{ "Event": { "analysis": "0", "date": "2023-11-22", "extends_uuid": "", "info": "CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits", "publish_timestamp": "1700667863", "published": true, "threat_level_id": "3", "timestamp": "1700667785", "uuid": "df7b7020-9f17-4a3c-9824-1baa4ff67cb1", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667326", "to_ids": false, "type": "vulnerability", "uuid": "a1b4fac8-86bc-4a56-a517-f620409aa985", "value": "CVE-2023-46604" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667504", "to_ids": true, "type": "url", "uuid": "ec341f4e-0f70-4569-8ac5-e35465572726", "value": "http://185.122.204.197/acb.sh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667504", "to_ids": true, "type": "url", "uuid": "dec37bd8-3293-45dd-b087-73cc2018fb6d", "value": "http://194.38.22.53/curl-aarch64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667504", "to_ids": true, "type": "url", "uuid": "5dc9a60b-5b71-43fa-8859-e927cd7e813f", "value": "http://194.38.22.53/curl-amd64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667504", "to_ids": true, "type": "url", "uuid": "c126e50d-8d22-4201-aeb2-ceb6c4438db8", "value": "http://194.38.22.53/kinsing" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667504", "to_ids": true, "type": "url", "uuid": "6f58a684-e56b-431b-8a90-f00d03cc2837", "value": "http://194.38.22.53/kinsing_aarch64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667504", "to_ids": true, "type": "url", "uuid": "28f55810-c61e-42d0-8565-cc7d2e7eb57c", "value": "http://194.38.22.53/libsystem.so" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667583", "to_ids": true, "type": "sha256", "uuid": "858d2d46-7d03-4e4e-9a57-f8a16abed89b", "value": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667583", "to_ids": true, "type": "sha256", "uuid": "6d1389be-2a8d-4cb4-824e-cc66f8f38063", "value": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667583", "to_ids": true, "type": "sha256", "uuid": "dec7c981-9fbf-4d43-b9d9-72f46c90800d", "value": "787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667583", "to_ids": true, "type": "sha256", "uuid": "b696aff7-fc3b-4f51-9928-a5cda3032840", "value": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1700667583", "to_ids": true, "type": "sha256", "uuid": "e9401439-1ca4-4cac-a561-73c2380cec27", "value": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a" } ], "Object": [ { "comment": "", "deleted": false, "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "7", "timestamp": "1700667408", "uuid": "8ccbf5d4-d4bb-4ddb-9055-ffde04cc2d79", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1700667408", "to_ids": false, "type": "link", "uuid": "0d46d9e1-6d0f-43b4-a436-239828c9f1b4", "value": "https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1700667408", "to_ids": false, "type": "text", "uuid": "7d5d7567-2a91-4c7c-98fe-bb4ccc725e98", "value": "We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. When exploited, this vulnerability leads to remote code execution (RCE), which Kinsing uses to download and install malware. The vulnerability itself is due to OpenWire commands failing to validate throwable class type, leading to RCE." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1700667408", "to_ids": false, "type": "text", "uuid": "8ffe0cc3-7092-4bdc-98b8-cc64673e20e0", "value": "Blog" } ] }, { "comment": "CVE-2023-46604: Enriched via the cve_advanced module", "deleted": false, "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.", "meta-category": "vulnerability", "name": "vulnerability", "template_uuid": "81650945-f186-437b-8945-9f31715d32da", "template_version": "8", "timestamp": "1700667428", "uuid": "1423e354-7fb3-453f-8465-45dc2e660d79", "ObjectReference": [ { "comment": "", "object_uuid": "1423e354-7fb3-453f-8465-45dc2e660d79", "referenced_uuid": "a1b4fac8-86bc-4a56-a517-f620409aa985", "relationship_type": "related-to", "timestamp": "1700667429", "uuid": "99cef72f-4d27-4765-9193-0e96300541f0" }, { "comment": "", "object_uuid": "1423e354-7fb3-453f-8465-45dc2e660d79", "referenced_uuid": "4cac5b96-ce45-4fe8-b212-83d5620151ae", "relationship_type": "weakened-by", "timestamp": "1700667429", "uuid": "66a387ef-1589-4de1-b0b3-ee9e59dc0973" }, { "comment": "", "object_uuid": "1423e354-7fb3-453f-8465-45dc2e660d79", "referenced_uuid": "e9270a16-4ea3-465f-869c-6b667dde3350", "relationship_type": "targeted-by", "timestamp": "1700667429", "uuid": "ff9374d5-1ce4-47aa-9160-d06eea12d299" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "id", "timestamp": "1700667428", "to_ids": false, "type": "vulnerability", "uuid": "ed6125c4-f8d6-4f1c-ac2d-8b4c051a6865", "value": "CVE-2023-46604" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1700667428", "to_ids": false, "type": "text", "uuid": "909f18d8-af19-4416-999b-76917d7f9234", "value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "modified", "timestamp": "1700667428", "to_ids": false, "type": "datetime", "uuid": "c1a36471-0536-4286-bb9e-f9095b87113f", "value": "2023-11-20T22:15:00+00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "cvss-score", "timestamp": "1700667428", "to_ids": false, "type": "float", "uuid": "e1c6e680-cbd9-4a98-adb2-53bed69ffb22", "value": "9.8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "cvss-string", "timestamp": "1700667428", "to_ids": false, "type": "text", "uuid": "fe4d18e6-83a9-4dda-b694-c52f31d7ac5f", "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "published", "timestamp": "1700667428", "to_ids": false, "type": "datetime", "uuid": "09fc6f4d-54c4-460f-b1ff-6ceb2ced38c0", "value": "2023-10-27T15:15:00+00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1700667428", "to_ids": false, "type": "text", "uuid": "5077c263-72b7-453b-80a6-6267eabdd253", "value": "Published" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "1eae093e-7db2-49eb-b148-416d97856c1e", "value": "cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "89133a25-22fc-4535-b671-46b60be1a536", "value": "cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "f72dd146-1775-495b-bf06-45adcb10f3e5", "value": "cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "b9e545b5-66bd-4556-963f-c57e579d12b9", "value": "cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "63906bfc-7c03-499b-9576-5c1a73e1e2cd", "value": "cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "b322318f-ae8b-4b27-b15e-a0bbc0ddb44e", "value": "cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "72cfca14-419a-491d-b52a-c07213d1588e", "value": "cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "6cb21568-2093-42a5-af57-f11093069711", "value": "cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "c1c51379-cc42-4830-850a-f081366bae72", "value": "cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "7df44cb7-e3b0-445c-b9dd-ca1ae04da9ae", "value": "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "e0a0ae7f-8c5b-4311-a56d-a343f45bd599", "value": "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "e4bfa49d-f7de-4208-9065-186e933f7c13", "value": "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "9d04dac0-4150-4be7-952d-16a411814404", "value": "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "47d667fb-226f-4814-bd5c-abe37c4bc4ba", "value": "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "69db6f30-a14e-4bba-9290-735d0aa7ac00", "value": "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "46bfa4cc-76a8-4def-bf66-be78728e0636", "value": "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "91a2d8d2-6ed9-4f83-a216-5500a951841b", "value": "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "8d8fed5e-9bb6-4b23-bc88-332428b2cea2", "value": "cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "83991c54-fb02-4c8b-81d7-aea5b3604f46", "value": "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "5d061623-27b5-4ae0-ade1-dd5acb4bc91e", "value": "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "4b1537c8-173c-46f1-86e6-fcacf052bca1", "value": "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "8a5dfb95-41b8-41fd-bf77-916c50f8bd49", "value": "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "81ed4429-6cbf-4cd0-8848-ca1cd250ea6b", "value": "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "0ee7713b-2b99-404a-9e25-9032075f9aad", "value": "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "62a52454-46ca-4b42-9c53-b3cbe0e38a46", "value": "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "2a2c8eb2-b942-490a-bd6f-a51462087c21", "value": "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "546190e6-da91-44ee-83ce-5f1a8617cb4c", "value": "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "b6e9555f-8c57-4835-ac23-7dd6674c02bb", "value": "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "7f96f4ec-9efe-4edb-b940-015e84a7a94f", "value": "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "fd7bba1f-ff35-4f2e-bb55-f1a44a739255", "value": "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "ee82d93a-274f-49a5-9f68-f74a29999452", "value": "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "deb776e7-821e-42e2-9a05-c5d39dab4197", "value": "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "d4acfae2-0bff-40c6-80e2-bd47f76b56bc", "value": "cpe:2.3:a:apache:activemq:5.11.3:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "bbf1795b-d6b9-4f3b-98df-7f1711dac2b6", "value": "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "8b5496cc-a677-41ad-9599-5d8bf9ad18ab", "value": "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "98c8a505-2c8b-4d6c-8dc7-f0c7793f0cb3", "value": "cpe:2.3:a:apache:activemq:5.12.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "6c70616c-d3f8-4d4e-8674-22fdf065826a", "value": "cpe:2.3:a:apache:activemq:5.12.3:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "43b00644-6b97-4c2c-a1e8-aa504fbeeb11", "value": "cpe:2.3:a:apache:activemq:5.13.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "04faab7b-0e53-468d-902f-bd0c8f150e18", "value": "cpe:2.3:a:apache:activemq:5.13.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "d424a662-4c15-4a1e-b865-e0820376fd92", "value": "cpe:2.3:a:apache:activemq:5.13.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "698abba6-478d-45f4-baa5-7c8fada87a19", "value": "cpe:2.3:a:apache:activemq:5.13.3:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "2466c337-3fb4-4c9b-8a07-8d34c1ff6a96", "value": "cpe:2.3:a:apache:activemq:5.13.4:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "72596fff-941b-4967-b717-d9dc5de0d80d", "value": "cpe:2.3:a:apache:activemq:5.13.5:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "55acd54d-d64b-456f-b344-d3af3ef69570", "value": "cpe:2.3:a:apache:activemq:5.14.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "98a55f1e-4d10-4ca8-896d-46209aa124ca", "value": "cpe:2.3:a:apache:activemq:5.14.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "dabc7f9d-ae5b-4d5c-8d2d-eec8f91094e1", "value": "cpe:2.3:a:apache:activemq:5.14.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "cc6ba850-9805-4ecd-9876-16b36460a9f4", "value": "cpe:2.3:a:apache:activemq:5.14.3:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "65a9dff1-333d-4492-862c-8c29b3c5b94c", "value": "cpe:2.3:a:apache:activemq:5.14.4:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "abe51eb8-e515-494e-a5ec-9bbed7e1d4b2", "value": "cpe:2.3:a:apache:activemq:5.14.5:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "6483255f-ba4f-4601-ae99-2f0976591fd9", "value": "cpe:2.3:a:apache:activemq:5.15.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "a391ee1e-60e6-4149-93d3-5ded73a50cd6", "value": "cpe:2.3:a:apache:activemq:5.15.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "363c577a-1bae-4c4c-a65e-adf82fb7f50e", "value": "cpe:2.3:a:apache:activemq:5.15.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "b2c05ede-ee38-4191-a3c7-158764861941", "value": "cpe:2.3:a:apache:activemq:5.15.3:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "eeec7682-18f4-46bd-8ad0-624e3055dc75", "value": "cpe:2.3:a:apache:activemq:5.15.4:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "f89472f9-b663-4381-bc56-6ecdb0cb9d98", "value": "cpe:2.3:a:apache:activemq:5.15.5:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "e5c15b34-810f-46b5-b828-f7f66572c2f8", "value": "cpe:2.3:a:apache:activemq:5.15.6:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "ab9b9f69-d3af-459b-b411-4eee50e3bf82", "value": "cpe:2.3:a:apache:activemq:5.15.7:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "5f8ee5a5-229e-4e09-8f89-d49f85414960", "value": "cpe:2.3:a:apache:activemq:5.15.8:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "b84333bb-bb64-43c0-be8e-853e78dee4c7", "value": "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "a38f6a4a-d51c-4153-998b-70f9f0bc4af3", "value": "cpe:2.3:a:apache:activemq:5.15.10:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "8cfceffc-ab6e-4a2c-83f1-9e6ac2d2a04f", "value": "cpe:2.3:a:apache:activemq:5.15.11:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "e8806f71-449e-43d9-b257-3b36004e064c", "value": "cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "a89fffa9-89d3-4bce-bdbc-39fdfe4a991f", "value": "cpe:2.3:a:apache:activemq:5.15.13:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "d6312b0a-a932-4ee0-8d27-7c9e34fc457f", "value": "cpe:2.3:a:apache:activemq:5.15.14:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "7b93f6ca-21f5-4f50-86a1-380d66d01ea6", "value": "cpe:2.3:a:apache:activemq:5.15.15:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667428", "to_ids": false, "type": "cpe", "uuid": "14a90fdd-dc57-479d-8f21-f9f8d0f37d1b", "value": "cpe:2.3:a:apache:activemq:5.18.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "3bf97e96-3cce-44b2-b159-abaaefad420d", "value": "cpe:2.3:a:apache:activemq:5.17.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "8b85f140-4244-44af-9fcf-7eca4d2bb550", "value": "cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "de4a5f61-c3e2-4273-8a9f-0ba73096aa11", "value": "cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "d19cd59a-cecc-4c33-a094-b14c521cce7d", "value": "cpe:2.3:a:apache:activemq:5.16.2:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "4d09973d-d5be-4dd1-9a1b-c5f5f49ef0b3", "value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "591707f3-1573-4f4a-9d38-0fcbf7c5e033", "value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.18.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "925c1db0-fd5c-43c2-916a-e35dac492db8", "value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.17.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vulnerable-configuration", "timestamp": "1700667429", "to_ids": false, "type": "cpe", "uuid": "d52cc398-2fb7-4e40-a049-00a53330c698", "value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.16.0:*:*:*:*:*:*:*" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1700667429", "to_ids": false, "type": "link", "uuid": "a4106cf5-1f23-41d8-bb93-80146dffed98", "value": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1700667429", "to_ids": false, "type": "link", "uuid": "79c49297-a968-479a-bb6c-f37374579132", "value": "https://security.netapp.com/advisory/ntap-20231110-0010/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1700667429", "to_ids": false, "type": "link", "uuid": "c99d8453-8ef6-4b10-b94d-0a9c556ac8b4", "value": "https://www.openwall.com/lists/oss-security/2023/10/27/5" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1700667429", "to_ids": false, "type": "link", "uuid": "7415ea5e-9fc0-4974-a182-4df3c1f66943", "value": "http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1700667429", "to_ids": false, "type": "link", "uuid": "e790729d-9309-4089-8e10-0eed7dab1f89", "value": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html" } ] }, { "comment": "CVE-2023-46604: Enriched via the cve_advanced module", "deleted": false, "description": "Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.", "meta-category": "vulnerability", "name": "weakness", "template_uuid": "b8713fc0-d7a2-4b27-a182-38ed47966802", "template_version": "1", "timestamp": "1700667429", "uuid": "4cac5b96-ce45-4fe8-b212-83d5620151ae", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "id", "timestamp": "1700667429", "to_ids": false, "type": "weakness", "uuid": "6c3bd37c-e18e-44ff-b58b-b171df7d18e1", "value": "CWE-502" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "7162c223-adc9-4ee3-9c2d-efcec35a38b8", "value": "Deserialization of Untrusted Data" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "status", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "e2ea23bd-4fdf-496d-b15f-4ce3c116e3bf", "value": "Draft" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "weakness-abs", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "eac6bb21-5d71-4acb-8ce0-5aba5df658a9", "value": "Base" } ] }, { "comment": "CVE-2023-46604: Enriched via the cve_advanced module", "deleted": false, "description": "Attack pattern describing a common attack pattern enumeration and classification.", "meta-category": "vulnerability", "name": "attack-pattern", "template_uuid": "35928348-56be-4d7f-9752-a80927936351", "template_version": "1", "timestamp": "1700667429", "uuid": "e9270a16-4ea3-465f-869c-6b667dde3350", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "id", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "2804f932-36ab-4589-a6cc-d11b0943de06", "value": "586" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "f5eea24a-c698-4b4f-9843-e713a72e2313", "value": "Object Injection" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "fa4308e3-8ace-4e8e-8033-8505270c7e8f", "value": "An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "prerequisites", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "8ac13fdd-69fa-469c-a91b-b5c6a054d4e2", "value": "The target application must unserialize data before validation." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "solutions", "timestamp": "1700667429", "to_ids": false, "type": "text", "uuid": "a139f08d-d7ea-4c69-9586-e135798730e3", "value": "Implementation: Validate object before deserialization process Design: Limit which types can be deserialized. Implementation: Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. Use an allowlist of acceptable classes. Implementation: Keep session state on the server, when possible." }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "related-weakness", "timestamp": "1700667429", "to_ids": false, "type": "weakness", "uuid": "210f1e6d-0447-432a-8508-ff9cf641f3be", "value": "CWE-502" } ] }, { "comment": "Enriched via the url_import module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667558", "uuid": "69b6801f-70f2-4f6f-88f4-6246d90a02f1", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667558", "to_ids": true, "type": "url", "uuid": "f265812c-43a0-4b41-8326-7c6a2e678fd2", "value": "http://185.122.204.197/acb.sh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "resource_path", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "b1b449ad-fcdf-499d-a136-d0c9e793bd4e", "value": "/acb.sh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1700667558", "to_ids": true, "type": "hostname", "uuid": "13e5b972-3380-4851-b8a7-ab880040f1fd", "value": "185.122.204.197" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain_without_tld", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "1c197aa2-3ac1-4667-877b-10783318f8ee", "value": "185.122.204.197" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667558", "to_ids": true, "type": "domain", "uuid": "32d2cd21-d747-4736-99f6-373486dc082a", "value": "185.122.204.197" } ] }, { "comment": "Enriched via the url_import module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667558", "uuid": "d2aa05c5-9d0b-4b73-8784-f2772dab848b", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667558", "to_ids": true, "type": "url", "uuid": "d23b9046-aeac-46b4-b033-1e968446b57b", "value": "http://194.38.22.53/curl-aarch64" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "resource_path", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "99695322-1921-4083-a130-9c1dbc221747", "value": "/curl-aarch64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1700667558", "to_ids": true, "type": "hostname", "uuid": "7a041f7c-8a3c-4310-9db2-75ca58d95789", "value": "194.38.22.53" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain_without_tld", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "3711cf95-12ce-4905-a09f-dd3db2152281", "value": "194.38.22.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667558", "to_ids": true, "type": "domain", "uuid": "30d63bd6-c25a-4f77-ac18-be4c58763673", "value": "194.38.22.53" } ] }, { "comment": "Enriched via the url_import module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667558", "uuid": "bff55684-ad68-46cc-9919-2b6bc1f3b179", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667558", "to_ids": true, "type": "url", "uuid": "5e163710-eedb-42a1-8769-e5223b6938aa", "value": "http://194.38.22.53/curl-amd64" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "resource_path", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "8526914b-d0c6-4634-824d-84c558961015", "value": "/curl-amd64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1700667558", "to_ids": true, "type": "hostname", "uuid": "109de076-9e6e-4efb-a0c9-b805a0435546", "value": "194.38.22.53" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain_without_tld", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "12c2f54b-c7c3-4f01-80b2-67768a84b9d4", "value": "194.38.22.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667558", "to_ids": true, "type": "domain", "uuid": "d97241b5-a6e0-42e0-82aa-5ba822e7fa3a", "value": "194.38.22.53" } ] }, { "comment": "Enriched via the url_import module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667558", "uuid": "301c5825-7094-4eff-840a-be6d8c8e8195", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667558", "to_ids": true, "type": "url", "uuid": "8ec51b19-e37a-4266-a377-62a62d720f8d", "value": "http://194.38.22.53/kinsing" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "resource_path", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "ec1ad836-5aeb-4761-8337-858d40fcc03a", "value": "/kinsing" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1700667558", "to_ids": true, "type": "hostname", "uuid": "3018f778-078f-43a9-a0e7-37e0bbbd8202", "value": "194.38.22.53" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain_without_tld", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "5473c4fc-7d8a-43f7-9a78-3ee2ce3970d9", "value": "194.38.22.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667558", "to_ids": true, "type": "domain", "uuid": "5b594c76-ab8a-41cc-8b2c-b333529774fe", "value": "194.38.22.53" } ] }, { "comment": "Enriched via the url_import module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667558", "uuid": "e66b0982-04a9-4ead-909b-499b49c8faf2", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667558", "to_ids": true, "type": "url", "uuid": "87af1d09-3454-40aa-8c22-bb7d2e0ea6c6", "value": "http://194.38.22.53/kinsing_aarch64" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "resource_path", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "2e90f897-563c-4b25-bff1-c0437c653107", "value": "/kinsing_aarch64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1700667558", "to_ids": true, "type": "hostname", "uuid": "26007038-fb97-46ed-b76e-f31e5ed33c74", "value": "194.38.22.53" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain_without_tld", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "280f9e3c-e2ae-4be3-addf-e9250375e3a5", "value": "194.38.22.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667558", "to_ids": true, "type": "domain", "uuid": "dfab016c-ad6a-47e3-b89d-8b0ef9ac2609", "value": "194.38.22.53" } ] }, { "comment": "Enriched via the url_import module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667558", "uuid": "4675bbfa-2304-4cc2-ba9c-1a3cebd3c7cf", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667558", "to_ids": true, "type": "url", "uuid": "2bfdff18-0ada-4b19-8d8a-e3719722d7c6", "value": "http://194.38.22.53/libsystem.so" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "resource_path", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "9fde180e-f3fd-4498-a19e-b41beb2b9060", "value": "/libsystem.so" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1700667558", "to_ids": true, "type": "hostname", "uuid": "138e1908-e644-4bc0-b14b-738f75e1ac24", "value": "194.38.22.53" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain_without_tld", "timestamp": "1700667558", "to_ids": false, "type": "text", "uuid": "9c73bf38-7f1d-40b4-9d3f-f5c042ba297d", "value": "194.38.22.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667558", "to_ids": true, "type": "domain", "uuid": "c5941b10-1b54-4cd6-b574-2e2b96dad1f1", "value": "194.38.22.53" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667633", "uuid": "72f8dfd0-2ab6-4839-956d-813372d4cbce", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667633", "to_ids": false, "type": "link", "uuid": "cf428eb0-b056-4355-bc6b-c8f505ae083e", "value": "https://www.virustotal.com/gui/file/c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667633", "to_ids": false, "type": "text", "uuid": "22b554c6-f8c7-4367-8291-a310c4aedecf", "value": "41/60" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667633", "uuid": "fec59623-a7d8-43bb-90ca-d1f8d2469bf0", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667633", "to_ids": false, "type": "link", "uuid": "ea0091d8-b24f-47a6-96c6-234afe75f14a", "value": "https://www.virustotal.com/gui/url/218336a92c3856330bc926adf336fb4537742f85eee39a56660903acd4699729" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667633", "to_ids": false, "type": "text", "uuid": "d0aa461c-743c-487e-a88a-72f49f03609e", "value": "14/90" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667633", "uuid": "2b12de36-4f9c-4ecd-8138-9a2ea40adb88", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667633", "to_ids": false, "type": "link", "uuid": "da5e0938-c07c-4d97-9c76-27bb253759a0", "value": "https://www.virustotal.com/gui/url/a2a84fe32f387d17f7df1058ed594dd4658537c335667c73c15ffc78fddac256" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667633", "to_ids": false, "type": "text", "uuid": "7206f043-4bba-46a9-a450-7d4530f763fb", "value": "7/89" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667633", "uuid": "c8e5e229-75f0-494f-bfa0-0de1b929bed9", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667633", "to_ids": true, "type": "url", "uuid": "fcd4271f-3fda-400c-9972-91920354a3c9", "value": "http://194.38.21.25/libsystem.so" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667633", "uuid": "c84d52b3-fdfb-4164-82c8-04fc9e76dc69", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667633", "to_ids": false, "type": "link", "uuid": "e5b1a692-c883-4f46-bfd5-5525167d9dbf", "value": "https://www.virustotal.com/gui/url/e4b7d05cadf1319d2f915d74ca9644e512182f6b8a470b9882b3a65e08cb9cba" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667633", "to_ids": false, "type": "text", "uuid": "74331e0a-3c35-4754-a1e0-2916c12dbd06", "value": "3/90" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667633", "uuid": "23a79772-d43c-4c33-ba7d-0fec21a26bae", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667633", "to_ids": true, "type": "url", "uuid": "4c85e825-7f37-42f2-8a2f-267af5e293f4", "value": "http://45.15.158.124/libsystem.so" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667633", "uuid": "5dacd5e9-1cd3-40a5-95fd-3f76919bcaf3", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667633", "to_ids": false, "type": "link", "uuid": "19ceae8f-95fa-40ae-ae0c-bc7353025544", "value": "https://www.virustotal.com/gui/url/df1e6c6270e8f4aaefab50c87ae9db569a24a082e98bfd0eb521b7339978a891" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667633", "to_ids": false, "type": "text", "uuid": "501737a6-d6af-4cc7-bcec-901605704c59", "value": "7/90" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667633", "uuid": "298b2c78-9d01-4046-a51a-6829f33b58fa", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667633", "to_ids": true, "type": "url", "uuid": "2247daac-cc77-42d2-a57c-0ee34bbe7da3", "value": "http://194.87.252.159/libsystem.so" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667633", "uuid": "17054e47-ae49-4803-8640-54bfd422581a", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667633", "to_ids": false, "type": "link", "uuid": "151edbae-1dbc-4e98-addb-873ef925d4ae", "value": "https://www.virustotal.com/gui/url/ee9cf5f02f58fa2d1149485e3024eab2849c5d8a3c8e8530895100b2cde4907d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667633", "to_ids": false, "type": "text", "uuid": "f28c0fb3-7b6e-48b1-939c-85cdb774dcd2", "value": "11/90" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667633", "uuid": "f7612330-d2f6-40bd-bc97-103283c02684", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667633", "to_ids": true, "type": "url", "uuid": "35a902c0-05c5-4769-a7cb-b924fae6048d", "value": "http://194.38.20.196/libsystem.so" } ] }, { "comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1700667633", "uuid": "a617657e-c7b8-441c-a432-b92a4f534a41", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1700667633", "to_ids": true, "type": "md5", "uuid": "635fe922-97ee-4d85-a10e-723006594f41", "value": "ccef46c7edf9131ccffc47bd69eb743b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1700667633", "to_ids": true, "type": "sha1", "uuid": "285f5cdb-5856-4044-bcb2-885eba57bbaa", "value": "38c56b5e1489092b80c9908f04379e5a16876f01" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1700667633", "to_ids": true, "type": "sha256", "uuid": "7a583f83-52d2-412a-a176-e9e77dec4df0", "value": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "tlsh", "timestamp": "1700667633", "to_ids": true, "type": "tlsh", "uuid": "c7a855f9-8ccb-461e-9dfe-50190bcf80ab", "value": "t19ec2c637b9d2cab5c0c0e238a5d79276f1f5b0f14b22931ba294457e3e927c81f4ea45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1700667633", "to_ids": true, "type": "vhash", "uuid": "24b19e0b-122c-49d4-8c92-dc00267e78ed", "value": "fe6bc79726e96c10105967299ddec168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1700667633", "to_ids": true, "type": "ssdeep", "uuid": "bc94a808-b1d8-472b-abae-d73e193252b6", "value": "384:GkV8prsuhCY63B9dBRi9JsdgUa/Q1NXJZ6Cb1b:ZaLOVT6E" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667683", "uuid": "acfc0207-defe-445e-bf6a-57cd212030ad", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667683", "to_ids": false, "type": "link", "uuid": "6dd7e193-5c2e-4cba-ba8b-dbc0b44cf8f0", "value": "https://www.virustotal.com/gui/file/c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667683", "to_ids": false, "type": "text", "uuid": "b84ffbd9-a6c7-4659-ac23-840c2fa2e511", "value": "31/62" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667683", "uuid": "2b18b23b-0776-4e5e-864f-d7d2449bf58c", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667683", "to_ids": false, "type": "link", "uuid": "f7bde291-3d01-4439-b277-4bc1234ab40f", "value": "https://www.virustotal.com/gui/url/1cba372316495cfc9a3e356c5bd6bc117ab9e88fdb8af13b3722ec57495b4e2f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667683", "to_ids": false, "type": "text", "uuid": "bf64c7f6-ca76-416b-ae89-149b857ac215", "value": "12/90" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667683", "uuid": "fcab0f20-fdad-4882-852f-c5a5b07a621c", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667683", "to_ids": false, "type": "link", "uuid": "84a6bf72-8f4e-420a-8227-903180e36b01", "value": "https://www.virustotal.com/gui/url/165df3d9737567242c4b0b130e9408ea7727bdebde81273b819a52836aac40ed" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667683", "to_ids": false, "type": "text", "uuid": "036a271b-7ea8-4970-8e4d-c65c843e1c13", "value": "8/90" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667683", "uuid": "2604d1c8-cc20-4373-8fd3-cb579dce9928", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667683", "to_ids": true, "type": "url", "uuid": "b369a78f-e770-4044-9249-1a29d1da5a03", "value": "http://194.38.21.25/kinsing_aarch64" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667683", "uuid": "29cdd1eb-9702-4cdd-9d6f-5b21f1604cf3", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667683", "to_ids": false, "type": "link", "uuid": "dbf5b8f6-8f84-45a0-ab59-d4ffcba224c6", "value": "https://www.virustotal.com/gui/url/8c6fdf6a7619b40cb998d37e0d1693d30346aee37390b8f309b35fb98bfd3a61" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667683", "to_ids": false, "type": "text", "uuid": "d59c6003-5a64-40e7-bc75-4f567e0a9311", "value": "12/90" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667683", "uuid": "79b0dd04-14b2-4c8e-a036-1753c83e8f24", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667683", "to_ids": true, "type": "url", "uuid": "3681cc4a-64a5-4054-b4d8-b522f5a75f3f", "value": "http://45.15.158.124/kinsing_aarch64" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667683", "uuid": "3a3e95e0-1ab6-47cd-a79c-504eb4c7761c", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667683", "to_ids": false, "type": "link", "uuid": "4d468458-94bc-43e7-9f0d-2b8f4e1f840f", "value": "https://www.virustotal.com/gui/url/7115f7b310d2ce8d953266e87ee37d7db0a23e0bf1b943cd7bb0194c19501cb0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667683", "to_ids": false, "type": "text", "uuid": "e97bae4d-8455-4b91-8458-9b86a06b36df", "value": "7/90" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667683", "uuid": "4c1102ac-a885-43e6-9c60-319bb644882a", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667683", "to_ids": true, "type": "url", "uuid": "c201e107-b762-4ee1-a792-bf8c575eee34", "value": "http://194.87.252.159/kinsing_aarch64" } ] }, { "comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1700667683", "uuid": "4b29d4c4-a8ff-4a88-89d9-2344abf2bf86", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1700667683", "to_ids": true, "type": "md5", "uuid": "2bc70ba9-dc30-4ff6-8430-22d431910838", "value": "da753ebcfe793614129fc11890acedbc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1700667683", "to_ids": true, "type": "sha1", "uuid": "af02869b-4e2c-45f7-9302-e0b326085e82", "value": "ee458e526125d60cc1a387b4163376be8e9bc689" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1700667683", "to_ids": true, "type": "sha256", "uuid": "292aeebc-f9ef-46ca-b67a-160ff5048266", "value": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "tlsh", "timestamp": "1700667683", "to_ids": true, "type": "tlsh", "uuid": "4c023c34-53a0-40fc-a2de-f92c46f9c606", "value": "t178564b02bc5db563e9cc7630777683d9323e7588cba14233aa64ee7d99f13688e17121" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1700667683", "to_ids": true, "type": "vhash", "uuid": "4eac958a-bf3f-4b40-9bf9-f9923a899ee3", "value": "036051e39318996e6fe6578e87fd9a87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1700667683", "to_ids": true, "type": "ssdeep", "uuid": "73d8d4c7-3de0-4858-87fa-7b0501e3153c", "value": "98304:Slds3UPXBQSH14vZh7pIDhG9By8uCGUGan5UPiK/AF7XlzcKGYH0ye8nanVFflpu:ZUDIaLbI+ED2iJ" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667718", "uuid": "89a35674-1ce6-43d7-a4e9-773e76105ef7", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667718", "to_ids": false, "type": "link", "uuid": "f1177b7d-c6c5-4d66-a0ba-83ed7b0ae30d", "value": "https://www.virustotal.com/gui/file/0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667718", "to_ids": false, "type": "text", "uuid": "881df600-7d23-4463-9893-4eb59c19d56e", "value": "24/50" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667718", "uuid": "221e43e7-847d-40ed-b92f-c8a002202a76", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667718", "to_ids": false, "type": "link", "uuid": "14541f18-115a-437e-90c9-9d6670aa5628", "value": "https://www.virustotal.com/gui/url/944e32ccbd91d3d350477bbb8acb2130702923a74477e8aecdd2215986b32eb5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667718", "to_ids": false, "type": "text", "uuid": "52fdccb2-dc53-46bf-802f-de64ccd43f9a", "value": "12/90" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667718", "uuid": "b266c2bf-23d9-4621-aa7a-18b3972919c0", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667718", "to_ids": true, "type": "url", "uuid": "211b3c7c-20dd-446b-acd4-d00d9db2d7dd", "value": "http://194.38.22.53/acb.sh" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667718", "uuid": "49cf6520-3033-4c17-931e-eda0e9dc70df", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667718", "to_ids": false, "type": "link", "uuid": "754fa744-eb03-4501-844a-621fa92d4dc3", "value": "https://www.virustotal.com/gui/domain/gateway.fe.apple-dns.net" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667718", "to_ids": false, "type": "text", "uuid": "7dd61383-db96-4cf4-91f7-cd87d4768dde", "value": "0/88" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1700667719", "uuid": "e2a40f1c-a4b5-41f4-9f7b-38199747ef9b", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667719", "to_ids": true, "type": "domain", "uuid": "2251b2b8-c300-4d2e-8f7f-9633a3847ce3", "value": "gateway.fe.apple-dns.net" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667719", "uuid": "7182965a-7d9c-4164-8bf3-af0e5c0b0c46", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667719", "to_ids": false, "type": "link", "uuid": "87b362e2-656d-4835-a100-3d496d1721bd", "value": "https://www.virustotal.com/gui/domain/mask-api.fe.apple-dns.net" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667719", "to_ids": false, "type": "text", "uuid": "ed99efcb-5c24-40d6-a188-54ba2b3b5372", "value": "0/88" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1700667719", "uuid": "a2e218c6-e7f0-4b43-9a96-39f3e0223e18", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1700667719", "to_ids": true, "type": "domain", "uuid": "37d9079c-cb7b-4da1-800f-169c57306269", "value": "mask-api.fe.apple-dns.net" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667719", "uuid": "9ff8bb23-38df-4b86-a7a9-bf539e82b91c", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667719", "to_ids": false, "type": "link", "uuid": "86c55c15-b936-4228-a1ff-ae5f995216d5", "value": "https://www.virustotal.com/gui/ip_address/169.254.169.254" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667719", "to_ids": false, "type": "text", "uuid": "cff1e16a-ce6f-4cd0-8186-9ef9023f8a02", "value": "0/88" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1700667719", "uuid": "d6d98d86-01e3-408e-963f-d4d367eb0c13", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1700667719", "to_ids": true, "type": "ip-dst", "uuid": "311e549f-59a9-4b06-94d1-79ce8e987aa3", "value": "169.254.169.254" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667719", "uuid": "11de74c8-163e-4e3e-88ea-035a16ebf143", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667719", "to_ids": false, "type": "link", "uuid": "ae0033ca-f6a1-45ae-a48e-e9a1215ed2cb", "value": "https://www.virustotal.com/gui/ip_address/17.248.193.19" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667719", "to_ids": false, "type": "text", "uuid": "1fe250a3-77c7-485e-8d19-f85ea93d8011", "value": "0/88" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1700667719", "uuid": "7e13183f-96ba-4d22-b098-faf834459016", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1700667719", "to_ids": true, "type": "ip-dst", "uuid": "86ba253e-c6d7-4e97-81b4-2bbd3986ce7a", "value": "17.248.193.19" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667719", "uuid": "4b6e8088-4ac7-4290-883f-1560b2413c52", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667719", "to_ids": false, "type": "link", "uuid": "844332ac-eae7-45d7-b2a7-a1b3a35e55b2", "value": "https://www.virustotal.com/gui/ip_address/17.248.195.64" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667719", "to_ids": false, "type": "text", "uuid": "7d3af4f8-3ac6-4e48-9dba-c1c85380cf83", "value": "0/88" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1700667719", "uuid": "e0d99c98-a0d5-4ffa-a247-ad989f5ee852", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1700667719", "to_ids": true, "type": "ip-dst", "uuid": "c229bf24-a015-4cdf-811d-3416bc6dd210", "value": "17.248.195.64" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667719", "uuid": "c307be58-48b4-43d0-84b1-9836ebbcb67f", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667719", "to_ids": false, "type": "link", "uuid": "05fefb9f-4ddd-483a-88a6-311de2883ac9", "value": "https://www.virustotal.com/gui/ip_address/17.248.195.71" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667719", "to_ids": false, "type": "text", "uuid": "d996fc7a-f5d8-4ec7-bdbf-3c9639148548", "value": "0/88" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1700667719", "uuid": "e73cb509-a734-46bf-bbc2-4c7ad7dbcd9b", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1700667719", "to_ids": true, "type": "ip-dst", "uuid": "d272d7ed-7f73-4ae3-9b8b-0f5488ee1c59", "value": "17.248.195.71" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667719", "uuid": "cdfff20b-2054-4226-ac1d-15eda55808a6", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667719", "to_ids": false, "type": "link", "uuid": "5101fcca-0ad0-429a-8689-73c10d582c18", "value": "https://www.virustotal.com/gui/ip_address/17.253.83.197" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667719", "to_ids": false, "type": "text", "uuid": "a25c2f26-cfae-4cca-b854-d2f55f5a0bc3", "value": "0/88" } ] }, { "comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1700667719", "uuid": "3b1d461d-66eb-45db-90ca-58088373ebf9", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1700667719", "to_ids": true, "type": "ip-dst", "uuid": "9f4ab3a6-872f-41af-9263-3974b2cd5968", "value": "17.253.83.197" } ] }, { "comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667738", "uuid": "21c1f5d0-926e-4360-9877-2ce09997226d", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667738", "to_ids": false, "type": "link", "uuid": "865d779e-8b05-4c42-9fab-ad1607b924ff", "value": "https://www.virustotal.com/gui/file/d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667738", "to_ids": false, "type": "text", "uuid": "f56b0ed5-3e30-4188-aeb4-3f2eaa95d850", "value": "5/57" } ] }, { "comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1700667738", "uuid": "16a55ce1-986f-4c5e-adbe-03a5ac50282e", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1700667738", "to_ids": false, "type": "link", "uuid": "a9f3c732-00cd-4600-8012-f3f002887607", "value": "https://www.virustotal.com/gui/url/228d9bf9973bcf53926cbea6c31af08a221b5fe44716306abfc6c3d48c0fedcb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1700667738", "to_ids": false, "type": "text", "uuid": "e809b8fa-16c4-468e-9559-f4b92ae807b4", "value": "13/90" } ] }, { "comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1700667738", "uuid": "fb2149de-3034-4eb9-a3c4-2876e5aa1b69", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1700667738", "to_ids": true, "type": "url", "uuid": "63a69472-9a9b-4c18-a462-fbd97e2fe2a3", "value": "http://194.38.22.53/acb.xml" } ] }, { "comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1700667738", "uuid": "20430c3e-2aa4-4cf3-889e-6a75c4478738", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1700667738", "to_ids": true, "type": "md5", "uuid": "b0e61860-5a43-4d28-9521-8727c6c99881", "value": "0b882c863de5c302015c1a1cb8616bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1700667738", "to_ids": true, "type": "sha1", "uuid": "5d44c4df-f935-4eea-8cad-135aa9fdebb6", "value": "b841db7fc24e59e60a9d7e158e3ef50236b605b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1700667739", "to_ids": true, "type": "sha256", "uuid": "4ed5f457-dd9d-4d0d-87b5-ff875077144f", "value": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "tlsh", "timestamp": "1700667739", "to_ids": true, "type": "tlsh", "uuid": "04e3f94b-884b-4988-920d-686c20faa096", "value": "t1b7f08b4ce2bccea109ddc692fab490184ad1a04b91f0a7d5f28d05357f00e4d2b6320d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1700667739", "to_ids": true, "type": "ssdeep", "uuid": "5432b331-9389-4ac1-a506-4723f8985332", "value": "12:TMHdxXzY8id/73AC7ikxGWi2jLak9FFLWJLZ7UkWJ0nv:2dxXzY8kj/8Wi2jtQJLNUnJA" } ] } ] } }