids": true, "value": "cottleakela@protonmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9c9c28-2aa0-4318-b516-44f8950d210f", "timestamp": "1553767464", "to_ids": true, "value": "qyavauzehyco1994@o2.pl", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Ransomnote", "category": "Artifacts dropped", "uuid": "5c9ca433-92e0-4c95-a054-4528950d210f", "timestamp": "1553769523", "to_ids": false, "value": "Greetings!There was a significant flaw in the security system of your company.\r\nYou should be thankful that the flaw was exploited by serious people and not some rookies.\r\nThey would have damaged all of your data by mistake or for fun.\r\n\r\nYour files are encrypted with the strongest military algorithms RSA4096 and AES-256.\r\nWithout our special decoder it is impossible to restore the data.\r\nAttempts to restore your data with third party software as Photorec, RannohDecryptor etc.\r\nwill lead to irreversible destruction of your data.\r\n\r\nTo confirm our honest intentions.\r\nSend us 2-3 different random files and you will get them decrypted.\r\nIt can be from different computers on your network to be sure that our decoder decrypts everything.\r\nSample files we unlock for free (files should not be related to any kind of backups).\r\n\r\nWe exclusively have decryption software for your situation\r\n\r\nDO NOT RESET OR SHUTDOWN - files may be damaged.\r\nDO NOT RENAME the encrypted files.\r\nDO NOT MOVE the encrypted files.\r\nThis may lead to the impossibility of recovery of the certain files.\r\n\r\nTo get information on the price of the decoder contact us at:\r\nCottleAkela@protonmail.com;QyavauZehyco1994@o2.pl\r\nThe payment has to be made in Bitcoins.\r\nThe final price depends on how fast you contact us.\r\nAs soon as we receive the payment you will get the decryption tool and\r\ninstructions on how to improve your systems security", "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdbca-78dc-499a-86a2-4d6e950d210f", "timestamp": "1553783754", "to_ids": true, "value": "abbschevis@protonmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdbca-0e04-42d7-ab25-4e14950d210f", "timestamp": "1553783754", "to_ids": true, "value": "ijuqodisunovib98@o2.pl", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Network activity", "uuid": "5c9cdcc4-d2dc-4f8c-8947-43c0950d210f", "timestamp": "1553784004", "to_ids": true, "value": "protonmail.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5c9cdcc7-8654-45c7-b3b1-440b950d210f", "timestamp": "1553784007", "to_ids": true, "value": "o2.pl", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdccf-0b50-4881-8bfe-4b34950d210f", "timestamp": "1553784015", "to_ids": true, "value": "romanchukeyla@protonmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdcd0-3b78-4d12-b3c2-42ea950d210f", "timestamp": "1553784016", "to_ids": true, "value": "couwetizotofo@o2.pl", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdcd0-2d68-4958-8ea1-4cc3950d210f", "timestamp": "1553784016", "to_ids": true, "value": "phanthavongsaneveyah@protonmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9cdcd0-4e7c-4567-a324-4a7d950d210f", "timestamp": "1553784016", "to_ids": true, "value": "aperywsqaroci@o2.pl", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Artifacts dropped", "uuid": "5c9e39dc-a38c-422e-903f-4831950d210f", "timestamp": "1553873372", "to_ids": false, "value": "javobohisabi yohoxucojanukazahaviwexepeniwa negikicudosoyihuruyadeyafipihaja\r\nTelawefibudi wuzahibe liga. Caku jakacoza zususezebonuli setusidafohi. Xekaho tiyiwifuvu damonixuxaho togubo\r\nxisLadoxuna pibifuzida. Goso sepudahemeli bu zevahilipezipa xurotocomupe. Kofe ridimarijoyane. Yeve.\r\nTuwipufebedopi yocomujiyezejo su su. Timevumavizase hapezo fogiju. Xonucosegogi li. Bobixayogaci. Kuyi. Leto\r\nzoyihebezobu wu ciwu. Docadufe ro judewocekodiki", "disable_correlation": false, "object_relation": null, "type": "pattern-in-file"}, {"comment": "C&C", "category": "Network activity", "uuid": "5ca1b269-0aa4-479e-80c5-457a950d210f", "timestamp": "1554109825", "to_ids": true, "value": "62.210.136.65", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5ca1b269-97c8-4a64-aec2-46f0950d210f", "timestamp": "1554100841", "to_ids": true, "value": "62.210.0.0/16", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "C&C", "category": "Network activity", "uuid": "5ca1b269-b02c-43ad-afbd-4f69950d210f", "timestamp": "1554109867", "to_ids": true, "value": "185.202.174.91", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5ca1b269-01f8-4c66-b7a6-4318950d210f", "timestamp": "1554100841", "to_ids": true, "value": "185.202.174.0/24", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "C&C", "category": "Network activity", "uuid": "5ca1b269-6478-47f0-a5cd-4e8f950d210f", "timestamp": "1554109860", "to_ids": true, "value": "185.202.174.86", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5ca1b269-9670-48a3-8bbe-4639950d210f", "timestamp": "1554100841", "to_ids": true, "value": "https://pastebin.com/raw/7Qmz6q5v", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "C&C", "category": "Network activity", "uuid": "5ca1b269-f7fc-4efd-9e26-4955950d210f", "timestamp": "1554109863", "to_ids": true, "value": "93.115.26.171", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5ca1b269-eb04-4df7-8a0b-41d9950d210f", "timestamp": "1554100841", "to_ids": true, "value": "93.115.26.0/24", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5ca1ce9d-cd4c-46b6-9a6a-3ff6950d210f", "timestamp": "1554108061", "to_ids": true, "value": "176.126.85.207", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5ca1ce9d-b568-4caf-bdff-3ff6950d210f", "timestamp": "1554108061", "to_ids": true, "value": "176.126.85.0/24", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-4e80-4388-9890-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "185.238.0.217", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-e228-4161-9aa7-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "185.70.105.158", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-f2a0-4fca-a92a-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "185.70.105.43", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-69b8-4968-9f67-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "185.70.187.21", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-1654-4bf2-b765-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "185.70.187.88", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-3414-41ec-9f72-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "31.192.108.122", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-8b64-4abe-87e7-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "31.192.108.123", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-121c-4714-aa3e-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "31.207.44.186", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-a8d8-46e0-aa54-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "31.207.44.83", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-6ed8-400b-b4fa-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "5.39.219.168", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-d90c-47f7-94c8-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "5.39.219.185", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cb-27c4-4c61-a7ef-d6af950d210f", "timestamp": "1554110667", "to_ids": true, "value": "185.70.184.134", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-5548-451c-9747-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.184.250", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-c67c-4701-8470-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.22", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-a450-4ef1-a1bb-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.23", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-f1c0-4dfc-85f9-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.38", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-5104-424c-bb78-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.46", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-2b0c-4ab6-9304-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.51", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-dc90-45a2-a6bf-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.53", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-fb50-48bc-8dbb-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.56", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-c190-4f11-9122-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.65", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-c2f0-469e-8883-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.77", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-0cd4-4431-a10f-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.79", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-6270-48ed-af05-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.86", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-dedc-4b55-ab68-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "185.70.187.92", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-3284-4bbd-a95a-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "31.207.44.118", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-589c-4067-adcd-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "31.207.44.77", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-ac04-4efc-a767-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "31.207.44.80", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-4df0-408a-8b83-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "31.207.44.84", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-f428-494a-86ac-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "31.207.45.251", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-2d24-4de1-8232-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "31.207.45.45", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-c530-4ce4-9202-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "5.39.219.172", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-5c10-4070-aebe-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "5.39.219.183", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-55a0-4f8a-baf7-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "5.39.219.184", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-84f4-476c-8619-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "5.39.219.187", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "IP of server administration", "category": "Network activity", "uuid": "5ca1d8cc-4490-4918-ac84-d6af950d210f", "timestamp": "1554110668", "to_ids": true, "value": "5.39.219.188", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-87c0-4e54-891a-4dba950d210f", "timestamp": "1554112642", "to_ids": true, "value": "5286a5ed1288e7c54f1ca04d097f17c1d6aea32b", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-c73c-48e1-91c2-4875950d210f", "timestamp": "1554112642", "to_ids": true, "value": "6dc00843f313690075612ee5ce770cae067cd37f", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-a4c8-4094-be2e-4276950d210f", "timestamp": "1554112642", "to_ids": true, "value": "ee4c9567c9a072e1d8ed8a78cb06d6ce1a81dd11", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-df5c-42e5-95c1-43ca950d210f", "timestamp": "1554112642", "to_ids": true, "value": "2200eb3303e448a52404128458e87f3248d4612c", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Network activity", "uuid": "5ca1e082-2f08-4f8b-a82a-4d65950d210f", "timestamp": "1554112642", "to_ids": true, "value": "5.39.219.159", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-08fc-4585-83d4-47c7950d210f", "timestamp": "1554112642", "to_ids": true, "value": "f0e07b689caa5c7b3767bb3b4cfe4cba2aecb5f8", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-1960-4f42-89e3-4a5c950d210f", "timestamp": "1554112642", "to_ids": true, "value": "cc9aa7e71ce04b893bcdf49a1da2f0e20e45faf2", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-5a98-4ee3-afa7-48c0950d210f", "timestamp": "1554112642", "to_ids": true, "value": "840963454567b38a5f1d1df7cd202629804e4c61", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Network activity", "uuid": "5ca1e082-9dc4-4403-aaaa-406e950d210f", "timestamp": "1554112642", "to_ids": true, "value": "185.58.204.177", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-1610-4df6-9bd7-4a89950d210f", "timestamp": "1554112642", "to_ids": true, "value": "dc8f3c31906c01d077c614809bb1195af2393dc1", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-0ebc-43d4-b476-48ea950d210f", "timestamp": "1554112642", "to_ids": true, "value": "02faf3e291435468607857694df5e45b68851868", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-aa0c-48ab-ac8e-4840950d210f", "timestamp": "1554112642", "to_ids": true, "value": "28a4481f8138c889367f9112ef48e4f17fb69944", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-fed8-4893-b9c4-4dc7950d210f", "timestamp": "1554112642", "to_ids": true, "value": "339cdd57cfd5b141169b615ff31428782d1da639", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-e1c8-4d0d-8458-41eb950d210f", "timestamp": "1554112642", "to_ids": true, "value": "f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-72d0-49db-8909-4523950d210f", "timestamp": "1554112642", "to_ids": true, "value": "3712786dd9d1d8ac7db60ba2f989280c7257a3a9", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-7dfc-43c5-864b-494c950d210f", "timestamp": "1554112642", "to_ids": true, "value": "736a4dc679d682da321563647c60f699f0dfc268", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-4b0c-4376-89e9-4075950d210f", "timestamp": "1554112642", "to_ids": true, "value": "b1bc968bd4f49d622aa89a81f2150152a41d829c", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e082-c614-431c-b553-4eff950d210f", "timestamp": "1554112642", "to_ids": true, "value": "15abccaae3920046f55293e25f5f931a6581e00f", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Network activity", "uuid": "5ca1e719-4834-41f6-be6d-4586950d210f", "timestamp": "1554114329", "to_ids": true, "value": "scourketchupfries.cn.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e719-db18-46a6-9d1c-4acc950d210f", "timestamp": "1554114329", "to_ids": true, "value": "vds58339.localdomain", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e719-819c-451a-9977-400e950d210f", "timestamp": "1554114329", "to_ids": true, "value": "root@vds58339.localdomain", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e719-ffe4-4586-9f65-4c75950d210f", "timestamp": "1554114329", "to_ids": true, "value": "localhost.localdomain", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca1e719-0af8-451f-9ab5-4828950d210f", "timestamp": "1554114329", "to_ids": true, "value": "root@localhost.localdomain", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Network activity", "uuid": "5ca1e71a-e47c-45fa-95f8-4ebc950d210f", "timestamp": "1554114330", "to_ids": true, "value": "www.csgolite.ru", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5ca1e71a-eb68-4e2f-afb1-405c950d210f", "timestamp": "1554114330", "to_ids": true, "value": "tcp.csgolite.ru", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5ca1e71a-4378-412c-acbe-499f950d210f", "timestamp": "1554114330", "to_ids": true, "value": "bendermoney.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5ca21226-bc58-47e2-bc18-4c09950d210f", "timestamp": "1554125350", "to_ids": true, "value": "https://pastebin.com/raw/wdcq0Tda", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5ca21226-ff2c-4002-91db-40b4950d210f", "timestamp": "1554125350", "to_ids": true, "value": "https://pastebin.com/raw/9ditgTZh", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5ca21226-c4bc-43b0-b0da-40a8950d210f", "timestamp": "1554125350", "to_ids": true, "value": "https://pastebin.com/Mzd1HFrN", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Payload delivery", "uuid": "5ca61559-4fd4-4df0-976e-43ba950d210f", "timestamp": "1554388313", "to_ids": true, "value": "c226ac4bab6f48634bacbb7a1d34f8f6", "disable_correlation": false, "object_relation": null, "type": "imphash"}], "extends_uuid": "", "published": false, "date": "2019-01-31", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5c9b92ae-0428-46ef-9ced-4d47950d210f"}}