4730 lines
No EOL
161 KiB
JSON
4730 lines
No EOL
161 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2018-05-15",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - RAT Gone Rogue: Meet ARS VBS Loader",
|
|
"publish_timestamp": "1542964481",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1542964453",
|
|
"uuid": "5afaeb66-962c-4cd6-a5c8-419e950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:malpedia=\"ARS VBS Loader\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:rat=\"ARS VBS Loader\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#001739",
|
|
"local": false,
|
|
"name": "ms-caro-malware-full:malware-type=\"RemoteAccess\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1542810576",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5afaeb74-4a00-41b0-b991-4eff950d210f",
|
|
"value": "https://www.flashpoint-intel.com/blog/meet-ars-vbs-loader/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1542793303",
|
|
"to_ids": false,
|
|
"type": "yara",
|
|
"uuid": "5bf52857-9e1c-48b8-a140-4207950d210f",
|
|
"value": "rule ARS_VBS_Loader \r\n{ \r\n strings: \r\n $a1 = \"Array(\" \r\n $a2 = \"crypted&\" \r\n $a3 = \"execute(crypted)\" \r\n $b1 = \"ToDecrypt\" \r\n $b2 = \"replace(ToDecrypt,\" \r\n $b3 = \"execute(ToDecrypt)\" \r\n $c1 = \"Randomize\" \r\n $c2 = \"execute(\" \r\n $c3 = \"Wscript.Sleep(\" \r\n $d1 = \"changeCNC()\" \r\n $d2 = \"downloadexecutep\" \r\n $d3 = \"sGetAV\" \r\n $d4 = \"AgonyMutex\" \r\n $d5 = \"dos(hst, cnt)\" \r\n condition: \r\n ((all of ($a*)) or \r\n (all of ($b*)) or \r\n (all of ($c*)) or \r\n (all of ($d*))) \r\n}"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "ASPC/ARS VBS Loader C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1542794835",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5bf52e53-79a8-4f80-b80b-9913950d210f",
|
|
"value": "54.36.12.175"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "ASPC/ARS VBS Loader C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1542794835",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5bf52e53-a860-4d57-824a-9913950d210f",
|
|
"value": "94.102.60.148"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "ASPC/ARS VBS Loader C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1542794836",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5bf52e54-e614-4d46-858b-9913950d210f",
|
|
"value": "192.95.42.88"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "ASPC/ARS VBS Loader C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1542794836",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5bf52e54-92d4-451b-9325-9913950d210f",
|
|
"value": "gtneifnsyrf.tk"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1542809410",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf56706-3330-4f1f-b970-9c1a950d210f",
|
|
"value": "Malicious VBScript has long been a fixture of spam and phishing campaigns, but until recently its functionality has been limited to downloading malware from an attacker-controlled server and executing it on a compromised computer.\r\n\r\nResearchers at Flashpoint have seen and analyzed a unique departure from this norm in ARS VBS Loader, a spin-off of a popular downloader called SafeLoader VBS that was sold and eventually leaked in 2015 on Russian crimeware forums.\r\n\r\nARS VBS Loader not only downloads and executes malicious code, but also includes a command and control application written in PHP that allows a botmaster to issue commands to a victim\u00e2\u20ac\u2122s machine. This behavior likens ARS VBS Loader to a remote access Trojan (RAT), giving it behavior and capabilities rarely seen in malicious \u00e2\u20ac\u0153loaders\u00e2\u20ac\u009d, i.e. initial infection vector malware families used to install subsequent payloads.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542794954",
|
|
"uuid": "5bf52eca-f7bc-40e0-8a7d-435d950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542794955",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52ecb-ca30-4a2f-a0b1-4a31950d210f",
|
|
"value": "7dd3252bbe36caec6c9e4d263e48603a08b0aeca852a582c434dd899b9167e40"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542794955",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52ecb-7cc8-4f53-8cb2-4d40950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542794973",
|
|
"uuid": "5bf52edd-00f8-420f-b93b-4572950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542794974",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52ede-96a8-4880-a0e1-4ca8950d210f",
|
|
"value": "f9357a84d1688315416db12d3a1461b3fb2aee9d8dc749c33d39fc2d90b292da"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542794974",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52ede-908c-4d90-bd73-4307950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542794987",
|
|
"uuid": "5bf52eeb-348c-478a-a262-4f90950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542794987",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52eeb-8af0-4667-815f-4515950d210f",
|
|
"value": "c6115fcc183b642820bb4ef43353b2a15d3b9c5d41dee833d45715a43e538246"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542794988",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52eec-a298-48c6-a474-4d8f950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795005",
|
|
"uuid": "5bf52efd-32e4-4e59-9493-493a950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795005",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52efd-90fc-49fa-9d9a-489d950d210f",
|
|
"value": "4cfb17b9b34703128d63aa0c57cef234469f64f1331dd6382d82b0d2f7768b1a"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795006",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52efe-ed0c-44bf-a609-4225950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795016",
|
|
"uuid": "5bf52f08-3914-4fa0-ab95-a2d7950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795016",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52f08-f070-4c7f-8c74-a2d7950d210f",
|
|
"value": "8d0237e262cacd529c6ca49dc1b105f1e4043942cc0b6d39d8c33871d7659194"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795016",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52f08-e75c-4907-8acd-a2d7950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795033",
|
|
"uuid": "5bf52f19-6570-424f-af25-a2d8950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795033",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52f19-c028-4ec5-8d84-a2d8950d210f",
|
|
"value": "35fb0e1be5b295f2c50a361c112f6573150c4b5e3fb7d244e02aee39f76b1782"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795034",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52f1a-c15c-4f74-b8b7-a2d8950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795044",
|
|
"uuid": "5bf52f24-cdf8-401c-9f6c-a2d8950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795045",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52f25-34e8-4731-a9a7-a2d8950d210f",
|
|
"value": "efee338bd78d0b87174078a27bc9d2b290cfbd3363e94e67964976488d74d585"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795045",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52f25-d238-446b-ad1d-a2d8950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795059",
|
|
"uuid": "5bf52f33-c3a0-409f-810f-424d950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795060",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52f34-b2e4-447c-b807-46c9950d210f",
|
|
"value": "f93503be098993f8be5d76a641d3c322724ce4eb347bac6ab9500a7649d59da0"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795060",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52f34-2450-47d5-998f-47d2950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795184",
|
|
"uuid": "5bf52fb0-0c74-4260-af97-47a0950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795184",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52fb0-953c-4b1a-b8a3-4298950d210f",
|
|
"value": "a23efd2b532958cb2206e75919577cde1efd2e75109a481cee3778740491b895"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795185",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52fb1-4150-4d1e-86d7-4c6d950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795197",
|
|
"uuid": "5bf52fbd-44d8-4f4c-88af-4bec950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795198",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52fbe-540c-4498-8676-459f950d210f",
|
|
"value": "44cf09f2ddc1157f085a84a57d34ec184582f6a8e94f40b033c754c699afe0f0"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795199",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52fbf-04e0-464c-8459-49e0950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795229",
|
|
"uuid": "5bf52fdd-d0cc-4036-9556-04e1950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795229",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf52fdd-f358-47da-ac65-04e1950d210f",
|
|
"value": "adefdc3772dc115ec278a300f2ec8373d71824c3fe021f1ea91f61813a6ce5cb"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795230",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf52fde-5d34-45e7-92e4-04e1950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795266",
|
|
"uuid": "5bf53002-370c-4879-ae45-453b950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795267",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53003-0afc-49bb-83dd-4b25950d210f",
|
|
"value": "c8073d26fae3220e7e7d866d9e612506d25821efc36882ef90ef6a97268a78ec"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795268",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53004-e91c-4c18-8198-40a8950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795279",
|
|
"uuid": "5bf5300f-1a90-4ca2-bb7d-4f33950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795279",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf5300f-2b68-4bdd-94ed-4b7e950d210f",
|
|
"value": "9aa6a80f04aab3a87c4082f24bb6f5327dc7ca2ab852c8edb943ced7d2190874"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795281",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53011-c4e8-4e7b-bd52-4fb4950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542795295",
|
|
"uuid": "5bf5301f-b4e8-405b-a7f2-4b0a950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542795296",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53020-7a98-4b2d-adfd-4b04950d210f",
|
|
"value": "6b871eef7890967f66b071390c60e0d3a033414df01341821627fe1fffeebcf0"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542795297",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53021-3238-40fb-9c6a-4fbb950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797182",
|
|
"uuid": "5bf5377e-1ce8-4c6c-8f90-1976950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797182",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf5377e-8c50-4b96-9407-1976950d210f",
|
|
"value": "1322625bdf1765aec6ebac62bd6911b1264d814c639be7c3ce959aa850b59436"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797183",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf5377f-0cac-42c0-81e2-1976950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797322",
|
|
"uuid": "5bf5380a-8498-45c7-b5ea-4d06950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797322",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf5380a-5dd8-44dc-8f7b-45ef950d210f",
|
|
"value": "c110060c58380156489ff52f9a6fe0a362a7195fe68cf1fc6c27bff5498c8d82"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797323",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf5380b-c9dc-4aca-9a95-44b1950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797346",
|
|
"uuid": "5bf53822-d924-4b32-9d4e-a487950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797346",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53822-0420-4290-ae6b-a487950d210f",
|
|
"value": "2dc4f6b2d9f63bc0da746bd8d36f7c7f116a6b5e25e90ebbb7901415a9eb5d0f"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797347",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53823-5178-461c-89a2-a487950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797362",
|
|
"uuid": "5bf53832-3448-4f0c-bc2f-449f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797362",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53832-4288-4d14-9a5d-48c9950d210f",
|
|
"value": "45dd58018c3208c084f27611ff99ec5622010a370bda8359974f784451fe517d"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797363",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53833-40b0-4fc5-b7fa-4d07950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797375",
|
|
"uuid": "5bf5383f-58dc-4abe-9904-a487950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797375",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf5383f-cbe4-4fdf-9cb9-a487950d210f",
|
|
"value": "fa3d5a1a6dcfd3db42674adb860ac9bb08507bc5a614f9509946c9ca9db23c11"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797377",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53841-1628-4d97-b1a4-a487950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797561",
|
|
"uuid": "5bf538f9-d6ac-4f49-a43d-a4d4950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797561",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf538f9-0cec-488a-8247-a4d4950d210f",
|
|
"value": "d440a31955f763ccf5a07367783d67927a6817fb50a0e88ee986171d407cfcd6"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797563",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf538fb-9300-4c76-beb2-a4d4950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797577",
|
|
"uuid": "5bf53909-9d30-4cf8-b45a-47e7950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797577",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53909-8ad8-47e7-967b-4ce0950d210f",
|
|
"value": "f18b705500532fcd32be985ff878851d64f700d9872564daaf05c57aecc2bb45"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797578",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf5390a-dc60-47a4-bdb3-4724950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797592",
|
|
"uuid": "5bf53918-375c-44bc-9b69-4a98950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53918-13a0-46e1-9e98-4afb950d210f",
|
|
"value": "bde4835c5c8fd1c9d7b471161618051a30c5e3df7e919d66cf6062f74e47eb7c"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797594",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf5391a-fba0-4c9d-a105-4e48950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797608",
|
|
"uuid": "5bf53928-ae80-476a-bb73-415a950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797608",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53928-efa8-4dc4-99fc-4de5950d210f",
|
|
"value": "5608c2b49ae8b8325f902e8a2e1a63cfde0a606ee580e392b7abaedba02d8e25"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797609",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53929-95d8-4945-8b7f-4133950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797794",
|
|
"uuid": "5bf539e2-38dc-40e9-9407-44a3950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797794",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf539e2-aa94-4bcd-9113-4bd9950d210f",
|
|
"value": "b8be8355fdab0987fd4f67768b425322b75849fe8b47945c6bda9b0bea2d904e"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797796",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf539e4-ce80-4698-b67c-4261950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797820",
|
|
"uuid": "5bf539fc-d580-4fb9-8e47-476f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797820",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf539fc-f0e4-4ee6-81bd-4912950d210f",
|
|
"value": "b78cdb90d9a945686d367419f439d44c1f868051b6ce16c2e1008082bee750c1"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797822",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf539fe-5ea4-49b5-a16e-4bf6950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797864",
|
|
"uuid": "5bf53a28-691c-43f1-8f82-a38b950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797864",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53a28-6d94-44c6-a2b8-a38b950d210f",
|
|
"value": "01675c7ab0f4a5807ec4b04c03c5636d01ff0958c64e6a3792463f6ce16a7af7"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797865",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53a29-7724-413c-b5ca-a38b950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797885",
|
|
"uuid": "5bf53a3d-1690-4625-bbc0-1974950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797885",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53a3d-3edc-44ae-9fda-1974950d210f",
|
|
"value": "969a02e8eb029553784b46cc0577009118b79cdba13ccc0afae8ac3f32b2fd9a"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797886",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53a3e-8bd8-4289-ad11-1974950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797933",
|
|
"uuid": "5bf53a6d-7750-43bb-b40a-4c98950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797933",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53a6d-b834-4bfa-a058-4487950d210f",
|
|
"value": "cb0a1eda5d199f88dd2cd4ed464398f68c5999b825bdd101060938f1f5bac01f"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797934",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53a6e-5f8c-492d-8d1d-4e31950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797955",
|
|
"uuid": "5bf53a83-b240-4842-94c0-9913950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797955",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53a83-d214-43ed-bab6-9913950d210f",
|
|
"value": "b67b84986c1563c78d452eed8c050a124040974efec655920c905d64964fde4f"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797956",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53a84-51f0-4371-822b-9913950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542797987",
|
|
"uuid": "5bf53aa3-d434-48ea-8f92-4600950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542797987",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53aa3-2ea0-4e16-80f6-42cb950d210f",
|
|
"value": "54cb7f331bb2feec0ac51be79366b17a1d8ecc0ecc8cbb9a08e58ee54f1049a9"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542797988",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53aa4-cab8-4d50-9638-4a63950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542798001",
|
|
"uuid": "5bf53ab1-b95c-4731-b0f9-4d37950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542798001",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53ab1-2e8c-42bd-9493-4215950d210f",
|
|
"value": "92346d628a862e7b8e18779331094f9bbca723f531d7f9cd87f6fef4d0d0b064"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542798001",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53ab1-28dc-484b-afd0-460d950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542798025",
|
|
"uuid": "5bf53ac9-f710-4c03-a5ec-468e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542798025",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53ac9-bdfc-4ea5-a857-44c2950d210f",
|
|
"value": "3d6ce8062c14ad6a7abed4ba8ba373db9d09ba9b202d37ed4ab9eb62a711721c"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542798026",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53aca-e3c0-4f63-b0fd-48ef950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542798042",
|
|
"uuid": "5bf53ada-2f54-44cd-a409-403f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542798042",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53ada-850c-4b2d-ad85-41ec950d210f",
|
|
"value": "64c5c30f1aebdf1dfc59855e579d99e212ca9b3b5296c801f9a3f22c186bb354"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542798043",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53adb-a3f8-4e2a-931a-4a38950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1542798059",
|
|
"uuid": "5bf53aeb-dd6c-4a8d-b0d8-4cb8950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542798060",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bf53aec-edc8-498e-8cf2-4bc5950d210f",
|
|
"value": "6229a180fb9000cf7ad023f3b74361fba83375c3973ac31428574de5c3f78790"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1542798060",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bf53aec-2f74-4032-a330-41d8950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964330",
|
|
"uuid": "2d231203-1e2f-4712-a02a-3405916933a9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964330",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "804b67d9-3a46-4c8d-a949-d59ce12d6fa3",
|
|
"value": "627ee1dfa0bc963c4ba89e4013630c2e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964331",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c3911234-ba2a-45cc-8f7c-9bc6fdfc768e",
|
|
"value": "b07ae354fec6005d4844b3c64c3e6f4dcf7540b1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964331",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "45458fd2-1e18-4491-9e91-6f8b2e6ba856",
|
|
"value": "1322625bdf1765aec6ebac62bd6911b1264d814c639be7c3ce959aa850b59436"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964332",
|
|
"uuid": "53f797ad-a7fb-4c40-8ad9-f2f5f9e04e79",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964332",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7f906598-1b82-45d6-8b0a-e9db54ca79af",
|
|
"value": "2018-10-04T22:03:34"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964332",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "16453c52-b887-42e6-a08c-d30cbe22151d",
|
|
"value": "https://www.virustotal.com/file/1322625bdf1765aec6ebac62bd6911b1264d814c639be7c3ce959aa850b59436/analysis/1538690614/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964333",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "984e80c0-1dc8-45e1-85e2-1877a28100c2",
|
|
"value": "27/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964333",
|
|
"uuid": "455a8600-8604-40a8-b5b3-f8aef188d90b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964333",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "957ed371-a8f4-4c4b-9c04-9fe8ee4ad1e3",
|
|
"value": "3ce2e8012dd556883eb27c3931a16c14"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964333",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "1c410197-4e88-43a6-81bd-23b5b912e9c1",
|
|
"value": "1b83853f7ec1714807857072a6ac0512f6cf0c89"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964334",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d1b3355f-168f-4475-9ae2-ee1409068cc9",
|
|
"value": "64c5c30f1aebdf1dfc59855e579d99e212ca9b3b5296c801f9a3f22c186bb354"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964334",
|
|
"uuid": "28691535-ee67-4f62-8bcf-89443851cec9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964334",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fa04cb7d-a158-4592-b29d-d532d28e7d52",
|
|
"value": "2018-10-04T21:47:53"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964335",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5e043bc1-cab8-406d-a4c0-53bf782662c7",
|
|
"value": "https://www.virustotal.com/file/64c5c30f1aebdf1dfc59855e579d99e212ca9b3b5296c801f9a3f22c186bb354/analysis/1538689673/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964335",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d15c5446-8e2e-497e-80c8-3e3804e9d193",
|
|
"value": "47/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964335",
|
|
"uuid": "38a2857c-7ec4-4756-bdb3-180bda33ccd8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964335",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "10cd6bc7-9edd-40f5-932d-5339eb686b6c",
|
|
"value": "dc1eeaa99ad020c5eec705b02593fb0e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964336",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "0991c130-49b1-46e1-9624-969a3e07504e",
|
|
"value": "bf9d63751dd2cdfdb24e85bc918fe5c55ee0318a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964336",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "14758d74-06b4-497b-94c4-05357996224a",
|
|
"value": "6229a180fb9000cf7ad023f3b74361fba83375c3973ac31428574de5c3f78790"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964337",
|
|
"uuid": "8e2b6512-4442-4879-9447-1d2c1aae9ee3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964337",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "14e0705f-8f78-407f-9ef1-e0b59e3c8870",
|
|
"value": "2018-10-04T22:03:39"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964337",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c9d7403c-b891-41b6-b581-6b0ccf848853",
|
|
"value": "https://www.virustotal.com/file/6229a180fb9000cf7ad023f3b74361fba83375c3973ac31428574de5c3f78790/analysis/1538690619/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964338",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f54826d7-f529-425b-b9da-e315f79b97a7",
|
|
"value": "27/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964338",
|
|
"uuid": "9156cb7b-bdb1-44ee-99d2-adb57e5981a9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964338",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "aee89606-bdd2-44c4-ad55-fe2fef3c0109",
|
|
"value": "c898c7febc4c1cc55d5f17a66868de06"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964338",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "82a1b759-08ba-4848-b246-9f94e68a3ae8",
|
|
"value": "3a74eb84b564583430e58fd388f10f6a1a08c7b1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964339",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "68d79e30-6c8f-435d-8cf9-26a9a89b9400",
|
|
"value": "adefdc3772dc115ec278a300f2ec8373d71824c3fe021f1ea91f61813a6ce5cb"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964339",
|
|
"uuid": "fa2d5995-01fa-42d2-b419-90e4104fc039",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964339",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "93c5034f-8267-41ba-9da2-bd6e575b1cea",
|
|
"value": "2018-10-04T22:01:27"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964340",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2bd205ed-0d73-494e-86d1-340140144eba",
|
|
"value": "https://www.virustotal.com/file/adefdc3772dc115ec278a300f2ec8373d71824c3fe021f1ea91f61813a6ce5cb/analysis/1538690487/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964340",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "40b16371-fab8-40a2-a2c2-6b2413c4e22c",
|
|
"value": "25/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964340",
|
|
"uuid": "32700a0e-a687-411b-b8f6-8de44536cd50",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964341",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4a10e935-247a-4eef-bb4e-f58b76da4e05",
|
|
"value": "f157f83b1556a118504b340406cc5633"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964341",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "85e24011-eedc-4050-b430-d4c292d68b10",
|
|
"value": "16d11103fa9792f9745b7dd0a21b1cdb2f4f61de"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964342",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a46d5d38-b14e-43aa-892d-3d90daec685e",
|
|
"value": "efee338bd78d0b87174078a27bc9d2b290cfbd3363e94e67964976488d74d585"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964342",
|
|
"uuid": "0becc351-5917-49e8-a74a-7fce2a71af78",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964342",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2c9b9ee2-9b04-49c6-91eb-b5ffb70da6cb",
|
|
"value": "2018-10-04T22:01:34"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964343",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2715ddad-d121-417c-9349-1696c496f4df",
|
|
"value": "https://www.virustotal.com/file/efee338bd78d0b87174078a27bc9d2b290cfbd3363e94e67964976488d74d585/analysis/1538690494/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964343",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b211e589-a015-42ac-9106-0c7d30f56991",
|
|
"value": "29/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964343",
|
|
"uuid": "e5b457e6-a246-4e0e-82a5-c5230e570092",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964343",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "dc0876ce-6554-4fd0-b692-6fceb73c1adf",
|
|
"value": "81600266fc940c61c590e1c27c2605ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964344",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "89de1404-7770-4679-a977-7c347dd64755",
|
|
"value": "ed1af846015854ed83be389673a35f0927b07269"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964344",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1e442025-053b-4dec-9e41-83b19eb4f825",
|
|
"value": "f9357a84d1688315416db12d3a1461b3fb2aee9d8dc749c33d39fc2d90b292da"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964345",
|
|
"uuid": "fd219f9d-96a6-4df7-9554-c29eb0b150f0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964345",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6ade2e56-ac24-4d1c-8fb2-24b6f284d50e",
|
|
"value": "2018-10-04T22:01:38"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964345",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9d661378-d1a6-4933-86fa-9ae1084675e1",
|
|
"value": "https://www.virustotal.com/file/f9357a84d1688315416db12d3a1461b3fb2aee9d8dc749c33d39fc2d90b292da/analysis/1538690498/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964346",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9f7e7910-a081-4457-ac03-05605cdc894e",
|
|
"value": "26/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964346",
|
|
"uuid": "7f4f1b73-baee-4e65-a4f0-5330b25bb62c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964346",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "04ddc0ce-17aa-4e29-a4ee-79cdc570ff9b",
|
|
"value": "715c8a236a41b078cd032f5aa9bcff03"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964346",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b95f8e8b-87c8-4180-9a2b-b4fe032d8db8",
|
|
"value": "ffe9a1d1721276df525d01d7facea8a7f16a274f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964347",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6293372e-3606-49b4-8f4c-0508cf9ddca4",
|
|
"value": "9aa6a80f04aab3a87c4082f24bb6f5327dc7ca2ab852c8edb943ced7d2190874"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964347",
|
|
"uuid": "c0a3a24a-e187-4231-82d7-b72e30702e48",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964347",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "934395f2-2768-4a76-afc5-3512fe0e3937",
|
|
"value": "2018-10-04T22:03:42"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964348",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "26228f42-ed81-4724-91ca-784454a2202f",
|
|
"value": "https://www.virustotal.com/file/9aa6a80f04aab3a87c4082f24bb6f5327dc7ca2ab852c8edb943ced7d2190874/analysis/1538690622/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964348",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "afaf6783-de0d-40b3-a604-4b4ac7c1e2ea",
|
|
"value": "29/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964348",
|
|
"uuid": "61a28418-26d7-41c2-a8a7-f0a1bfe09bda",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964348",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "494ad6d7-a6dd-40fe-8c91-aba204704362",
|
|
"value": "d3ea69adf242199195da416adef6fd4b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964349",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c4c1ff-d27d-44a4-8dfa-74ede203a882",
|
|
"value": "31866b972a0b5ca8186958e96ba617e449c8e201"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964349",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e0b4bb56-68af-4b24-aad4-f31a7491a076",
|
|
"value": "5608c2b49ae8b8325f902e8a2e1a63cfde0a606ee580e392b7abaedba02d8e25"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964350",
|
|
"uuid": "30a5e86b-9518-4115-814d-cdc00b3ce12b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964350",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "10bc5880-2376-4542-9266-3f68263ce503",
|
|
"value": "2018-10-04T22:03:39"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964350",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1989fd8d-5768-4b78-93ab-b4a1948d2705",
|
|
"value": "https://www.virustotal.com/file/5608c2b49ae8b8325f902e8a2e1a63cfde0a606ee580e392b7abaedba02d8e25/analysis/1538690619/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964351",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1c2c39f7-1214-40a6-8ab1-9ae418ce92ef",
|
|
"value": "14/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964351",
|
|
"uuid": "b2833b66-d9e4-4d6e-81c9-50ac0219adab",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964351",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2576cf80-74cd-4604-be71-53d28e6dee7b",
|
|
"value": "e3dc901f99f08c3b7198f71d8e583882"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964352",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "50d3ef4d-7451-4d50-a618-50aaec8b0c5d",
|
|
"value": "f39815148252b7b134e0843726770b779e5f1393"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964352",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9562221b-c253-448f-b642-0e60d2ddf178",
|
|
"value": "bde4835c5c8fd1c9d7b471161618051a30c5e3df7e919d66cf6062f74e47eb7c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964352",
|
|
"uuid": "aa2a462d-1500-4d47-aab2-1913a735bac1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964353",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "49343f1e-e1eb-482a-82f0-2532801e823a",
|
|
"value": "2018-10-04T22:01:31"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964353",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "83074d1c-da30-4a88-820a-faef1b19aada",
|
|
"value": "https://www.virustotal.com/file/bde4835c5c8fd1c9d7b471161618051a30c5e3df7e919d66cf6062f74e47eb7c/analysis/1538690491/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964354",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "353dfcc8-bae4-4cfe-b670-3db6c57fe4ea",
|
|
"value": "25/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964354",
|
|
"uuid": "5924ec0d-c09b-4142-a031-91f67c938a4a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964354",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "31156f40-6d5d-48a1-b904-ff3853cb953a",
|
|
"value": "917d0038c6dc129891e96146ca65d52b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964354",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "a258e2e1-55fa-41fb-a4b4-a3345d4c1245",
|
|
"value": "2ded6393a3b523708cc084dd1c7cf70504dc6e20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964355",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "eba60d6c-dd00-4876-9fe8-f797210cb3b8",
|
|
"value": "b67b84986c1563c78d452eed8c050a124040974efec655920c905d64964fde4f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964355",
|
|
"uuid": "2946e5f7-a2f3-4502-8e3f-77b14ebedffa",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964355",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "09d04bb8-a98c-454d-8516-2678790fc289",
|
|
"value": "2018-10-04T22:01:28"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964356",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b15c3de2-33d9-4672-a701-14a32fba4b39",
|
|
"value": "https://www.virustotal.com/file/b67b84986c1563c78d452eed8c050a124040974efec655920c905d64964fde4f/analysis/1538690488/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964356",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "382ca9c2-c57c-4557-9e7f-af9812358ee0",
|
|
"value": "27/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964356",
|
|
"uuid": "c6901866-939c-4729-a229-5e57d96f61fd",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964356",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "de2b2a9e-158c-42bc-ad8b-f63071ed4378",
|
|
"value": "7891d9231fb15c96be52f57762a27ab9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964357",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "a3ecff2f-4629-429c-8be8-2f6221dc3f17",
|
|
"value": "3011e4f63184ba676da55551a06138d68cfd4b85"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964357",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d8b9f7ca-cb22-4feb-b59c-7235af14b508",
|
|
"value": "6b871eef7890967f66b071390c60e0d3a033414df01341821627fe1fffeebcf0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964358",
|
|
"uuid": "eaf37e2f-fc4f-45fa-8d32-bd68a24f77b1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964358",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2bd9c791-9b33-4f59-94f7-31bcce69ce34",
|
|
"value": "2018-10-04T22:03:40"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964359",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "718e106e-8114-46f8-b11e-574e115a32c8",
|
|
"value": "https://www.virustotal.com/file/6b871eef7890967f66b071390c60e0d3a033414df01341821627fe1fffeebcf0/analysis/1538690620/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964359",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "36069caf-8e8d-4f78-bdcc-9b77f6da4502",
|
|
"value": "6/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964359",
|
|
"uuid": "3b99cbd2-7122-44e4-b35a-b74898957a90",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964359",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4bb8824b-83cb-4a74-8c55-c4172b1e910d",
|
|
"value": "d80a48c80be4e8558df1ea5b568082c3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964360",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2a36635e-1a8d-413e-9412-8f1cf48e2737",
|
|
"value": "96f558cf79c4570f749d6463c95b4d188452dadb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964360",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a4319428-b5b1-4c96-b232-682925c55788",
|
|
"value": "3d6ce8062c14ad6a7abed4ba8ba373db9d09ba9b202d37ed4ab9eb62a711721c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964361",
|
|
"uuid": "e3526893-c659-40a6-a103-75f2c83ebee4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964361",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "82a20279-4faf-4a49-b913-b03e12a8450d",
|
|
"value": "2018-10-12T04:23:59"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964361",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9968cc1c-3f34-4e83-863c-9de779a3fb1e",
|
|
"value": "https://www.virustotal.com/file/3d6ce8062c14ad6a7abed4ba8ba373db9d09ba9b202d37ed4ab9eb62a711721c/analysis/1539318239/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964362",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "02a0c0a0-d3f0-4cc3-9ea3-24e3c2b7532e",
|
|
"value": "26/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964362",
|
|
"uuid": "0fed2a59-cbe4-42da-a396-95d30b13fa1c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964362",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "db66c50f-bfdb-4943-ad6a-e04d2868ea61",
|
|
"value": "3048853c134cbbed51fc62829882198a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964362",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9901fa78-57cc-47df-b409-f48dc4d31219",
|
|
"value": "9487abdc69b90ba332d07deb72660b630f43ddf7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964363",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c154ffd8-b878-4602-b5f5-24e1c1e5f0b3",
|
|
"value": "35fb0e1be5b295f2c50a361c112f6573150c4b5e3fb7d244e02aee39f76b1782"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964363",
|
|
"uuid": "e2ef9578-ee07-4f38-9ad3-653dae691c27",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964363",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "11581142-6866-426e-a038-2255974382d4",
|
|
"value": "2018-10-04T22:03:35"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964364",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "0f04b942-4af6-4557-8b6f-b56c1cd24f49",
|
|
"value": "https://www.virustotal.com/file/35fb0e1be5b295f2c50a361c112f6573150c4b5e3fb7d244e02aee39f76b1782/analysis/1538690615/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964364",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7ad8aa34-c2fd-440d-80c8-21529d0c214e",
|
|
"value": "26/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964364",
|
|
"uuid": "d2bf9eb7-9d12-49a7-97b1-29f54560f192",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964364",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "27b49df5-8666-40d6-bb86-f317044b603a",
|
|
"value": "d4258390bc32171d136612a7088cda9d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964365",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "6b700c25-591b-4d70-a400-cac602975f41",
|
|
"value": "76029fd2ef902687b66c6e26dd85387ea62f439b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964365",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "af9c532c-742e-4962-a3e4-f61c7c86f6ac",
|
|
"value": "45dd58018c3208c084f27611ff99ec5622010a370bda8359974f784451fe517d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964366",
|
|
"uuid": "515dead6-0759-43df-b43c-d03339832582",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964366",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d77e9411-04a6-4584-b3cc-f96fd17f3af5",
|
|
"value": "2018-10-04T22:03:36"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964366",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7cbcb577-174a-4f1a-bc2b-b88336d4a45d",
|
|
"value": "https://www.virustotal.com/file/45dd58018c3208c084f27611ff99ec5622010a370bda8359974f784451fe517d/analysis/1538690616/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964367",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "4600b3a2-4967-4b61-bb32-589d424e9319",
|
|
"value": "23/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964367",
|
|
"uuid": "c09966ed-c0c4-4f6e-8d95-dc56aa3ee1ed",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964367",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "326c5ec6-a8c8-407d-b181-c4c02740dfd3",
|
|
"value": "074bfed6c3797e46d88d64c1f57a6a7f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964367",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "20c03daf-dd22-44f4-99ef-4d94aab1cc15",
|
|
"value": "2f587614bc10a802c4675075ab818bf30a8a72ce"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964368",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "cc3b346c-c86a-4a11-b223-9ec66aaa4a7b",
|
|
"value": "f18b705500532fcd32be985ff878851d64f700d9872564daaf05c57aecc2bb45"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964368",
|
|
"uuid": "a0d6d50b-aaed-468b-a3c6-406780156917",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964368",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c0825efc-40ed-48c2-bc0b-034b8b7351aa",
|
|
"value": "2018-11-04T01:39:29"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964369",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6554b77c-c853-4b02-8ac0-bab733d253c5",
|
|
"value": "https://www.virustotal.com/file/f18b705500532fcd32be985ff878851d64f700d9872564daaf05c57aecc2bb45/analysis/1541295569/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964369",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "aff817d2-b1cf-4f04-ac58-ba1f51a1e1f7",
|
|
"value": "27/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964369",
|
|
"uuid": "58d2ad0b-2195-4b98-be19-35e92dd3def8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964369",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0dc7466a-d6b6-42c7-9854-2a9b9a74a149",
|
|
"value": "63d30e1c9c014c36afac1303ecaa186b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964370",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "a6659fa5-df9d-4d3c-a0a6-c691e0d36b2c",
|
|
"value": "91d156e40c9e7bfbccc4fa88b1897240e5dc6bbd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964370",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "48dd91cf-8fcb-4baf-b6ac-578c607bb95c",
|
|
"value": "fa3d5a1a6dcfd3db42674adb860ac9bb08507bc5a614f9509946c9ca9db23c11"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964371",
|
|
"uuid": "e0d5b904-2f28-42cf-b9d8-0a2fd9e13acd",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964371",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9bd0ffae-eaff-445d-9aaf-87ffbbef0537",
|
|
"value": "2018-10-04T22:01:39"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964371",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9b1a0a20-acde-4594-8811-23c4bdc4c380",
|
|
"value": "https://www.virustotal.com/file/fa3d5a1a6dcfd3db42674adb860ac9bb08507bc5a614f9509946c9ca9db23c11/analysis/1538690499/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964372",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bbafbbc-6479-4d83-a2fa-cb980bd0e79c",
|
|
"value": "18/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964372",
|
|
"uuid": "0531bcf3-d700-4647-9ee5-8222dcf77031",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964372",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "7e136629-08e9-442c-9185-30f42fe8c269",
|
|
"value": "901d3d0705fac0c41343f891cba3afeb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964372",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d7b01cf5-cdc1-4ef6-be8c-fb48bd41f219",
|
|
"value": "418b7328c68577b925e99d92fbfdb877deb17eeb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964373",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3e7c5abd-3dc2-4fa5-915a-14ba9a63260c",
|
|
"value": "d440a31955f763ccf5a07367783d67927a6817fb50a0e88ee986171d407cfcd6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964373",
|
|
"uuid": "aca17406-fbc5-4ad9-836d-d6f7b87f32e0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964374",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a5f95bea-435f-4b40-9772-68c78e32a130",
|
|
"value": "2018-10-04T22:01:34"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964374",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "aa81669a-77ae-4bac-b674-836abd395179",
|
|
"value": "https://www.virustotal.com/file/d440a31955f763ccf5a07367783d67927a6817fb50a0e88ee986171d407cfcd6/analysis/1538690494/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964374",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f0eed020-b258-4951-a505-d9de23b84a2e",
|
|
"value": "26/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964374",
|
|
"uuid": "abf8b9af-5db3-415e-91c8-ec77b9042bd3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964375",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "22e85f2d-c744-4629-99e4-2ea8aa98b503",
|
|
"value": "c7675e036e80691a108d8f336458b282"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964375",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f02e1ae2-dc64-4386-9739-fd77dc83f115",
|
|
"value": "eb9e4269eeabdaff3e5cf2357ea20ae5228985d2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964375",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "0c654537-adea-45fa-a8ea-8b810e235669",
|
|
"value": "c110060c58380156489ff52f9a6fe0a362a7195fe68cf1fc6c27bff5498c8d82"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964376",
|
|
"uuid": "2bb390b2-d76b-4144-ae17-f116bc7e1679",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964376",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "905e97e4-3836-4dc2-b2ac-6553b90ab649",
|
|
"value": "2018-10-04T22:01:32"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964376",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e49ef480-50a1-4ef5-9709-795018a1c795",
|
|
"value": "https://www.virustotal.com/file/c110060c58380156489ff52f9a6fe0a362a7195fe68cf1fc6c27bff5498c8d82/analysis/1538690492/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964377",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a595283f-6d10-47ae-b481-72aa9f2125c1",
|
|
"value": "25/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964377",
|
|
"uuid": "812ad998-5585-46a3-ae10-3a75651bb1e3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964377",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f24fbde7-ca40-40d1-95c0-819c81cfc3e4",
|
|
"value": "babb80883aa9284e54550c3b8f9f7c66"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964377",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4b5bf664-dc07-49cd-82a6-bd85d01e30b1",
|
|
"value": "a8a92cdfa770fd83ed85980cf7ed6ef3ff9a8d42"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964378",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3ec73d8b-5f31-43c7-b07c-b769838ae4cb",
|
|
"value": "8d0237e262cacd529c6ca49dc1b105f1e4043942cc0b6d39d8c33871d7659194"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964378",
|
|
"uuid": "99fcaeca-7b2e-4bb3-bdd1-65f67c600dcf",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964379",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d190b3a3-a213-409c-a504-49b093d03ec8",
|
|
"value": "2018-10-04T22:03:41"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964379",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "70e7dc9d-4bca-4733-9f70-4c72ec3c0e48",
|
|
"value": "https://www.virustotal.com/file/8d0237e262cacd529c6ca49dc1b105f1e4043942cc0b6d39d8c33871d7659194/analysis/1538690621/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964380",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1e820c19-21f5-4868-8e85-9e552c3064f7",
|
|
"value": "21/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964380",
|
|
"uuid": "96b8e393-d609-4e7e-976a-44de591e6ad2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964380",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "215a4c9d-9f3e-4542-b143-be2e828b6cfe",
|
|
"value": "19fdfd55045eb8603d4da84633fcd612"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964380",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "8c87d3da-2ee0-4c61-84a7-6d56cfaa029f",
|
|
"value": "93c0104229b3add41e11a7a0dbeeafd812031e62"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964381",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "0be25fb6-33b1-49c8-b766-e3be642c4d6a",
|
|
"value": "f93503be098993f8be5d76a641d3c322724ce4eb347bac6ab9500a7649d59da0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964381",
|
|
"uuid": "9124c4d5-7657-4cd4-9213-f981805a9da0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964381",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c325b7d5-227b-4d5a-afd6-4267e3bdf9a8",
|
|
"value": "2018-11-22T10:13:37"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964382",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "69cfa5f8-8a53-443f-8af2-fa1eaf1c4aa4",
|
|
"value": "https://www.virustotal.com/file/f93503be098993f8be5d76a641d3c322724ce4eb347bac6ab9500a7649d59da0/analysis/1542881617/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964382",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d833b294-dda6-4d3d-81f7-e87eb48d84fc",
|
|
"value": "14/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964382",
|
|
"uuid": "f9247032-a5e2-4254-a6e1-0d9cbbca80f7",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964382",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "b8a58785-3143-4bf9-8ccf-a9c057966849",
|
|
"value": "9ecf853d6db3dd2cd82c640200caaee2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964383",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "6a9f184c-c948-452e-bc40-cf225396d5a6",
|
|
"value": "66cb85038dba5e9f40e30e9874fc270ebcc5de74"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964383",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8994b913-c11f-4ed4-909a-4ef7fb594b9f",
|
|
"value": "a23efd2b532958cb2206e75919577cde1efd2e75109a481cee3778740491b895"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964384",
|
|
"uuid": "bcdcb988-4f3a-4516-b7be-fc921e2f13ce",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964384",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9fcf50ce-b7a9-4110-b566-833dba1a7e79",
|
|
"value": "2018-10-04T22:01:26"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964384",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "05cdf0c7-e89e-4e28-8b3d-66a2f4a4a9f5",
|
|
"value": "https://www.virustotal.com/file/a23efd2b532958cb2206e75919577cde1efd2e75109a481cee3778740491b895/analysis/1538690486/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964385",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9af72b35-2a53-45de-8cdf-35e8bcf65109",
|
|
"value": "29/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964385",
|
|
"uuid": "498610cd-cb8b-44b1-9b39-3975489d1a91",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964385",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "98119b7c-c4f8-4506-9b5b-3748ec33a54f",
|
|
"value": "03f182668e5af2047b9efe1133f0ae52"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964385",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "900cc978-633f-442f-aafa-2bad06475f87",
|
|
"value": "1bca79c1e8539ed69ea9629ea730dbab7b3fd963"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964386",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "815ae6ff-6a0b-4315-8511-d3aacbef467c",
|
|
"value": "b8be8355fdab0987fd4f67768b425322b75849fe8b47945c6bda9b0bea2d904e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964386",
|
|
"uuid": "67fe65f8-5bcc-4f03-878f-170583080d8c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964386",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1259810a-f2c3-47f7-bf91-b9dce7457fbb",
|
|
"value": "2018-10-04T22:01:31"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964387",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "fa305c0f-fbff-4013-ab7f-abf016fb6371",
|
|
"value": "https://www.virustotal.com/file/b8be8355fdab0987fd4f67768b425322b75849fe8b47945c6bda9b0bea2d904e/analysis/1538690491/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964387",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9351d12b-de9a-4a8e-b194-e469ecccd942",
|
|
"value": "17/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964387",
|
|
"uuid": "6fd19418-7bec-4356-8020-e33d6f70ef65",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964387",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "82d83a81-6bcc-4f90-b324-4f0423522142",
|
|
"value": "876ed66c71945fcb3b7df1387137f0f0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964388",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "8e4509c6-e002-4aef-a867-ebb41afb5cc8",
|
|
"value": "dcbe261011ee997c0ffa46b5ff7b6280ff8fe853"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964389",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e1b02488-272d-4cf2-85de-9895d08eb471",
|
|
"value": "2dc4f6b2d9f63bc0da746bd8d36f7c7f116a6b5e25e90ebbb7901415a9eb5d0f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964389",
|
|
"uuid": "d805f716-a752-4f5c-96c7-f99946b04216",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964389",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "8637fa4e-0654-4176-b408-ffaf7b5360d4",
|
|
"value": "2018-10-04T22:03:34"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964390",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "258eb7b8-14c9-423b-9e77-f2017282cd60",
|
|
"value": "https://www.virustotal.com/file/2dc4f6b2d9f63bc0da746bd8d36f7c7f116a6b5e25e90ebbb7901415a9eb5d0f/analysis/1538690614/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964390",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "bfb42e74-6c7b-49b8-b172-e68abb7e5960",
|
|
"value": "25/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964390",
|
|
"uuid": "6ea34765-1d33-4141-a4ec-7d96ad75657b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964390",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "11a9e2aa-a420-4ea5-aaef-a4485df6d877",
|
|
"value": "926cc8a4981587eb55dd7152cf244401"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964391",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "10bf851d-9095-4f14-bce9-0b81a142ca3e",
|
|
"value": "cefc04e1b622c36e0d65bdad3191d9737921b082"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964391",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "213249e4-81eb-4f4c-bbac-bb4d6a3a0aa8",
|
|
"value": "7dd3252bbe36caec6c9e4d263e48603a08b0aeca852a582c434dd899b9167e40"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964391",
|
|
"uuid": "2e58aac3-5acb-45ed-9409-e4bc86c69962",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964392",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ef3938ba-7107-41d8-9cf2-b11ea9d4f6d2",
|
|
"value": "2018-10-04T22:03:40"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964392",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "30763bb5-70b2-481b-a8f1-3d81c7103d29",
|
|
"value": "https://www.virustotal.com/file/7dd3252bbe36caec6c9e4d263e48603a08b0aeca852a582c434dd899b9167e40/analysis/1538690620/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964392",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7a993d45-579e-4ba5-a591-f397a3da6bcd",
|
|
"value": "15/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964392",
|
|
"uuid": "1626747a-0584-4978-97bd-445b51be7ec9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964393",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e3bbb283-d9ae-4378-937c-b0ce0be50343",
|
|
"value": "f9ee6f7f49f0b175f1ddea33a5eee401"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964393",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5961b72c-7967-4ab8-95d2-68004972e43b",
|
|
"value": "d1a036c70f29e3d89d22cb630e57d2c510a72cf2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964393",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "dd98f304-8a8d-436c-9a9c-3be84108cb0a",
|
|
"value": "c6115fcc183b642820bb4ef43353b2a15d3b9c5d41dee833d45715a43e538246"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964394",
|
|
"uuid": "0c86b217-a577-4b07-9ea6-960642cfe0e1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964394",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "8ce27327-dd55-4f65-8ca2-8c479dfe2f2f",
|
|
"value": "2018-10-04T22:01:32"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964395",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "07f95690-286e-49e0-a3c7-0b537de24067",
|
|
"value": "https://www.virustotal.com/file/c6115fcc183b642820bb4ef43353b2a15d3b9c5d41dee833d45715a43e538246/analysis/1538690492/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964395",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "27c553dc-cad0-4d6e-847d-d58d99adad9c",
|
|
"value": "29/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964395",
|
|
"uuid": "2c4d2509-740b-4a02-a0a6-d491102926f1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964395",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "800f5ca1-be19-4bbf-afc3-f825cd03db59",
|
|
"value": "f64208cfe7233d7fda733b1f34762cff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964396",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "cbab1779-2a26-4aee-8517-2e41d196f48d",
|
|
"value": "8139484ccbb67b133d6e608608f59945390dd3c7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964396",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7be4786f-b4c0-4468-8e82-86fc0b2c0f76",
|
|
"value": "4cfb17b9b34703128d63aa0c57cef234469f64f1331dd6382d82b0d2f7768b1a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964397",
|
|
"uuid": "8020cfc1-e4d3-4068-9d05-2d5d0fa8cb07",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964397",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "007fb078-5333-4503-a2a8-edd05458ee7c",
|
|
"value": "2018-10-04T22:03:37"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964397",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c0740138-3e52-44ea-ba49-2f8872fb704f",
|
|
"value": "https://www.virustotal.com/file/4cfb17b9b34703128d63aa0c57cef234469f64f1331dd6382d82b0d2f7768b1a/analysis/1538690617/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964398",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "4ed0dcbd-1857-488d-8ce2-66749f5d1bb0",
|
|
"value": "28/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964398",
|
|
"uuid": "a836db08-ec9d-49ca-9d44-df76d3845d2a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964398",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "84bc7156-3e19-4771-973c-efa2894a4acd",
|
|
"value": "a7b85c263611b66d93859ad25305c1c9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964398",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "33ef4e72-a554-4509-9706-e35903724ccf",
|
|
"value": "ba4bbce0576f227b1484fbdfa1eab632475dbf4f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964399",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7ada1f99-a6d5-40c6-88a3-2df26e1c4abe",
|
|
"value": "92346d628a862e7b8e18779331094f9bbca723f531d7f9cd87f6fef4d0d0b064"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964399",
|
|
"uuid": "7a4046c0-0255-4bd6-b2ea-a60a1da8f93d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964399",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "4cbe4fc4-36f9-473a-b7e5-794a2954a03e",
|
|
"value": "2018-10-04T22:03:41"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964400",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a15a67d0-78b8-4765-b264-0fd7facbe27f",
|
|
"value": "https://www.virustotal.com/file/92346d628a862e7b8e18779331094f9bbca723f531d7f9cd87f6fef4d0d0b064/analysis/1538690621/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964400",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b1f5087a-2c8b-4f9b-975b-164854e7849c",
|
|
"value": "21/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964400",
|
|
"uuid": "75614a07-da01-4aaf-a183-787ad1ab1528",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964401",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8efa0cce-57ee-45ca-b6dd-bd57cd844710",
|
|
"value": "734d5bcc52ba2d7dc4c5d61b22ecfca1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964401",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "0043eaea-985b-4630-a8e7-3cbca82b3e6e",
|
|
"value": "ed845ccaf593419288f2e0f83b464e55caaed622"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964401",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1fc7d37a-bb7d-4e4b-9a26-936d111378bd",
|
|
"value": "44cf09f2ddc1157f085a84a57d34ec184582f6a8e94f40b033c754c699afe0f0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964402",
|
|
"uuid": "a2e7637e-8ea9-45ca-aa7f-5e68c829f863",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964402",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2fd639c1-5d55-4b0c-bedc-53dd7dfc12d7",
|
|
"value": "2018-10-04T22:03:36"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964402",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2833b63a-fc6a-4316-9025-dafe1ebce911",
|
|
"value": "https://www.virustotal.com/file/44cf09f2ddc1157f085a84a57d34ec184582f6a8e94f40b033c754c699afe0f0/analysis/1538690616/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964403",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9bbb5a3c-c854-4a1c-9e49-ad42c70a15f8",
|
|
"value": "15/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964403",
|
|
"uuid": "267bd58d-04fc-493e-a072-784621128b22",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964403",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "122005ec-4755-4856-afaa-d417f770325d",
|
|
"value": "5e3f5d3f9bd5b3bfa65731d8d3184cd6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964404",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e90cc233-5c39-47df-985b-1944b68ecaa7",
|
|
"value": "c22aeb9ca9e60d0c579549fa1430904dc453cfa8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964404",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b4711dd8-e807-45cd-9473-71b661928439",
|
|
"value": "cb0a1eda5d199f88dd2cd4ed464398f68c5999b825bdd101060938f1f5bac01f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964405",
|
|
"uuid": "1194d254-c086-47d9-b3fc-01058920c465",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964405",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "af1e45f1-f510-4c66-9026-a774077d9537",
|
|
"value": "2018-10-04T22:01:33"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964405",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d4b2828e-8a6e-44a4-807c-8e814cd8c049",
|
|
"value": "https://www.virustotal.com/file/cb0a1eda5d199f88dd2cd4ed464398f68c5999b825bdd101060938f1f5bac01f/analysis/1538690493/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964406",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "01960bc9-278a-4b2c-9f64-0819bb57f8d0",
|
|
"value": "22/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964406",
|
|
"uuid": "f089d728-53cd-497d-9be0-9a7b92f5e079",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964406",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "47ecd460-3a7a-4e5c-857f-5ef979ca34bb",
|
|
"value": "4f977db6063bcb43505f7da2437a2d67"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964406",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "cad2dbc9-8e5c-4bc6-8a8e-b71394fac550",
|
|
"value": "48539976e7400fca42a71a58910e584fed3ed60b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964407",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1a02c6ac-81ac-439e-b9f7-ff6e4b3cd25b",
|
|
"value": "b78cdb90d9a945686d367419f439d44c1f868051b6ce16c2e1008082bee750c1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964407",
|
|
"uuid": "b0bfdec1-85cf-4cf2-a672-c0de92ecc0e8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964407",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "0ee0ba12-86ad-49b5-96a6-fdc920845a81",
|
|
"value": "2018-10-04T22:01:30"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964408",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5f06a0e9-8fea-40c6-9af8-1544e96ec188",
|
|
"value": "https://www.virustotal.com/file/b78cdb90d9a945686d367419f439d44c1f868051b6ce16c2e1008082bee750c1/analysis/1538690490/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964408",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "3ff4fef5-48e2-4176-a0bb-69bd0c381063",
|
|
"value": "25/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964408",
|
|
"uuid": "1db9d7bd-f7d1-4db5-9efd-f3f23707dbd0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964408",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "bb03c3c5-5918-443f-82d9-1e2254926c3b",
|
|
"value": "2bc23bb6f305c4da8c75bb92d3f0c1cb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964409",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b14e51a7-1f56-4fa0-bef5-a7cf46e17a0a",
|
|
"value": "5c8dcc3eedb17fe796befd978ca39b535b4c5089"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964409",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "88dd5017-debf-40e8-98ed-def068a43e7c",
|
|
"value": "c8073d26fae3220e7e7d866d9e612506d25821efc36882ef90ef6a97268a78ec"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964409",
|
|
"uuid": "e8e14067-3d30-498e-8da8-34126bd0e997",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964410",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "8cf5727f-d850-452e-8dd3-fee9566eb61c",
|
|
"value": "2018-11-22T06:40:34"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964410",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "25273bee-1ce8-4e15-b64c-b8f51d0ecfec",
|
|
"value": "https://www.virustotal.com/file/c8073d26fae3220e7e7d866d9e612506d25821efc36882ef90ef6a97268a78ec/analysis/1542868834/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964411",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7ebffdd3-ddbb-4193-981a-3f1181e0102a",
|
|
"value": "29/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964411",
|
|
"uuid": "33c04ab5-2063-4b38-a3a9-63ec5dbb34a4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964411",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "7dfd07d4-1d8c-4ca5-b5e9-ee3745b054e7",
|
|
"value": "683c753dd3a7cb5fa5ff5fa3a0f5e5de"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964411",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e3d77a40-9e83-4851-8dba-56ca387944a7",
|
|
"value": "362acc479033806ca0f8128e765205c791a0593f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964411",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d80fa3da-8741-48aa-9960-dfdf873aeda1",
|
|
"value": "54cb7f331bb2feec0ac51be79366b17a1d8ecc0ecc8cbb9a08e58ee54f1049a9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964412",
|
|
"uuid": "315dc26e-154d-406e-a88f-cd73f56ed8f0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964412",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "25eb8b0a-e817-4823-941d-a5ff04c56dea",
|
|
"value": "2018-10-04T22:03:38"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964412",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "81a29f80-23d9-4c53-a6c3-b3f15524ef05",
|
|
"value": "https://www.virustotal.com/file/54cb7f331bb2feec0ac51be79366b17a1d8ecc0ecc8cbb9a08e58ee54f1049a9/analysis/1538690618/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964413",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d9a4034c-5e60-4208-9432-80b0c8303920",
|
|
"value": "27/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964413",
|
|
"uuid": "0c7aaa35-6f9e-4364-954a-168f04952f51",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964413",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "a421894e-1124-4968-aaad-a81f14b5f9f1",
|
|
"value": "0059c514d28f0cf7c42669ed4d9a2510"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964414",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4ad68906-5e3a-40b6-9d78-0ad42027a9c8",
|
|
"value": "1f9d5043582a24114a4a97ac3e77a424d74af0c0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964414",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "749735a8-6e85-4719-9fa5-a36cffd97712",
|
|
"value": "01675c7ab0f4a5807ec4b04c03c5636d01ff0958c64e6a3792463f6ce16a7af7"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964414",
|
|
"uuid": "792f22a7-0ce5-4cfa-9187-88fb668071d4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964415",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7b6d01fb-e17d-4e1e-9189-f8de530ea0df",
|
|
"value": "2018-10-05T16:57:14"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964415",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5f7323ec-edf5-43cb-96c6-cc2b93eea39f",
|
|
"value": "https://www.virustotal.com/file/01675c7ab0f4a5807ec4b04c03c5636d01ff0958c64e6a3792463f6ce16a7af7/analysis/1538758634/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964416",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d302d76a-dffe-4ed2-b1e5-17c484d6c437",
|
|
"value": "47/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1542964416",
|
|
"uuid": "9236e519-f50b-419a-8809-e3aeea5c6ca7",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1542964416",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "af46fdf3-e799-4561-babb-6efa409e5b52",
|
|
"value": "d2361e4684a00774eeac70196dbfc2a4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1542964416",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5e456623-2183-4373-910e-64a5d014427e",
|
|
"value": "fedd21b12e4878d2de0c8aa592ead0d9af0019e9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1542964417",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6bccb0b5-da6c-4daf-b292-ba99769471c3",
|
|
"value": "969a02e8eb029553784b46cc0577009118b79cdba13ccc0afae8ac3f32b2fd9a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1542964417",
|
|
"uuid": "2a31be24-48c6-4a58-a57d-db912afab36f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1542964417",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5d18618c-8772-4697-8ec9-f4a29952e16b",
|
|
"value": "2018-10-04T22:03:42"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1542964418",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f31fc33e-12cf-4395-9a80-5e4a126a78f5",
|
|
"value": "https://www.virustotal.com/file/969a02e8eb029553784b46cc0577009118b79cdba13ccc0afae8ac3f32b2fd9a/analysis/1538690622/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1542964418",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7d632373-ebf0-4f16-87f2-2b3f08916a60",
|
|
"value": "28/59"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |