{ "Event": { "analysis": "1", "date": "2019-09-24", "extends_uuid": "", "info": "MISSING LINK: Tibetan Groups Targeted with Mobile Exploits", "publish_timestamp": "1622031713", "published": true, "threat_level_id": "1", "timestamp": "1621850373", "uuid": "5bec8d43-b990-4129-a9f4-45d08064ab0b", "Orgc": { "name": "citizenlab", "uuid": "581b5fea-818c-441a-bd1d-49798e96ca05" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "iOS payload", "deleted": false, "disable_correlation": false, "timestamp": "1568072031", "to_ids": true, "type": "sha256", "uuid": "5d76dfaf-574c-4253-b1f1-67578064ab0b", "value": "0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065970", "to_ids": false, "type": "whois-registrant-email", "uuid": "5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b", "value": "dashenqu832@outlook.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065970", "to_ids": false, "type": "whois-registrant-email", "uuid": "5d76c9b2-5654-4b42-a28f-61dc8064ab0b", "value": "ornaments798@outlook.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568072039", "to_ids": true, "type": "domain", "uuid": "5d76c70f-df94-4cd0-b977-4cea8064ab0b", "value": "www.energy-mail.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-95a0-4186-9d08-61de8064ab0b", "value": "antmoving.online" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-be94-4716-9cc3-61de8064ab0b", "value": "beemail.online" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-0998-4c3d-94fa-61de8064ab0b", "value": "bf.mk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-77cc-4a32-b989-61de8064ab0b", "value": "energy-mail.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-a620-4e86-969b-61de8064ab0b", "value": "gmailapp.me" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-8960-4e6c-be1c-61de8064ab0b", "value": "izelense.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-52b4-4bb9-b61b-61de8064ab0b", "value": "mailanalysis.services" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-1b78-4933-98f8-61de8064ab0b", "value": "mailcontactanalysis.online" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-3358-4897-a52b-61de8064ab0b", "value": "mailnotes.online" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-6be4-4b4a-9a37-61de8064ab0b", "value": "polarismail.services" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-0cb4-4be5-b3d6-61de8064ab0b", "value": "rf.mk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065932", "to_ids": true, "type": "domain", "uuid": "5d76c98c-f230-436d-a69f-61de8064ab0b", "value": "walkingnote.online" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1542229375", "to_ids": true, "type": "domain", "uuid": "5bec8d6d-71e0-40b6-add8-171c8064ab0b", "value": "www.msap.services" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1542229378", "to_ids": true, "type": "domain", "uuid": "5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b", "value": "msap.services" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065440", "to_ids": true, "type": "ip-dst", "uuid": "5d76c7a0-2dac-4e65-a0ca-67208064ab0b", "value": "45.32.75.217" }, { "category": "Network activity", "comment": "Android exploit server", "deleted": false, "disable_correlation": false, "timestamp": "1569015557", "to_ids": true, "type": "ip-dst", "uuid": "5d76c7a0-3c28-4110-aa88-67208064ab0b", "value": "45.76.149.154" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568072048", "to_ids": true, "type": "ip-dst", "uuid": "5d76cc33-7aac-4eb8-a1be-66c48064ab0b", "value": "45.78.79.100" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568067414", "to_ids": true, "type": "ip-dst", "uuid": "5d76cf56-94f8-4a16-84d5-67af8064ab0b", "value": "149.28.93.11" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568072087", "to_ids": true, "type": "ip-dst", "uuid": "5d76d19b-0704-42fa-95c5-61df8064ab0b", "value": "95.169.2.57" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568069362", "to_ids": true, "type": "ip-dst", "uuid": "5d76d6f2-f44c-4b21-ba2d-67578064ab0b", "value": "206.189.65.198" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568070374", "to_ids": true, "type": "ip-dst", "uuid": "5d76dae6-bdc4-4cca-8161-61de8064ab0b", "value": "140.82.17.222" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568072101", "to_ids": true, "type": "ip-dst", "uuid": "5d76dcf6-f094-47a0-8fd4-4cea8064ab0b", "value": "45.76.53.26" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568071189", "to_ids": true, "type": "ip-dst", "uuid": "5d76de15-2544-4f39-baed-61db8064ab0b", "value": "45.32.91.137" }, { "category": "Network activity", "comment": "iOS exploit server", "deleted": false, "disable_correlation": false, "timestamp": "1569015678", "to_ids": true, "type": "ip-dst", "uuid": "5bec8d7b-b658-4050-8b3c-45cc8064ab0b", "value": "144.202.59.23" }, { "category": "Network activity", "comment": "iOS C2", "deleted": false, "disable_correlation": false, "timestamp": "1569015608", "to_ids": true, "type": "ip-dst", "uuid": "5bed8343-d968-4c72-a106-2b328064ab0b", "value": "66.42.58.59" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1542292671", "to_ids": true, "type": "ip-dst", "uuid": "5bed84bf-8710-4cba-b9eb-05688064ab0b", "value": "43.251.16.87" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-b878-442a-b476-61de8064ab0b", "value": "http://bit.ly/2z1WayM" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-b644-45e2-a9d7-61de8064ab0b", "value": "http://www.msap.services/1R7mqD" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-14c4-4b77-85be-61de8064ab0b", "value": "http://bit.ly/2AYy61a" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-f8f0-4399-a2ae-61de8064ab0b", "value": "http//www.msap.services/2bKr8Z" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-a174-4130-a62c-61de8064ab0b", "value": "http://www.msap.services/6FeBOy" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-ce00-497f-9284-61de8064ab0b", "value": "http://suo.im/5ot25j" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-1708-4847-8b18-61de8064ab0b", "value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL29wZW4/aWQ9MUlTakl2eFoxX1g5YkdJSnQtMlpKeDRDRWwzdVVhRmlv" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-bb64-4b8d-b773-61de8064ab0b", "value": "http://www.msap.services/yHJbS6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-d218-49a3-96f3-61de8064ab0b", "value": "http://bit.ly/2qHg3Xt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-0658-494c-afb4-61de8064ab0b", "value": "http://www.msap.services/S5gDoN" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-8624-44df-8338-61de8064ab0b", "value": "http://bit.ly/2T2CoeX" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-1170-4f0e-ade3-61de8064ab0b", "value": "http://www.msap.services/EzpOhU" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-578c-4a96-88fe-61de8064ab0b", "value": "http://bit.ly/2PSvdau" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-7058-403d-a9b1-61de8064ab0b", "value": "http://www.msap.services/GfHuRi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-5824-4b00-8dda-61de8064ab0b", "value": "http://suo.im/5okeFb" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-b8ec-438c-8161-61de8064ab0b", "value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAxOC8xMS8wMi9vYml0dWFyaWVzL2xvZGktZ3lhcmktZGVhZC5odG1s" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-a530-4671-8fab-61de8064ab0b", "value": "http://bit.ly/2SVPqdY" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-bd08-4528-9fab-61de8064ab0b", "value": "http://www.msap.services/F8XGNe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-936c-411b-a0c9-61de8064ab0b", "value": "http://bit.ly/2QroNMt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b", "value": "http://www.msap.services/70FtQX" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-2150-4f97-80c4-61de8064ab0b", "value": "http://msap.services/yHJbS6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-0d28-4b27-9ac6-61de8064ab0b", "value": "http://bit.ly/2B4GwEf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d3-8604-4125-b369-61de8064ab0b", "value": "http://www.msap.services/XgL5A9" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065235", "to_ids": false, "type": "url", "uuid": "5d76c6d4-7398-45b0-b5e9-61de8064ab0b", "value": "http://bit.ly/2T6pCMf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065236", "to_ids": false, "type": "url", "uuid": "5d76c6d4-0854-4d51-8fb7-61de8064ab0b", "value": "http://www.msap.services/ZpzstM" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065236", "to_ids": false, "type": "url", "uuid": "5d76c6d4-2fb8-46f2-a589-61de8064ab0b", "value": "http://bit.ly/2Drl90q" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065236", "to_ids": false, "type": "url", "uuid": "5d76c6d4-12f0-4f58-9a9b-61de8064ab0b", "value": "http://www.msap.services/ZQfqzs" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065236", "to_ids": false, "type": "url", "uuid": "5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b", "value": "https://bit.ly/2MgSRwL" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065236", "to_ids": false, "type": "url", "uuid": "5d76c6d4-52b4-413f-bf04-61de8064ab0b", "value": "https://www.energy-mail.org/B20V54" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065236", "to_ids": false, "type": "url", "uuid": "5d76c6d4-dde0-484e-ac13-61de8064ab0b", "value": "https://bit.ly/2XePmYt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065236", "to_ids": false, "type": "url", "uuid": "5d76c6d4-3b64-4591-b0df-61de8064ab0b", "value": "http://45.76.149.154:5000/web/info?org=aHR0cDovL3d3dy5waGF5dWwuY29tL25ld3MvYXJ0aWNsZS5hc3B4P2lkPTQxNDc0JmZiY2xpZD1Jd0FSM1RadGdjanppUkhNZFJuOEdhZ1RMUV9iMHFrX0VBZWY2YldxRU5SanhaZkkzRFdPNFpsRExPcFdz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1568065328", "to_ids": false, "type": "url", "uuid": "5d76c730-b4c0-4746-af7e-61db8064ab0b", "value": "http://43.251.16.87:5000//dev/loader" }, { "category": "Network activity", "comment": "Scotch user agent", "deleted": false, "disable_correlation": false, "timestamp": "1569270996", "to_ids": true, "type": "user-agent", "uuid": "5d892cd4-fba0-4c21-90d9-0b328064ab0b", "value": "hots scot" }, { "category": "Payload delivery", "comment": "OAuth email addresses", "deleted": false, "disable_correlation": false, "timestamp": "1568072427", "to_ids": false, "type": "email-src", "uuid": "5d76e2eb-abe8-44bb-8dbf-67578064ab0b", "value": "antmoving.online@gmail.com" }, { "category": "Payload delivery", "comment": "OAuth email addresses", "deleted": false, "disable_correlation": false, "timestamp": "1568072427", "to_ids": false, "type": "email-src", "uuid": "5d76e2eb-df2c-4913-b458-67578064ab0b", "value": "energymail.org@gmail.com" }, { "category": "Payload delivery", "comment": "OAuth email addresses", "deleted": false, "disable_correlation": false, "timestamp": "1568072427", "to_ids": false, "type": "email-src", "uuid": "5d76e2eb-e004-41d8-bc9d-67578064ab0b", "value": "jameslewis199106@gmail.com" }, { "category": "Payload delivery", "comment": "OAuth email addresses", "deleted": false, "disable_correlation": false, "timestamp": "1568072427", "to_ids": false, "type": "email-src", "uuid": "5d76e2eb-37c8-4b75-b5d7-67578064ab0b", "value": "touchxun658@gmail.com" }, { "category": "Payload delivery", "comment": "libbourbon", "deleted": false, "disable_correlation": false, "timestamp": "1569015231", "to_ids": false, "type": "sha256", "uuid": "5d8545bf-ec98-4d0c-a8a3-55038064ab0b", "value": "6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7" }, { "category": "Payload delivery", "comment": "Whisky", "deleted": false, "disable_correlation": false, "timestamp": "1569015252", "to_ids": false, "type": "sha256", "uuid": "5d8545d4-ee30-435b-827e-55078064ab0b", "value": "e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3" }, { "category": "Payload delivery", "comment": "Scotch", "deleted": false, "disable_correlation": false, "timestamp": "1569015267", "to_ids": false, "type": "sha256", "uuid": "5d8545e3-c264-43d8-9666-55068064ab0b", "value": "0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa" }, { "category": "Payload delivery", "comment": "Loader", "deleted": false, "disable_correlation": false, "timestamp": "1569015299", "to_ids": false, "type": "sha256", "uuid": "5d854603-8bf4-44fe-96ae-47ce8064ab0b", "value": "b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1569407547", "uuid": "bf16e26f-a501-48ec-850c-b1e55711bbcb", "ObjectReference": [ { "comment": "", "object_uuid": "bf16e26f-a501-48ec-850c-b1e55711bbcb", "referenced_uuid": "7b247766-cfe9-4dbf-9d65-7511b9033460", "relationship_type": "analysed-with", "timestamp": "1621850373", "uuid": "5d8b423e-6128-4130-94a6-4f87950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1569015299", "to_ids": true, "type": "md5", "uuid": "d6a330b3-ce2d-4763-b26c-570caa5c14db", "value": "fb7bab3571e557ee7f88309dc472f748" }, { "category": "Payload delivery", "comment": "Loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1569015299", "to_ids": true, "type": "sha1", "uuid": "b6525cc8-055f-442b-992a-90ca08b84f50", "value": "68533858c90515369a1d2f36d72cb3537de58437" }, { "category": "Payload delivery", "comment": "Loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1569015299", "to_ids": true, "type": "sha256", "uuid": "1ad928f0-5891-4a19-bf1a-2e1c6567c178", "value": "b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1569407547", "uuid": "7b247766-cfe9-4dbf-9d65-7511b9033460", "Attribute": [ { "category": "Other", "comment": "Loader", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1569015299", "to_ids": false, "type": "datetime", "uuid": "4462e200-9d40-4c54-9e90-5d20c74e6bfd", "value": "2019-09-24T22:38:19" }, { "category": "Payload delivery", "comment": "Loader", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1569015299", "to_ids": false, "type": "link", "uuid": "8d1378f4-ea14-4387-8d7a-d85ca5b071de", "value": "https://www.virustotal.com/file/b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88/analysis/1569364699/" }, { "category": "Payload delivery", "comment": "Loader", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1569015299", "to_ids": false, "type": "text", "uuid": "8b05523a-b753-4eba-81e0-b89f5a6ab696", "value": "1/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1569407548", "uuid": "07e42fa1-5891-414c-9d6a-7628f55a1d1f", "ObjectReference": [ { "comment": "", "object_uuid": "07e42fa1-5891-414c-9d6a-7628f55a1d1f", "referenced_uuid": "e29771d7-c7aa-41b6-8c87-6ebb84ed0786", "relationship_type": "analysed-with", "timestamp": "1621850373", "uuid": "5d8b423e-a24c-4ae5-84f8-46b3950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Whisky", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1569015252", "to_ids": true, "type": "md5", "uuid": "3ca54e5b-4596-4626-aae3-5a60b8fe151e", "value": "111ba6564931fccb7f4d0e940b492520" }, { "category": "Payload delivery", "comment": "Whisky", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1569015252", "to_ids": true, "type": "sha1", "uuid": "05d753af-5e96-434a-9b4f-3435822a5205", "value": "33ea7c4ad4f6d0b59b7b4de906735483e6e8cff7" }, { "category": "Payload delivery", "comment": "Whisky", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1569015252", "to_ids": true, "type": "sha256", "uuid": "7b272f90-3d57-45fa-ac8b-e4d09dd779a7", "value": "e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1569407548", "uuid": "e29771d7-c7aa-41b6-8c87-6ebb84ed0786", "Attribute": [ { "category": "Other", "comment": "Whisky", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1569015252", "to_ids": false, "type": "datetime", "uuid": "d5e4a39f-9daa-4aa4-aba5-8c71ae50e624", "value": "2019-09-25T04:23:12" }, { "category": "Payload delivery", "comment": "Whisky", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1569015252", "to_ids": false, "type": "link", "uuid": "271b9e9f-9c1b-4d87-a122-3ecacf84a57b", "value": "https://www.virustotal.com/file/e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3/analysis/1569385392/" }, { "category": "Payload delivery", "comment": "Whisky", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1569015252", "to_ids": false, "type": "text", "uuid": "c4751a17-01e5-4b62-8e6c-576d2aab11cf", "value": "2/56" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1569407548", "uuid": "6ff6b2b5-97ef-4ef1-b90f-242ed5049581", "ObjectReference": [ { "comment": "", "object_uuid": "6ff6b2b5-97ef-4ef1-b90f-242ed5049581", "referenced_uuid": "53bad3c7-cc5b-4539-892d-470596a8998f", "relationship_type": "analysed-with", "timestamp": "1621850373", "uuid": "5d8b423e-4700-4cc0-acbb-4c43950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "libbourbon", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1569015231", "to_ids": true, "type": "md5", "uuid": "5fdd5887-d483-4280-bc2d-b7e587e5bd98", "value": "0d5158b33dc32cfd3c020f9dd13bde55" }, { "category": "Payload delivery", "comment": "libbourbon", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1569015231", "to_ids": true, "type": "sha1", "uuid": "0399a67b-5e1a-4e66-82d0-06efdc25cecb", "value": "df4c6cd8e046d7072cd833575593069f28a02674" }, { "category": "Payload delivery", "comment": "libbourbon", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1569015231", "to_ids": true, "type": "sha256", "uuid": "32d0cba0-7ad4-4975-9419-5018d0ee5464", "value": "6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1569407548", "uuid": "53bad3c7-cc5b-4539-892d-470596a8998f", "Attribute": [ { "category": "Other", "comment": "libbourbon", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1569015231", "to_ids": false, "type": "datetime", "uuid": "a9483f0b-b532-4933-8cf6-cfd2109189e6", "value": "2019-09-25T04:23:29" }, { "category": "Payload delivery", "comment": "libbourbon", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1569015231", "to_ids": false, "type": "link", "uuid": "7b7d7f13-40a7-4906-91fc-d315674418f3", "value": "https://www.virustotal.com/file/6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7/analysis/1569385409/" }, { "category": "Payload delivery", "comment": "libbourbon", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1569015231", "to_ids": false, "type": "text", "uuid": "0bbfca68-2eb1-4495-86ec-ab68a0d267c9", "value": "2/55" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1569407548", "uuid": "de8d9fd8-b456-4b2d-b62e-118637749f2b", "ObjectReference": [ { "comment": "", "object_uuid": "de8d9fd8-b456-4b2d-b62e-118637749f2b", "referenced_uuid": "2317431c-4652-4dfc-b063-499e9e627c8f", "relationship_type": "analysed-with", "timestamp": "1621850373", "uuid": "5d8b423e-b2ac-4a85-828f-41ea950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Scotch", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1569015267", "to_ids": true, "type": "md5", "uuid": "0b93fbb0-d9f0-4383-a86d-1f472fea5e26", "value": "fb713151159601eef43226aadd7bb5a6" }, { "category": "Payload delivery", "comment": "Scotch", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1569015267", "to_ids": true, "type": "sha1", "uuid": "923c0e1f-a99b-4fb4-af9c-e3762aba0050", "value": "fedb77270570b8c401577b65595a9b32e2fa368a" }, { "category": "Payload delivery", "comment": "Scotch", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1569015267", "to_ids": true, "type": "sha256", "uuid": "bd0c5cfa-0dd9-4daa-a374-7c2362fd5930", "value": "0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1569407549", "uuid": "2317431c-4652-4dfc-b063-499e9e627c8f", "Attribute": [ { "category": "Other", "comment": "Scotch", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1569015267", "to_ids": false, "type": "datetime", "uuid": "9c01d4ea-e2be-4494-94a3-e63a19dd0abe", "value": "2019-09-24T22:38:17" }, { "category": "Payload delivery", "comment": "Scotch", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1569015267", "to_ids": false, "type": "link", "uuid": "4350a59c-0d18-4044-9956-66634701dbc3", "value": "https://www.virustotal.com/file/0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa/analysis/1569364697/" }, { "category": "Payload delivery", "comment": "Scotch", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1569015267", "to_ids": false, "type": "text", "uuid": "5634a47e-9a8c-483f-af69-13deaf6d152a", "value": "1/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1569407550", "uuid": "d6592ce4-117e-4cd7-9969-abe216690882", "ObjectReference": [ { "comment": "", "object_uuid": "d6592ce4-117e-4cd7-9969-abe216690882", "referenced_uuid": "5b8d4815-cde6-498e-9914-3b4a785000f9", "relationship_type": "analysed-with", "timestamp": "1621850373", "uuid": "5d8b423f-8858-43f9-bf68-42bd950d210f" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "iOS payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1568072031", "to_ids": true, "type": "md5", "uuid": "3fa80123-0c5f-4bba-b46e-a76305e1465d", "value": "fa3aeb8ce67077e54b09e0e4c80e3814" }, { "category": "Artifacts dropped", "comment": "iOS payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1568072031", "to_ids": true, "type": "sha1", "uuid": "e4261fff-7d43-41d1-aa4f-bf5d234be488", "value": "24ef2efdb2348cf9db3fb5bf79555e1ffe411c68" }, { "category": "Artifacts dropped", "comment": "iOS payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1568072031", "to_ids": true, "type": "sha256", "uuid": "4e722f47-ed47-4f50-a2b7-4bbdd1fffa6c", "value": "0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1569407550", "uuid": "5b8d4815-cde6-498e-9914-3b4a785000f9", "Attribute": [ { "category": "Other", "comment": "iOS payload", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1568072031", "to_ids": false, "type": "datetime", "uuid": "98623fdf-dc92-4290-bc36-de3d32dff2e4", "value": "2019-09-25T10:00:33" }, { "category": "External analysis", "comment": "iOS payload", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1568072031", "to_ids": false, "type": "link", "uuid": "14f169f7-d2c4-4be0-bef3-adc7ff0e345d", "value": "https://www.virustotal.com/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/analysis/1569405633/" }, { "category": "Artifacts dropped", "comment": "iOS payload", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1568072031", "to_ids": false, "type": "text", "uuid": "bbd53242-0d06-4119-ad7b-2884119a5c84", "value": "18/55" } ] } ] } }