{ "Event": { "analysis": "2", "date": "2019-04-22", "extends_uuid": "", "info": "OSINT - Nueva campa\u00c3\u00b1a del grupo ruso TA505 dirigida a Chile y Argentina. #ServHelper", "publish_timestamp": "1555920571", "published": true, "threat_level_id": "3", "timestamp": "1555920412", "uuid": "5cbd7391-72f0-4905-a438-428102de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "name": "misp-galaxy:threat-actor=\"TA505\"" }, { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#0071c3", "name": "osint:lifetime=\"perpetual\"" }, { "colour": "#0087e8", "name": "osint:certainty=\"50\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919777", "to_ids": false, "type": "link", "uuid": "5cbd73a2-b97c-4e99-b1fc-4a5402de0b81", "value": "https://medium.com/@1ZRR4H/nueva-campa%C3%B1a-del-grupo-ruso-ta505-dirigida-a-chile-y-argentina-servhelper-1dc3bfbff0c7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-69a8-4d14-baf1-499402de0b81", "value": "canyoning-austria.at/dashost" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-3b2c-4cf8-92f1-4f7802de0b81", "value": "profan.es/dashost" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-b9b0-4164-bc9a-4bf802de0b81", "value": "kerrison.com/dashost" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-5134-4712-a2d6-480102de0b81", "value": "globe-trotterltd.com/dashost" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-454c-4592-95e6-46dc02de0b81", "value": "195.123.227.20/dashost" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-1da8-4680-b28e-4e1002de0b81", "value": "http://houusha33.icu/jquery/jquery.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-8a98-49b2-8a25-4ea202de0b81", "value": "http://joisff333.icu/jquery/jquery.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "url", "uuid": "5cbd73c0-d208-4a04-b984-4c4602de0b81", "value": "http://91.201.67.96/cyf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "ip-dst", "uuid": "5cbd73c0-5028-425f-86c7-478e02de0b81", "value": "66.232.130.161" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919808", "to_ids": true, "type": "ip-dst", "uuid": "5cbd73c0-00ac-41d6-9513-4d4102de0b81", "value": "195.123.227.79" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73dd-3aac-471f-bd19-4ab602de0b81", "value": "%WINDIR%\\Installer\\MSI3DA2.tmp" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5cbd73dd-ce0c-438a-942b-4ee902de0b81", "value": "64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73dd-d580-4456-a5ca-475202de0b81", "value": "%WINDIR%\\Installer\\MSI419D.tmp" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5cbd73dd-6fb8-4055-9ba6-474602de0b81", "value": "7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73dd-de54-442c-a322-4f7e02de0b81", "value": "%TEMP%\\nsu4228.tmp\\ns4229.tmp" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5cbd73dd-6fe8-4c75-b4a6-45e802de0b81", "value": "79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73dd-1bd8-4bf5-b02c-4cb502de0b81", "value": "%TEMP%\\nsu4228.tmp\\nsExec.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5cbd73dd-af2c-4136-8e4d-409c02de0b81", "value": "b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73dd-47f8-4911-b957-4e2602de0b81", "value": "%TEMP%\\repotaj.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5cbd73dd-5c18-468d-ab34-498102de0b81", "value": "fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73dd-6a5c-4822-8777-4a0a02de0b81", "value": "%WINDIR%\\Installer\\MSI777D.tmp" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5cbd73dd-bcfc-4824-a499-425302de0b81", "value": "75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73dd-4390-4a98-9a65-492302de0b81", "value": "%WINDIR%\\Installer\\MSI7D8B.tmp" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5cbd73dd-fb5c-49ed-af22-41a602de0b81", "value": "843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919837", "to_ids": true, "type": "filename", "uuid": "5cbd73de-e6dc-4dcd-83fd-456102de0b81", "value": "%TEMP%\\nsl7E55.tmp\\nsExec.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919838", "to_ids": true, "type": "filename", "uuid": "5cbd73de-1ba8-426f-b998-48e002de0b81", "value": "%TEMP%\\pegas.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919838", "to_ids": true, "type": "sha256", "uuid": "5cbd73de-7c74-450a-8290-494802de0b81", "value": "9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555919838", "to_ids": true, "type": "filename", "uuid": "5cbd73de-ce04-4fc5-9616-435302de0b81", "value": "%TEMP%\\nsl7E55.tmp\\ns7E66.tmp" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555920412", "to_ids": false, "type": "link", "uuid": "5cbd7456-69a4-4301-97d6-446e02de0b81", "value": "https://app.any.run/tasks/804f1ace-cd13-48b6-8b9a-87a983cfce5a", "Tag": [ { "colour": "#005795", "name": "osint:source-type=\"automatic-analysis\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555920412", "to_ids": false, "type": "link", "uuid": "5cbd7456-1df0-46c1-88c0-49dd02de0b81", "value": "https://app.any.run/tasks/1546da9a-d3b0-4e2d-a1e7-90c58b54b134", "Tag": [ { "colour": "#005795", "name": "osint:source-type=\"automatic-analysis\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555920412", "to_ids": false, "type": "link", "uuid": "5cbd7456-c4f4-4727-9bf2-468902de0b81", "value": "https://app.any.run/tasks/5d68c43e-15b2-48c0-bcbe-2a60f3112639", "Tag": [ { "colour": "#005795", "name": "osint:source-type=\"automatic-analysis\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555920381", "to_ids": false, "type": "link", "uuid": "5cbd747a-c9dc-4ae2-9b67-4add02de0b81", "value": "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555920382", "to_ids": false, "type": "link", "uuid": "5cbd747a-8040-41b7-b544-463102de0b81", "value": "https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555920381", "to_ids": false, "type": "link", "uuid": "5cbd747a-ed34-4317-b5f9-429e02de0b81", "value": "https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1555920382", "to_ids": false, "type": "link", "uuid": "5cbd747a-45d8-4b70-82c1-415802de0b81", "value": "https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919914", "uuid": "867e47bb-adf7-4381-8be6-79dbf5b5e71f", "ObjectReference": [ { "comment": "", "object_uuid": "867e47bb-adf7-4381-8be6-79dbf5b5e71f", "referenced_uuid": "b0f25fa4-e9f8-4d03-b5f8-12232b08aeec", "relationship_type": "analysed-with", "timestamp": "1555919915", "uuid": "5cbd742b-444c-4576-96c4-448302de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919837", "to_ids": true, "type": "md5", "uuid": "696d127e-c5ac-4ab1-a992-4b195695b815", "value": "e2347a65b30ccc5b2c4230daaeefb897" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919837", "to_ids": true, "type": "sha1", "uuid": "09d7b67a-cc27-4c47-8966-602176654a16", "value": "64c7047898371e81bfc58b8fda6da7892a92108d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "9f060858-1d40-40c6-8480-dafe3d08b690", "value": "79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919914", "uuid": "b0f25fa4-e9f8-4d03-b5f8-12232b08aeec", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919837", "to_ids": false, "type": "datetime", "uuid": "2872b77c-20e0-45c0-b8fb-449e42a8cbc4", "value": "2019-04-20T08:04:42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919837", "to_ids": false, "type": "link", "uuid": "a9d51e83-3cf6-4cb5-b0bb-68a7f55d6a1a", "value": "https://www.virustotal.com/file/79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec/analysis/1555747482/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919837", "to_ids": false, "type": "text", "uuid": "a2840024-acc7-4c8a-84ff-2032ad1920b7", "value": "2/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919914", "uuid": "c3404a75-0222-4173-a99c-60c536dc87d7", "ObjectReference": [ { "comment": "", "object_uuid": "c3404a75-0222-4173-a99c-60c536dc87d7", "referenced_uuid": "764657dd-1a00-429d-895f-7c1f6c74eb9d", "relationship_type": "analysed-with", "timestamp": "1555919915", "uuid": "5cbd742b-5e1c-445a-a544-41dd02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919837", "to_ids": true, "type": "md5", "uuid": "5ee3d127-cc55-4ba8-afd1-8351c49f55a3", "value": "1f49d8af9be9e915d54b2441c4a79adf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919837", "to_ids": true, "type": "sha1", "uuid": "1cda3d3c-fca9-4f88-aa0f-36a4163d0f72", "value": "1ee4f809c693e31f34bc6d8153664a6dc2c3e499" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "8eecab72-a675-4729-b5df-74697c6ee080", "value": "b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919914", "uuid": "764657dd-1a00-429d-895f-7c1f6c74eb9d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919837", "to_ids": false, "type": "datetime", "uuid": "9478771f-ebde-47ad-947f-6653868b43c7", "value": "2019-04-16T07:40:38" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919837", "to_ids": false, "type": "link", "uuid": "5e7f9759-3199-4c01-ab49-772bfc783dc7", "value": "https://www.virustotal.com/file/b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782/analysis/1555400438/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919837", "to_ids": false, "type": "text", "uuid": "77aa48f9-ee53-4b88-bfd4-2cff08cb987b", "value": "0/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919914", "uuid": "e4348e28-8e87-413d-8e10-f163befd21f8", "ObjectReference": [ { "comment": "", "object_uuid": "e4348e28-8e87-413d-8e10-f163befd21f8", "referenced_uuid": "8dc3390e-0e31-4519-861b-46753f4a7724", "relationship_type": "analysed-with", "timestamp": "1555919916", "uuid": "5cbd742c-bfe4-4797-8810-427902de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919838", "to_ids": true, "type": "md5", "uuid": "fce219cb-b014-45e1-a4ac-f997ffcfae2e", "value": "4a8198fca604a78dd210803aebd5cbba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919838", "to_ids": true, "type": "sha1", "uuid": "80632ed0-b83a-430d-831c-b91689bf9a4b", "value": "06f232210e507f09f01155e7d0cb5389b8a31042" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919838", "to_ids": true, "type": "sha256", "uuid": "68a38504-6d11-412b-8f74-06c790a4c6f6", "value": "9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919914", "uuid": "8dc3390e-0e31-4519-861b-46753f4a7724", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919838", "to_ids": false, "type": "datetime", "uuid": "296b39c0-8c18-48de-951a-875ebd5df7c9", "value": "2019-04-19T13:34:35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919838", "to_ids": false, "type": "link", "uuid": "a8e091a7-599d-4c76-984e-68c366c8ecb6", "value": "https://www.virustotal.com/file/9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e/analysis/1555680875/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919838", "to_ids": false, "type": "text", "uuid": "ff153d9d-15f1-4e2f-8821-ea5f6d40212e", "value": "39/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919914", "uuid": "65feef59-f0fd-4662-817d-27c02ac07886", "ObjectReference": [ { "comment": "", "object_uuid": "65feef59-f0fd-4662-817d-27c02ac07886", "referenced_uuid": "54adb423-5c15-424e-bc70-e6467f11fa55", "relationship_type": "analysed-with", "timestamp": "1555919916", "uuid": "5cbd742c-1a3c-4eb7-82b7-42d402de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919837", "to_ids": true, "type": "md5", "uuid": "cd818222-1dcc-49c0-9d34-9a1b98cf17d2", "value": "a8024347a2bb59bd5cfbde2311f16a20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919837", "to_ids": true, "type": "sha1", "uuid": "f7f3eb04-7c07-447b-a095-08a7c0ad5b4f", "value": "8ab7dd5b6583f2ff847a970deb591a34a230fa81" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "5898c044-0c42-42fd-b77e-efe9e06022de", "value": "64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919914", "uuid": "54adb423-5c15-424e-bc70-e6467f11fa55", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919837", "to_ids": false, "type": "datetime", "uuid": "4b216a59-481f-4845-af8f-3138132c3eee", "value": "2019-04-22T00:20:43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919837", "to_ids": false, "type": "link", "uuid": "1ad96739-a571-4915-a14c-1a140c5a29de", "value": "https://www.virustotal.com/file/64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8/analysis/1555892443/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919837", "to_ids": false, "type": "text", "uuid": "9c5cae44-8305-4195-88cb-f11ac62651e4", "value": "28/54" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919915", "uuid": "effbb231-e3e3-46a3-8749-115ffc451f75", "ObjectReference": [ { "comment": "", "object_uuid": "effbb231-e3e3-46a3-8749-115ffc451f75", "referenced_uuid": "cfc10358-f02b-4f0b-83d4-92776013927b", "relationship_type": "analysed-with", "timestamp": "1555919916", "uuid": "5cbd742c-c574-4b76-a5ed-45da02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919837", "to_ids": true, "type": "md5", "uuid": "2547da14-7ef8-4e17-960a-f85bd3fd53d8", "value": "4ca90e372982c864b8eae6d95161a213" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919837", "to_ids": true, "type": "sha1", "uuid": "afd8829d-65bc-4a13-b24c-933ef9d0ee5f", "value": "ad35fa0b3799562931b4bfa3abd057214b8721ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "7c52306d-313d-471f-9276-ad923c9cabe3", "value": "843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919915", "uuid": "cfc10358-f02b-4f0b-83d4-92776013927b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919837", "to_ids": false, "type": "datetime", "uuid": "d9399e02-1c95-4d3c-a3f9-aff3d110e29b", "value": "2019-04-22T04:38:01" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919837", "to_ids": false, "type": "link", "uuid": "dc01f50c-1875-4765-bf0c-6b67b07bae6a", "value": "https://www.virustotal.com/file/843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c/analysis/1555907881/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919837", "to_ids": false, "type": "text", "uuid": "b128e9ae-2522-447a-bc5d-9038e98e83de", "value": "41/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919915", "uuid": "1eed6e2d-c5e6-4150-8ccd-d3bc96796553", "ObjectReference": [ { "comment": "", "object_uuid": "1eed6e2d-c5e6-4150-8ccd-d3bc96796553", "referenced_uuid": "3c563bb6-6ef9-4565-b392-ee9f00d5ff07", "relationship_type": "analysed-with", "timestamp": "1555919916", "uuid": "5cbd742c-6680-44fd-b9ba-4dc002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919837", "to_ids": true, "type": "md5", "uuid": "9e60bc01-a027-4e3e-8f11-fa960a875bf2", "value": "2f05a4a116a3b152c2a5eabf048f43e8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919837", "to_ids": true, "type": "sha1", "uuid": "5f847e0a-d450-4657-a829-e33e5ecb81aa", "value": "d18ef08bf13de20442613a899c4cd07b96d27f8c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "3df27d78-09e7-44ad-b5cd-c4c691a5bee2", "value": "fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919915", "uuid": "3c563bb6-6ef9-4565-b392-ee9f00d5ff07", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919837", "to_ids": false, "type": "datetime", "uuid": "d58e5a6b-3da3-4ccb-a166-473ca9de5928", "value": "2019-04-21T04:19:37" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919837", "to_ids": false, "type": "link", "uuid": "fd8b3cb3-390f-45c1-9336-f0907da82030", "value": "https://www.virustotal.com/file/fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6/analysis/1555820377/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919837", "to_ids": false, "type": "text", "uuid": "653716ec-3a07-4e78-8df5-300768b2ca6f", "value": "32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919915", "uuid": "301a91c9-b7e0-4a0c-9294-c4c998ef4833", "ObjectReference": [ { "comment": "", "object_uuid": "301a91c9-b7e0-4a0c-9294-c4c998ef4833", "referenced_uuid": "c6c7b545-e03a-4539-8f5c-214bf4702bdf", "relationship_type": "analysed-with", "timestamp": "1555919916", "uuid": "5cbd742c-3c6c-4495-a42a-455d02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919837", "to_ids": true, "type": "md5", "uuid": "24a4266f-b963-4c4c-908a-12df72adb4a4", "value": "329d3e86fb9fca6a656742c6aa8ee13e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919837", "to_ids": true, "type": "sha1", "uuid": "0694e903-6c52-4f82-88c0-aef0bf673c4d", "value": "6c76baa8f4f45f5d68b00f88847d42b99fd896e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "dd481045-dd5c-4090-b856-6f833937b76f", "value": "7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919915", "uuid": "c6c7b545-e03a-4539-8f5c-214bf4702bdf", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919837", "to_ids": false, "type": "datetime", "uuid": "8e3a6c60-4adf-4a24-a9a5-849ea01b718a", "value": "2019-04-21T03:35:28" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919837", "to_ids": false, "type": "link", "uuid": "4b6b23d6-7a81-40de-ae0a-d3beda6b01b8", "value": "https://www.virustotal.com/file/7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50/analysis/1555817728/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919837", "to_ids": false, "type": "text", "uuid": "bcec37f0-fe53-4db7-b109-04b9c34f1ccc", "value": "37/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1555919915", "uuid": "b4a8764f-f7fc-4571-9b2b-bc9f3283ca04", "ObjectReference": [ { "comment": "", "object_uuid": "b4a8764f-f7fc-4571-9b2b-bc9f3283ca04", "referenced_uuid": "7ff4854a-c7d8-4af1-8173-0cdf26b50991", "relationship_type": "analysed-with", "timestamp": "1555919916", "uuid": "5cbd742c-767c-41a8-888a-44bd02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1555919837", "to_ids": true, "type": "md5", "uuid": "d83d8c14-551b-42fc-ba82-231858238083", "value": "2c0b36a448fe7131cfb4fbc1a960da2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1555919837", "to_ids": true, "type": "sha1", "uuid": "9bc8e074-5d40-4aeb-a81b-d98549db3eaf", "value": "a99e98129f380b8e60f7005b21db2b79edd66dc4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1555919837", "to_ids": true, "type": "sha256", "uuid": "ad0e7d7b-6cec-4b75-9e2a-7d19522a6fab", "value": "75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1555919915", "uuid": "7ff4854a-c7d8-4af1-8173-0cdf26b50991", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1555919837", "to_ids": false, "type": "datetime", "uuid": "b80e6745-fd52-427a-a191-2b39e1bd91bc", "value": "2019-04-15T15:05:01" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1555919837", "to_ids": false, "type": "link", "uuid": "87f84fda-1348-4d28-9f69-7bc895c36a71", "value": "https://www.virustotal.com/file/75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36/analysis/1555340701/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1555919837", "to_ids": false, "type": "text", "uuid": "7be490c9-16be-4efd-84ca-cedde0d3165f", "value": "28/60" } ] } ] } }