misp-circl-feed/feeds/circl/misp/5a3c2fcd-8328-42bb-a95e-4f4402de0b81.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT - Sednit update: How Fancy Bear Spent the Year", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#e7007d", "exportable": true, "name": "workflow:state=\"incomplete\""}, {"colour": "#850048", "exportable": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster-values\""}, {"colour": "#7a0042", "exportable": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\""}, {"colour": "#12e000", "exportable": true, "name": "misp-galaxy:threat-actor=\"Sofacy\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:exploit-kit=\"Sednit EK\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"GAMEFISH\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"JHUHUGIT\""}, {"colour": "#0c9900", "exportable": true, "name": "misp-galaxy:tool=\"X-Tunnel\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"XTunnel\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"EVILTOSS\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"USBStealer\""}, {"colour": "#0c9800", "exportable": true, "name": "misp-galaxy:tool=\"X-Agent\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"XAgentOSX\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"CHOPSTICK\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:exploit-kit=\"DealersChoice\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"Downdelph\""}], "publish_timestamp": "0", "timestamp": "1513948645", "Object": [{"comment": "Win32/Sednit.AX", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd5b6-9568-4342-b2ab-4c62950d210f", "sharing_group_id": "0", "timestamp": "1513936310", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd5b6-2850-435f-bd0d-4c62950d210f", "timestamp": "1513936310", "to_ids": true, "value": "Bulletin.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd5b6-78a8-4e47-8333-4c62950d210f", "timestamp": "1513936310", "to_ids": true, "value": "68064fc152e23d56e541714af52651cb4ba81aaf", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd5b6-23d8-43ba-8518-4c62950d210f", "timestamp": "1513936310", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.CVE-2016-4117.A", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd604-e11c-4de5-bbbf-c170950d210f", "sharing_group_id": "0", "timestamp": "1513936388", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd604-748c-4fc0-88bf-c170950d210f", "timestamp": "1513936388", "to_ids": true, "value": "f3805382ae2e23ff1147301d131a06e00e4ff75f", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd604-6668-4469-a1c0-c170950d210f", "timestamp": "1513936388", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.NUB", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd693-fd9c-4fcf-b69a-439c950d210f", "sharing_group_id": "0", "timestamp": "1513936531", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd693-dc40-445d-a4d7-4ae0950d210f", "timestamp": "1513936531", "to_ids": true, "value": "OC_PSO_2017.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd693-8ffc-4d95-b522-4e84950d210f", "timestamp": "1513936531", "to_ids": true, "value": "512bdfe937314ac3f195c462c395feeb36932971", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd693-a8f0-4aea-a834-4097950d210f", "timestamp": "1513936531", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.NTR", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd6c2-d290-4787-910f-4e6d950d210f", "sharing_group_id": "0", "timestamp": "1513936578", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd6c2-d31c-40cc-bcc1-4458950d210f", "timestamp": "1513936578", "to_ids": true, "value": "NASAMS.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd6c2-6a54-4b4c-8748-4c84950d210f", "timestamp": "1513936578", "to_ids": true, "value": "30b3e8c0f3f3cf200daa21c267ffab3cad64e68b", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd6c2-1c68-45de-8325-464a950d210f", "timestamp": "1513936578", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.NTO", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd74e-1504-40ff-9a28-4501950d210f", "sharing_group_id": "0", "timestamp": "1513936718", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd74e-584c-45b9-8557-486d950d210f", "timestamp": "1513936718", "to_ids": true, "value": "Programm_Details.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd74e-f334-4e6b-b37f-462f950d210f", "timestamp": "1513936718", "to_ids": true, "value": "4173b29a251cd9c1cab135f67cb60acab4ace0c5", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd74e-5900-4fbf-85c6-4c81950d210f", "timestamp": "1513936718", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.NTR", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd775-e4cc-44bb-89b6-4c5a950d210f", "sharing_group_id": "0", "timestamp": "1513936757", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd775-e8f4-465a-aca2-4c5a950d210f", "timestamp": "1513936757", "to_ids": true, "value": "Operation_in_Mosul.rtf", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd775-1190-4db7-961a-4c5a950d210f", "timestamp": "1513936757", "to_ids": true, "value": "12a37cfdd3f3671074dd5b0f354269cec028fb52", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd775-fa5c-4453-bcb0-4c5a950d210f", "timestamp": "1513936757", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "SWF/Agent.L", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd82f-2788-4561-bbeb-5165950d210f", "sharing_group_id": "0", "timestamp": "1513936943", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd82f-b918-4520-ba8b-5165950d210f", "timestamp": "1513936943", "to_ids": true, "value": "ARM-NATO_ENGLISH_30_NOV_2016.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd82f-cae4-4209-9338-5165950d210f", "timestamp": "1513936943", "to_ids": true, "value": "15201766bd964b7c405aeb11db81457220c31e46", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd82f-d91c-43af-8262-5165950d210f", "timestamp": "1513936943", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.BL", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd847-b5a0-42f7-ac4b-5165950d210f", "sharing_group_id": "0", "timestamp": "1513936967", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd847-0aa0-4b5c-aa30-5165950d210f", "timestamp": "1513936967", "to_ids": true, "value": "Olympic-Agenda-2020-20-20-Recommendations.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd847-593c-4985-8756-5165950d210f", "timestamp": "1513936967", "to_ids": true, "value": "8078e411fbe33864dfd8f87ad5105cc1fd26d62e", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd847-1324-4fad-af60-5165950d210f", "timestamp": "1513936967", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.NUG", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd861-65c0-4b69-9429-4f37950d210f", "sharing_group_id": "0", "timestamp": "1513936993", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd861-9350-40c1-ac29-4771950d210f", "timestamp": "1513936993", "to_ids": true, "value": "Merry_Christmas!.docx", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd861-18ac-4cf0-b96f-4986950d210f", "timestamp": "1513936993", "to_ids": true, "value": "33447383379ca99083442b852589111296f0c603", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd861-cfbc-4096-baae-40e2950d210f", "timestamp": "1513936993", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.NWZ", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd87d-f514-4071-a5f7-4ec2950d210f", "sharing_group_id": "0", "timestamp": "1513937021", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd87d-fa9c-41aa-897f-49a5950d210f", "timestamp": "1513937021", "to_ids": true, "value": "Trump\u2019s_Attack_on_Syria_English.docx", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd87d-c630-4487-8336-4615950d210f", "timestamp": "1513937021", "to_ids": true, "value": "d5235d136cfcadbef431eea7253d80bde414db9d", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd87d-8c98-4660-9026-44de950d210f", "timestamp": "1513937021", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BN", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd896-f6cc-4e52-bcb2-442c950d210f", "sharing_group_id": "0", "timestamp": "1513937046", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd897-4cc0-48b0-bb2c-461f950d210f", "timestamp": "1513937047", "to_ids": true, "value": "Hotel_Reservation_Form.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd897-fa64-466c-9421-49c5950d210f", "timestamp": "1513937047", "to_ids": true, "value": "f293a2bfb728060c54efeeb03c5323893b5c80df", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd897-f020-44cf-8dfc-4225950d210f", "timestamp": "1513937047", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BN", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd8ae-54d0-46bb-adbb-4c5a950d210f", "sharing_group_id": "0", "timestamp": "1513937070", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd8ae-7194-48fd-810e-4c5a950d210f", "timestamp": "1513937070", "to_ids": true, "value": "SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd8af-f39c-443c-bcf1-4c5a950d210f", "timestamp": "1513937071", "to_ids": true, "value": "bb10ed5d59672fbc6178e35d0feac0562513e9f0", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd8af-b3ec-478a-b585-4c5a950d210f", "timestamp": "1513937071", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd8bb-a704-4f1d-a235-444e950d210f", "sharing_group_id": "0", "timestamp": "1513937083", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd8bb-74d8-4d19-ae08-4043950d210f", "timestamp": "1513937083", "to_ids": true, "value": "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd8bb-77bc-4cc4-887f-429d950d210f", "timestamp": "1513937083", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd8c9-6568-406a-853c-4862950d210f", "sharing_group_id": "0", "timestamp": "1513937097", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd8c9-4d2c-4145-a637-4f13950d210f", "timestamp": "1513937097", "to_ids": true, "value": "169c8f3e3d22e192c108bc95164d362ce5437465", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd8c9-7ff0-42f7-ae80-4eb6950d210f", "timestamp": "1513937097", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BN", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd8db-2838-4466-a986-4afb950d210f", "sharing_group_id": "0", "timestamp": "1513937115", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd8dc-48c0-4ea0-a67d-4734950d210f", "timestamp": "1513937116", "to_ids": true, "value": "cc7607015cd7a1a4452acd3d87adabdd7e005bd7", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd8dc-9ed8-4a4d-9ceb-4daa950d210f", "timestamp": "1513937116", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Exploit.Agent.NTM", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd8fb-cd14-4b00-9710-430c950d210f", "sharing_group_id": "0", "timestamp": "1513937147", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd8fb-1efc-4059-ae7a-42f5950d210f", "timestamp": "1513937147", "to_ids": true, "value": "Caucasian_Eagle_ENG.docx", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd8fb-9cec-4a30-8b2f-4441950d210f", "timestamp": "1513937147", "to_ids": true, "value": "5d2c7d87995cc5b8184baba2c7a1900a48b2f42d", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd8fb-e52c-489b-8da5-43d1950d210f", "timestamp": "1513937147", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "SWF/Exploit.CVE-2017-11292.A", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd90e-538c-4b7e-95dc-5276950d210f", "sharing_group_id": "0", "timestamp": "1513937166", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd90e-5eb4-4069-b160-5276950d210f", "timestamp": "1513937166", "to_ids": true, "value": "World War3.docx", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd90e-6d2c-4ffc-a699-5276950d210f", "timestamp": "1513937166", "to_ids": true, "value": "7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd90e-28e8-410e-8033-5276950d210f", "timestamp": "1513937166", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "VBA/DDE.E", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd927-e410-489c-abfc-4b63950d210f", "sharing_group_id": "0", "timestamp": "1513937191", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd927-e810-4d22-a0e4-4057950d210f", "timestamp": "1513937191", "to_ids": true, "value": "SaberGuardian2017.docx", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd927-f284-43b9-83d1-473b950d210f", "timestamp": "1513937191", "to_ids": true, "value": "68c2809560c7623d2307d8797691abf3eafe319a", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd927-b844-49f2-a1a9-4c85950d210f", "timestamp": "1513937191", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "VBA/DDE.L", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cd93c-716c-4918-a00f-4671950d210f", "sharing_group_id": "0", "timestamp": "1513937212", "description": "File object describing a file with meta-information", "template_version": "8", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cd93c-2438-4dda-823e-463d950d210f", "timestamp": "1513937212", "to_ids": true, "value": "IsisAttackInNewYork.docx", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a3cd93c-1ef0-4d81-9476-4655950d210f", "timestamp": "1513937212", "to_ids": true, "value": "1c6c700ceebfbe799e115582665105caa03c5c9e", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cd93c-949c-40ac-9094-4a4a950d210f", "timestamp": "1513937212", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win64/Sednit.Z", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f", "sharing_group_id": "0", "timestamp": "1513937829", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f", "uuid": "5a3cdba2-2fdc-4f9a-a4eb-4dae950d210f", "timestamp": "1513937826", "referenced_uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cda97-7e58-4642-aaf5-c5ed950d210f", "timestamp": "1513937559", "to_ids": true, "value": "6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cda97-6020-423d-9d23-c5ed950d210f", "timestamp": "1513937559", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win64/Sednit.Z", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f", "sharing_group_id": "0", "timestamp": "1513938094", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f", "uuid": "5a3cdcab-8200-4c65-868e-42a9950d210f", "timestamp": "1513938091", "referenced_uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdbc8-0aac-4d8a-8c1f-4c5a950d210f", "timestamp": "1513937864", "to_ids": true, "value": "e19f753e514f6adec8f81bcdefb9117979e69627", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdbc8-e204-4606-b9ea-4c5a950d210f", "timestamp": "1513937864", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BO", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f", "sharing_group_id": "0", "timestamp": "1513938213", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f", "uuid": "5a3cdd22-b7d8-4754-a108-4742950d210f", "timestamp": "1513938210", "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdbf6-eca0-4c09-9bd0-4c59950d210f", "timestamp": "1513937910", "to_ids": true, "value": "961468ddd3d0fa25beb8210c81ba620f9170ed30", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdbf6-acd8-4a36-a028-4c59950d210f", "timestamp": "1513937910", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BO", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f", "sharing_group_id": "0", "timestamp": "1513938172", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f", "uuid": "5a3cdcf9-d5a4-4c8e-a201-45b1950d210f", "timestamp": "1513938169", "referenced_uuid": "5a3c3045-968c-4572-9f64-491502de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdc09-b428-4c0b-9969-c5ed950d210f", "timestamp": "1513937929", "to_ids": true, "value": "a0719b50265505c8432616c0a4e14ed206981e95", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdc09-05d8-4356-ba52-c5ed950d210f", "timestamp": "1513937929", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win64/Sednit.Y", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f", "sharing_group_id": "0", "timestamp": "1513938229", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f", "uuid": "5a3cdd32-3044-4895-8f18-4d06950d210f", "timestamp": "1513938226", "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdc21-a170-4637-b139-4812950d210f", "timestamp": "1513937953", "to_ids": true, "value": "2cf6436b99d11d9d1e0c488af518e35162ecbc9c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdc21-3274-4800-9e91-41e2950d210f", "timestamp": "1513937953", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win64/Sednit.Y", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f", "sharing_group_id": "0", "timestamp": "1513938193", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f", "uuid": "5a3cdd0d-d990-42ba-830d-5156950d210f", "timestamp": "1513938189", "referenced_uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdc37-cee0-43d0-9e20-4db6950d210f", "timestamp": "1513937975", "to_ids": true, "value": "fec29b4f4dccc59770c65c128dfe4564d7c13d33", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdc38-ac24-44be-a1ed-4935950d210f", "timestamp": "1513937976", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win64/Sednit.Z", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f", "sharing_group_id": "0", "timestamp": "1513938132", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f", "uuid": "5a3cdcd1-c6cc-43d8-a2f4-4681950d210f", "timestamp": "1513938129", "referenced_uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdc48-c74c-4b6e-8202-5156950d210f", "timestamp": "1513937992", "to_ids": true, "value": "57d7f3d31c491f8aef4665ca4dd905c3c8a98795", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdc48-55dc-420e-9b5d-5156950d210f", "timestamp": "1513937992", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BO", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f", "sharing_group_id": "0", "timestamp": "1513938283", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f", "uuid": "5a3cdd68-7968-40d1-a0a9-5156950d210f", "timestamp": "1513938280", "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdc5b-54a8-4e60-bc67-4c5a950d210f", "timestamp": "1513938011", "to_ids": true, "value": "a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdc5b-b390-4183-aec7-4c5a950d210f", "timestamp": "1513938011", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BO", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3cdc72-1538-4c66-af46-427b950d210f", "sharing_group_id": "0", "timestamp": "1513938267", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3cdc72-1538-4c66-af46-427b950d210f", "uuid": "5a3cdd58-9800-4bae-837c-4f20950d210f", "timestamp": "1513938264", "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3cdc72-ba30-4ecd-9d21-4654950d210f", "timestamp": "1513938034", "to_ids": true, "value": "1958e722afd0dba266576922abc98aa505cf5f9a", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3cdc72-0804-42c4-acfa-4ac5950d210f", "timestamp": "1513938034", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.AX\t", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f", "sharing_group_id": "0", "timestamp": "1513948645", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f", "uuid": "5a3d0143-c300-4118-8afe-4a2d950d210f", "timestamp": "1513947459", "referenced_uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce3aa-e104-481e-a7f4-4bc1950d210f", "timestamp": "1513939882", "to_ids": true, "value": "9f6bed7d7f4728490117cbc85819c2e6c494251b", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce3aa-74fc-48c7-af40-4c6a950d210f", "timestamp": "1513939882", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BS", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f", "sharing_group_id": "0", "timestamp": "1513948538", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f", "uuid": "5a3d0566-34fc-4a62-b2a5-4f91950d210f", "timestamp": "1513948518", "referenced_uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce3c3-6d9c-48f4-93db-4a61950d210f", "timestamp": "1513939907", "to_ids": true, "value": "4bc722a9b0492a50bd86a1341f02c74c0d773db7", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce3c3-c38c-4e30-a904-4c8f950d210f", "timestamp": "1513939907", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BS", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f", "sharing_group_id": "0", "timestamp": "1513948600", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f", "uuid": "5a3d0570-a86c-4264-a43a-4125950d210f", "timestamp": "1513948528", "referenced_uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce3d4-9168-4e23-8b64-485a950d210f", "timestamp": "1513939924", "to_ids": true, "value": "ab354807e687993fbeb1b325eb6e4ab38d428a1e", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce3d4-27e0-4366-943f-4b9a950d210f", "timestamp": "1513939924", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BR", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f", "sharing_group_id": "0", "timestamp": "1513948629", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f", "uuid": "5a3d05c6-0618-4520-9549-48a0950d210f", "timestamp": "1513948614", "referenced_uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce3ea-8dbc-4cf4-997f-448b950d210f", "timestamp": "1513939946", "to_ids": true, "value": "9c47ca3883196b3a84d67676a804ff50e22b0a9f", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce3ea-e714-444e-ad9b-40b0950d210f", "timestamp": "1513939946", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BN", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f", "sharing_group_id": "0", "timestamp": "1513948076", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f", "uuid": "5a3d038c-1cc8-4d9c-87ab-c5ed950d210f", "timestamp": "1513948044", "referenced_uuid": "5a3ce680-90d4-478d-95db-48a6950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce404-7bfc-4316-bd32-55ea950d210f", "timestamp": "1513939972", "to_ids": true, "value": "8a68f26d01372114f660e32ac4c9117e5d0577f1", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce404-7224-4525-922a-55ea950d210f", "timestamp": "1513939972", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BN", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f", "sharing_group_id": "0", "timestamp": "1513948501", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f", "uuid": "5a3d0543-8f74-4086-aafc-418a950d210f", "timestamp": "1513948483", "referenced_uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce417-62a4-4d46-9a87-55ea950d210f", "timestamp": "1513939991", "to_ids": true, "value": "476fc1d31722ac26b46154cbf0c631d60268b28a", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce417-43f0-494d-ac2e-55ea950d210f", "timestamp": "1513939991", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BN", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f", "sharing_group_id": "0", "timestamp": "1513948131", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f", "uuid": "5a3d03ca-2398-4060-b13c-404a950d210f", "timestamp": "1513948106", "referenced_uuid": "5a3ce60a-6db8-4212-b194-4339950d210f", "relationship_type": "communicates-with"}, {"comment": "", "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f", "uuid": "5a3d03d5-6d8c-4dfb-b193-4002950d210f", "timestamp": "1513948117", "referenced_uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce42c-836c-49e7-a9f3-4a5f950d210f", "timestamp": "1513940012", "to_ids": true, "value": "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce42c-4c88-4940-94b8-4084950d210f", "timestamp": "1513940012", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BG", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f", "sharing_group_id": "0", "timestamp": "1513948342", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f", "uuid": "5a3d04a0-9d28-47c3-a12c-465b950d210f", "timestamp": "1513948320", "referenced_uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce43b-6738-4a14-a318-4d65950d210f", "timestamp": "1513940027", "to_ids": true, "value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce43b-3a10-4d78-9ee2-485c950d210f", "timestamp": "1513940027", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Win32/Sednit.BG", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f", "sharing_group_id": "0", "timestamp": "1513940756", "description": "File object describing a file with meta-information", "template_version": "8", "ObjectReference": [{"comment": "", "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f", "uuid": "5a3ce6fe-b0c4-44df-a609-419a950d210f", "timestamp": "1513940734", "referenced_uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f", "relationship_type": "communicates-with"}, {"comment": "", "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f", "uuid": "5a3ce711-a0dc-4dbe-b59e-495a950d210f", "timestamp": "1513940753", "referenced_uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a3ce44a-2ea4-4526-8bbc-c328950d210f", "timestamp": "1513940042", "to_ids": true, "value": "6e167da3c5d887fa2e58da848a2245d11b6c5ad6", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5a3ce44a-5118-4142-97f0-c328950d210f", "timestamp": "1513940042", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f", "sharing_group_id": "0", "timestamp": "1513940362", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce58a-fcd8-48d5-8b4a-4fd9950d210f", "timestamp": "1513940362", "to_ids": true, "value": "87.236.211.182", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce58a-6e14-48ea-9746-48f2950d210f", "timestamp": "1513940362", "to_ids": true, "value": "servicecdp.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f", "sharing_group_id": "0", "timestamp": "1513940472", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce5f8-99b4-41a2-915a-4bf8950d210f", "timestamp": "1513940472", "to_ids": true, "value": "95.215.45.43", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce5f8-62c8-4f04-89c2-4aeb950d210f", "timestamp": "1513940472", "to_ids": true, "value": "wmdmediacodecs.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce60a-6db8-4212-b194-4339950d210f", "sharing_group_id": "0", "timestamp": "1513940490", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce60a-cc50-4553-bfff-4ea9950d210f", "timestamp": "1513940490", "to_ids": true, "value": "89.45.67.144", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce60b-e648-4667-8432-4ba8950d210f", "timestamp": "1513940491", "to_ids": true, "value": "mvband.net", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f", "sharing_group_id": "0", "timestamp": "1513940506", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce61a-4458-4c36-866e-44e9950d210f", "timestamp": "1513940506", "to_ids": true, "value": "89.33.246.117", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce61a-f820-4a43-b3d9-47e5950d210f", "timestamp": "1513940506", "to_ids": true, "value": "mvtband.net", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce63e-0240-46f5-b9ed-4759950d210f", "sharing_group_id": "0", "timestamp": "1513940542", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce63e-66d4-483f-bae6-44f6950d210f", "timestamp": "1513940542", "to_ids": true, "value": "87.236.211.182", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce63e-0d88-405b-82a9-43b5950d210f", "timestamp": "1513940542", "to_ids": true, "value": "servicecdp.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f", "sharing_group_id": "0", "timestamp": "1513940558", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce64e-d7a8-4817-a132-4c72950d210f", "timestamp": "1513940558", "to_ids": true, "value": "185.156.173.70", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce64e-243c-4931-b733-403c950d210f", "timestamp": "1513940558", "to_ids": true, "value": "runvercheck.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f", "sharing_group_id": "0", "timestamp": "1513940572", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce65c-bf78-4b78-bafd-4cf6950d210f", "timestamp": "1513940572", "to_ids": true, "value": "191.101.31.96", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce65c-8140-4146-a927-45e4950d210f", "timestamp": "1513940572", "to_ids": true, "value": "remsupport.org", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f", "sharing_group_id": "0", "timestamp": "1513940590", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce66f-150c-43ec-a3ff-4aa5950d210f", "timestamp": "1513940591", "to_ids": true, "value": "89.187.150.44", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce66f-466c-478e-8064-4b42950d210f", "timestamp": "1513940591", "to_ids": true, "value": "viters.org", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce680-90d4-478d-95db-48a6950d210f", "sharing_group_id": "0", "timestamp": "1513940608", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce680-7b04-466d-b187-4301950d210f", "timestamp": "1513940608", "to_ids": true, "value": "146.185.253.132", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce680-12f4-4001-9f86-4aa4950d210f", "timestamp": "1513940608", "to_ids": true, "value": "myinvestgroup.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f", "sharing_group_id": "0", "timestamp": "1513940621", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce68d-0108-4557-8921-4377950d210f", "timestamp": "1513940621", "to_ids": true, "value": "86.106.131.141", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce68e-54d0-4c67-8c4c-4dea950d210f", "timestamp": "1513940622", "to_ids": true, "value": "space-delivery.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f", "sharing_group_id": "0", "timestamp": "1513940641", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce6a2-4a38-4b90-8d74-4f10950d210f", "timestamp": "1513940642", "to_ids": true, "value": "89.34.111.160", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce6a2-ffa4-4afb-89ab-42a6950d210f", "timestamp": "1513940642", "to_ids": true, "value": "satellitedeluxpanorama.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}, {"comment": "", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f", "sharing_group_id": "0", "timestamp": "1513940654", "description": "A domain and IP address seen as a tuple in a specific time frame.", "template_version": "5", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a3ce6ae-601c-44b8-8eec-4a5f950d210f", "timestamp": "1513940654", "to_ids": true, "value": "185.216.35.26", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a3ce6ae-3b00-420a-82fd-45fb950d210f", "timestamp": "1513940654", "to_ids": true, "value": "webviewres.net", "disable_correlation": false, "object_relation": "domain", "type": "domain"}], "distribution": "5", "meta-category": "network", "name": "domain-ip"}], "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a3c2fda-78f4-44b7-8366-46da02de0b81", "timestamp": "1513893921", "to_ids": false, "value": "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#007ed9", "exportable": true, "name": "osint:certainty=\"93\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5a3c2fee-7c8c-438a-8f7f-465402de0b81", "timestamp": "1513893921", "to_ids": false, "value": "The Sednit group \u2014 also known as Strontium, APT28, Fancy Bear or Sofacy\u2009\u2014\u2009is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET\u2019s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit\u2019s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group\u2019s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#007ed9", "exportable": true, "name": "osint:certainty=\"93\""}], "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "Xagent Samples", "category": "Network activity", "uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81", "timestamp": "1513893957", "to_ids": true, "value": "movieultimate.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Xagent Samples", "category": "Network activity", "uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81", "timestamp": "1513893957", "to_ids": true, "value": "meteost.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Xagent Samples", "category": "Network activity", "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81", "timestamp": "1513893957", "to_ids": true, "value": "faststoragefiles.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Xagent Samples", "category": "Network activity", "uuid": "5a3c3045-968c-4572-9f64-491502de0b81", "timestamp": "1513893957", "to_ids": true, "value": "nethostnet.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Xagent Samples", "category": "Network activity", "uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81", "timestamp": "1513893957", "to_ids": true, "value": "fsportal.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Xagent Samples", "category": "Network activity", "uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81", "timestamp": "1513893957", "to_ids": true, "value": "fastdataexchange.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Xagent Samples", "category": "Network activity", "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81", "timestamp": "1513893957", "to_ids": true, "value": "newfilmts.com", "disable_correlation": false, "object_relation": null, "type": "domain"}], "extends_uuid": "", "published": false, "date": "2017-12-21", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a3c2fcd-8328-42bb-a95e-4f4402de0b81"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink