adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5aa43c06-fbdc-4a8f-b607-406402de0b81.json

1722 lines
No EOL
58 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2018-03-10",
"extends_uuid": "",
"info": "OSINT - New traces of Hacking Team in the wild",
"publish_timestamp": "1520714114",
"published": true,
"threat_level_id": "2",
"timestamp": "1520714084",
"uuid": "5aa43c06-fbdc-4a8f-b607-406402de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#420014",
"local": false,
"name": "collaborative-intelligence:request=\"sample\"",
"relationship_type": ""
},
{
"colour": "#001cad",
"local": false,
"name": "estimative-language:likelihood-probability=\"very-likely\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520714044",
"to_ids": false,
"type": "link",
"uuid": "5aa43c14-ebf4-403b-8c58-492d02de0b81",
"value": "https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520714045",
"to_ids": false,
"type": "text",
"uuid": "5aa43c26-c0ac-46b7-b67b-421902de0b81",
"value": "Previously unreported samples of Hacking Team\u00e2\u20ac\u2122s infamous surveillance tool \u00e2\u20ac\u201c the Remote Control System (RCS) \u00e2\u20ac\u201c are in the wild, and have been detected by ESET systems in fourteen countries.\r\n\r\nOur analysis of the samples reveals evidence suggesting that Hacking Team\u00e2\u20ac\u2122s developers themselves are actively continuing the development of this spyware.\r\nFrom Hacking Team to Hacked Team to\u00e2\u20ac\u00a6?\r\n\r\nSince being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world.\r\n\r\nThe capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device\u00e2\u20ac\u2122s webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments \u00e2\u20ac\u201c an allegation it has consistently denied.\r\n\r\nWhen the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data \u00e2\u20ac\u201c including the once-secret list of customers, internal communications, and spyware source code \u00e2\u20ac\u201c leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future.\r\n\r\nFollowing the hack, the security community has been keeping a close eye on the company\u00e2\u20ac\u2122s efforts to get back on its feet. The first reports suggesting Hacking Team\u00e2\u20ac\u2122s resumed operations came six months later \u00e2\u20ac\u201c a new sample of Hacking Team\u00e2\u20ac\u2122s Mac spyware was apparently in the wild. A year after the breach, an investment by a company named Tablem Limited brought changes to Hacking Team\u00e2\u20ac\u2122s shareholder structure, with Tablem Limited taking 20% of Hacking Team\u00e2\u20ac\u2122s shareholding. Tablem Limited is officially based in Cyprus; however, recent news suggests it has ties to Saudi Arabia.\r\n\r\nHaving just concluded our research into another commercial spyware product, FinFisher, two interesting events involving Hacking Team occurred in close succession \u00e2\u20ac\u201c the report about Hacking Team\u00e2\u20ac\u2122s apparent financial recovery and our discovery of a new RCS variant in the wild with a valid digital certificate.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713140",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7b-6758-4fec-8cd1-4a6102de0b81",
"value": "Trojan.Win32/CrisisHT.F"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713141",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7b-b740-446e-903c-421302de0b81",
"value": "Trojan.Win32/CrisisHT.H"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713141",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7b-b9d0-4e61-bcc1-4b8102de0b81",
"value": "Trojan.Win32/CrisisHT.E"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713142",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7b-c2a0-4b08-98e8-464302de0b81",
"value": "Trojan.Win32/CrisisHT.L"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713142",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7b-ce90-4a4e-b761-4c1802de0b81",
"value": "Trojan.Win32/CrisisHT.J"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713142",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7b-d378-4585-b20f-455202de0b81",
"value": "Trojan.Win32/Agent.ZMW"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713143",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7c-5390-409f-9ac2-435202de0b81",
"value": "Trojan.Win32/Agent.ZMX"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713143",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7c-b2b4-4dfb-97f3-475502de0b81",
"value": "Trojan.Win32/Agent.ZMY"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713144",
"to_ids": false,
"type": "text",
"uuid": "5aa43c7c-1430-45b3-8489-469402de0b81",
"value": "Trojan.Win32/Agent.ZMZ"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712853",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c95-e3e0-4d94-9481-4afe02de0b81",
"value": "2eebf9d864bef5e08e2e8abd93561322de2ab33b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712854",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c96-2cb8-4b0f-9be4-40b702de0b81",
"value": "51506ed3392b9e59243312b0f798c898804913db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712854",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c96-0988-4e47-9025-4d5502de0b81",
"value": "61eda4847845f49689ae582391cd1e6a216a8fa3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712854",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c96-df04-4c30-9a8e-476302de0b81",
"value": "68ffd64b7534843ac2c66ed68f8b82a6ec81b3e8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712855",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c97-4e58-463c-980a-4dcc02de0b81",
"value": "6fd86649c6ca3d2a0653fd0da724bada9b6a6540"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712855",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c97-a97c-4c31-af16-4f1602de0b81",
"value": "92439f659f14dac5b353b1684a4a4b848ecc70ef"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712856",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c98-a020-47ff-94f3-4fa902de0b81",
"value": "a10ca5d8832bc2085592782bd140eb03cb31173a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712856",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c98-1808-4f2c-ada6-474b02de0b81",
"value": "a1c41f3dad59c9a1a126324a4612628fa174c45a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712856",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c98-48a4-4608-a83d-460902de0b81",
"value": "b7229303d71b500157fa668cece7411628d196e2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712857",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43c99-02d0-49f0-92e3-4b2202de0b81",
"value": "eede2e3fa512a0b1ac8230156256fc7d4386eb24"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712868",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43ca4-6a18-40e4-8fe6-49a702de0b81",
"value": "149.154.153.223"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713145",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43ca4-2720-4611-b256-4d7b02de0b81",
"value": "192.243.101.125"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713145",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43ca4-ff80-4124-ba0f-474002de0b81",
"value": "180.235.133.23"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713146",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43ca4-dc2c-4b74-925c-4e7202de0b81",
"value": "192.243.101.124"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713146",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43ca4-7138-42aa-b450-4ee902de0b81",
"value": "95.110.167.74"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712868",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43ca4-ed44-4129-bb6c-410402de0b81",
"value": "149.154.153.223"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712882",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43cb2-12dc-4d85-8cc9-4da102de0b81",
"value": "341dbcb6d17a3bc7fa813367414b023309eb69c4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712882",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43cb2-f574-4a31-b58a-4d6802de0b81",
"value": "86fad7c362a45097823220b77dcc30fb5671d6d4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712883",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43cb3-a204-40db-aa2c-42b702de0b81",
"value": "9dfc7e78892a9f18d2d15adbfa52cda379ddd963"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712883",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43cb3-7e68-44ce-8f20-449702de0b81",
"value": "e8f6b7d10b90ad64f976c3bfb4c822cb1a3c34b2"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713147",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43cc7-d4c8-40c9-8d51-412b02de0b81",
"value": "188.166.244.225"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713147",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43cc7-b114-4aca-81a6-4f8202de0b81",
"value": "45.33.108.172"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713148",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43cc8-4b84-4fb2-a247-4abb02de0b81",
"value": "178.79.186.40"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713148",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43cc8-b824-448e-ab9c-4fae02de0b81",
"value": "173.236.149.166"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712917",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43cd5-0af4-4fd8-a42f-423402de0b81",
"value": "27f4287e1a5348714a308e9175fb9486d95815a2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712917",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43cd5-034c-4fdb-95d7-4b0902de0b81",
"value": "71a68c6140d066ca016efa9087d71f141e9e2806"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712918",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43cd6-12ec-4347-91d9-40af02de0b81",
"value": "dc817f86c1282382a1c21f64700b79fcd064ae5c"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713149",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43cf3-0308-4a5a-bb37-475702de0b81",
"value": "188.226.170.222"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712962",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d02-80a4-4797-b7e3-430302de0b81",
"value": "508f935344d95ffe9e7aedff726264a9b500b854"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712963",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d03-0550-478f-9a06-482702de0b81",
"value": "7cc213a26f8df47ddd252365fadbb9cca611be20"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712963",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d03-0610-46a7-9d62-44b602de0b81",
"value": "98a98bbb488b6a6737b12344b7db1acf0b92932a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712964",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d04-8054-43df-8749-474f02de0b81",
"value": "cd29b37272f8222e19089205975ac7798aac7487"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712964",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d04-bc10-4a18-a457-4a5c02de0b81",
"value": "d21fe0171f662268ca87d4e142aedfbe6026680b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712965",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d05-62e4-43b5-8403-43bf02de0b81",
"value": "5bf1742d540f08a187b571c3bf2aeb64f141c4ab"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712965",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d05-3020-4b87-9fd7-4b5002de0b81",
"value": "854600b2e42bd45acea9a9114747864be002bf0b"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713150",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43d11-f3c0-47a4-87fe-45d702de0b81",
"value": "46.165.236.62"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712995",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d23-659c-4cbf-8ddd-406402de0b81",
"value": "4ac42c9a479b34302e1199762459b5e775eec037"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712995",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d23-a85c-41bc-86c5-467602de0b81",
"value": "2059e2a90744611c7764c3b1c7dcf673bb36f7ab"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712996",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d24-d1b8-4d3e-b0f1-453c02de0b81",
"value": "b5fb3147b43b5fe66da4c50463037c638e99fb41"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712996",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d24-5b14-496a-b6d6-487b02de0b81",
"value": "9cd2ff4157e4028c58cef9372d3bb99b8f2077ec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712996",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d24-1560-40df-9ce7-439602de0b81",
"value": "b23046f40fbc931b364888a7bc426b56b186d60e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712997",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d25-77f8-4f1a-b051-422e02de0b81",
"value": "cc209f9456f0a2c5a17e2823bdb1654789fcadc8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712997",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d25-cde4-410b-9218-4a2d02de0b81",
"value": "99c978219fe49e55441e11db0d1df4bda932e021"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712998",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d26-d6e4-41b1-9308-467d02de0b81",
"value": "e85c2eab4c9eea8d0c99e58199f313ca4e1d1735"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520712998",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d26-d448-4bd3-a55b-4d9d02de0b81",
"value": "141d126d41f1a779dca69dd09640aa125afed15a"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713150",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43d34-bb64-459d-acc8-4b8302de0b81",
"value": "199.175.54.209"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713151",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aa43d34-e254-4c60-aa40-4fa502de0b81",
"value": "199.175.54.228"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713026",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d42-ce14-4bf1-9e81-4e9802de0b81",
"value": "baa53ddba627f2c38b26298d348ca2e1a31be52e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713026",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d42-9420-42b2-aeca-4c0e02de0b81",
"value": "5690a51384661602cd796e53229872ff87ab8aa4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713027",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d43-648c-4922-9c6b-451502de0b81",
"value": "aa2a408fcaa5c86d2972150fc8dd3ad3422f807a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713027",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43d43-cb8c-4185-bde5-434e02de0b81",
"value": "83503513a76f82c8718fad763f63fcd349b8b7fc"
},
{
"category": "Network activity",
"comment": "Sample with RFC1918 network",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520713151",
"to_ids": false,
"type": "ip-dst",
"uuid": "5aa43d53-26e0-455d-80aa-4bb802de0b81",
"value": "172.16.1.206"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713155",
"uuid": "8f1ac29d-1dac-4bb8-b8cd-d43918109c56",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8f1ac29d-1dac-4bb8-b8cd-d43918109c56",
"referenced_uuid": "6ffffa16-5287-41a8-b0bc-1011a2f90542",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-2bb8-4bd5-b2e8-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713152",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dc0-8ed0-404e-9236-5a3902de0b81",
"value": "cd29b37272f8222e19089205975ac7798aac7487"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713152",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dc0-45a8-41ab-9d32-5a3902de0b81",
"value": "23bd1bd8124b07092e4ff894af2c7a892ea5c05a89daf4d9d39e18be7d098b3f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713153",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dc1-d73c-45b5-9390-5a3902de0b81",
"value": "e56c0bb65c68e89921b4a8348976a0e9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713153",
"uuid": "6ffffa16-5287-41a8-b0bc-1011a2f90542",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713153",
"to_ids": false,
"type": "link",
"uuid": "5aa43dc1-c88c-4353-8bdb-5a3902de0b81",
"value": "https://www.virustotal.com/file/23bd1bd8124b07092e4ff894af2c7a892ea5c05a89daf4d9d39e18be7d098b3f/analysis/1520698055/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713154",
"to_ids": false,
"type": "text",
"uuid": "5aa43dc2-e724-4f6d-bd9b-5a3902de0b81",
"value": "27/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713154",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dc2-c94c-48d5-8ee2-5a3902de0b81",
"value": "2018-03-10T16:07:35"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713157",
"uuid": "c514a618-21cc-4848-8b7d-b32d3c2590f4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c514a618-21cc-4848-8b7d-b32d3c2590f4",
"referenced_uuid": "00dc0efd-2673-4a9a-8e63-4016fae10397",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-b01c-47c3-a80b-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713154",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dc2-d6c8-499e-99b6-5a3902de0b81",
"value": "aa2a408fcaa5c86d2972150fc8dd3ad3422f807a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713155",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dc3-03d8-43b2-8558-5a3902de0b81",
"value": "de4906e8e68e5b74dad0bcfa8b9950f64adea9c38b4d0f122bdf2c561cd080f8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713155",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dc3-7b80-4622-991b-5a3902de0b81",
"value": "f3001d31503a2c610a6c490c24e87aba"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713155",
"uuid": "00dc0efd-2673-4a9a-8e63-4016fae10397",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713156",
"to_ids": false,
"type": "link",
"uuid": "5aa43dc4-0a24-4cdc-a716-5a3902de0b81",
"value": "https://www.virustotal.com/file/de4906e8e68e5b74dad0bcfa8b9950f64adea9c38b4d0f122bdf2c561cd080f8/analysis/1520698380/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713156",
"to_ids": false,
"type": "text",
"uuid": "5aa43dc4-aa2c-40f2-965e-5a3902de0b81",
"value": "18/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713156",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dc4-89e0-4b9d-a7a2-5a3902de0b81",
"value": "2018-03-10T16:13:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713159",
"uuid": "0cf3262b-d9cd-4511-bc13-399ac4e64747",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0cf3262b-d9cd-4511-bc13-399ac4e64747",
"referenced_uuid": "9c7a5201-6887-49ed-8980-1b5a9e474827",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-17fc-4149-bfe4-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713157",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dc5-74dc-4c3a-b73b-5a3902de0b81",
"value": "61eda4847845f49689ae582391cd1e6a216a8fa3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713157",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dc5-97cc-4398-a7f9-5a3902de0b81",
"value": "d485eaaed66a97822fd8b3317d2d61df50c1e1647ad37d6f42805b11eac37746"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713157",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dc5-3958-4d06-9f9c-5a3902de0b81",
"value": "c0618556e9ef16b35b042bc29aeb9291"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713158",
"uuid": "9c7a5201-6887-49ed-8980-1b5a9e474827",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713158",
"to_ids": false,
"type": "link",
"uuid": "5aa43dc6-37ec-420a-bc0e-5a3902de0b81",
"value": "https://www.virustotal.com/file/d485eaaed66a97822fd8b3317d2d61df50c1e1647ad37d6f42805b11eac37746/analysis/1520697613/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713158",
"to_ids": false,
"type": "text",
"uuid": "5aa43dc6-a180-4d4d-ae82-5a3902de0b81",
"value": "15/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713158",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dc6-f194-4f02-b168-5a3902de0b81",
"value": "2018-03-10T16:00:13"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713162",
"uuid": "23ae982a-dca9-4fca-944b-124be14c0c9f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "23ae982a-dca9-4fca-944b-124be14c0c9f",
"referenced_uuid": "7422e526-4992-4cb4-b1b5-8d1545afa39e",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-50d8-498c-999f-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713159",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dc7-3b00-4cdd-9595-5a3902de0b81",
"value": "5690a51384661602cd796e53229872ff87ab8aa4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713159",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dc7-3e14-44fa-b60d-5a3902de0b81",
"value": "60a3fb6c7e520bd27a218feda00d45383bf937eb43de823b0c3247cd1959e2ee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713160",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dc8-31f4-4cb9-b7b0-5a3902de0b81",
"value": "2612c832ffebbdb7dab7e5b8d1905390"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713160",
"uuid": "7422e526-4992-4cb4-b1b5-8d1545afa39e",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713160",
"to_ids": false,
"type": "link",
"uuid": "5aa43dc8-c858-4bcb-93dc-5a3902de0b81",
"value": "https://www.virustotal.com/file/60a3fb6c7e520bd27a218feda00d45383bf937eb43de823b0c3247cd1959e2ee/analysis/1520698295/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713161",
"to_ids": false,
"type": "text",
"uuid": "5aa43dc9-31dc-4708-85d0-5a3902de0b81",
"value": "21/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713161",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dc9-7948-419f-b795-5a3902de0b81",
"value": "2018-03-10T16:11:35"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713165",
"uuid": "af2d44db-3090-4ba3-b8a7-ee2d0d4258fc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "af2d44db-3090-4ba3-b8a7-ee2d0d4258fc",
"referenced_uuid": "73679752-9aec-4797-b143-16fb695da756",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-b3b4-46eb-8d3c-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713162",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dca-ad40-4936-90a4-5a3902de0b81",
"value": "baa53ddba627f2c38b26298d348ca2e1a31be52e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713162",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dca-db6c-4877-bb5f-5a3902de0b81",
"value": "d632340e513002dce71b8427dc5cb3c2bda0432ca0a64112b023545bc33fcfc0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713163",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dcb-c758-4c6e-a0dd-5a3902de0b81",
"value": "8f56458f3fb710c4c1d103e7e9951703"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713163",
"uuid": "73679752-9aec-4797-b143-16fb695da756",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713163",
"to_ids": false,
"type": "link",
"uuid": "5aa43dcb-12f0-41e5-9a7a-5a3902de0b81",
"value": "https://www.virustotal.com/file/d632340e513002dce71b8427dc5cb3c2bda0432ca0a64112b023545bc33fcfc0/analysis/1520698270/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713164",
"to_ids": false,
"type": "text",
"uuid": "5aa43dcc-b1b0-4e41-8e7f-5a3902de0b81",
"value": "19/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713164",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dcc-b1dc-4d6b-a745-5a3902de0b81",
"value": "2018-03-10T16:11:10"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713167",
"uuid": "4d5a2ae4-7ffb-44e5-90e0-30adb5a8f2d0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4d5a2ae4-7ffb-44e5-90e0-30adb5a8f2d0",
"referenced_uuid": "8bce23ef-625e-4fa0-a04f-d6ea5143db09",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-3580-4802-91b4-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713164",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dcc-1fe4-42c6-92a5-5a3902de0b81",
"value": "e85c2eab4c9eea8d0c99e58199f313ca4e1d1735"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713165",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dcd-b860-4cc7-ab3a-5a3902de0b81",
"value": "7ad11df43e76e61bde4ef6b7357cf0ce51363fda911e7504a5b3e45051249dd7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713165",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dcd-860c-455d-97f0-5a3902de0b81",
"value": "80eab4d4b117ef420fe9cdd63d6a9b99"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713166",
"uuid": "8bce23ef-625e-4fa0-a04f-d6ea5143db09",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713166",
"to_ids": false,
"type": "link",
"uuid": "5aa43dce-4538-4ac9-9e50-5a3902de0b81",
"value": "https://www.virustotal.com/file/7ad11df43e76e61bde4ef6b7357cf0ce51363fda911e7504a5b3e45051249dd7/analysis/1520698195/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713166",
"to_ids": false,
"type": "text",
"uuid": "5aa43dce-5434-4583-9e21-5a3902de0b81",
"value": "37/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713166",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dce-1ea8-40e5-b94e-5a3902de0b81",
"value": "2018-03-10T16:09:55"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713170",
"uuid": "a684e0aa-5fde-4266-8526-e2e4e1534034",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a684e0aa-5fde-4266-8526-e2e4e1534034",
"referenced_uuid": "8d39fa5f-4b17-4163-b1c7-5d0927e8a66d",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-02e4-42db-bb8d-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713167",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dcf-68cc-4bbc-8879-5a3902de0b81",
"value": "71a68c6140d066ca016efa9087d71f141e9e2806"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713167",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dcf-3dac-48ec-a3b9-5a3902de0b81",
"value": "2d839ea7a0e0b371b40401c521d9253a9bc969855c36a1a0275bff599d683123"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713167",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dcf-662c-4fce-ad69-5a3902de0b81",
"value": "d6ca39fef03cf67f8ddc2a560874d80d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713168",
"uuid": "8d39fa5f-4b17-4163-b1c7-5d0927e8a66d",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713168",
"to_ids": false,
"type": "link",
"uuid": "5aa43dd0-b910-48fe-ab56-5a3902de0b81",
"value": "https://www.virustotal.com/file/2d839ea7a0e0b371b40401c521d9253a9bc969855c36a1a0275bff599d683123/analysis/1520697957/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713168",
"to_ids": false,
"type": "text",
"uuid": "5aa43dd0-bc10-4b59-8555-5a3902de0b81",
"value": "40/64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713169",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dd1-9870-4cae-bee5-5a3902de0b81",
"value": "2018-03-10T16:05:57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713172",
"uuid": "73a783a2-4a26-45d7-8a48-4891b2074c3e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "73a783a2-4a26-45d7-8a48-4891b2074c3e",
"referenced_uuid": "e37bb3f3-dff5-4ad1-baed-1dfe0cda7d7c",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-3d10-4954-9d80-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713169",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dd1-2cf4-4cb6-80bd-5a3902de0b81",
"value": "99c978219fe49e55441e11db0d1df4bda932e021"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713169",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dd1-f6fc-42cb-960c-5a3902de0b81",
"value": "d828682e72ea7953a3b62d2a7d97f69b6087595b82fb8df1e75ef66ddbd52bb9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713170",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dd2-a0a4-4bcc-b877-5a3902de0b81",
"value": "6f5c89473c9e6baf741629549ec52fe1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713170",
"uuid": "e37bb3f3-dff5-4ad1-baed-1dfe0cda7d7c",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713170",
"to_ids": false,
"type": "link",
"uuid": "5aa43dd2-4aa8-4857-bb26-5a3902de0b81",
"value": "https://www.virustotal.com/file/d828682e72ea7953a3b62d2a7d97f69b6087595b82fb8df1e75ef66ddbd52bb9/analysis/1520698181/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713171",
"to_ids": false,
"type": "text",
"uuid": "5aa43dd3-e060-4efe-b6f3-5a3902de0b81",
"value": "38/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713171",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dd3-4a78-4345-8f53-5a3902de0b81",
"value": "2018-03-10T16:09:41"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520713174",
"uuid": "74749933-0413-4182-aa63-26f29f66d794",
"ObjectReference": [
{
"comment": "",
"object_uuid": "74749933-0413-4182-aa63-26f29f66d794",
"referenced_uuid": "e9d32494-70d3-498d-b857-0f882c3d7a90",
"relationship_type": "analysed-with",
"timestamp": "1520713174",
"uuid": "5aa43dd6-5a34-408c-9046-5a3902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520713171",
"to_ids": true,
"type": "sha1",
"uuid": "5aa43dd3-c79c-41c2-8832-5a3902de0b81",
"value": "83503513a76f82c8718fad763f63fcd349b8b7fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520713172",
"to_ids": true,
"type": "sha256",
"uuid": "5aa43dd4-97ec-4727-9a25-5a3902de0b81",
"value": "e785eac2917af3f1a5bdd8c3a2210588c7ac4ab3cd0c168938f526cbd823aa27"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520713172",
"to_ids": true,
"type": "md5",
"uuid": "5aa43dd4-9550-429b-a5c2-5a3902de0b81",
"value": "7f1f9fa306c2e71ecb96daefafadc6e3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520713172",
"uuid": "e9d32494-70d3-498d-b857-0f882c3d7a90",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520713173",
"to_ids": false,
"type": "link",
"uuid": "5aa43dd5-3738-43f3-856a-5a3902de0b81",
"value": "https://www.virustotal.com/file/e785eac2917af3f1a5bdd8c3a2210588c7ac4ab3cd0c168938f526cbd823aa27/analysis/1520701204/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520713173",
"to_ids": false,
"type": "text",
"uuid": "5aa43dd5-d4ec-426a-8ec9-5a3902de0b81",
"value": "19/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520713173",
"to_ids": false,
"type": "datetime",
"uuid": "5aa43dd5-2360-45ea-b7ec-5a3902de0b81",
"value": "2018-03-10T17:00:04"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink