{ "Event": { "analysis": "0", "date": "2019-11-04", "extends_uuid": "", "info": "OSINT - Turla/Venomous Bear Implants", "publish_timestamp": "1575970098", "published": true, "threat_level_id": "3", "timestamp": "1575969968", "uuid": "5dc12abf-dbec-4acb-83a5-419d950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Turla RAT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-intrusion-set=\"Turla\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"", "relationship_type": "" }, { "colour": "#12e200", "local": false, "name": "misp-galaxy:threat-actor=\"Turla Group\"", "relationship_type": "" }, { "colour": "#065100", "local": false, "name": "misp-galaxy:tool=\"Turla\"", "relationship_type": "" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "8", "timestamp": "1572940548", "uuid": "5dc12b04-4520-4f4d-bdc4-43fa950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1572940548", "to_ids": false, "type": "text", "uuid": "5dc12b04-c32c-4304-a463-4b3b950d210f", "value": "Casey Brooks\r\n@DrunkBinary\r\nTurla/Venomous Bear Implants\r\n687d7ddb080fb769b26a0c054f4cd422\r\n5b3ff56e7fe3e3a71fca4c844d1e02db\r\n535e67930dfbec1a0ae2671b63e2ef8e\r\n2d4578a2bbf5418de1fd4783e555f100\r\n198ee041e8f3eb12a19bc321f86ccb88\r\n1753424464a00c628d7166152cc30d1e\r\n6e4b7f13178ebc04304ee2b5ee646d09" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1572940549", "to_ids": false, "type": "link", "uuid": "5dc12b05-07c4-4553-bf3a-45a1950d210f", "value": "https://mobile.twitter.com/DrunkBinary/status/1191382141579476998" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1572940549", "to_ids": false, "type": "text", "uuid": "5dc12b05-8388-4289-b089-439e950d210f", "value": "Twitter" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1572940549", "to_ids": false, "type": "text", "uuid": "5dc12b05-603c-418d-8712-477d950d210f", "value": "DrunkBinary" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1572940549", "to_ids": false, "type": "text", "uuid": "5dc12b05-08ac-4652-9e94-44f0950d210f", "value": "Informative" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "creation-date", "timestamp": "1572940549", "to_ids": false, "type": "datetime", "uuid": "5dc12b05-81e8-4306-b82f-4968950d210f", "value": "2019-11-04T16:50:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940720", "uuid": "c329341a-9840-40f5-a7bc-ed64a2ec7820", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940720", "to_ids": true, "type": "md5", "uuid": "82548c4c-1873-4189-b96c-2a15391e224e", "value": "687d7ddb080fb769b26a0c054f4cd422" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940720", "uuid": "ff441ee8-3fda-4c78-800f-fa48072df42b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940721", "to_ids": true, "type": "md5", "uuid": "9d25d070-9984-4f3f-8d30-265bf28dce1d", "value": "5b3ff56e7fe3e3a71fca4c844d1e02db" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940721", "uuid": "896deec8-8e3c-4a6b-926e-de60c02d9c47", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940721", "to_ids": true, "type": "md5", "uuid": "172902c4-e266-48b1-86b8-e39bcb1ecf77", "value": "535e67930dfbec1a0ae2671b63e2ef8e" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940721", "uuid": "12b2a838-6f7c-4b4a-a1e6-46c033185348", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940722", "to_ids": true, "type": "md5", "uuid": "7b57d9fc-06cd-45cc-bb8d-5156f2575d7b", "value": "2d4578a2bbf5418de1fd4783e555f100" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940722", "uuid": "77802fc2-8e23-4b3f-8c0b-e06ea8570015", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940722", "to_ids": true, "type": "md5", "uuid": "c2f5f27e-7b18-40a8-b81b-145e49c55249", "value": "198ee041e8f3eb12a19bc321f86ccb88" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940723", "uuid": "ae94dbdf-74c8-4d41-bbe4-f92e921b960a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940723", "to_ids": true, "type": "md5", "uuid": "753cb7da-6397-4042-8f1a-4dd6f4043bf5", "value": "1753424464a00c628d7166152cc30d1e" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940723", "uuid": "cf81da33-c913-4f1e-b78f-a8acab71f9cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940723", "to_ids": true, "type": "md5", "uuid": "22c9a892-1b8e-4ac8-9cc9-46ccf93d5bf8", "value": "6e4b7f13178ebc04304ee2b5ee646d09" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1572940724", "uuid": "ced4d2d6-f1fb-4722-b7b5-7791ef662199", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940724", "to_ids": true, "type": "md5", "uuid": "8d6fc163-182b-4228-817d-bd0ada615ff3", "value": "afcf3936639b706221d5f67afa75d80b" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969935", "uuid": "5942762c-c826-4076-90ff-9e4beb34430e", "ObjectReference": [ { "comment": "", "object_uuid": "5942762c-c826-4076-90ff-9e4beb34430e", "referenced_uuid": "8beecab4-010e-4450-8dac-a31df82c3279", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-b2f8-4946-961a-4bcb950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940723", "to_ids": true, "type": "md5", "uuid": "170d4586-61fe-4e49-aa4c-d78f253c12ee", "value": "6e4b7f13178ebc04304ee2b5ee646d09" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940723", "to_ids": true, "type": "sha1", "uuid": "4c3a7a46-4c00-4989-a8ba-0c5fcafc3825", "value": "663a78cb5e6f3ab54cd0d3f67bd8c9545b341d6f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940723", "to_ids": true, "type": "sha256", "uuid": "076a7665-fc91-4318-b067-e6f24b226a86", "value": "24fe571f3066045497b1d8316040734c81c71dcb1747f1d7026cda810085fad7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969940", "uuid": "8beecab4-010e-4450-8dac-a31df82c3279", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940723", "to_ids": false, "type": "datetime", "uuid": "39464f1b-abd9-4278-8984-ed2605ebc764", "value": "2019-10-23T13:06:09" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940723", "to_ids": false, "type": "link", "uuid": "009c4163-da4a-425e-baa8-9f39a81f47c2", "value": "https://www.virustotal.com/file/24fe571f3066045497b1d8316040734c81c71dcb1747f1d7026cda810085fad7/analysis/1571835969/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940723", "to_ids": false, "type": "text", "uuid": "88b75e39-9615-4833-9bfb-912eb249492e", "value": "43/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969942", "uuid": "4e097b0f-e05c-400b-98d3-af0ce5432479", "ObjectReference": [ { "comment": "", "object_uuid": "4e097b0f-e05c-400b-98d3-af0ce5432479", "referenced_uuid": "8940fb6d-41a6-4268-96fa-a9a0c9d36780", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-3ca4-4567-8231-4256950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940722", "to_ids": true, "type": "md5", "uuid": "e0a71561-4b90-43ec-b2dc-3735a05eb460", "value": "198ee041e8f3eb12a19bc321f86ccb88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940722", "to_ids": true, "type": "sha1", "uuid": "1671e494-b952-41b1-8fa0-eeb0ea4f055d", "value": "ee583451c832b07d8f2b4d6b8dd36ccb280ff421" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940722", "to_ids": true, "type": "sha256", "uuid": "22ac5f4b-5a37-4aef-ba97-b0782e3c15f9", "value": "c63f425d96365d906604b1529611eefe5524432545a7977ebe2ac8c79f90ad7e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969951", "uuid": "8940fb6d-41a6-4268-96fa-a9a0c9d36780", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940722", "to_ids": false, "type": "datetime", "uuid": "db8e2be8-5902-4322-9da5-536f77a869cc", "value": "2019-11-12T15:05:11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940722", "to_ids": false, "type": "link", "uuid": "13f2f09d-83ec-4f87-a0c3-b2b48db6c7bf", "value": "https://www.virustotal.com/file/c63f425d96365d906604b1529611eefe5524432545a7977ebe2ac8c79f90ad7e/analysis/1573571111/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940722", "to_ids": false, "type": "text", "uuid": "cbe967c3-f348-4174-b1f9-d56f84af11cf", "value": "47/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969962", "uuid": "ba9b7334-d60e-48dd-a675-8f99e0291e0a", "ObjectReference": [ { "comment": "", "object_uuid": "ba9b7334-d60e-48dd-a675-8f99e0291e0a", "referenced_uuid": "a82564a5-e84b-4697-83a4-d70c3ff8b320", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-f00c-43f8-a9c7-4c75950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940721", "to_ids": true, "type": "md5", "uuid": "03bd6b47-1f7e-4cd6-8b2b-8d1a741873c0", "value": "535e67930dfbec1a0ae2671b63e2ef8e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940721", "to_ids": true, "type": "sha1", "uuid": "624b71d1-99f0-48b0-8d5a-c26bd7fcf511", "value": "3b203f328048b837030b6f0ff595968486cc1b44" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940721", "to_ids": true, "type": "sha256", "uuid": "4f29ad09-4b21-4802-b256-d5628075960c", "value": "db9902cb42f6dc9f1c02bd3413ab3969d345eb6b0660bd8356a0c328f1ec0c07" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969965", "uuid": "a82564a5-e84b-4697-83a4-d70c3ff8b320", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940721", "to_ids": false, "type": "datetime", "uuid": "9687daad-0e1b-4197-ac07-af6faedc2130", "value": "2019-10-23T13:07:53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940721", "to_ids": false, "type": "link", "uuid": "47135dc2-701d-433d-9930-d692cf6bdb9d", "value": "https://www.virustotal.com/file/db9902cb42f6dc9f1c02bd3413ab3969d345eb6b0660bd8356a0c328f1ec0c07/analysis/1571836073/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940721", "to_ids": false, "type": "text", "uuid": "5f598518-92a3-4dda-b5fa-852e10d79a01", "value": "42/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969966", "uuid": "0755c767-324a-4687-b231-d565cfaf10ec", "ObjectReference": [ { "comment": "", "object_uuid": "0755c767-324a-4687-b231-d565cfaf10ec", "referenced_uuid": "4ece2478-f095-4408-85c8-23dc011fadcc", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-0710-42e1-98da-406f950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940724", "to_ids": true, "type": "md5", "uuid": "09a3ae11-f2f0-499d-8449-b95add20816d", "value": "afcf3936639b706221d5f67afa75d80b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940724", "to_ids": true, "type": "sha1", "uuid": "95a7a731-a747-4ab3-bf5a-4afbc577143b", "value": "d98643af5619781280b4418d224a07c36d462a84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940724", "to_ids": true, "type": "sha256", "uuid": "b4e9bfc9-96c1-4d88-b6d2-45212b364f73", "value": "43eb5196379c3394f60014335871457b19a6784dd1de5fd490042a3801a9fa89" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969966", "uuid": "4ece2478-f095-4408-85c8-23dc011fadcc", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940724", "to_ids": false, "type": "datetime", "uuid": "859a70c4-0b4d-4fa1-86dc-1a23c2409f73", "value": "2019-10-23T13:05:51" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940724", "to_ids": false, "type": "link", "uuid": "c88401f1-1d62-4b5a-960b-4ba03e10518d", "value": "https://www.virustotal.com/file/43eb5196379c3394f60014335871457b19a6784dd1de5fd490042a3801a9fa89/analysis/1571835951/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940724", "to_ids": false, "type": "text", "uuid": "e5c2c08c-79ef-47a5-9ee3-55d93a159361", "value": "46/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969966", "uuid": "75b7df34-d401-46d9-99f1-e6ef1e4f9cc2", "ObjectReference": [ { "comment": "", "object_uuid": "75b7df34-d401-46d9-99f1-e6ef1e4f9cc2", "referenced_uuid": "dcf6461e-eabe-4050-b75a-183f1fca9199", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-0388-4ed2-8ce7-43a8950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940723", "to_ids": true, "type": "md5", "uuid": "ef59ad5f-2b10-44ad-9fa6-92f09254d305", "value": "1753424464a00c628d7166152cc30d1e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940723", "to_ids": true, "type": "sha1", "uuid": "77bafed9-e044-4544-b0f2-91668d660c4d", "value": "05071cf5da3040d6cbdfd9413a79029e605ac364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940723", "to_ids": true, "type": "sha256", "uuid": "18acd26b-6034-496f-a19e-2805e10591f6", "value": "7bd3ff9ba43020688acaa05ce4e0a8f92f53d9d9264053255a5937cbd7a5465e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969966", "uuid": "dcf6461e-eabe-4050-b75a-183f1fca9199", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940723", "to_ids": false, "type": "datetime", "uuid": "202ca9e6-3d55-4e52-ab2f-5c0164d2d9fa", "value": "2019-10-23T13:06:27" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940723", "to_ids": false, "type": "link", "uuid": "dff115c3-2d30-4f79-a525-27fbdb3054d1", "value": "https://www.virustotal.com/file/7bd3ff9ba43020688acaa05ce4e0a8f92f53d9d9264053255a5937cbd7a5465e/analysis/1571835987/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940723", "to_ids": false, "type": "text", "uuid": "f0645ffb-2291-48ef-a6d7-4d0233af89eb", "value": "45/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969967", "uuid": "529f959d-3e86-4c0a-8a74-617284841a81", "ObjectReference": [ { "comment": "", "object_uuid": "529f959d-3e86-4c0a-8a74-617284841a81", "referenced_uuid": "7e6ffeb9-c041-45ab-bd40-12f1827d706a", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-2434-46fd-b7fb-42bd950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940722", "to_ids": true, "type": "md5", "uuid": "1c16736a-63a9-44b1-b569-6cd2ea869d16", "value": "2d4578a2bbf5418de1fd4783e555f100" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940722", "to_ids": true, "type": "sha1", "uuid": "cdc58544-717a-4086-9979-6b609af45bc1", "value": "6c24db5a4d30a8287c36d21c16c0d45050a975c4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940722", "to_ids": true, "type": "sha256", "uuid": "7eed7f8d-f844-4954-8ebc-cd79e60ad6b0", "value": "5f56627cf168fcf5ffc3f5bcb9bf7f968f8428d53d8b2e00c1622c2da67965cf" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969967", "uuid": "7e6ffeb9-c041-45ab-bd40-12f1827d706a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940722", "to_ids": false, "type": "datetime", "uuid": "97bbdbe3-56cc-435b-8365-4e34e19147c8", "value": "2019-10-23T13:07:36" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940722", "to_ids": false, "type": "link", "uuid": "19a18bf2-de93-48e2-a6b9-4333cbeaaef5", "value": "https://www.virustotal.com/file/5f56627cf168fcf5ffc3f5bcb9bf7f968f8428d53d8b2e00c1622c2da67965cf/analysis/1571836056/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940722", "to_ids": false, "type": "text", "uuid": "f11e5be1-6cfb-4e2a-a983-5e176a12b585", "value": "44/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969967", "uuid": "21d50aa1-ce06-4e01-b17b-650b0a4259fb", "ObjectReference": [ { "comment": "", "object_uuid": "21d50aa1-ce06-4e01-b17b-650b0a4259fb", "referenced_uuid": "624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-3dd8-4d2b-81c6-45d1950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940721", "to_ids": true, "type": "md5", "uuid": "0b8e187d-b5b0-4cbc-9a87-c10129c9e17d", "value": "5b3ff56e7fe3e3a71fca4c844d1e02db" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940721", "to_ids": true, "type": "sha1", "uuid": "a9cf95fb-9a9e-4224-a55e-0673e486ed9e", "value": "1b8e06751ecc87826bd258d5182ab33c1e20c8f7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940721", "to_ids": true, "type": "sha256", "uuid": "fc0439fe-2650-469c-b36a-4905a9c537c5", "value": "ba9a2b8573282e9f449e53142542acd2e854206b67db12058a4195cfbd692f79" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969967", "uuid": "624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940721", "to_ids": false, "type": "datetime", "uuid": "4812d651-6871-44c6-951f-e5d047e26e46", "value": "2019-10-23T13:41:54" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940721", "to_ids": false, "type": "link", "uuid": "26a72c15-240b-4d2a-ae5a-9dfad7d14c3e", "value": "https://www.virustotal.com/file/ba9a2b8573282e9f449e53142542acd2e854206b67db12058a4195cfbd692f79/analysis/1571838114/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940721", "to_ids": false, "type": "text", "uuid": "30609a1d-5955-4c9c-a353-6794ebad86b4", "value": "43/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969967", "uuid": "62c2c068-3e13-4646-a264-2498ecdc21dc", "ObjectReference": [ { "comment": "", "object_uuid": "62c2c068-3e13-4646-a264-2498ecdc21dc", "referenced_uuid": "00429de3-12c5-4a51-a22a-ebfb1c3cd3eb", "relationship_type": "analysed-with", "timestamp": "1575969968", "uuid": "5def64b0-5738-4160-8084-4331950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572940720", "to_ids": true, "type": "md5", "uuid": "f4be489c-5bf7-4029-862a-79a4d7625a86", "value": "687d7ddb080fb769b26a0c054f4cd422" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572940720", "to_ids": true, "type": "sha1", "uuid": "aeedab12-9d5a-4f42-9c29-33a122f6e053", "value": "3227e0b8181f05e393be41d633b08da07fadf194" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572940720", "to_ids": true, "type": "sha256", "uuid": "8dfe3233-8e90-4e56-93f6-7105bcc6a512", "value": "66893ab83a7d4e298720da28cd2ea4a860371ae938cdd86035ce920b933c9d85" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969968", "uuid": "00429de3-12c5-4a51-a22a-ebfb1c3cd3eb", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572940720", "to_ids": false, "type": "datetime", "uuid": "93ec40f8-6f63-41ff-a27e-1891c57b456b", "value": "2019-11-14T08:28:17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572940720", "to_ids": false, "type": "link", "uuid": "eda19702-19eb-4e5a-9c8d-31de2e456e05", "value": "https://www.virustotal.com/file/66893ab83a7d4e298720da28cd2ea4a860371ae938cdd86035ce920b933c9d85/analysis/1573720097/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572940720", "to_ids": false, "type": "text", "uuid": "6c063632-74a2-4192-8570-2501e90ac8ab", "value": "47/70" } ] } ] } }