{ "Event": { "analysis": "2", "date": "2021-03-12", "extends_uuid": "", "info": "OSINT - DearCry ransomware (abusing Exchange Server)", "publish_timestamp": "1615541662", "published": true, "threat_level_id": "1", "timestamp": "1615541608", "uuid": "0165e5d7-51e6-4c2e-a382-1dd1e706f7bb", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#001cad", "local": false, "name": "estimative-language:likelihood-probability=\"very-likely\"", "relationship_type": "" }, { "colour": "#0029ff", "local": false, "name": "estimative-language:confidence-in-analytic-judgment=\"high\"", "relationship_type": "" }, { "colour": "#075200", "local": false, "name": "admiralty-scale:source-reliability=\"b\"", "relationship_type": "" }, { "colour": "#0fc000", "local": false, "name": "admiralty-scale:information-credibility=\"2\"", "relationship_type": "" }, { "colour": "#002642", "local": false, "name": "osint:source-type=\"microblog-post\"", "relationship_type": "" } ], "Attribute": [ { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": false, "type": "regkey", "uuid": "2bc0505c-6566-416f-9f4b-2a689d78edb8", "value": "Files\\Microsoft\\Exchange" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "eebfaac3-846d-4883-a01e-706600c5aab2", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\logout.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "a6e83ff7-f43c-400a-9f85-6f856e537ff2", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\one.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "33d7df07-f728-435d-a4c9-c6dc3bfc58a6", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\one1.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "659fb6ca-6a34-42ae-a798-554150d716dd", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\shel.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "b785388f-7f42-4382-97ab-f5bb8e586793", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\shel2.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "1bf257cf-b1f9-457b-a1d5-ffc08402fe9f", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\shel90.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "385ab9dd-f6f1-435c-a94c-796f27a3475f", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\a.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "ea27a275-6569-4c5c-89ff-2ba423b7ac22", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\default.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "70785d0d-f6b8-471f-9c3d-a4ee4ae7511c", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\shell.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "f9dccc8f-cb0c-43b6-9ff2-fff4711aace3", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\Server.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "b8e0ffb1-7c06-4b51-8f4d-e6d32df77fb4", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_client.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "b3f915e3-c214-4f6b-8e5e-0129044c6bab", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_iisstart.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "8a3d4a95-0ede-4778-91c3-e25d87b6ff88", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_pages.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "1fd1f2ff-d962-438a-a263-639317387e0b", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_www.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "49c945e7-bda4-4dbe-97fa-49c5d9bc244f", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\default1.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "e7b12b41-978f-44a0-94aa-f55ed363999c", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\errorcheck.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "487375ca-a928-4e80-a1d4-01a7a2bddb38", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\iispage.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "4b7f848c-acaf-44c3-878c-3e49aecf8b2e", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\s.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "ec2dd593-27fe-42aa-a23d-e603c8d4ca0d", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\session.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538748", "to_ids": true, "type": "filename", "uuid": "baa0ad8b-693e-4e5f-b539-3754c9fdedf6", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\system_web\\log.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "02ae1c30-289a-4d98-8336-d9d18d6afa51", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\xclkmcfldfi948398430fdjkfdkj.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "4ca3f931-8ea7-4de3-bd4a-98047b0d9324", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\xx.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "42011bba-0ed6-4c7b-b31e-ad3d49df36a5", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\discover.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "590576c4-12cf-4306-a9e4-c5182a85a245", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\HttpProxy.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "bc1997bb-17e3-4bfb-833b-1b274e2a82cb", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\OutlookEN.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "5e91ee04-575a-4615-b6fd-53ad330d644f", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\supp0rt.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "0e8c43b8-bd08-4b5b-8aaf-19b0a8d92d22", "value": "Server\\V15\\FrontEnd\\HttpProxy\\OAB\\log.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "0043684b-9df2-4546-8f05-ef32aac85874", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\log.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "334f2ae3-8046-4b5b-9ff2-0c19fa8a4b48", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\logg.aspx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "0365e572-3f31-4bc9-aede-e30469650995", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\Current\\google.log" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "72a56236-6e66-4b46-855b-223aeb029f5b", "value": "C:\\inetpub\\wwwroot\\aspnet_client\\google.log" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "a720a45a-cc2b-4e27-9e06-224f5dd76644", "value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\google.log" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "filename", "uuid": "6a5beae0-0706-480e-9340-b5cb8672e518", "value": "%PUBLIC%\\opera\\opera_browser.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "sha256", "uuid": "43df033b-306b-4455-bfaf-74eb97a2ceb8", "value": "e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "sha256", "uuid": "819aa63f-c38b-4f23-a333-01eab7b6cd40", "value": "2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1615538749", "to_ids": true, "type": "sha256", "uuid": "2f1d3fa9-b509-4417-b456-d56c5e1639d0", "value": "feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "20", "timestamp": "1615538857", "uuid": "c917ee01-9118-4758-8b0e-a540ac4c5c88", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "archive", "timestamp": "1615538857", "to_ids": false, "type": "link", "uuid": "547e8ead-a5cf-45e7-87fb-1657fccf4e13", "value": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.csv" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "archive", "timestamp": "1615538857", "to_ids": false, "type": "link", "uuid": "e77e3518-e613-4893-8ea0-4f2a5e3566fd", "value": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1615538857", "to_ids": false, "type": "text", "uuid": "b7d9750f-a60e-41a3-b01b-d86f27e78ac4", "value": "Twitter" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1615538857", "to_ids": false, "type": "text", "uuid": "aebf2aec-c108-4ef9-80b4-e94ab02602f8", "value": "We've updated our IoC feed to include hashes for #DearCry ransomware\r\n\r\nAccess the feed here:\r\n\r\nJSON: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json\r\n\r\nCSV: https://raw.githubusercontent.com/Azure/Azure-Se" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1615538857", "to_ids": false, "type": "text", "uuid": "8e666a82-666c-4062-997b-403895a09b30", "value": "Informative" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "verified-username", "timestamp": "1615538857", "to_ids": false, "type": "text", "uuid": "36991467-d111-449f-97de-dfddcb130938", "value": "Unverified" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1615538888", "uuid": "c54f901a-2381-43a4-bb4f-42d1f09a1e4a", "ObjectReference": [ { "comment": "", "object_uuid": "c54f901a-2381-43a4-bb4f-42d1f09a1e4a", "referenced_uuid": "846c7daa-dc4a-4990-9b33-a914529c88f8", "relationship_type": "analysed-with", "timestamp": "1615538889", "uuid": "86f5851f-81e5-4bbd-ab5d-f6ca71c1c02d" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1615538749", "to_ids": true, "type": "md5", "uuid": "0942a810-b3e6-43cc-bbea-692976f2a17b", "value": "cdda3913408c4c46a6c575421485fa5b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1615538749", "to_ids": true, "type": "sha1", "uuid": "4f742241-e30f-4c71-bb09-fcc5814fb7e3", "value": "56eec7392297e7301159094d7e461a696fe5b90f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1615538749", "to_ids": true, "type": "sha256", "uuid": "f0c56ba8-403d-4e9b-bfbb-03d4e4c2c8d6", "value": "e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1615538888", "uuid": "846c7daa-dc4a-4990-9b33-a914529c88f8", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1615538749", "to_ids": false, "type": "datetime", "uuid": "89392aa6-f741-4651-ac58-9087c6d9f1f4", "value": "2021-03-12T08:23:23+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1615538749", "to_ids": false, "type": "link", "uuid": "1660120c-4d4b-4e7d-b972-6c02945cec53", "value": "https://www.virustotal.com/gui/file/e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6/detection/f-e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6-1615537403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1615538749", "to_ids": false, "type": "text", "uuid": "67ad0ceb-473a-4604-ad34-529e4ef137bd", "value": "33/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1615538889", "uuid": "56459f25-ccd4-4b89-91de-773056bab60f", "ObjectReference": [ { "comment": "", "object_uuid": "56459f25-ccd4-4b89-91de-773056bab60f", "referenced_uuid": "525e04d3-3258-4f44-85b5-74e76f4ed55e", "relationship_type": "analysed-with", "timestamp": "1615538889", "uuid": "9f11b6d2-89fc-4cce-8021-276666e9bc83" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1615538749", "to_ids": true, "type": "md5", "uuid": "63bdaa30-614f-41b9-8f27-d64aac6ba506", "value": "c6eeb14485d93f4e30fb79f3a57518fc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1615538749", "to_ids": true, "type": "sha1", "uuid": "e3560eca-f3d7-4131-b26c-64d06bc0e85a", "value": "b7d99521348d319f57d2b2ba7045295fc99cf6a7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1615538749", "to_ids": true, "type": "sha256", "uuid": "cb018875-32e5-41f5-8229-851afee081cc", "value": "feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1615538889", "uuid": "525e04d3-3258-4f44-85b5-74e76f4ed55e", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1615538749", "to_ids": false, "type": "datetime", "uuid": "27892d2b-fe0a-4efd-9610-45e9d64ab4bf", "value": "2021-03-12T08:28:27+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1615538749", "to_ids": false, "type": "link", "uuid": "08e03713-7e15-4afb-af95-c621caa6b004", "value": "https://www.virustotal.com/gui/file/feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede/detection/f-feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede-1615537707" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1615538749", "to_ids": false, "type": "text", "uuid": "0a7a9678-69db-4d38-84ee-f3a8187afd88", "value": "34/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1615538889", "uuid": "fe33598b-e5ff-4af5-ae8b-47fed4de0d4e", "ObjectReference": [ { "comment": "", "object_uuid": "fe33598b-e5ff-4af5-ae8b-47fed4de0d4e", "referenced_uuid": "d8bfca0a-f8de-45ed-9a5f-eb88fefe808b", "relationship_type": "analysed-with", "timestamp": "1615538889", "uuid": "a7b4a8f8-e10e-4af5-8a32-54e0427bbbb3" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1615538749", "to_ids": true, "type": "md5", "uuid": "a3168205-0d7c-418d-b161-6a8253cc9662", "value": "0e55ead3b8fd305d9a54f78c7b56741a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1615538749", "to_ids": true, "type": "sha1", "uuid": "250feadb-b0cb-4983-8bf7-ef85b687fb38", "value": "f7b084e581a8dcea450c2652f8058d93797413c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1615538749", "to_ids": true, "type": "sha256", "uuid": "2b1c73c7-f587-4ed0-9b8d-9dafd1573345", "value": "2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1615538889", "uuid": "d8bfca0a-f8de-45ed-9a5f-eb88fefe808b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1615538749", "to_ids": false, "type": "datetime", "uuid": "352701e7-8d7b-4934-9a8f-e72fc25966a3", "value": "2021-03-12T08:28:47+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1615538749", "to_ids": false, "type": "link", "uuid": "e061d577-1ad8-4024-be7b-f65a599e48ae", "value": "https://www.virustotal.com/gui/file/2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff/detection/f-2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff-1615537727" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1615538749", "to_ids": false, "type": "text", "uuid": "1ae336dd-7832-408c-8237-6b7c5a50e451", "value": "37/69" } ] } ] } }