{ "Event": { "analysis": "0", "date": "2019-12-12", "extends_uuid": "", "info": "OSINT - GALLIUM: Targeting global telecom", "publish_timestamp": "1576485275", "published": true, "threat_level_id": "1", "timestamp": "1576484865", "uuid": "5df37253-ecc0-40ff-9ab9-4c44950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "name": "misp-galaxy:malpedia=\"HTran\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"HTRAN\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"HTRAN - S0040\"" }, { "colour": "#0b8900", "name": "misp-galaxy:tool=\"Htran\"" }, { "colour": "#0088cc", "name": "misp-galaxy:malpedia=\"MimiKatz\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"Mimikatz\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"Mimikatz - S0002\"" }, { "colour": "#064800", "name": "misp-galaxy:tool=\"Mimikatz\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"PsExec\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"PsExec - S0029\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"PsExec\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"PsExec - S0029\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"PsExec\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"Windows Credential Editor\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"Windows Credential Editor\"" }, { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#0071c3", "name": "osint:lifetime=\"perpetual\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper - S0020\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-malware=\"China Chopper\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-malware=\"China Chopper - S0020\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"China Chopper\"" }, { "colour": "#0088cc", "name": "misp-galaxy:malpedia=\"Poison Ivy\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-malware=\"PoisonIvy\"" }, { "colour": "#0088cc", "name": "misp-galaxy:mitre-malware=\"PoisonIvy - S0012\"" }, { "colour": "#0088cc", "name": "misp-galaxy:rat=\"PoisonIvy\"" }, { "colour": "#043600", "name": "misp-galaxy:tool=\"Poison Ivy\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"poisonivy\"" }, { "colour": "#0088cc", "name": "misp-galaxy:microsoft-activity-group=\"GALLIUM\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"Netcat\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"NBTScan\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576235704", "to_ids": false, "type": "link", "uuid": "5df372b8-5b40-478d-a93d-4cf1950d210f", "value": "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576239029", "to_ids": true, "type": "hostname", "uuid": "5df37fb5-e9a4-4ed8-9abe-4850950d210f", "value": "asyspy256.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576239034", "to_ids": true, "type": "hostname", "uuid": "5df37fba-2648-4954-980c-444a950d210f", "value": "hotkillmail9sddcc.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576239040", "to_ids": true, "type": "hostname", "uuid": "5df37fc0-7bf4-4030-bf71-4e71950d210f", "value": "rosaf112.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576239046", "to_ids": true, "type": "hostname", "uuid": "5df37fc6-d1d4-4b40-a7ac-46e3950d210f", "value": "cvdfhjh1231.myftp.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576239046", "to_ids": true, "type": "hostname", "uuid": "5df37fc6-48d8-4b0d-af0b-4814950d210f", "value": "sz2016rose.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576239047", "to_ids": true, "type": "hostname", "uuid": "5df37fc7-46b0-42c1-8578-4923950d210f", "value": "dffwescwer4325.myftp.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576239047", "to_ids": true, "type": "hostname", "uuid": "5df37fc7-7f30-479f-8358-43f4950d210f", "value": "cvdfhjh1231.ddns.net" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576241825", "to_ids": false, "type": "text", "uuid": "5df38aa1-7a6c-4df4-bbfa-4ca0950d210f", "value": "TrojanDropper:Win32/BlackMould.A!dha\r\nTrojan:Win32/BlackMould.B!dha\r\nTrojan:Win32/QuarkBandit.A!dha\r\nTrojan:Win32/Sidelod.A!dha" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576245716", "to_ids": false, "type": "link", "uuid": "5df399d4-fa1c-48d7-bca2-48b4950d210f", "value": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/GalliumIOCs.yaml" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241869", "uuid": "1ab9b5d3-f394-4a58-b890-e4ec2f6c7f58", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241870", "to_ids": true, "type": "sha256", "uuid": "e5a03a77-09fa-4a95-9ef8-69dbd0041a97", "value": "9ae7c4a4e1cfe9b505c3a47e66551eb1357affee65bfefb0109d02f4e97c06dd" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241870", "uuid": "9c77c3fa-73df-450c-b5b3-ce88e70e25c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241870", "to_ids": true, "type": "sha256", "uuid": "760a1300-5b9b-4df9-93fe-9d2fa905d50a", "value": "7772d624e1aed327abcd24ce2068063da0e31bb1d5d3bf2841fc977e198c6c5b" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241870", "uuid": "6841f72d-d8d2-4cea-bff0-ecd5e746cb44", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241871", "to_ids": true, "type": "sha256", "uuid": "9248e543-4985-4cfb-9e41-a865346af781", "value": "657fc7e6447e0065d488a7db2caab13071e44741875044f9024ca843fe4e86b5" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241871", "uuid": "0d9e0fdd-9a73-472b-9de0-3eb7b1a3ce73", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241871", "to_ids": true, "type": "sha256", "uuid": "c99aacb9-7f8f-42f9-a4a3-261506d8d7e9", "value": "2ef157a97e28574356e1d871abf75deca7d7a1ea662f38b577a06dd039dbae29" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241871", "uuid": "81b35f61-e33f-4ce5-9264-a42e4061dc89", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241872", "to_ids": true, "type": "sha256", "uuid": "e8d99491-3a18-4b37-9001-6abeedb2c1df", "value": "52fd7b90d7144ac448af4008be639d4d45c252e51823f4311011af3207a5fc77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241872", "uuid": "34fb3676-5716-43dd-8a1c-8b180f793c25", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241872", "to_ids": true, "type": "sha256", "uuid": "2c35065a-802f-41f7-8dd1-de8198329246", "value": "a370e47cb97b35f1ae6590d14ada7561d22b4a73be0cb6df7e851d85054b1ac3" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241872", "uuid": "10f1f733-c7ee-41a9-bfc7-de76c69a386e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241873", "to_ids": true, "type": "sha256", "uuid": "b12ce1d2-19b4-4fba-844f-8d1c7387e14a", "value": "5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241873", "uuid": "55309c26-5c02-464f-939a-d71ccd33e1a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241873", "to_ids": true, "type": "sha256", "uuid": "f81c6481-b695-4f21-ad38-2008f875c92a", "value": "6f690ccfd54c2b02f0c3cb89c938162c10cbeee693286e809579c540b07ed883" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241874", "uuid": "52ea1550-80eb-4398-9011-e294c4b04153", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241874", "to_ids": true, "type": "sha256", "uuid": "5979cd05-152c-4bad-aae5-41f3f4961b90", "value": "3c884f776fbd16597c072afd81029e8764dd57ee79d798829ca111f5e170bd8e" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241874", "uuid": "fd50853a-5080-4c08-875a-13b25c64f6fb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241874", "to_ids": true, "type": "sha256", "uuid": "9f7599c9-44c7-4150-9218-1620a8b73acc", "value": "1922a419f57afb351b58330ed456143cc8de8b3ebcbd236d26a219b03b3464d7" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241874", "uuid": "473b147e-5cd4-4acb-ae0d-03cbe777e19a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241875", "to_ids": true, "type": "sha256", "uuid": "cb9e2f4a-a701-4815-9b86-5ec293f315fe", "value": "fe0e4ef832b62d49b43433e10c47dc51072959af93963c790892efc20ec422f1" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241875", "uuid": "c609fe42-cc46-4ff3-bda8-83175257560a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241876", "to_ids": true, "type": "sha256", "uuid": "ac202668-4fdf-45be-9d2d-00ec78793f63", "value": "7ce9e1c5562c8a5c93878629a47fe6071a35d604ed57a8f918f3eadf82c11a9c" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241876", "uuid": "826b488e-d80e-46eb-81d0-a2d7f255c391", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241876", "to_ids": true, "type": "sha256", "uuid": "5ec4d19d-1b78-41da-a5e6-2657e797930f", "value": "178d5ee8c04401d332af331087a80fb4e5e2937edfba7266f9be34a5029b6945" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241876", "uuid": "5ae707a9-1413-40e1-9bfb-0ab797935daf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241877", "to_ids": true, "type": "sha256", "uuid": "4d668582-02d7-4928-a036-987fe1d257a0", "value": "51f70956fa8c487784fd21ab795f6ba2199b5c2d346acdeef1de0318a4c729d9" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241892", "uuid": "2ff483f1-bfd4-4bc0-834a-6090bd524eb7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241892", "to_ids": true, "type": "sha256", "uuid": "cda847c2-c378-4146-958f-e0e3d5a46e1b", "value": "889bca95f1a69e94aaade1e959ed0d3620531dc0fc563be9a8decf41899b4d79" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241892", "uuid": "887e619e-e714-4276-88ab-5bee4ce7e1bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241892", "to_ids": true, "type": "sha256", "uuid": "8205aab5-4e4b-4178-b10b-fd2cb6f36cb9", "value": "332ddaa00e2eb862742cb8d7e24ce52a5d38ffb22f6c8bd51162bd35e84d7ddf" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241893", "uuid": "9714d7cb-273f-451a-bbe2-46a44d787eb5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241893", "to_ids": true, "type": "sha256", "uuid": "96b46989-a9c0-414a-a678-2cfd20bb5c85", "value": "44bcf82fa536318622798504e8369e9dcdb32686b95fcb44579f0b4efa79df08" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241893", "uuid": "9a81a9ad-91c8-415b-9a7d-a24f2cd80fc7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241894", "to_ids": true, "type": "sha256", "uuid": "1f287fbd-bf51-4ef0-9f34-63e54bad6d37", "value": "63552772fdd8c947712a2cff00dfe25c7a34133716784b6d486227384f8cf3ef" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576241894", "uuid": "af74e22f-def9-4891-a20e-3ba3717f3023", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576241894", "to_ids": true, "type": "sha256", "uuid": "e86f5228-f629-488d-8361-7cff088abb19", "value": "056744a3c371b5938d63c396fe094afce8fb153796a65afa5103e1bffd7ca070" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245070", "uuid": "2fb968c9-e5e3-4b24-8b1d-efd3ada12b7b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245071", "to_ids": true, "type": "sha1", "uuid": "8bd78513-30e4-4ebc-9c6d-1444994ae708", "value": "53a44c2396d15c3a03723fa5e5db54cafd527635" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245074", "uuid": "da89646f-07af-4568-9b31-2c65c6b02730", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245074", "to_ids": true, "type": "sha1", "uuid": "6c97860d-50a1-4f0c-b3a6-b7299a56694f", "value": "9c5e496921e3bc882dc40694f1dcc3746a75db19" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245075", "uuid": "6e35ecff-22ac-425f-a762-9be0777ba592", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245075", "to_ids": true, "type": "sha1", "uuid": "de09f119-2306-4823-b7dd-75f03d5c8a7f", "value": "aeb573accfd95758550cf30bf04f389a92922844" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245075", "uuid": "996a2bc0-ccfe-498c-8c90-76cc314ce0d2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245075", "to_ids": true, "type": "sha1", "uuid": "27cfcd8e-8cd2-4c9f-ad3d-690218f1f62f", "value": "79ef78a797403a4ed1a616c68e07fff868a8650a" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245075", "uuid": "bbac27c8-bbc2-4b2f-a6eb-14a3a2a8372f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245076", "to_ids": true, "type": "sha1", "uuid": "d0984abb-1e78-43fa-87b0-aa07fff07d2c", "value": "4f6f38b4cec35e895d91c052b1f5a83d665c2196" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245076", "uuid": "f263f4bd-a56e-4765-ab3d-a0119f26e56e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245076", "to_ids": true, "type": "sha1", "uuid": "b62edd47-a083-4722-987c-8037272199ea", "value": "1e8c2cac2e4ce7cbd33c3858eb2e24531cb8a84d" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245076", "uuid": "08f20998-85ef-4436-babb-88289b5eb454", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245076", "to_ids": true, "type": "sha1", "uuid": "0e48bdd8-0c80-4d25-8639-0787facd85b8", "value": "e841a63e47361a572db9a7334af459ddca11347a" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245077", "uuid": "3d8a573b-fb90-4313-ba6d-947ba1898b88", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245077", "to_ids": true, "type": "sha1", "uuid": "4f360c68-7b2c-4ce9-85d4-d7d23bfcd820", "value": "c28f606df28a9bc8df75a4d5e5837fc5522dd34d" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245077", "uuid": "227aa6db-279d-4d22-913b-c1c913c53bca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245078", "to_ids": true, "type": "sha1", "uuid": "70b7b7cb-04c0-4cd0-989b-02e052750ae8", "value": "2e94b305d6812a9f96e6781c888e48c7fb157b6b" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245078", "uuid": "05335725-d07e-4334-a7b2-1955bc6986af", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245078", "to_ids": true, "type": "sha1", "uuid": "fc638752-ce07-4756-9037-656f5c62236e", "value": "dd44133716b8a241957b912fa6a02efde3ce3025" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245078", "uuid": "f853a427-6331-46ab-b63c-3af015ff2e9c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245078", "to_ids": true, "type": "sha1", "uuid": "efe0bb4f-f180-42f9-808b-7a2bd1c6e12f", "value": "8793bf166cb89eb55f0593404e4e933ab605e803" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245079", "uuid": "18187a32-3e83-48fb-b46f-0a1f393cee30", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245079", "to_ids": true, "type": "sha1", "uuid": "d3fed224-0481-4017-bf30-9c8335735eae", "value": "a39b57032dbb2335499a51e13470a7cd5d86b138" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245080", "uuid": "8866af47-785b-49c3-8434-6e9e9645bce9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245080", "to_ids": true, "type": "sha1", "uuid": "657ad32f-d7d4-485f-8bc4-c895f295b73c", "value": "41cc2b15c662bc001c0eb92f6cc222934f0beeea" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245080", "uuid": "ec7c6a1d-bcdb-4b78-b97d-dc882cd85149", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245080", "to_ids": true, "type": "sha1", "uuid": "245bfce4-f103-4553-abb2-dccdac256700", "value": "d209430d6af54792371174e70e27dd11d3def7a7" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245080", "uuid": "a53cd17d-fea7-4aa3-a253-49d0fd227668", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245081", "to_ids": true, "type": "sha1", "uuid": "8dfad927-e2e2-48cd-b8b3-20cda013d50f", "value": "1c6452026c56efd2c94cea7e0f671eb55515edb0" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245093", "uuid": "453c9095-c7d4-4f7b-8e18-5592705bb6cc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245094", "to_ids": true, "type": "sha1", "uuid": "e73d6c4b-75be-4ae4-a79d-942616e03d3e", "value": "c6b41d3afdcdcaf9f442bbe772f5da871801fd5a" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245094", "uuid": "97b788de-edb1-441f-87eb-77692b92d705", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245094", "to_ids": true, "type": "sha1", "uuid": "035c7537-c3c3-4ab6-ad46-5f603df55692", "value": "4923d460e22fbbf165bbbaba168e5a46b8157d9f" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245094", "uuid": "e2f4d2bb-d70b-4c5e-9993-9770649645ea", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245095", "to_ids": true, "type": "sha1", "uuid": "9ff149f3-a750-442a-bf3b-15448d118ea3", "value": "f201504bd96e81d0d350c3a8332593ee1c9e09de" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1576245095", "uuid": "656bff64-0ad2-4a70-889b-ef9a0a41f8a5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245095", "to_ids": true, "type": "sha1", "uuid": "83f9f04c-ce2a-4236-8aa8-e1f10f49a377", "value": "ddd2db1127632a2a52943a2fe516a2e7d05d70d2" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245452", "uuid": "693e7281-40be-4cb3-8d42-f1b88c69afd9", "ObjectReference": [ { "comment": "", "object_uuid": "693e7281-40be-4cb3-8d42-f1b88c69afd9", "referenced_uuid": "5792ac9e-9214-4610-b440-f5afaa5d1539", "relationship_type": "analysed-with", "timestamp": "1576245456", "uuid": "5df398d0-4094-4986-8e78-4b37950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245077", "to_ids": true, "type": "md5", "uuid": "62df7f72-c453-4bd1-b205-31b4dcc7bb8a", "value": "96f56b9aff235a11ed946b50344edabd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245077", "to_ids": true, "type": "sha1", "uuid": "be18f81e-464c-40b4-9c71-5f3a3f5ff8ae", "value": "c28f606df28a9bc8df75a4d5e5837fc5522dd34d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245077", "to_ids": true, "type": "sha256", "uuid": "06733997-b17a-43fe-8098-b6cabd9b9f1f", "value": "6f690ccfd54c2b02f0c3cb89c938162c10cbeee693286e809579c540b07ed883" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245452", "uuid": "5792ac9e-9214-4610-b440-f5afaa5d1539", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245077", "to_ids": false, "type": "datetime", "uuid": "d91da7de-b335-49e1-9593-9b2f71a3d378", "value": "2019-12-13T05:17:42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245077", "to_ids": false, "type": "link", "uuid": "4aebae14-d216-4f01-86cf-bfe16625140c", "value": "https://www.virustotal.com/file/6f690ccfd54c2b02f0c3cb89c938162c10cbeee693286e809579c540b07ed883/analysis/1576214262/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245077", "to_ids": false, "type": "text", "uuid": "b863ee68-dc5a-4623-9a84-17475c017e36", "value": "34/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245452", "uuid": "70155b79-cdd0-440e-bedd-0386e13c85eb", "ObjectReference": [ { "comment": "", "object_uuid": "70155b79-cdd0-440e-bedd-0386e13c85eb", "referenced_uuid": "ce794ae7-39c0-4845-8bf8-38b89a365563", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-1d10-437f-8122-4749950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245076", "to_ids": true, "type": "md5", "uuid": "859f80ba-4d4e-4dae-85c9-dc6cfa350ca2", "value": "c990e02f274127e7be060f40c9c79e8b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245076", "to_ids": true, "type": "sha1", "uuid": "983b45be-148d-4fda-a258-70c096e36fca", "value": "1e8c2cac2e4ce7cbd33c3858eb2e24531cb8a84d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245076", "to_ids": true, "type": "sha256", "uuid": "aced5885-08df-4b3c-be17-bccf1e46533c", "value": "a370e47cb97b35f1ae6590d14ada7561d22b4a73be0cb6df7e851d85054b1ac3" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245453", "uuid": "ce794ae7-39c0-4845-8bf8-38b89a365563", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245076", "to_ids": false, "type": "datetime", "uuid": "e64cc1e0-3a43-4c86-8aea-73d544222bb7", "value": "2019-12-13T08:46:40" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245076", "to_ids": false, "type": "link", "uuid": "a1309c7b-f004-4c14-bbb2-b620d7abb255", "value": "https://www.virustotal.com/file/a370e47cb97b35f1ae6590d14ada7561d22b4a73be0cb6df7e851d85054b1ac3/analysis/1576226800/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245076", "to_ids": false, "type": "text", "uuid": "6ff64900-8e27-4c01-8e22-47c02f4b4b0c", "value": "20/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245453", "uuid": "102841b3-7248-485e-b1a8-9cc72ed1efbb", "ObjectReference": [ { "comment": "", "object_uuid": "102841b3-7248-485e-b1a8-9cc72ed1efbb", "referenced_uuid": "33bc1e10-c0af-465f-96e8-cf37ab9202bf", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-98d8-4976-9b21-4577950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245071", "to_ids": true, "type": "md5", "uuid": "587d30af-a66a-442c-b227-5e3fc8c24b85", "value": "3586f78ad5596f68536dfd75df54db1e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245071", "to_ids": true, "type": "sha1", "uuid": "6737c848-326d-4a72-8bcb-c82d06e4bf1e", "value": "53a44c2396d15c3a03723fa5e5db54cafd527635" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245071", "to_ids": true, "type": "sha256", "uuid": "c27a65ef-3b9b-490b-a31e-280e5875b2e5", "value": "9ae7c4a4e1cfe9b505c3a47e66551eb1357affee65bfefb0109d02f4e97c06dd" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245453", "uuid": "33bc1e10-c0af-465f-96e8-cf37ab9202bf", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245071", "to_ids": false, "type": "datetime", "uuid": "34ae0591-d663-4bf6-8b97-619c6facf553", "value": "2019-12-13T11:02:11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245071", "to_ids": false, "type": "link", "uuid": "feff165f-3940-4e94-bf82-c1226cd73755", "value": "https://www.virustotal.com/file/9ae7c4a4e1cfe9b505c3a47e66551eb1357affee65bfefb0109d02f4e97c06dd/analysis/1576234931/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245071", "to_ids": false, "type": "text", "uuid": "083a323a-4de3-4a03-bd8a-675014dcf4f2", "value": "18/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245453", "uuid": "b6b3ac5a-b33a-422f-93c1-17a9ea2530b1", "ObjectReference": [ { "comment": "", "object_uuid": "b6b3ac5a-b33a-422f-93c1-17a9ea2530b1", "referenced_uuid": "3d5fb681-223c-43f5-95ca-1fd0a5901117", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-b4d0-4683-8e30-4023950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245075", "to_ids": true, "type": "md5", "uuid": "592d4d38-5341-4116-8b7e-c56307e8504c", "value": "723a98a3b0f9db7e15533848abe1fdfb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245075", "to_ids": true, "type": "sha1", "uuid": "27e63aea-1242-44ce-924d-2d75b3b4d165", "value": "aeb573accfd95758550cf30bf04f389a92922844" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245075", "to_ids": true, "type": "sha256", "uuid": "c6b0b18e-ecf3-4975-9b9d-e84116762faf", "value": "657fc7e6447e0065d488a7db2caab13071e44741875044f9024ca843fe4e86b5" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245453", "uuid": "3d5fb681-223c-43f5-95ca-1fd0a5901117", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245075", "to_ids": false, "type": "datetime", "uuid": "e07c14a6-4666-40b2-b3f6-7026967aa5da", "value": "2019-12-13T05:07:33" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245075", "to_ids": false, "type": "link", "uuid": "eafe9e21-8c9d-4faa-bcfd-cada8479116b", "value": "https://www.virustotal.com/file/657fc7e6447e0065d488a7db2caab13071e44741875044f9024ca843fe4e86b5/analysis/1576213653/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245075", "to_ids": false, "type": "text", "uuid": "eeb1e6dc-a639-41e8-96f8-6e45e582a02f", "value": "28/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245453", "uuid": "978422c6-1b76-46fe-8ee6-09cf6b05a382", "ObjectReference": [ { "comment": "", "object_uuid": "978422c6-1b76-46fe-8ee6-09cf6b05a382", "referenced_uuid": "5cf9c477-54ee-4314-8618-94b32a714bd2", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-86b0-4904-bdf1-446b950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245076", "to_ids": true, "type": "md5", "uuid": "9464855e-ea1d-4812-8412-d036ae32c35a", "value": "55053850260a402fba7661a0c7920457" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245076", "to_ids": true, "type": "sha1", "uuid": "72538fa1-7868-4062-8274-36d5bff160b1", "value": "4f6f38b4cec35e895d91c052b1f5a83d665c2196" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245076", "to_ids": true, "type": "sha256", "uuid": "3d375d55-7435-4b86-9ba8-cb8157c30e90", "value": "52fd7b90d7144ac448af4008be639d4d45c252e51823f4311011af3207a5fc77" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245453", "uuid": "5cf9c477-54ee-4314-8618-94b32a714bd2", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245076", "to_ids": false, "type": "datetime", "uuid": "09c31cff-f211-4f0c-81a7-0b92fc02d931", "value": "2019-12-13T05:13:03" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245076", "to_ids": false, "type": "link", "uuid": "02adb680-af12-432e-83c0-4e3bc1eeeb17", "value": "https://www.virustotal.com/file/52fd7b90d7144ac448af4008be639d4d45c252e51823f4311011af3207a5fc77/analysis/1576213983/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245076", "to_ids": false, "type": "text", "uuid": "67e13421-5ecb-4dd3-b55f-b912a978fb42", "value": "19/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245454", "uuid": "db7f46ee-b12d-4740-b7f4-2a6a75d4d220", "ObjectReference": [ { "comment": "", "object_uuid": "db7f46ee-b12d-4740-b7f4-2a6a75d4d220", "referenced_uuid": "cd155fb0-ffa7-4c2d-9abe-9da8b19e38a9", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-ec80-4a78-948b-4bd4950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245078", "to_ids": true, "type": "md5", "uuid": "a52f93a3-0b6f-41fb-a310-26600147f263", "value": "7824babea1ebfc326648659cb69544f3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245078", "to_ids": true, "type": "sha1", "uuid": "5834b075-f88f-41ae-8aab-28207b7ef272", "value": "2e94b305d6812a9f96e6781c888e48c7fb157b6b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245078", "to_ids": true, "type": "sha256", "uuid": "794655d9-2865-48cb-b258-28e7e94e53a7", "value": "3c884f776fbd16597c072afd81029e8764dd57ee79d798829ca111f5e170bd8e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245454", "uuid": "cd155fb0-ffa7-4c2d-9abe-9da8b19e38a9", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245078", "to_ids": false, "type": "datetime", "uuid": "b42cf5fe-00da-4f57-bbc8-6a980ad19874", "value": "2019-12-13T05:16:05" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245078", "to_ids": false, "type": "link", "uuid": "e250b83b-9623-47d4-a980-f036c0d1724e", "value": "https://www.virustotal.com/file/3c884f776fbd16597c072afd81029e8764dd57ee79d798829ca111f5e170bd8e/analysis/1576214165/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245078", "to_ids": false, "type": "text", "uuid": "4e1fff20-4041-45b9-a25a-42faccf6e274", "value": "27/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245454", "uuid": "39743303-990f-4a10-ab79-e6d47f402ed7", "ObjectReference": [ { "comment": "", "object_uuid": "39743303-990f-4a10-ab79-e6d47f402ed7", "referenced_uuid": "b72db847-00e8-40b7-98f4-4f75dfb66774", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-5aa8-47fa-93bb-4146950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245074", "to_ids": true, "type": "md5", "uuid": "536b67d9-df7c-4221-8d8d-319e50eae9a2", "value": "2e834d8dde313e992997cbda050a15f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245074", "to_ids": true, "type": "sha1", "uuid": "74c01d32-acca-4649-96a1-c35f2f3e88e5", "value": "9c5e496921e3bc882dc40694f1dcc3746a75db19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245074", "to_ids": true, "type": "sha256", "uuid": "9760d81f-122b-4171-ab91-2e707e1578f5", "value": "7772d624e1aed327abcd24ce2068063da0e31bb1d5d3bf2841fc977e198c6c5b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245454", "uuid": "b72db847-00e8-40b7-98f4-4f75dfb66774", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245074", "to_ids": false, "type": "datetime", "uuid": "985d4c3a-1472-4c08-9f3b-c85db8f3eb43", "value": "2019-12-13T05:06:11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245074", "to_ids": false, "type": "link", "uuid": "809bee2f-38d3-46fa-967f-ad880079bf1f", "value": "https://www.virustotal.com/file/7772d624e1aed327abcd24ce2068063da0e31bb1d5d3bf2841fc977e198c6c5b/analysis/1576213571/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245074", "to_ids": false, "type": "text", "uuid": "abccc32d-fad9-443d-bc3e-a0208d8bdf8d", "value": "27/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245454", "uuid": "0437445d-8bc7-47a2-96a6-4f86ad3906bc", "ObjectReference": [ { "comment": "", "object_uuid": "0437445d-8bc7-47a2-96a6-4f86ad3906bc", "referenced_uuid": "bbc49ff1-0987-4ad0-8546-454088138ebd", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-1520-4667-9e6f-4f11950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245078", "to_ids": true, "type": "md5", "uuid": "e05b9b05-949e-456c-9d9c-03f37814f823", "value": "07de7a95efb47958b6f61e91e396f8e1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245078", "to_ids": true, "type": "sha1", "uuid": "c18fa678-7d9f-439e-a16b-ceda68abf8e1", "value": "8793bf166cb89eb55f0593404e4e933ab605e803" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245078", "to_ids": true, "type": "sha256", "uuid": "3bff00fc-988e-41b4-90a7-8e02c4f1544c", "value": "fe0e4ef832b62d49b43433e10c47dc51072959af93963c790892efc20ec422f1" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245454", "uuid": "bbc49ff1-0987-4ad0-8546-454088138ebd", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245078", "to_ids": false, "type": "datetime", "uuid": "3ba1c6dc-bc42-4ec7-aec3-4d2513c454aa", "value": "2019-12-13T05:21:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245078", "to_ids": false, "type": "link", "uuid": "9929cdda-8240-4fcb-8e10-e11bbc49b53f", "value": "https://www.virustotal.com/file/fe0e4ef832b62d49b43433e10c47dc51072959af93963c790892efc20ec422f1/analysis/1576214460/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245078", "to_ids": false, "type": "text", "uuid": "5b3b1dbd-56bc-4055-bd17-7c2614059c01", "value": "34/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245454", "uuid": "53bc836d-94d5-4620-b23a-ce3bf3cc4b2e", "ObjectReference": [ { "comment": "", "object_uuid": "53bc836d-94d5-4620-b23a-ce3bf3cc4b2e", "referenced_uuid": "34935b31-c353-4fff-bbf8-6138b7a1509a", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-2c8c-4390-b1d4-4280950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245080", "to_ids": true, "type": "md5", "uuid": "cdc659a9-2eb7-46a0-8c01-43d18c3d3a21", "value": "a2d9b9d9e2207168206ea47644325cfc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245080", "to_ids": true, "type": "sha1", "uuid": "bfe30749-a05c-4683-b14e-cca1a9cacb0e", "value": "41cc2b15c662bc001c0eb92f6cc222934f0beeea" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245080", "to_ids": true, "type": "sha256", "uuid": "6f260146-705b-44de-af69-bfc9da29a417", "value": "178d5ee8c04401d332af331087a80fb4e5e2937edfba7266f9be34a5029b6945" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245455", "uuid": "34935b31-c353-4fff-bbf8-6138b7a1509a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245080", "to_ids": false, "type": "datetime", "uuid": "bee7bb03-3869-47f8-92e1-92caf4de588c", "value": "2019-12-13T05:20:05" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245080", "to_ids": false, "type": "link", "uuid": "0546eeff-6ac3-4e73-95c8-a7367eebeef3", "value": "https://www.virustotal.com/file/178d5ee8c04401d332af331087a80fb4e5e2937edfba7266f9be34a5029b6945/analysis/1576214405/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245080", "to_ids": false, "type": "text", "uuid": "92b72726-f2f8-4031-bee1-3cebda095f1d", "value": "37/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245455", "uuid": "cdcde630-7eb0-4b15-ac5b-de2ce5429c42", "ObjectReference": [ { "comment": "", "object_uuid": "cdcde630-7eb0-4b15-ac5b-de2ce5429c42", "referenced_uuid": "e7833a09-cac6-42ca-8b1a-945a7bfec0f6", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-1a00-4d07-8d65-4a04950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245079", "to_ids": true, "type": "md5", "uuid": "df71b6e2-5a7b-4295-a99e-25b48f805b4c", "value": "c1836091070bf23af23e9eaf62d45380" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245079", "to_ids": true, "type": "sha1", "uuid": "f23d3207-9e19-49b2-82a1-72ae1865b168", "value": "a39b57032dbb2335499a51e13470a7cd5d86b138" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245079", "to_ids": true, "type": "sha256", "uuid": "5ac713c5-a511-466e-889f-a182823e108f", "value": "7ce9e1c5562c8a5c93878629a47fe6071a35d604ed57a8f918f3eadf82c11a9c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245455", "uuid": "e7833a09-cac6-42ca-8b1a-945a7bfec0f6", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245079", "to_ids": false, "type": "datetime", "uuid": "25f4e334-dfa0-4571-82cd-632e8f09bc97", "value": "2019-12-13T05:19:25" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245079", "to_ids": false, "type": "link", "uuid": "874c5a63-8f12-4c6b-a7d4-7d5e96f0bdec", "value": "https://www.virustotal.com/file/7ce9e1c5562c8a5c93878629a47fe6071a35d604ed57a8f918f3eadf82c11a9c/analysis/1576214365/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245079", "to_ids": false, "type": "text", "uuid": "460c13d4-ec16-4513-b28f-de1554c90499", "value": "31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245455", "uuid": "57ef2d67-fc65-4c12-ab9f-10ea2a89f9e0", "ObjectReference": [ { "comment": "", "object_uuid": "57ef2d67-fc65-4c12-ab9f-10ea2a89f9e0", "referenced_uuid": "0cc004d1-66e1-471f-af25-5ed9301bc765", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-3d88-4147-863d-43ec950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245076", "to_ids": true, "type": "md5", "uuid": "303930f5-e6ec-412d-aa4f-3af7435658ac", "value": "9a97ddbb141d01ce0b1b994399cfb7dc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245076", "to_ids": true, "type": "sha1", "uuid": "162453bc-3399-4bd1-859d-f4d4f5ea35de", "value": "e841a63e47361a572db9a7334af459ddca11347a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245076", "to_ids": true, "type": "sha256", "uuid": "4112c335-522f-480f-9777-414f61d3e8d3", "value": "5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245455", "uuid": "0cc004d1-66e1-471f-af25-5ed9301bc765", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245076", "to_ids": false, "type": "datetime", "uuid": "1470140e-a854-4eff-876f-296372ed2b6f", "value": "2019-12-13T05:13:50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245076", "to_ids": false, "type": "link", "uuid": "eb72bc03-9c83-4050-ade5-242671cf68a4", "value": "https://www.virustotal.com/file/5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022/analysis/1576214030/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245076", "to_ids": false, "type": "text", "uuid": "aee60370-6aa3-49fc-b8fe-f370a4b083aa", "value": "48/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576245455", "uuid": "98de906b-cea2-4397-b05f-17ca7375d016", "ObjectReference": [ { "comment": "", "object_uuid": "98de906b-cea2-4397-b05f-17ca7375d016", "referenced_uuid": "59638fcb-5d31-4187-8809-1ea84b8f6941", "relationship_type": "analysed-with", "timestamp": "1576245457", "uuid": "5df398d1-daf8-4925-b89d-4a05950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576245075", "to_ids": true, "type": "md5", "uuid": "e38efe91-50f3-4f77-8e03-c563a97a9af1", "value": "fee9bc26f55c2049e1b64616a442dc7b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576245075", "to_ids": true, "type": "sha1", "uuid": "fdb1a47c-a4e9-4856-8997-9e2e0fd41e34", "value": "79ef78a797403a4ed1a616c68e07fff868a8650a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576245075", "to_ids": true, "type": "sha256", "uuid": "b4624b83-ee87-47e9-94ed-001d86226014", "value": "2ef157a97e28574356e1d871abf75deca7d7a1ea662f38b577a06dd039dbae29" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576245456", "uuid": "59638fcb-5d31-4187-8809-1ea84b8f6941", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576245075", "to_ids": false, "type": "datetime", "uuid": "274253ce-2484-430a-b650-d496e365efb7", "value": "2018-11-20T16:14:01" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576245075", "to_ids": false, "type": "link", "uuid": "edcc66d8-48c3-4d2b-9728-87b7904e6e5b", "value": "https://www.virustotal.com/file/2ef157a97e28574356e1d871abf75deca7d7a1ea662f38b577a06dd039dbae29/analysis/1542730441/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576245075", "to_ids": false, "type": "text", "uuid": "73195f2e-781b-4453-8169-7acff91432c6", "value": "33/65" } ] } ] } }