misp-circl-feed/feeds/circl/misp/5b9162c3-90b4-423b-bd69-28330acd0835.json

{
  "Event": {
    "analysis": "2",
    "date": "2018-09-06",
    "extends_uuid": "",
    "info": "powerpool-malware-exploits-zero-day-vulnerability",
    "publish_timestamp": "1589183606",
    "published": true,
    "threat_level_id": "2",
    "timestamp": "1621849865",
    "uuid": "5b9162c3-90b4-423b-bd69-28330acd0835",
    "Orgc": {
      "name": "Synovus Financial",
      "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": false,
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1536254918",
        "to_ids": false,
        "type": "link",
        "uuid": "5b9162d7-70bc-4802-a3e8-2efb0acd0835",
        "value": "https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/"
      },
      {
        "category": "Network activity",
        "comment": "C2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1536255394",
        "to_ids": true,
        "type": "domain",
        "uuid": "5b916597-a96c-43dc-bcc0-2f0b0acd0835",
        "value": "newsrental.net",
        "Tag": [
          {
            "colour": "#00aad0",
            "local": false,
            "name": "veris:action:malware:variety=\"C2\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "C2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1536255394",
        "to_ids": true,
        "type": "domain",
        "uuid": "5b916597-7bc0-45f8-a810-2f0b0acd0835",
        "value": "rosbusiness.eu",
        "Tag": [
          {
            "colour": "#00aad0",
            "local": false,
            "name": "veris:action:malware:variety=\"C2\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "C2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1536255394",
        "to_ids": true,
        "type": "domain",
        "uuid": "5b916597-dc78-43cb-b1df-2f0b0acd0835",
        "value": "afishaonline.eu",
        "Tag": [
          {
            "colour": "#00aad0",
            "local": false,
            "name": "veris:action:malware:variety=\"C2\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "C2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1536255394",
        "to_ids": true,
        "type": "domain",
        "uuid": "5b916597-7ba8-4aaa-98b5-2f0b0acd0835",
        "value": "sports-collectors.com",
        "Tag": [
          {
            "colour": "#00aad0",
            "local": false,
            "name": "veris:action:malware:variety=\"C2\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "C2\r\nCountry: Korea, Republic Of\r\nRegion: Gyeonggi-do\r\nCity: Yongin\r\nISP: Daou Technology",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1536256145",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5b916597-ec48-4d1f-b15f-2f0b0acd0835",
        "value": "27.102.106.149",
        "Tag": [
          {
            "colour": "#00aad0",
            "local": false,
            "name": "veris:action:malware:variety=\"C2\"",
            "relationship_type": ""
          }
        ]
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "13",
        "timestamp": "1536254905",
        "uuid": "5b91638b-01d0-4303-9938-28310acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1536254957",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b91638b-f688-4841-b4d2-28310acd0835",
            "value": "32b8d08e67cf509236ae8142fbeb30b3",
            "Tag": [
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1536254957",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b91638b-5d60-4865-9be0-28310acd0835",
            "value": "8c2e729bc086921062e214b7e4c9c4ddf324a0fa53b4ed106f1341cfe8274fe4",
            "Tag": [
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1536254957",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b91638b-250c-4e03-b6f7-28310acd0835",
            "value": "038f75dcf1e5277565c68d57fa1f4f7b3005f3f3",
            "Tag": [
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "size-in-bytes",
            "timestamp": "1536254859",
            "to_ids": false,
            "type": "size-in-bytes",
            "uuid": "5b91638b-480c-4627-95ab-28310acd0835",
            "value": "198656"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1536254963",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b91638b-a4dc-450f-9bc6-28310acd0835",
            "value": "3072:y0FPC7QAKohdraoNpLOxx85wzWVTBfGGMZhm05Pb8QOutp:ba7zfragLOxx85JVTBezZXbLOut",
            "Tag": [
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              },
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1536254859",
            "to_ids": false,
            "type": "text",
            "uuid": "5b91638b-d750-48ec-aeaa-28310acd0835",
            "value": "Malicious"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1536254905",
            "to_ids": false,
            "type": "text",
            "uuid": "5b9163b9-43a4-43cc-831b-2eff0acd0835",
            "value": "First stage backdoor"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "13",
        "timestamp": "1536255024",
        "uuid": "5b916430-9e3c-4911-b3e9-ca520acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1536255053",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b916430-0124-4a45-bf94-ca520acd0835",
            "value": "efe3518ee7d62299d01b7882f72ffd0a",
            "Tag": [
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1536255024",
            "to_ids": false,
            "type": "text",
            "uuid": "5b916430-f9b4-45ed-b526-ca520acd0835",
            "value": "First stage backdoor"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1536255053",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b916430-4898-4071-b4f5-ca520acd0835",
            "value": "035f97af0def906fbd8f7f15fb8107a9e852a69160669e7c0781888180cd46d5",
            "Tag": [
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1536255054",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b916430-e110-4bc6-8427-ca520acd0835",
            "value": "247b542af23ad9c63697428c7b77348681aadc9a",
            "Tag": [
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "size-in-bytes",
            "timestamp": "1536255024",
            "to_ids": false,
            "type": "size-in-bytes",
            "uuid": "5b916430-0fac-4102-a6c2-ca520acd0835",
            "value": "195072"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1536255054",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b916430-0b5c-49c8-b20b-ca520acd0835",
            "value": "3072:hMBIQ8vnQQgZKc1WZL0Az3jGSp0TBfmXnZS1m05xI8QOutt:eBIbPDgZK0yL0Az36e0TBeXZStILOut",
            "Tag": [
              {
                "colour": "#5fb4b2",
                "local": false,
                "name": "Stage 1",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1536255024",
            "to_ids": false,
            "type": "text",
            "uuid": "5b916430-0634-4a60-b821-ca520acd0835",
            "value": "Malicious"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "13",
        "timestamp": "1536255120",
        "uuid": "5b91647e-fb8c-475d-a647-2eff0acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1536255177",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b91647e-5998-450e-b763-2eff0acd0835",
            "value": "e2bd4044fab4214c4aa7dd65d65fca21",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1536255177",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b91647e-172c-4f3e-be5d-2eff0acd0835",
            "value": "af2abf0748013a7084507f8e96f6e7c21a3f962fbbb148dcbb482a98c06940a1",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1536255177",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b91647e-bb5c-4513-980d-2eff0acd0835",
            "value": "0423672fe9201c325e33f296595fb70dcd81bcd9",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "size-in-bytes",
            "timestamp": "1536255102",
            "to_ids": false,
            "type": "size-in-bytes",
            "uuid": "5b91647e-de40-459d-8828-2eff0acd0835",
            "value": "395776"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1536255177",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b91647e-a5fc-4161-b118-2eff0acd0835",
            "value": "6144:Py7VqCkozgC2uNmz/MbVflIaPhlHvuFFNTP9DZ8EX8kE5KRf+L8uvyvcQ0BiF:Py7V6N/wISZvk7TP9F1X8 hcRe8u6wW",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1536255102",
            "to_ids": false,
            "type": "text",
            "uuid": "5b91647e-eec4-4749-8e33-2eff0acd0835",
            "value": "Malicious"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1536255120",
            "to_ids": false,
            "type": "text",
            "uuid": "5b916490-d93c-4284-9455-28330acd0835",
            "value": "Second stage backdoor"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "13",
        "timestamp": "1536255239",
        "uuid": "5b916507-21cc-4a2f-aa8c-28280acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1536255270",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b916507-cdc0-4c61-ac3f-28280acd0835",
            "value": "80e7a7789286d3fb69f083f1a2dddbe6",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1536255239",
            "to_ids": false,
            "type": "text",
            "uuid": "5b916507-2a48-4b4f-9d72-28280acd0835",
            "value": "Second stage backdoor"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1536255270",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b916507-38cc-4434-90f8-28280acd0835",
            "value": "58a50840c04cd15f439f1cc1b684e9f9fa22c0d64f44a391d9e2b1222e5cd6bd",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1536255270",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b916507-c8a4-4c50-9886-28280acd0835",
            "value": "b4ec4837d07ff64e34947296e73732171d1c1586",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "size-in-bytes",
            "timestamp": "1536255239",
            "to_ids": false,
            "type": "size-in-bytes",
            "uuid": "5b916507-88d0-49cd-b0ba-28280acd0835",
            "value": "396288"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1536255270",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b916507-d174-4cec-85ee-28280acd0835",
            "value": "6144:kSH62LyBiglfDq9wD7aG2HODV9cF7Bt7/hNWhZHhvMKpA7KSgodwIFsA40Bia:kSH6F9DiY9udjNW7BvMKp yKsWI97",
            "Tag": [
              {
                "colour": "#fccc51",
                "local": false,
                "name": "Stage 2",
                "relationship_type": ""
              },
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Backdoor\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1536255239",
            "to_ids": false,
            "type": "text",
            "uuid": "5b916507-5344-4ccd-bcee-28280acd0835",
            "value": "Malicious"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "13",
        "timestamp": "1536255324",
        "uuid": "5b91655c-3648-48a0-82e3-2f140acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1536255355",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b91655c-25d0-4a8c-80e8-2f140acd0835",
            "value": "99670267cbece5f5cc3ce92efd5bb04b",
            "Tag": [
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Exploit vuln\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1536255324",
            "to_ids": false,
            "type": "text",
            "uuid": "5b91655c-7730-4639-89de-2f140acd0835",
            "value": "ALPC LPE exploit"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1536255355",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b91655c-21a0-4189-b441-2f140acd0835",
            "value": "97b5b4478d234632df4c65ec251051a6b032ce21e9e68495e31f077bf4074831",
            "Tag": [
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Exploit vuln\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1536255355",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b91655d-3ee8-42f6-8276-2f140acd0835",
            "value": "9dc173d4d4f74765b5fc1e1c9a2d188d5387beea",
            "Tag": [
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Exploit vuln\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "size-in-bytes",
            "timestamp": "1536255325",
            "to_ids": false,
            "type": "size-in-bytes",
            "uuid": "5b91655d-3714-464e-86f5-2f140acd0835",
            "value": "183296"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1536255355",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b91655d-3c88-4839-90d3-2f140acd0835",
            "value": "3072:STZt5j+T9LjP4JqIBhNV0St7TZEjOYI1TVmqG7rg:q5j+T9LjPPIBhN2Q7TZAfI1TVwg",
            "Tag": [
              {
                "colour": "#00a9ce",
                "local": false,
                "name": "veris:action:malware:variety=\"Exploit vuln\"",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1536255325",
            "to_ids": false,
            "type": "text",
            "uuid": "5b91655d-d1bc-4241-95c3-2f140acd0835",
            "value": "Malicious"
          }
        ]
      }
    ]
  }
}