14378 lines
No EOL
502 KiB
JSON
14378 lines
No EOL
502 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2019-06-02",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - 10 years of virtual dynamite: A high-level retrospective of ATM malware",
|
|
"publish_timestamp": "1559460808",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1559460802",
|
|
"uuid": "5cf3787c-625c-4782-9f1a-da8f950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": false,
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"local": false,
|
|
"name": "osint:certainty=\"50\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:financial-fraud=\"ATM Black Box Attack\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:financial-fraud=\"Malware\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0083a0",
|
|
"local": false,
|
|
"name": "veris:asset:variety=\"T - ATM\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-dec8-4044-bcdc-48f7950d210f",
|
|
"value": "009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-f024-4b35-98d3-4719950d210f",
|
|
"value": "1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-2668-40ec-8f11-41ad950d210f",
|
|
"value": "20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-bedc-42d1-84de-4fb7950d210f",
|
|
"value": "6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-a0c0-4817-a1b0-421b950d210f",
|
|
"value": "70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-cc5c-41e1-ab47-40d0950d210f",
|
|
"value": "8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-dde8-4f61-bf0d-4a05950d210f",
|
|
"value": "b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37895-efd8-4940-89e9-4692950d210f",
|
|
"value": "e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378af-78cc-49e5-b901-4cca950d210f",
|
|
"value": "34e7060e7a0c0ba24fcb55c641e5b586cef744e10ebd5a9f73ecd2ed2f4e9c1f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378af-1384-457a-925d-4582950d210f",
|
|
"value": "b51973c530802ae19df8ac4d9643fc3317952242d9d42f951e094c72d730dd66"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378af-55dc-4f48-95d0-402b950d210f",
|
|
"value": "359bb8596e4befafdaca706630bec598400694305622c116acdfa59074f1858e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378af-3fb4-491a-99aa-49c2950d210f",
|
|
"value": "ac8e8216e71e078198ef67d4cb48118767d0696610a02137492814422153d3c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378af-04b0-4758-9673-4c1e950d210f",
|
|
"value": "7888e9a27b27f026f09997414504be5822f35b69ddec826eb2a56f6347e2d147"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378af-02d8-4858-bdb3-4a28950d210f",
|
|
"value": "cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378af-ec4c-4000-a907-402b950d210f",
|
|
"value": "b39c5992c2cb70c76c82d6fba3cc0b7972c2f9b35227934b766e810f20a5f053"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378c0-18e0-42ef-adea-4be2950d210f",
|
|
"value": "d465637518024262c063f4a82d799a4e40ff3381014972f24ea18bc23c3b27ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378c0-0b14-47bc-bdec-45d3950d210f",
|
|
"value": "ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378c0-a85c-4e91-96b4-4360950d210f",
|
|
"value": "10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460033",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378c1-76cc-4c2a-ac8e-4f67950d210f",
|
|
"value": "3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378d1-9130-49ec-89b6-48f2950d210f",
|
|
"value": "622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378d1-e550-4b22-80ad-42d5950d210f",
|
|
"value": "b00cd2ca5247c93e3a40f73006051bbfada3b1bc73c4d44105384824bb60131d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378d1-f918-44d4-bc17-4321950d210f",
|
|
"value": "b66615b186bf7067cdb937220f86b1d9411351e0b06ee8d02cf6c5358348e884"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378d1-f65c-4947-9691-42ed950d210f",
|
|
"value": "9feea4b7a5b438335353bb4eac82f8f2a16232a90b7cddbf77dc73dd451e9a6e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378d1-1134-4cc1-8300-4aa2950d210f",
|
|
"value": "6efedf9bde951ad6c3e240ec498767bb693ecc8fa62040e624c5a7fa21c5bdaa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378e0-91dc-4f25-a125-4ad2950d210f",
|
|
"value": "20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378e0-07b8-437a-b19a-45f1950d210f",
|
|
"value": "50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378e0-6eec-4de4-a49c-4102950d210f",
|
|
"value": "5a37be2d298145b766ba54616677d802cfabc62e3b9be2ffb6d4719d3f8143e9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378e0-df24-49c1-8994-4711950d210f",
|
|
"value": "7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378e0-3100-4831-a267-4f4c950d210f",
|
|
"value": "77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378e0-8cc4-43cf-97ec-4b7c950d210f",
|
|
"value": "b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378f1-2370-4630-8f4a-4561950d210f",
|
|
"value": "2721a5a6478bfff2c5de0d105623ba5f411401bbd92bd3e2bee4c51c2d12f5a8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378f1-1a00-40e7-bb19-49e4950d210f",
|
|
"value": "4941331c64e0389d5ec966122ef71a99d8f9830f13e9afa758e03275f896c2eb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378f1-eef8-4f90-a6dc-49a5950d210f",
|
|
"value": "5ab6358e1886655257c437ebad71b98a6575313b2f9327359661aac5d450c45a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378f1-d200-4d8e-936e-4379950d210f",
|
|
"value": "653701d02c5d8d39b3da9b0848d20921cd65ea28e77c8e9254e222601264bcc6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf378f1-8f08-47cb-b991-4217950d210f",
|
|
"value": "d90257af70401984d5d41dd057114df88566d00329874ced3103a6f8cd1991e5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37901-a67c-4f97-9c28-6829950d210f",
|
|
"value": "0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37901-8020-4ab1-86c6-6829950d210f",
|
|
"value": "ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460112",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37910-2bc0-423a-aed8-d2a3950d210f",
|
|
"value": "2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37911-434c-49ba-ba57-d2a3950d210f",
|
|
"value": "867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37911-722c-430a-9572-d2a3950d210f",
|
|
"value": "f6609bb3c3197ace26ebdeb372ba657ac84b05a3e9e265b5211e1ea42da70dbe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37923-be60-4ce3-85b3-4af3950d210f",
|
|
"value": "4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37923-30a4-4340-bf80-45ce950d210f",
|
|
"value": "85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37923-1c44-4147-b2f8-4562950d210f",
|
|
"value": "8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37923-fc08-4812-845c-414c950d210f",
|
|
"value": "bf20c674a0533e7c0d825de097629a96cb42ae2d4840b07dd1168993d95163e8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37923-a47c-425b-a4da-40d5950d210f",
|
|
"value": "c5b43b02a62d424a4e8a63b23bef8b022c08a889a15a6ad7f5bf1fd4fe73291f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37923-1768-433e-9287-41fa950d210f",
|
|
"value": "e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37923-6ee8-474f-aae6-4c3c950d210f",
|
|
"value": "f27e27244233f2bb5b02412d4b05315625928adaa340708e91d61ad3bce54bf6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37933-411c-417b-b021-4705950d210f",
|
|
"value": "26b2daa6fbf5ec13599d24e6819202ddb3f770428d732100be15c23be317bd47"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37933-103c-49ab-b8b4-4f2c950d210f",
|
|
"value": "5c838658b25d44edab79a4bd2af7c56bef96768b93addbbaaaea36da604fca62"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37933-b790-430f-8430-486d950d210f",
|
|
"value": "956968e6f4bf611137ea0e747891ba8dc200ca809c252ef249294912fb3dbe3c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37933-c8a4-49a3-9989-4d67950d210f",
|
|
"value": "a6c33d7275c46397593f53ea136ea8669794f4d787044106594631c07a9ee71d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37933-ab50-48ac-95b1-4211950d210f",
|
|
"value": "d60126545fa68b14c36cd4cffa3f81ed487381482582acbba786fa88884f636b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37933-56f0-4333-b300-49ad950d210f",
|
|
"value": "eeb8390e885612e1f0b8f8922baa4ebc9ba420224b30370d08b45f3453949937"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460162",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37942-ebe4-4db0-8b77-4aec950d210f",
|
|
"value": "85652bbd0379d73395102edc299c892f21a4bba3378aa3b0aaea9b1130022bdd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460186",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3795a-51d0-4713-8abf-d5b6950d210f",
|
|
"value": "1243c478a7145fa08a03200611fcf5fae9bb58039c5069ef93e150d53cf22524"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3795f-fd38-4cf1-a067-d5b6950d210f",
|
|
"value": "377f85562e9ec16cae8fed87e43b6dd230eaa6e1c8f2732f5096f1ec951f045a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3795f-8ce0-445e-b516-d5b6950d210f",
|
|
"value": "aaeee605cb1850dd81da8990fe4115fe85e5d4eb84ddaf2fa8d0b21afdc2b293"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37960-f77c-4dce-a3b5-d5b6950d210f",
|
|
"value": "b361963fe11b149afc526a6e0656c08226f943bdba0f2c7c0a7640fba09afce8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460192",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37960-1748-4406-b54e-d5b6950d210f",
|
|
"value": "e130bc1603893155d87946a430b6d6ad167760cde24aa2834c61dd0eace30e8e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3796e-39cc-4de5-9805-4111950d210f",
|
|
"value": "21f3c0bf3fc05685ec5b7bf3c98103761894d7c6783c2c12afae958eb103598e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3796e-431c-407e-b2b9-4686950d210f",
|
|
"value": "22db6a994eb057715b499c5641cc608fb0380aeea25f78180436c35ecd81ce7d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3796e-d7e0-4150-a903-4b6b950d210f",
|
|
"value": "3d8c7fb9e55f96cf3073b321ee5e59ff2189d70b0662bc0b88990971bc8b73d8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3796e-5b10-4abf-bf80-4f9e950d210f",
|
|
"value": "4c98d5cd865d7fe2f293862fae42895045e43facfdd2a3495383be4ddbb220dc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3796e-72f8-4c6b-874d-4560950d210f",
|
|
"value": "64499b2584d239380ffecf07e94167e0414c4bb5438620659fe37d595ef3f361"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3796e-d6a8-461a-8abf-444a950d210f",
|
|
"value": "cc85e8ca86c787a1c031e67242e23f4ef503840739f9cdc7e18a48e4a6773b38"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3796e-1aac-46f3-9e91-497b950d210f",
|
|
"value": "e3a6970d66bc4687b21381353826fabd469007c869efc711fdd0e4711aa77ffc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460220",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3797c-ae1c-4feb-bdc6-40fd950d210f",
|
|
"value": "66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3798b-8b80-4716-a27e-41c4950d210f",
|
|
"value": "dff7ee95100ffaec5848a73a7b306eaaee94ae691dfccff9fe6ce0a8f3b82c56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3798b-1360-4aba-ba69-4984950d210f",
|
|
"value": "e267fb3044c31256f06dd712c7aeae97ad148fd3157995a7e536e5473c1a2bc0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3798b-0f44-464d-bb0d-4db0950d210f",
|
|
"value": "e78e6155b8dfd206ba5a5e7253409891bfed1b943d217e0fbc416a25fa761580"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-74f4-44f1-a586-d4c1950d210f",
|
|
"value": "16166533c69f2f04110e8b8e9cc45ed2aeaf7850fa68845c64d92ff907dd44f0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-98b4-4865-9748-d4c1950d210f",
|
|
"value": "3639e8cc463922b427ea20dce8f237c0c0e82aa51d2502c48662e60fb405f677"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-97dc-4f5c-bd15-d4c1950d210f",
|
|
"value": "639d2d926325275cb023014d0b446d03f1dcc8526bff1aa72373e27d78a6a674"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-52f8-4b00-993f-d4c1950d210f",
|
|
"value": "646433de5c56fdbc7e6e934a05e9e99012ef39a0ed6cc4bdb1d984cd4435379e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-19f0-4f3c-a0aa-d4c1950d210f",
|
|
"value": "6c59cd1e12bc1037031af48b934e9398fc85efb2a067d03b6a100dd8423e5d9b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-1d50-49b1-bf8a-d4c1950d210f",
|
|
"value": "853fb4e85d8b0ad7c156ad6d3fc4b0340c8b29fa0548a3df758e7845ba8b23ae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-1fc4-4f92-ae0d-d4c1950d210f",
|
|
"value": "8bb5c766de0a73dc0eff7c9fce086565b6220465185e258c21c5b9dfb0bef51d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf3799b-fbbc-493b-9668-d4c1950d210f",
|
|
"value": "b670fe2d803705f811b5a0c9e69ccfec3a6c3a31cfd42a30d9e8902af7b9ed80"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ac-eaf8-4cd0-8051-4aa9950d210f",
|
|
"value": "c7cb44e0b075cbc90a7c280ef8f1c69e8fe06e7dabce054b61b10c3105eda1c4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ac-37d8-4c59-92bd-407a950d210f",
|
|
"value": "d33d69b454efba519bffd3ba63c99ffce058e3105745f8a7ae699f72db1e70eb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-1488-4103-8b0b-4b56950d210f",
|
|
"value": "0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-4594-499c-ba40-45a2950d210f",
|
|
"value": "04db39463012add2eece6dfe6f311ad46b76dae55460eea30dec02d3d3f1c00a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-a87c-4bf0-92b7-4d28950d210f",
|
|
"value": "0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-9aac-4d45-b415-4d6b950d210f",
|
|
"value": "0e37b8a6711a3118daa1ce2e2f22c09b3f3c6179155b98215a1d96a81c767889"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-0744-4548-8106-4252950d210f",
|
|
"value": "34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-1788-483d-ac87-4153950d210f",
|
|
"value": "398e335f2d6379771d86d508a43c567b4156104f89161812005a6122e9c899be"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-51bc-4385-94d7-4ed3950d210f",
|
|
"value": "62b61f1d3f876300e8768b57d35c260cfc60b768a3e430725bd8d2f919619db2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-2214-49ba-af37-43b8950d210f",
|
|
"value": "7fd109532f1e49cf074be541df38e0ce190497847fdb5588767ca35b9620a6c2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-9254-4a74-988f-494a950d210f",
|
|
"value": "aee97881d3e45ba0cae91f471db78aded16bcff1468d9e66edf9d3c0223d238f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-59f0-4d0d-8a32-43b9950d210f",
|
|
"value": "c8d57b32ab86a3a97f89ae7f1044a63cca2b58f748bed250a1f9df5c50fc8fbb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-8840-4ddc-8685-4f57950d210f",
|
|
"value": "d93342bd12ef44d92bf58ed2f0f88443385a0192804a5d0976352484c0d37685"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-dcc4-4fe0-b44e-4bb1950d210f",
|
|
"value": "d99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379bd-2760-45b6-9b82-4711950d210f",
|
|
"value": "e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379cf-251c-44c6-a8cd-4996950d210f",
|
|
"value": "7bd2c97ac5027c360011dc5aa8f2371cd934f73e885e41f7e80152332b3af1db"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379cf-9e4c-417c-a13c-42be950d210f",
|
|
"value": "a4b42f503090cd3cd53963ddaf0be3e4eeedbd81ff02664668e68612816e727f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460317",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379dd-4310-4552-a893-4f0c950d210f",
|
|
"value": "9f8a7828d833ed7f28f9f5ceaf1c073c6de0645172b8316d86edc16c84b61c4f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ef-f6b4-4c3a-82a1-4636950d210f",
|
|
"value": "1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ef-7e2c-40ee-bcc8-4166950d210f",
|
|
"value": "ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7e6e772a1ab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ff-c64c-453f-a457-4ce0950d210f",
|
|
"value": "0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ff-1ad8-4a30-a174-4cd1950d210f",
|
|
"value": "3f5ff48aa4dc2c1af3deeb33a9cc576616dad37156ae9182831b1b2a5ae4ae20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ff-0d1c-4e6f-8d1e-4c4a950d210f",
|
|
"value": "a5d0cd1bc33f44d25695ebd6530757180f4fc4d87a1658ee2f0d8fc42d09fb80"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ff-ec04-4d59-b269-4424950d210f",
|
|
"value": "c3a5c8e9195163cef8e0e70bd8f3d49c8048e37af7c969341e1753aee63df0ae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf379ff-bc14-4d63-9ce9-45ef950d210f",
|
|
"value": "d9c6515fd0fb3cd14b4bb4d11ecda78602d17f370780a4b9ee006a9830106213"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460365",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a0d-e03c-44fe-a1f6-4a2b950d210f",
|
|
"value": "d10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460380",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a1c-5718-45ab-991d-6829950d210f",
|
|
"value": "5f4215368817570e7a390c9f6e265a7db343c9664d22008d5971dac707751524"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a2a-c6e0-42e3-9166-fcfb950d210f",
|
|
"value": "05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a2a-7a2c-40bb-b95d-fcfb950d210f",
|
|
"value": "4a340a0a95f2af5ab7f3bfe6f304154e617d0c47ce31ee8426c70b86e195320c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a2a-0d8c-44f5-bc23-fcfb950d210f",
|
|
"value": "c18b23cc493f89d73a2710ebb177d54beafe0edf0e17cc79e28d9efdfb69a630"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a2a-d92c-4154-803f-fcfb950d210f",
|
|
"value": "d1a0b2a251fa69818784e8937403c18f09b2c37eead80ba61a3edf4ac2b6b7ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a2a-37b4-4f19-918d-fcfb950d210f",
|
|
"value": "d4a463c135d17239047ad4151ab2f2d084e223970e900904ecedabc0fd916545"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a2a-00d8-4c52-87d5-fcfb950d210f",
|
|
"value": "fe1634318e27e3af856506d49a54d1d12e1cf650cbc31eeb0c805949edc8fc85"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460410",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a3a-0238-4b2d-9f1b-d5b6950d210f",
|
|
"value": "03bb8decefc540bff5b08425adddb404b345452c8adedee0c8af13572891865b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a49-d9ac-46d3-a457-4007950d210f",
|
|
"value": "0ef71569308d44e89bde48096c67caf73ec177c1c970a2fd843fd3a094502d78"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a49-6f10-4c66-933b-40c7950d210f",
|
|
"value": "5f5d483c1fcd1638b32d11183c5ed5fd36362fb12d62e1d9940b47906733d672"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a49-e3b8-4461-bf55-483c950d210f",
|
|
"value": "7fac4b739c412b074ee13e181c0900a350b4df9499515febb75008e6955b9674"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a49-7e04-4911-91b8-496a950d210f",
|
|
"value": "d74cbd2e39dc0a00dc4c0fb0823c5a86455cdad2be48d32866165c9e5557c3e0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a57-e7b8-4cb1-991a-448c950d210f",
|
|
"value": "04f25013eb088d5e8a6e55bdb005c464123e6605897bd80ac245ce7ca12a7a70"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a57-f838-4c66-8e06-4312950d210f",
|
|
"value": "23c50f1c37b7c55554c282ba1781e9d6279cbbd7bfc5f64772d2e7a8962ebe70"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a57-6744-456b-b5ec-431b950d210f",
|
|
"value": "b8063f1323a4ae8846163cc6e84a3b8a80463b25b9ff35d70a1c497509d48539"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a57-38c0-4fe8-ac67-4614950d210f",
|
|
"value": "db1169df116fda46319c4b87607df7b6a5e80b48de5411d47684974ca22dd35a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cf37a57-c730-470f-8f61-45ec950d210f",
|
|
"value": "e3bf733cc85da7421522a0b1ff788d43bcacd02815a88d19426e80de564174b3"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460460",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5cf37a6c-dcfc-486e-9f2b-4e02950d210f",
|
|
"value": "https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html?m=1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1559460478",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5cf37a7e-d6a8-4f97-890e-474b950d210f",
|
|
"value": "It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines (ATMs). At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer's ATM API functions and parameters, which were not publicly documented.\r\n\r\nBefore the discovery of Skimer, anti-malware researchers' considered ATMs secure machines containing proprietary hardware, running non-standard operating systems, and implementing a number of advanced protection techniques designed to prevent attacks using malicious code. Researchers eventually discovered that the most popular ATM manufacturers use a standard Windows operating system and add on some auxiliary devices, such as a safe and card reader.\r\n\r\nOver time, actors behind some of the newer ATM malware families such as GreenDispenser and Tyupkin realized that there is a generic Windows extension for Financial Services API (CEN/XFS) that can be used to make malware that runs independent of the underlying hardware platform, as long as the ATM manufacturer supports the framework. This malware can trick the machines into dispensing cash, regardless of whether the attacker has a legitimate bank card.\r\n\r\nATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states. The significance of ATM malware stems from the fact that it can bring significant financial benefits to attackers and as a consequence cause a significant damage to targeted banks, financial institutions and end users.\r\n\r\nNow that this type of malware has been around for more than 10 years, we wanted to round up the specific families we've seen during that time and attempt to find out if the different families share any code."
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460591",
|
|
"uuid": "4e9389f5-efa0-4f44-91fc-0c76588fcafe",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4e9389f5-efa0-4f44-91fc-0c76588fcafe",
|
|
"referenced_uuid": "f9a4ed3f-ce06-4b81-83ba-433dcdeae6e1",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460631",
|
|
"uuid": "5cf37b17-3538-4b3c-ba3c-4633950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ff5fde66-a925-4230-817b-b7c392e7e242",
|
|
"value": "ae5417c3cb12443ce98fdbc1e7f9e1a3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "43a92abf-3b82-44e5-9fe0-eb71f78dc6ff",
|
|
"value": "d5ebde21768d6d9203750ddc8d0c25a642757b04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "35898458-c812-482c-ae37-8af64f9a030b",
|
|
"value": "b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460591",
|
|
"uuid": "f9a4ed3f-ce06-4b81-83ba-433dcdeae6e1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "0a6ebce6-47ce-4f8f-94dd-3ab951861d73",
|
|
"value": "2019-05-31T20:38:26"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a367544b-1443-4c6d-a979-4d7305e99cc1",
|
|
"value": "https://www.virustotal.com/file/b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c/analysis/1559335106/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "96e1cedf-8ad9-4c82-9445-0226864b0416",
|
|
"value": "43/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460592",
|
|
"uuid": "debf3fc0-afd9-4a29-bb93-3eeda774a6c4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "debf3fc0-afd9-4a29-bb93-3eeda774a6c4",
|
|
"referenced_uuid": "c3fe1a30-b661-47d7-a1b6-c761917f249d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-2254-4f73-861e-4036950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c23f3c82-0cbc-4210-9feb-3da217a3a0c2",
|
|
"value": "1781c712ad66a8e2b30df2f99a916245"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "05bc28c6-ad44-4fef-a00e-3c5bd635d0e4",
|
|
"value": "62aa206264a97c9c3a440feeb35363e2c546a9e6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "cfc48078-214a-4bbb-87ed-1a28b8d7b88e",
|
|
"value": "1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460592",
|
|
"uuid": "c3fe1a30-b661-47d7-a1b6-c761917f249d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "4d231862-2246-4d4a-95b9-846e7238c568",
|
|
"value": "2019-05-31T20:37:39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e0495afc-33dc-4e2e-ba86-256c0e5fbe17",
|
|
"value": "https://www.virustotal.com/file/1d6508cbe5f7ccaa991572f05aef52bab8a59851ca9a4367605a9637b10ae081/analysis/1559335059/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e500b1b4-373f-46e3-8dd1-df60b71efdf7",
|
|
"value": "44/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460592",
|
|
"uuid": "d673ebe6-4d3a-46b3-84f4-aa596c14a2c4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d673ebe6-4d3a-46b3-84f4-aa596c14a2c4",
|
|
"referenced_uuid": "973c1b1b-139e-4cac-8e88-4d7926955993",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-8010-4d4a-870e-4c33950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3a36994c-1543-440f-b6c3-1d42b597aff7",
|
|
"value": "eca2ca8ecf63816d9a157888e3d871dc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "899542a1-abe5-4cac-b100-4c6ec87aa119",
|
|
"value": "b0b13b336ee8770bb2a90fb1292fd9dcabd046f4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "bc52cc7b-75a1-4778-94a7-f7635b619951",
|
|
"value": "d99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460592",
|
|
"uuid": "973c1b1b-139e-4cac-8e88-4d7926955993",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "460449c6-1ecf-4e48-8894-d9d49c08a3f3",
|
|
"value": "2019-05-31T20:38:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7e829a88-dc8b-447a-bd38-93d47dc99b85",
|
|
"value": "https://www.virustotal.com/file/d99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9/analysis/1559335115/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "690e52b0-7ecf-4657-a32a-e9032ed818ce",
|
|
"value": "55/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460592",
|
|
"uuid": "8622a557-f7b5-447f-8ef2-de736a37d53f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8622a557-f7b5-447f-8ef2-de736a37d53f",
|
|
"referenced_uuid": "36c7dc3d-aed7-43a2-83fc-ac719299d71e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-39fc-495b-9c5e-455f950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "226f2b38-49a2-4059-9f6b-417783b320da",
|
|
"value": "79d4b46f48d029df44b51486e8cf5169"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5b5f81c4-bfa0-4938-add2-16a95d764a12",
|
|
"value": "f051296ab1989768ef765fa459baaf6cc5b883af"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e3f1ce7a-2e94-4ce7-8163-b09307ada673",
|
|
"value": "eeb8390e885612e1f0b8f8922baa4ebc9ba420224b30370d08b45f3453949937"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460592",
|
|
"uuid": "36c7dc3d-aed7-43a2-83fc-ac719299d71e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "b809c743-b39b-4548-a94d-3860f205469f",
|
|
"value": "2019-05-31T20:38:44"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "442da1f1-61a5-4c21-b39e-86011e5a1a57",
|
|
"value": "https://www.virustotal.com/file/eeb8390e885612e1f0b8f8922baa4ebc9ba420224b30370d08b45f3453949937/analysis/1559335124/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "897e4350-555c-492e-b2a0-fe8ab37faa9f",
|
|
"value": "33/62"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460592",
|
|
"uuid": "36474312-d715-4ea0-b2b5-5dc44269f913",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "36474312-d715-4ea0-b2b5-5dc44269f913",
|
|
"referenced_uuid": "52ca996c-bc2b-4739-ac9e-bc7dd85923ba",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-e9e0-4849-b98f-4fa1950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "211a226a-5d3f-4303-b688-ea75c6db3591",
|
|
"value": "b807cdceb9472b16be200793c09c251c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "32aef66c-e6e4-4291-8b03-421f5df2a1fd",
|
|
"value": "8a5a98891c475d9971766a0b05ba69da2ad7429a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "79233695-53f9-421a-833e-0203c201cb6b",
|
|
"value": "b361963fe11b149afc526a6e0656c08226f943bdba0f2c7c0a7640fba09afce8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460592",
|
|
"uuid": "52ca996c-bc2b-4739-ac9e-bc7dd85923ba",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2efbbdf3-6563-403f-852b-613106684573",
|
|
"value": "2019-05-31T20:38:25"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b355e22e-c8f9-404b-97e2-4e1e6036802c",
|
|
"value": "https://www.virustotal.com/file/b361963fe11b149afc526a6e0656c08226f943bdba0f2c7c0a7640fba09afce8/analysis/1559335105/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a4b19cc2-a677-4eec-8abb-07dd1013c5ec",
|
|
"value": "51/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460593",
|
|
"uuid": "0679f30f-f3f7-4b7a-adeb-5e331c959580",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0679f30f-f3f7-4b7a-adeb-5e331c959580",
|
|
"referenced_uuid": "ab628320-1176-4770-b844-742dcddcb0cf",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-9768-47eb-afa5-4d04950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "cd543e35-3c17-4542-82b9-6541dce5ae7d",
|
|
"value": "f74755b92ffe04f97ac506960e6324bb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "433f804a-17a7-43d8-8ef3-2438ce446280",
|
|
"value": "ccafd4e255880a7f9bceebad5f7e98d0bc753edf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9ed06a82-7b84-4ab0-8c69-a18c7b0ff3e1",
|
|
"value": "c7cb44e0b075cbc90a7c280ef8f1c69e8fe06e7dabce054b61b10c3105eda1c4"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460593",
|
|
"uuid": "ab628320-1176-4770-b844-742dcddcb0cf",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460268",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "37e75f40-b48c-4761-9550-6aea1c64a80d",
|
|
"value": "2019-05-31T20:38:30"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460268",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "760568e4-193c-4afe-8b34-742c54c5ec74",
|
|
"value": "https://www.virustotal.com/file/c7cb44e0b075cbc90a7c280ef8f1c69e8fe06e7dabce054b61b10c3105eda1c4/analysis/1559335110/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460268",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d0dacbbf-4bbe-462c-a8bb-9710c3897242",
|
|
"value": "49/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460593",
|
|
"uuid": "58f5581e-25a8-4845-9e62-a3fcc12ac9dc",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "58f5581e-25a8-4845-9e62-a3fcc12ac9dc",
|
|
"referenced_uuid": "8ad9b272-f1ad-4dbb-8f54-16d23bbf13e8",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-38d8-4a35-bd41-4ce8950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "349d5bd5-e22e-419a-8ec3-2ac24b350b2e",
|
|
"value": "d0e6a7c89ed75ea559bd9d22e2de3625"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "19bb2227-39ff-4452-8911-6260226ca5dd",
|
|
"value": "041fc8035b7e3ea0c64b8350b65337f2fac3d654"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fa541aff-eaff-46ee-a69a-5990fceeb60d",
|
|
"value": "009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460593",
|
|
"uuid": "8ad9b272-f1ad-4dbb-8f54-16d23bbf13e8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "dcec8770-7e58-4a5f-af80-dde1c95d6756",
|
|
"value": "2019-05-31T20:37:30"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f738b4de-538e-419d-b8f3-a53e6b3ec360",
|
|
"value": "https://www.virustotal.com/file/009b677564b3ebb0831171edf3fb0deb0fa3b0010b74586e01d8df4af965ef3f/analysis/1559335050/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d60385ee-78d4-4861-a6e0-27577d6502b5",
|
|
"value": "48/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460593",
|
|
"uuid": "20bc31c6-ec6b-4bf3-92a8-6fcd9a84cf79",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "20bc31c6-ec6b-4bf3-92a8-6fcd9a84cf79",
|
|
"referenced_uuid": "b59d17a2-cfdc-4bdb-857d-4d072408fcc4",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-e280-449c-8b3b-410a950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "b69d3dbc-ab8c-4158-a466-52f3545e47b0",
|
|
"value": "a67d3a0974f0941f1860cb81ebc4c37c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "8703b7fc-5300-4747-a8f2-2c9310194954",
|
|
"value": "eb4343969e2280d790c084d4aec774617e575cf6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "cb25a968-c46f-4503-ac3c-8a21494c184a",
|
|
"value": "4941331c64e0389d5ec966122ef71a99d8f9830f13e9afa758e03275f896c2eb"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460593",
|
|
"uuid": "b59d17a2-cfdc-4bdb-857d-4d072408fcc4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9d9ba794-196f-44f8-90c6-6dd879821aec",
|
|
"value": "2019-05-31T20:37:50"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4a7dc010-8aeb-4f48-beff-1980d65067dc",
|
|
"value": "https://www.virustotal.com/file/4941331c64e0389d5ec966122ef71a99d8f9830f13e9afa758e03275f896c2eb/analysis/1559335070/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "4323c28b-27c0-4c39-a31d-01f4e0fdd01d",
|
|
"value": "44/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460593",
|
|
"uuid": "c37a0b5e-8135-4547-9468-f4c40d749e4b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c37a0b5e-8135-4547-9468-f4c40d749e4b",
|
|
"referenced_uuid": "27d02881-c91f-40e3-96ed-1006bbe1a633",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-7530-4b56-9a96-4fdd950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d21782d6-2b9b-4700-91a9-9a41fc20a3d3",
|
|
"value": "ec3cd3bcf0a3a89ea55a3acd054284d7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7ac4bd27-88d9-4a1b-b7d6-e561d562dd73",
|
|
"value": "7df18677254c45a6b57ff00517ae38b18e8f7d7c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "37512eeb-cd28-49f0-9cb8-0f27582b265c",
|
|
"value": "6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460593",
|
|
"uuid": "27d02881-c91f-40e3-96ed-1006bbe1a633",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7df95608-1e20-463e-946f-dd67fbf90fe7",
|
|
"value": "2019-05-31T20:37:59"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5e7d53c3-9362-4ebf-8a55-2aefc71b031f",
|
|
"value": "https://www.virustotal.com/file/6670ccc940cca6983340dbce1a9bbce7b49643ac924e18ca25def8b632b70720/analysis/1559335079/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "100099ec-fa6a-4b6e-b683-a9d749a506b1",
|
|
"value": "50/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460594",
|
|
"uuid": "f4d25908-fa3f-4504-afa0-0f587162caae",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f4d25908-fa3f-4504-afa0-0f587162caae",
|
|
"referenced_uuid": "286599cf-b80a-40c0-b8ac-168ef913024d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-c090-4622-97ce-4060950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f17512fd-3dee-49e3-958c-47bd5721ff8e",
|
|
"value": "86ea1f46df745a30577f02fc24e266ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f556c067-b02c-4c35-a110-4829b896ad85",
|
|
"value": "645a4e154dfa773897248fffa7e8e7fc930bec59"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "88616a69-661e-4b21-a5c0-ae430f41beba",
|
|
"value": "e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460594",
|
|
"uuid": "286599cf-b80a-40c0-b8ac-168ef913024d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "61e66cff-a8c3-488c-9526-d6baa3e8cc1e",
|
|
"value": "2019-05-17T14:28:23"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1ae0f8f9-8926-4cb4-8205-aeb0bab88289",
|
|
"value": "https://www.virustotal.com/file/e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000/analysis/1558103303/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c807bd36-699d-46cc-a207-c2c06947db37",
|
|
"value": "39/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460594",
|
|
"uuid": "8952097a-81ee-4e3e-86ec-b6d8a5d9bbe3",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8952097a-81ee-4e3e-86ec-b6d8a5d9bbe3",
|
|
"referenced_uuid": "f7c3eba5-e21e-4575-9b60-0058e51f0562",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-1744-49ba-96a3-42f0950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c6136c4-11aa-4991-8ca8-3e58d761310e",
|
|
"value": "45c0b59f31da310078a029eb2e58a02d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c848f88f-dc0d-4a64-abce-b2388bc489f5",
|
|
"value": "15a9745ba2b383d55ccda653df8d1506373ac7c9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "08197334-235a-4d67-bd1e-886de940106b",
|
|
"value": "62b61f1d3f876300e8768b57d35c260cfc60b768a3e430725bd8d2f919619db2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460594",
|
|
"uuid": "f7c3eba5-e21e-4575-9b60-0058e51f0562",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "43dfc7ce-35d5-43ae-8b13-f9fe167bc6e9",
|
|
"value": "2019-05-31T20:37:56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7107c190-e62d-4144-bdb2-184e0bd16722",
|
|
"value": "https://www.virustotal.com/file/62b61f1d3f876300e8768b57d35c260cfc60b768a3e430725bd8d2f919619db2/analysis/1559335076/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7d27f166-326b-4435-8f17-d4adf313359e",
|
|
"value": "45/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460594",
|
|
"uuid": "c8bf76f7-af93-4b6f-9956-bd2d3ba757ce",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c8bf76f7-af93-4b6f-9956-bd2d3ba757ce",
|
|
"referenced_uuid": "3492cc64-74f3-40d0-bd1d-de90c08e836a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-a69c-4325-b672-452e950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0e60a5cc-0610-4c83-a05f-aba2f4d65268",
|
|
"value": "dc42ed8e1de55185c9240f33863a6aa4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58f888fc-c4ed-42f5-b282-922be58caee0",
|
|
"value": "7b969c7cd3a5a54006b7f6837e3ef3344890659c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a1f224d9-30a4-4cf5-815b-986f27b44b71",
|
|
"value": "0ef71569308d44e89bde48096c67caf73ec177c1c970a2fd843fd3a094502d78"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460594",
|
|
"uuid": "3492cc64-74f3-40d0-bd1d-de90c08e836a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "767caa52-57cc-4cc9-b853-797515366abe",
|
|
"value": "2019-05-31T20:37:34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9c9b5a79-346b-430c-aa9b-1b739bd32332",
|
|
"value": "https://www.virustotal.com/file/0ef71569308d44e89bde48096c67caf73ec177c1c970a2fd843fd3a094502d78/analysis/1559335054/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "92241b6c-61f6-436f-b803-0ebb6c53a916",
|
|
"value": "47/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460594",
|
|
"uuid": "23fe1574-4071-416e-9bc8-bc000931d5fa",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "23fe1574-4071-416e-9bc8-bc000931d5fa",
|
|
"referenced_uuid": "62cf131f-4604-4172-93b0-ddc09a5a2eef",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-12cc-4eb9-824f-4c8d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "340968ae-3bb2-42c7-8d87-e8ec93ad44a6",
|
|
"value": "5af1f92832378772a7e3b07a0cad4fc5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3ad3a6f0-c97f-4ca9-ba54-7f0304379a7d",
|
|
"value": "dadf8493072a479950af004a58fa774f83fc984c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7b0913ba-46e0-4ffe-bafb-6d6733221980",
|
|
"value": "aee97881d3e45ba0cae91f471db78aded16bcff1468d9e66edf9d3c0223d238f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460594",
|
|
"uuid": "62cf131f-4604-4172-93b0-ddc09a5a2eef",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "becefca6-0631-4570-8693-a2d24a7738b3",
|
|
"value": "2019-05-31T20:38:22"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "075d2c0d-f491-4e80-8da8-6ba321400e93",
|
|
"value": "https://www.virustotal.com/file/aee97881d3e45ba0cae91f471db78aded16bcff1468d9e66edf9d3c0223d238f/analysis/1559335102/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a7f5e14e-a4e1-4bd4-93db-baac05cecc35",
|
|
"value": "44/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460595",
|
|
"uuid": "afc33a8a-f0bd-4ee9-a0fe-3a78ad442eac",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "afc33a8a-f0bd-4ee9-a0fe-3a78ad442eac",
|
|
"referenced_uuid": "50d3db02-8f85-49bb-bfdb-1f5b790fa78a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-b3b4-46dc-af70-4deb950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "954ee038-c1c7-4dc2-afcc-8cf82902f6b7",
|
|
"value": "4cf5a1145ee873652512275ef6cff93c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4d484ac4-8e7d-4ee1-837d-5aa540ddc204",
|
|
"value": "44b1eea742b63c7abc479e96c316bcd613e26ff2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6deb3745-6feb-4545-afb4-e98363e60718",
|
|
"value": "d1a0b2a251fa69818784e8937403c18f09b2c37eead80ba61a3edf4ac2b6b7ff"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460595",
|
|
"uuid": "50d3db02-8f85-49bb-bfdb-1f5b790fa78a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "cdf893e0-8d71-41e0-b80e-3c3e3f6d4eb8",
|
|
"value": "2019-05-31T20:38:34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "0b057bc8-39a8-425a-b286-61dfce040742",
|
|
"value": "https://www.virustotal.com/file/d1a0b2a251fa69818784e8937403c18f09b2c37eead80ba61a3edf4ac2b6b7ff/analysis/1559335114/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ddc87d3c-c83e-411b-84cc-6f626c5c0bd3",
|
|
"value": "41/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460595",
|
|
"uuid": "bbd0e909-a799-4b8b-af33-2e2b06984894",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "bbd0e909-a799-4b8b-af33-2e2b06984894",
|
|
"referenced_uuid": "bd1855b5-3e62-4fba-a33c-22aa7915a052",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-6c14-4ee4-91fd-4c41950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "91ddcd11-dabb-483c-9101-d6ee371edc6a",
|
|
"value": "eab2648a9ecc5e5f7d085252213f1e84"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9ee45f68-4859-4858-9a94-37e4a62670ad",
|
|
"value": "b1f3eab726a642ec204af6c71c22db0763b52c67"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "00267b96-f56f-41f7-a433-c29cad9068b5",
|
|
"value": "5a37be2d298145b766ba54616677d802cfabc62e3b9be2ffb6d4719d3f8143e9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460595",
|
|
"uuid": "bd1855b5-3e62-4fba-a33c-22aa7915a052",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "60d41a23-6f60-4474-bb73-9ef5da5c09c1",
|
|
"value": "2019-05-31T20:37:55"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b4bae591-c57f-4ab8-b5a7-b4265cfcc213",
|
|
"value": "https://www.virustotal.com/file/5a37be2d298145b766ba54616677d802cfabc62e3b9be2ffb6d4719d3f8143e9/analysis/1559335075/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8d64eabb-acf4-4e46-a0e6-81013d0ca2e8",
|
|
"value": "52/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460595",
|
|
"uuid": "69947a46-fe46-496b-b677-aa891525577f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "69947a46-fe46-496b-b677-aa891525577f",
|
|
"referenced_uuid": "46b3e12f-d54f-4502-a3a4-8cd0b1151279",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460632",
|
|
"uuid": "5cf37b18-6528-45aa-87f0-4f0c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2019a4ed-2eb5-4acf-98de-5c3b7a878611",
|
|
"value": "e77be161723ab80ed386da3bf61abddc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9d810167-c561-475e-8014-3f8d479a4279",
|
|
"value": "f1f53a6f59d31a8ba93676ef41a726885916766e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6b36d72d-2ae5-413a-9f69-62da69a54a63",
|
|
"value": "e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460595",
|
|
"uuid": "46b3e12f-d54f-4502-a3a4-8cd0b1151279",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5e6f724b-1faa-4ad3-a107-e511abb5c87f",
|
|
"value": "2019-05-31T20:38:39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ca9be74a-8bf1-4c57-b7ae-2b65c2c24a74",
|
|
"value": "https://www.virustotal.com/file/e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4/analysis/1559335119/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "643eb28e-aa03-4009-8d8f-d0ea0cad6ee7",
|
|
"value": "49/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460595",
|
|
"uuid": "59a853ea-2a24-4522-8caf-31116b4540a1",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "59a853ea-2a24-4522-8caf-31116b4540a1",
|
|
"referenced_uuid": "8462e162-3d1d-41a5-b259-25b56014ecd1",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460633",
|
|
"uuid": "5cf37b19-4398-4070-84ff-4e7c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1686d252-73ee-4091-b30a-a6067f48e64d",
|
|
"value": "2f2b21e172ca17dc474d1299f7e4cd1a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e3396981-ec1f-495b-966c-1927373b6871",
|
|
"value": "bcd6671ce3d356a83ec8d499397ccadfd4121978"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "94616b19-4874-4939-81d0-1621fa18975f",
|
|
"value": "8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460595",
|
|
"uuid": "8462e162-3d1d-41a5-b259-25b56014ecd1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "aa967f62-db25-47f4-942b-cb19da03cad3",
|
|
"value": "2019-05-31T20:38:11"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3d00e43b-d7a4-4b48-8a1f-3246d0407bd4",
|
|
"value": "https://www.virustotal.com/file/8d7f932d8236671018c5cd02781301134aa6df315253f7a56559350d2616ff8e/analysis/1559335091/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0c026b77-2a1a-4dd4-a3af-082b5f9e11d6",
|
|
"value": "44/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460596",
|
|
"uuid": "72fa3519-3988-43d8-9261-aa9e2eed24cf",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "72fa3519-3988-43d8-9261-aa9e2eed24cf",
|
|
"referenced_uuid": "a416f449-acdd-4e69-9636-b33248a2bdd3",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460633",
|
|
"uuid": "5cf37b19-4cf4-44d9-8f63-4353950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460220",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "42221a91-dae3-4688-be06-ca5585f00d2d",
|
|
"value": "754997c47c088060d376dcf29d6d9ac1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460220",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5066ac6c-c04f-4247-aecc-3e9dfd753521",
|
|
"value": "6af7753279241d1977739a8e51c8b5bc47d219f0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460220",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "182e996b-c616-4ed0-8a7c-fa505cf201f7",
|
|
"value": "66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460596",
|
|
"uuid": "a416f449-acdd-4e69-9636-b33248a2bdd3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMitch.B",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460220",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2348a053-acc3-4831-94a6-f2423b88d406",
|
|
"value": "2019-05-31T20:37:59"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460220",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "92cf654e-6a10-4b03-9dc9-0e6ab7205242",
|
|
"value": "https://www.virustotal.com/file/66db5b6b5dc51de7e5380f214f703bdc69ab3c3bec7c3b67179940a06560f126/analysis/1559335079/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch.B",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460220",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0f680c12-f8ca-4a31-804c-55403c625bff",
|
|
"value": "43/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460596",
|
|
"uuid": "90369019-7f27-4d9f-b24e-064dce9bb9ff",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "90369019-7f27-4d9f-b24e-064dce9bb9ff",
|
|
"referenced_uuid": "9c43344e-12b5-4e91-96ab-e8f7e3939ef6",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460633",
|
|
"uuid": "5cf37b19-c2c8-4037-86ce-49ff950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9a035a7c-cd07-4f5d-be91-76e7fd3810a2",
|
|
"value": "34d10423c00300b47265e477e4b2a6a5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56df5c17-347f-4d01-9f6d-37bb797c4fb5",
|
|
"value": "f535d0bd14c706faba76cdc1d7b068282f743c16"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7e3ed1fc-93b5-436d-a1cf-a288d904f84a",
|
|
"value": "21f3c0bf3fc05685ec5b7bf3c98103761894d7c6783c2c12afae958eb103598e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460597",
|
|
"uuid": "9c43344e-12b5-4e91-96ab-e8f7e3939ef6",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d3a846c7-f50d-45de-aeef-3f32b18fc1bc",
|
|
"value": "2019-05-31T20:37:39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1735f888-a094-4002-8f18-829cc8538046",
|
|
"value": "https://www.virustotal.com/file/21f3c0bf3fc05685ec5b7bf3c98103761894d7c6783c2c12afae958eb103598e/analysis/1559335059/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7460aa6e-7b93-4289-9654-a30473e426ac",
|
|
"value": "42/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460597",
|
|
"uuid": "fa4415d9-9b90-4646-b8cf-e2810be2f2ea",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "fa4415d9-9b90-4646-b8cf-e2810be2f2ea",
|
|
"referenced_uuid": "a1d6d8e9-5a62-4bf2-932b-4bfe3f686ecd",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460633",
|
|
"uuid": "5cf37b19-7848-49f5-9ef0-48d7950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "180a4022-4111-4a24-877b-36a3f63a50ba",
|
|
"value": "40e8885bb95659243d46b6bfd3b0bc36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "edf1ba11-8f30-4032-a59c-1efc1b36303f",
|
|
"value": "354c29f10071e62aa225b18ef456d452c54e1fec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8e993970-e4e5-4559-9983-2c64e9effb27",
|
|
"value": "b66615b186bf7067cdb937220f86b1d9411351e0b06ee8d02cf6c5358348e884"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460597",
|
|
"uuid": "a1d6d8e9-5a62-4bf2-932b-4bfe3f686ecd",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "27df945b-76c2-4283-8a06-3bea99421fe0",
|
|
"value": "2019-05-31T20:38:26"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ebc17c91-4e91-4dcf-a931-47079f80146c",
|
|
"value": "https://www.virustotal.com/file/b66615b186bf7067cdb937220f86b1d9411351e0b06ee8d02cf6c5358348e884/analysis/1559335106/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "fa639541-5f28-4cdc-bcee-a4afd91b65f5",
|
|
"value": "32/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460597",
|
|
"uuid": "0b1e7b0c-01c5-4261-810c-79ee889cf041",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0b1e7b0c-01c5-4261-810c-79ee889cf041",
|
|
"referenced_uuid": "89095777-3676-41fb-b745-6d0cc579c782",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460633",
|
|
"uuid": "5cf37b19-5e18-4977-823f-4fb3950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "6069966c-8d7f-44f1-9f25-2ed05d67ebe3",
|
|
"value": "b3efec620885e6cf5b60f72e66d908a9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "dab7601b-80be-4145-8df8-3a86ac9b811d",
|
|
"value": "274b0bccb1bfc2731d86782de7babdeece379cf4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f5ac75fb-9cd7-4970-94f3-e1bcf73eac9e",
|
|
"value": "d465637518024262c063f4a82d799a4e40ff3381014972f24ea18bc23c3b27ee"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460598",
|
|
"uuid": "89095777-3676-41fb-b745-6d0cc579c782",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6aeee43b-ab86-4ee1-a79a-0fc30a15d3cb",
|
|
"value": "2019-04-11T08:21:28"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "72e68fb1-33d9-4047-ae58-42a94b4f25ce",
|
|
"value": "https://www.virustotal.com/file/d465637518024262c063f4a82d799a4e40ff3381014972f24ea18bc23c3b27ee/analysis/1554970888/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "abf0409d-e163-482a-b01c-e1890fa4a1c5",
|
|
"value": "29/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460598",
|
|
"uuid": "d837aac4-8a86-4538-b882-358daa5ec55f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d837aac4-8a86-4538-b882-358daa5ec55f",
|
|
"referenced_uuid": "9d6e3d6b-0847-498e-885b-df5576bcdbcc",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460633",
|
|
"uuid": "5cf37b19-9c6c-4bd7-a443-40eb950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c6c8f115-4edf-457b-b1f0-75a3d1060734",
|
|
"value": "700e91a24f5cadd0cb7507f0d0077b26"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ef0be73f-efee-40f5-94ab-fff66f486c6d",
|
|
"value": "bfa9791ccc407819907b9d38341dd6d50b663e55"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "af590f7c-4ef5-40e6-b78b-eabb2ac7549b",
|
|
"value": "16166533c69f2f04110e8b8e9cc45ed2aeaf7850fa68845c64d92ff907dd44f0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460599",
|
|
"uuid": "9d6e3d6b-0847-498e-885b-df5576bcdbcc",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fecf0e2b-10f9-4631-8676-aaf4df7fa1a9",
|
|
"value": "2019-05-31T20:37:36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "014b39d7-43f1-4de4-af9d-cf148802f4bc",
|
|
"value": "https://www.virustotal.com/file/16166533c69f2f04110e8b8e9cc45ed2aeaf7850fa68845c64d92ff907dd44f0/analysis/1559335056/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "549e96f7-2906-489b-9377-ffd9679ef4ee",
|
|
"value": "49/65"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460599",
|
|
"uuid": "6233ba88-e454-4931-85fd-b1c07492a684",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "6233ba88-e454-4931-85fd-b1c07492a684",
|
|
"referenced_uuid": "3d43da57-37ca-4aec-9e28-739ae5ec4cf6",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-dd00-4ce5-8482-485c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f497657d-64b9-4fb8-9bef-dbe8bc7a2e75",
|
|
"value": "1a103f187bc84e6c0e194a74f7abb7b4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "92382e9d-edec-4b8a-86b6-b23efc9e7e45",
|
|
"value": "b215ce142b024e1ab6ceabf42c5b304938181677"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f05c4173-81d6-4ac3-9849-32781dbb32eb",
|
|
"value": "e3bf733cc85da7421522a0b1ff788d43bcacd02815a88d19426e80de564174b3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460599",
|
|
"uuid": "3d43da57-37ca-4aec-9e28-739ae5ec4cf6",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "445e50a1-0440-4cc5-a699-4a738446ef6b",
|
|
"value": "2019-05-31T20:38:42"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4df03149-42ac-4aa5-9e11-d6f3ef5c98d1",
|
|
"value": "https://www.virustotal.com/file/e3bf733cc85da7421522a0b1ff788d43bcacd02815a88d19426e80de564174b3/analysis/1559335122/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "13ce854f-1244-4764-b27d-4be8e87cb6f4",
|
|
"value": "54/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460599",
|
|
"uuid": "2af4fed3-7abe-4bd0-9e07-78f99b75b02a",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2af4fed3-7abe-4bd0-9e07-78f99b75b02a",
|
|
"referenced_uuid": "e5651225-768d-4ef0-a852-6859df9ebc50",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-1be4-4ff1-ac50-46f8950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3d2a156a-9c9a-4195-b0a0-df093fc3234a",
|
|
"value": "08a3a817ab805d73d89e9ef2dca9c352"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f0b26367-3228-4206-bdaf-1f9de194e107",
|
|
"value": "376afa8b852d28b385447cb1fe50bcf956a7d7f9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2f71eb5a-8316-4aed-91b2-e67d577dcb5b",
|
|
"value": "e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460599",
|
|
"uuid": "e5651225-768d-4ef0-a852-6859df9ebc50",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6a216dbf-9280-4d76-9442-71a2b8fbe413",
|
|
"value": "2019-05-31T20:38:41"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b471c935-a03d-4ddc-b1ea-479d8646e74b",
|
|
"value": "https://www.virustotal.com/file/e2c87bca353016aced41305ddd66ee7430bf61a20c0f4c8c0f0650f006f05160/analysis/1559335121/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8ea41408-542f-4901-a4ec-18eab47e9e34",
|
|
"value": "45/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460599",
|
|
"uuid": "f65269df-3231-420c-afe2-cb9d182e8e52",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f65269df-3231-420c-afe2-cb9d182e8e52",
|
|
"referenced_uuid": "1e4c672b-f6ed-42a7-b1a6-2afdf236e7b4",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-e0e4-4a6c-8975-42fa950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "cccbf34e-e594-4bde-9a57-421b6b9101bf",
|
|
"value": "c25334e63cd0207d3107d1c5dd2d1e72"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b4dbf4ea-c22b-45a2-8bf8-4090ad214209",
|
|
"value": "4d953f09dec970b583d1033ce49a9004721d8131"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fef0bb22-501d-4bb4-9831-e05534cb713c",
|
|
"value": "5f5d483c1fcd1638b32d11183c5ed5fd36362fb12d62e1d9940b47906733d672"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460600",
|
|
"uuid": "1e4c672b-f6ed-42a7-b1a6-2afdf236e7b4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e42d6a78-6fef-45cb-8404-551e2b655c74",
|
|
"value": "2019-05-31T20:37:55"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b5c51ec9-943d-4067-b39c-7ec732f08004",
|
|
"value": "https://www.virustotal.com/file/5f5d483c1fcd1638b32d11183c5ed5fd36362fb12d62e1d9940b47906733d672/analysis/1559335075/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b2f00224-1d26-4173-a307-feacd346b586",
|
|
"value": "48/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460600",
|
|
"uuid": "059e1ff5-337c-43b8-b2a3-3bd1a141ae5b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "059e1ff5-337c-43b8-b2a3-3bd1a141ae5b",
|
|
"referenced_uuid": "3ef9e33c-b041-49fd-b3d0-a4635aa80082",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-de24-4ca6-a17f-40cc950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460033",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0b73459c-46d6-4ac8-bf9a-1fb657573bcc",
|
|
"value": "d790997dd950bb39229dc5bd3c2047ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460033",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4cadb352-3f7a-472f-bddf-04b2151937d9",
|
|
"value": "7e6407c28c55475aa81853fac984267058627877"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460033",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b111ab6-f20c-48a3-9019-20a2a3816f46",
|
|
"value": "3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460600",
|
|
"uuid": "3ef9e33c-b041-49fd-b3d0-a4635aa80082",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460033",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f218ca67-d2a9-4b33-829d-26d99eaa7575",
|
|
"value": "2019-05-29T03:11:20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460033",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d2bc48a7-8532-4e83-8832-877f0fc94c63",
|
|
"value": "https://www.virustotal.com/file/3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c/analysis/1559099480/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460033",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f3e0e2cc-0f49-4a41-8409-1643da0fda19",
|
|
"value": "25/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460600",
|
|
"uuid": "53426774-0b9a-423d-96e5-258c563551e8",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "53426774-0b9a-423d-96e5-258c563551e8",
|
|
"referenced_uuid": "bbc42520-4fab-426a-9e7f-ca0d3dfdd8d5",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-4794-4df7-9e5c-44ac950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "b033d2f2-361e-4020-82f2-8d2681881fc5",
|
|
"value": "795ff3e400d08e83de67d23dfc4f0201"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9dc0d8df-962f-4354-af81-07a8a74c774a",
|
|
"value": "1f087445edee192d810d383d182c8350e45008ae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "0ee830f3-ff53-4ffb-948e-0cf35e1036fa",
|
|
"value": "4c98d5cd865d7fe2f293862fae42895045e43facfdd2a3495383be4ddbb220dc"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460600",
|
|
"uuid": "bbc42520-4fab-426a-9e7f-ca0d3dfdd8d5",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "dad304e4-c98c-4010-af82-f6aac7557e35",
|
|
"value": "2019-05-31T20:37:51"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "41e58b7a-883e-4a30-973d-009bc1f711e4",
|
|
"value": "https://www.virustotal.com/file/4c98d5cd865d7fe2f293862fae42895045e43facfdd2a3495383be4ddbb220dc/analysis/1559335071/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e911adf9-ddc2-472e-b04b-8da576f28ba8",
|
|
"value": "44/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460600",
|
|
"uuid": "4de765ce-30ef-4d98-ad0d-f91e29e02261",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4de765ce-30ef-4d98-ad0d-f91e29e02261",
|
|
"referenced_uuid": "5061c53e-1a32-413d-9d20-d1ae7c1a23bd",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-8de0-42c9-91bb-4050950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "dfa10737-d78a-4b44-b03a-b1dc26f337d2",
|
|
"value": "b66be2f7c046205b01453951c161e6cc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4a349623-ce64-4397-9ce9-7fbd43f626db",
|
|
"value": "ec5784548ffb33055d224c184ab2393f47566c7a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "05f5c9dd-1306-4897-b1de-9a8efcb93fb6",
|
|
"value": "ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460600",
|
|
"uuid": "5061c53e-1a32-413d-9d20-d1ae7c1a23bd",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9b52f7e1-c60a-4307-a7da-791ac95a7eaf",
|
|
"value": "2019-04-11T08:23:58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5f554615-a857-4202-b608-eb6c1c0fffe2",
|
|
"value": "https://www.virustotal.com/file/ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c/analysis/1554971038/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0d85a709-4633-4795-9f52-f70e7b0f8969",
|
|
"value": "28/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460601",
|
|
"uuid": "e6c71e20-622b-4fa1-98a3-049d8fa792cf",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e6c71e20-622b-4fa1-98a3-049d8fa792cf",
|
|
"referenced_uuid": "e996b91d-bda3-4904-8d59-bd7e6e48c017",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-e0ac-4fef-96eb-48b2950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f6cf9432-5d2b-4945-95f6-3bf14dd2fb67",
|
|
"value": "c8d0ccd2e58c1c467ee8b138c8a15eec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d22c6dc1-c0e7-4ae5-b660-81e2c6d14de7",
|
|
"value": "a9903adb99b41e943541116d32fa4d4043be15fa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "37c5ced2-a3bb-4018-9ce1-a0097525c9ae",
|
|
"value": "a6c33d7275c46397593f53ea136ea8669794f4d787044106594631c07a9ee71d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460601",
|
|
"uuid": "e996b91d-bda3-4904-8d59-bd7e6e48c017",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "14af7669-d21c-43fa-a092-287e5c336e02",
|
|
"value": "2019-05-31T20:38:19"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9fb243e5-963a-4c5f-9ace-aefb12c268dd",
|
|
"value": "https://www.virustotal.com/file/a6c33d7275c46397593f53ea136ea8669794f4d787044106594631c07a9ee71d/analysis/1559335099/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "60e78cd6-5131-4c01-b11f-74fc4f2883b2",
|
|
"value": "45/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460601",
|
|
"uuid": "09721354-5254-4f34-99c2-c6bfdfc2a013",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "09721354-5254-4f34-99c2-c6bfdfc2a013",
|
|
"referenced_uuid": "dcd7b5e5-32ae-439a-8d76-d29db0cfe1be",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-eed8-413e-bee0-4aa5950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f60a9f50-ad82-4f29-8f0f-45abdaf6be24",
|
|
"value": "1156a1e003c19be6664e0189827a4278"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7f052263-e284-470f-8c2b-4f857ff555a2",
|
|
"value": "b68897138a56e27fb12af8b15cbfed2fbd71dcbd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "21c29e2c-358a-40e3-9a3e-c16326396634",
|
|
"value": "aaeee605cb1850dd81da8990fe4115fe85e5d4eb84ddaf2fa8d0b21afdc2b293"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460601",
|
|
"uuid": "dcd7b5e5-32ae-439a-8d76-d29db0cfe1be",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7fd795a7-deb4-4867-9d7c-fd07edc1bd1e",
|
|
"value": "2019-05-31T20:38:21"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6a2686d3-842d-4e2c-b3fa-248d249ce6fa",
|
|
"value": "https://www.virustotal.com/file/aaeee605cb1850dd81da8990fe4115fe85e5d4eb84ddaf2fa8d0b21afdc2b293/analysis/1559335101/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "29da7dd9-1330-4c79-8c78-030ffb0c005e",
|
|
"value": "55/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460602",
|
|
"uuid": "038aeee6-160b-4b99-975d-c08f2252a243",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "038aeee6-160b-4b99-975d-c08f2252a243",
|
|
"referenced_uuid": "2f677d16-9287-4cb6-94a2-f789ff3dbb0d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-caa0-48b2-821b-4063950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "23a16cf0-e7cf-4c2e-829e-a76f3ab4d952",
|
|
"value": "e1f9360f952acf5dabdf2f46458e7842"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2b75e2f0-2f2c-4100-b69d-eab5a147dc52",
|
|
"value": "027f6e1ab57db86fc400e5c0ea8f943791ca9943"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ae4f490b-e382-47f4-9550-e4f63fec8030",
|
|
"value": "77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460602",
|
|
"uuid": "2f677d16-9287-4cb6-94a2-f789ff3dbb0d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f9200e7d-805f-41e0-bc21-0dfa4875cc5d",
|
|
"value": "2019-05-31T20:38:03"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "fa7061c9-0d1d-4ab2-a534-40a225689ce4",
|
|
"value": "https://www.virustotal.com/file/77850f738ba42fd9da299b2282314709ad8dc93623b318b116bfc25c5280c541/analysis/1559335083/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b2a0e7ff-ebea-443c-857c-62ca3c4ee208",
|
|
"value": "48/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460602",
|
|
"uuid": "afc80670-f512-4668-a52b-92120997f276",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "afc80670-f512-4668-a52b-92120997f276",
|
|
"referenced_uuid": "6be40e2f-088b-45f8-8a93-2c139dd1717f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-65b8-47dc-be68-4d51950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1610bdb6-9a53-4cb8-8641-0173be5901db",
|
|
"value": "b2ad4409323147b63e370745e5209996"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7257450c-eb46-438e-afd3-f85788267476",
|
|
"value": "15e8fac9c9d5e541940a3c2782df6196ec1e9326"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c49881a1-f735-429d-862f-53b793bf361f",
|
|
"value": "867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460602",
|
|
"uuid": "6be40e2f-088b-45f8-8a93-2c139dd1717f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460113",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "dc382f61-1e67-48f0-b879-ba496d6c6385",
|
|
"value": "2019-05-31T20:38:11"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460113",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5d916ec2-83cd-42c0-8b3b-29d60efc4fd5",
|
|
"value": "https://www.virustotal.com/file/867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a/analysis/1559335091/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460113",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "58f63ade-9cb1-4751-9d60-3202c7910c21",
|
|
"value": "49/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460602",
|
|
"uuid": "926b7bd6-2e77-4c03-ba85-77655deb2b6e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "926b7bd6-2e77-4c03-ba85-77655deb2b6e",
|
|
"referenced_uuid": "b646014e-f7b5-40e1-aaf2-d47303e69b9c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-c330-4b00-aa6e-4a0e950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ddcaaf00-3b06-48bc-bbbf-6df15987290a",
|
|
"value": "24e501248f4b48f0194e67d7f7d71c0e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7760bb5e-681e-4b2a-ac41-ffd78a94e02b",
|
|
"value": "5ffded28ee96493e3ad0b4c59b13484f9edc1abe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9ce0a3bc-70dc-4dd1-ac08-d4e09fae6656",
|
|
"value": "e3a6970d66bc4687b21381353826fabd469007c869efc711fdd0e4711aa77ffc"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460602",
|
|
"uuid": "b646014e-f7b5-40e1-aaf2-d47303e69b9c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "048edc49-5450-41b0-8703-7e4c4507ddae",
|
|
"value": "2019-05-31T20:38:42"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ebd96e80-6d4a-4307-b58a-37e360ac7415",
|
|
"value": "https://www.virustotal.com/file/e3a6970d66bc4687b21381353826fabd469007c869efc711fdd0e4711aa77ffc/analysis/1559335122/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "05b4b602-0adc-48dd-ba40-6de0826fb924",
|
|
"value": "50/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460603",
|
|
"uuid": "8a3528b9-bc2e-4e32-ac93-4c8a46cc6b2d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8a3528b9-bc2e-4e32-ac93-4c8a46cc6b2d",
|
|
"referenced_uuid": "1adb843b-7121-47fa-a368-76c9cfd0b246",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-3d50-4dd7-8851-4193950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "018427c6-a767-46ca-a190-fc4d0d709ef0",
|
|
"value": "93c043e9480e3b618a74e2cae7c8c086"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d46c24ef-99bf-41b8-b49a-11bef5fba44a",
|
|
"value": "d7ec2fdee3abfc6a9e4385d9e320bd07b49039cc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "49079773-5e34-444e-80e4-a3cd6aae5ee4",
|
|
"value": "7888e9a27b27f026f09997414504be5822f35b69ddec826eb2a56f6347e2d147"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460603",
|
|
"uuid": "1adb843b-7121-47fa-a368-76c9cfd0b246",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e44dcf12-e938-4a69-9746-8c0559cf2c9d",
|
|
"value": "2019-05-31T20:38:04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1cd84f3e-4f2f-4965-92aa-38b32cdaa1a9",
|
|
"value": "https://www.virustotal.com/file/7888e9a27b27f026f09997414504be5822f35b69ddec826eb2a56f6347e2d147/analysis/1559335084/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2d60b13f-84e0-4e10-a729-0682497fced5",
|
|
"value": "51/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460603",
|
|
"uuid": "6038bf6c-1f5c-4b29-a890-0514f93246da",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "6038bf6c-1f5c-4b29-a890-0514f93246da",
|
|
"referenced_uuid": "011daee4-ac24-4071-bb9f-ee36ed5c8b5e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-0a40-4d0d-9fd9-4ada950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "7f7559c6-a637-4043-8243-dd42d0a50529",
|
|
"value": "e5957ccf597223d69d56ff50d810246b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c4e48348-e70b-4e94-9e73-e18c666ed184",
|
|
"value": "d41e96dedbe7c04439ba489535eb65d0c7b17674"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fec2879b-972e-4c8e-ad43-b0505c68bd21",
|
|
"value": "7fd109532f1e49cf074be541df38e0ce190497847fdb5588767ca35b9620a6c2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460603",
|
|
"uuid": "011daee4-ac24-4071-bb9f-ee36ed5c8b5e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "22856791-b40d-4a61-b67e-c82831945d99",
|
|
"value": "2019-06-01T06:11:19"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "edbb49a6-4f3d-4785-9885-6ebb95415bb3",
|
|
"value": "https://www.virustotal.com/file/7fd109532f1e49cf074be541df38e0ce190497847fdb5588767ca35b9620a6c2/analysis/1559369479/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "4f5fe4d2-8c8a-47aa-a2e4-22aa9ca2ed25",
|
|
"value": "53/73"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460603",
|
|
"uuid": "4892d578-41fd-4500-b607-bb71e079aa54",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4892d578-41fd-4500-b607-bb71e079aa54",
|
|
"referenced_uuid": "c344c0d9-4251-460a-90b8-efeb08a354f5",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-ec48-427b-9712-4444950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "51c791aa-b0fd-4403-8059-dedab39a565d",
|
|
"value": "fac356509a156a8f11ce69f149198108"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b185f811-693a-462c-b377-e3caf1e8b6cf",
|
|
"value": "66b0d9b10c2898d388bdfd2be4a66ac76d5822f4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fb5f4a9e-f848-4d0d-b8cf-8e133d8947c0",
|
|
"value": "4a340a0a95f2af5ab7f3bfe6f304154e617d0c47ce31ee8426c70b86e195320c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460603",
|
|
"uuid": "c344c0d9-4251-460a-90b8-efeb08a354f5",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "334f4eb5-982c-4dba-8a4d-a0cc8eef12f9",
|
|
"value": "2019-06-01T11:31:52"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "708de2c6-621a-4a57-ba4d-52007df4d5c1",
|
|
"value": "https://www.virustotal.com/file/4a340a0a95f2af5ab7f3bfe6f304154e617d0c47ce31ee8426c70b86e195320c/analysis/1559388712/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ce93c5a5-f6b7-4e8d-a723-42aa98a39afa",
|
|
"value": "56/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460603",
|
|
"uuid": "20931e8f-e75d-4b8b-b4ae-6db30c54e355",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "20931e8f-e75d-4b8b-b4ae-6db30c54e355",
|
|
"referenced_uuid": "19697d5f-9fce-41c0-a762-93dcf7479bb5",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-4340-4b01-a9df-4803950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "33bd6647-edd9-424e-a2d1-653241e6a159",
|
|
"value": "d94a7f243abba321477afc3f756cae0e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "bcd4e1b2-a909-47cd-9323-6a9e3fea056c",
|
|
"value": "eed56fdd5f8f57871fd443719950be66e06ae68b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a4540dd7-678d-4298-8a19-8eb206a0b631",
|
|
"value": "d60126545fa68b14c36cd4cffa3f81ed487381482582acbba786fa88884f636b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460603",
|
|
"uuid": "19697d5f-9fce-41c0-a762-93dcf7479bb5",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2ab7c40c-9df2-4eef-9937-502ba05fe15d",
|
|
"value": "2019-05-31T20:38:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "99b86863-71e6-4be4-9485-a1a3c24ffd7c",
|
|
"value": "https://www.virustotal.com/file/d60126545fa68b14c36cd4cffa3f81ed487381482582acbba786fa88884f636b/analysis/1559335115/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ce19e034-b1e6-48b6-b39d-10b939a89a6a",
|
|
"value": "35/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460603",
|
|
"uuid": "3c1cf1e3-9ce4-4d57-a90b-62d03bac4126",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "3c1cf1e3-9ce4-4d57-a90b-62d03bac4126",
|
|
"referenced_uuid": "a26082fe-b3c8-44c8-817a-286666cfa8e9",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-0f04-44c4-a5be-49bc950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c232cb59-04f8-475f-9124-518c8d236490",
|
|
"value": "b428c8af87e85522dc847f054f4d1e5f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e28331d0-158f-433c-a4f8-cceae30df45d",
|
|
"value": "7dc0efabf70133fb8d30b4de75811c9d771d01da"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c6f61c0d-1c76-4fc4-ab4b-f7eb9d28ba77",
|
|
"value": "3d8c7fb9e55f96cf3073b321ee5e59ff2189d70b0662bc0b88990971bc8b73d8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460604",
|
|
"uuid": "a26082fe-b3c8-44c8-817a-286666cfa8e9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5acae290-2761-4d2d-8048-1095273d6c09",
|
|
"value": "2019-05-31T20:37:46"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "adac4da8-c70d-4123-9639-9d23a69a71d6",
|
|
"value": "https://www.virustotal.com/file/3d8c7fb9e55f96cf3073b321ee5e59ff2189d70b0662bc0b88990971bc8b73d8/analysis/1559335066/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "665420d1-8954-4c6c-93d5-bdc8747e0519",
|
|
"value": "54/73"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460604",
|
|
"uuid": "1faad245-0601-4322-b915-cfbb31a5795f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1faad245-0601-4322-b915-cfbb31a5795f",
|
|
"referenced_uuid": "14bd5db8-ee14-46bf-add5-38c0239113ab",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-2b00-42bb-b96c-47fb950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "574bde7d-46c8-4869-b9ff-ced8ab522148",
|
|
"value": "3c434d7b73be228dfa4fb3f9367910d3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "dcc584a6-c5c8-4f4e-9bbd-611ceeb6f268",
|
|
"value": "b7fc0dd1f939d7bca337b0d9cd562e3b1b5c8947"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ac1e7f3d-10c1-4124-8969-3a7082890e83",
|
|
"value": "5ab6358e1886655257c437ebad71b98a6575313b2f9327359661aac5d450c45a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460604",
|
|
"uuid": "14bd5db8-ee14-46bf-add5-38c0239113ab",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fcbea3cb-8cfa-4920-9027-846cf7ba8174",
|
|
"value": "2019-05-31T20:37:56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7169f6ae-142c-4744-8d86-9da92b7b89a7",
|
|
"value": "https://www.virustotal.com/file/5ab6358e1886655257c437ebad71b98a6575313b2f9327359661aac5d450c45a/analysis/1559335076/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "23070997-5e57-4d68-b6f2-07dea4ead1bb",
|
|
"value": "46/64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460604",
|
|
"uuid": "1bce7fb2-c2d0-4032-b6bb-dd12011a586c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1bce7fb2-c2d0-4032-b6bb-dd12011a586c",
|
|
"referenced_uuid": "f7a56679-e2ee-4418-92c3-ec83dbc7cf69",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-29d0-454a-8563-4a52950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f14fb211-340b-4b9b-ae3d-d36a50bc026c",
|
|
"value": "0f75dd5ecd9ac36f98462a63bfdc88c2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "34a977c1-8f2c-40e9-84f8-fdbc3437231b",
|
|
"value": "07afc6b69535e638c5fb59c215a10104de334c2a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "84b914cc-3bf8-46e4-8f24-da1fe23ac118",
|
|
"value": "b00cd2ca5247c93e3a40f73006051bbfada3b1bc73c4d44105384824bb60131d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460604",
|
|
"uuid": "f7a56679-e2ee-4418-92c3-ec83dbc7cf69",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f0f6a844-bce4-41c7-9896-20aeb73c2834",
|
|
"value": "2019-05-31T20:38:22"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4556723a-7fb1-4790-a340-77be1e9cfb4f",
|
|
"value": "https://www.virustotal.com/file/b00cd2ca5247c93e3a40f73006051bbfada3b1bc73c4d44105384824bb60131d/analysis/1559335102/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "50cd7d03-6d84-4cf4-855f-47f59fabf059",
|
|
"value": "23/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460604",
|
|
"uuid": "edcba3d5-9d16-4c26-b036-a783054a0201",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "edcba3d5-9d16-4c26-b036-a783054a0201",
|
|
"referenced_uuid": "1682fbe3-7192-44a4-9240-2e558891fa92",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460634",
|
|
"uuid": "5cf37b1a-57e4-4a0e-93e9-4ee7950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "85bb459a-3594-4fba-ab18-b3cf09c5acfb",
|
|
"value": "658b0502b53f718bd0611a638dfd5969"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3d7bd2a0-4c37-414f-8ca4-d6e71b592a3c",
|
|
"value": "d8879121597693aa54eda9f5cf3247d6e9bc4426"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4667c172-8d5e-455f-a960-cbedd0ab6be0",
|
|
"value": "4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460604",
|
|
"uuid": "1682fbe3-7192-44a4-9240-2e558891fa92",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6899284f-fc02-4dbf-be76-7223977f8cc6",
|
|
"value": "2019-05-31T22:44:12"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b01e9195-4842-437d-85a1-46b2df93e864",
|
|
"value": "https://www.virustotal.com/file/4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958/analysis/1559342652/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "49c640ff-015e-4132-a11e-d322e4f4c29b",
|
|
"value": "45/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460605",
|
|
"uuid": "c0446e9d-4d30-4c58-adb6-1fd627e127f0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c0446e9d-4d30-4c58-adb6-1fd627e127f0",
|
|
"referenced_uuid": "842bd8c7-4933-4db4-bbf4-062093187ea1",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-58ec-45a9-8213-4aa2950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4121c64a-6bcc-4c0c-bea5-ea646a241805",
|
|
"value": "c04a7cb926ccbf829d0a36a91ebf91bd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d26a0cac-358c-40b5-9d0c-15f3f9b4c01f",
|
|
"value": "66adf3ab1913e92be7f34adcd9be1b6eda677d59"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ad0a602a-3069-4d41-99ee-22054b8c7c04",
|
|
"value": "04db39463012add2eece6dfe6f311ad46b76dae55460eea30dec02d3d3f1c00a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460605",
|
|
"uuid": "842bd8c7-4933-4db4-bbf4-062093187ea1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1eb5a1e0-0693-4ff6-bdc4-0e41f4d16b96",
|
|
"value": "2019-05-31T20:37:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e2baa963-49f8-42ce-a6b0-a2f2a682a2ff",
|
|
"value": "https://www.virustotal.com/file/04db39463012add2eece6dfe6f311ad46b76dae55460eea30dec02d3d3f1c00a/analysis/1559335053/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a63558fd-ebe8-448e-a3a8-e06c8ca73bde",
|
|
"value": "54/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460605",
|
|
"uuid": "2a17841a-d493-4ebe-8f1f-eeb8ac8e2306",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2a17841a-d493-4ebe-8f1f-eeb8ac8e2306",
|
|
"referenced_uuid": "7c72b9df-49a4-4325-b269-238b4cfdf298",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-03bc-4e1a-ad8e-49d4950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0babe6c4-fa91-420c-95cf-1541e7b7e6a1",
|
|
"value": "a46fde545ed044f541f25aa4d42d6954"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "a4f0b9ed-40b3-4d84-a6ee-23919004451e",
|
|
"value": "a73df524ccce3c1acbbfd67f1105a9e1f7b3f947"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f7c01d52-30fe-4eb2-8725-173f8de59cdd",
|
|
"value": "398e335f2d6379771d86d508a43c567b4156104f89161812005a6122e9c899be"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460605",
|
|
"uuid": "7c72b9df-49a4-4325-b269-238b4cfdf298",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e8b323b2-b0da-4440-a919-8d722d63530e",
|
|
"value": "2019-05-31T20:37:46"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5998d9ac-a109-476d-9958-e5ec1ef8267c",
|
|
"value": "https://www.virustotal.com/file/398e335f2d6379771d86d508a43c567b4156104f89161812005a6122e9c899be/analysis/1559335066/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c77209f4-e6b9-4565-9c02-92e9d7294685",
|
|
"value": "35/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460605",
|
|
"uuid": "8ea7a65a-ad1b-44bb-9cab-439599dfd007",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8ea7a65a-ad1b-44bb-9cab-439599dfd007",
|
|
"referenced_uuid": "139b4507-7bbb-49e4-80ed-63adb9265bb8",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-ca4c-4db1-92b5-4445950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460365",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d6e7f0ca-632a-4065-9892-70dd6627aa63",
|
|
"value": "c19913e42d5ce13afd1df05593d72634"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460365",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "99df9290-1b43-4549-8f4c-ca0a852f0875",
|
|
"value": "cc4f98e897e66bdc0c21fb48ac76da6099e710b2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460365",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "30063904-13f1-4d31-bac3-411cd6596477",
|
|
"value": "d10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460606",
|
|
"uuid": "139b4507-7bbb-49e4-80ed-63adb9265bb8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Prilex",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460365",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5b156efc-5351-447a-b13a-296cf811cc8c",
|
|
"value": "2019-05-31T20:38:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460365",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f0b1158a-fe41-4116-8ce0-a84e898879cf",
|
|
"value": "https://www.virustotal.com/file/d10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e/analysis/1559335113/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Prilex",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460365",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0b8ca6bc-e898-4162-88bd-a4e61a569946",
|
|
"value": "50/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460606",
|
|
"uuid": "dbfa13a9-c6ba-47bf-96fe-624fdf317bb6",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "dbfa13a9-c6ba-47bf-96fe-624fdf317bb6",
|
|
"referenced_uuid": "be6277af-27c1-49b4-a6fb-665023d4b859",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-8030-4d64-8124-4d3e950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c2f978f2-2af4-429f-9396-f96b672adfb7",
|
|
"value": "2b3a13a952853263142a83030ed11709"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "36f89e2b-de1b-4f5d-a9dc-df3e715ce312",
|
|
"value": "4ffbae930fe4f323d63c1cd64e60c8bf02a07522"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "162afe6b-da68-45a9-9f59-d2ae77dfe5b0",
|
|
"value": "fe1634318e27e3af856506d49a54d1d12e1cf650cbc31eeb0c805949edc8fc85"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460606",
|
|
"uuid": "be6277af-27c1-49b4-a6fb-665023d4b859",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1677402f-1140-4af4-b81f-03fddbb26c5c",
|
|
"value": "2019-05-31T20:38:48"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "01fd602e-d80d-46b4-a335-5e1cb6f47221",
|
|
"value": "https://www.virustotal.com/file/fe1634318e27e3af856506d49a54d1d12e1cf650cbc31eeb0c805949edc8fc85/analysis/1559335128/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cbf1dc74-acad-46d1-b9f9-f74f3ba8c8e0",
|
|
"value": "51/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460606",
|
|
"uuid": "d75b18de-3b5b-4280-ac08-62fd1a3b2028",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d75b18de-3b5b-4280-ac08-62fd1a3b2028",
|
|
"referenced_uuid": "4e34b407-cc37-4139-9c1f-9e65ab576fa2",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-8860-4e7c-a3c3-47be950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ae7a4d77-f93f-4882-95f4-1ae93450a245",
|
|
"value": "c4234c5a9817a7db447c042aa92f5186"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7fbbbd2f-ebaf-4b11-b521-e1878c2367a1",
|
|
"value": "a27b8c49ecfb647d1b7eaca7653b271062dd5462"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460113",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "bbe5ed56-6b4e-424a-aa4c-02b50fd61710",
|
|
"value": "f6609bb3c3197ace26ebdeb372ba657ac84b05a3e9e265b5211e1ea42da70dbe"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460606",
|
|
"uuid": "4e34b407-cc37-4139-9c1f-9e65ab576fa2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460113",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "4f106aef-e6cf-43ef-b5a5-48b9da83586e",
|
|
"value": "2019-05-31T20:38:46"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460113",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c988e2d8-d03c-4d70-94df-31388b23874f",
|
|
"value": "https://www.virustotal.com/file/f6609bb3c3197ace26ebdeb372ba657ac84b05a3e9e265b5211e1ea42da70dbe/analysis/1559335126/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460113",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "50c79ded-c117-421f-9a5b-dd94f3bff8e0",
|
|
"value": "40/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460606",
|
|
"uuid": "a28f47bc-9c3f-43da-836e-566801c37af3",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a28f47bc-9c3f-43da-836e-566801c37af3",
|
|
"referenced_uuid": "82e1a278-1e8f-42da-9165-88748d3b97e9",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-328c-4646-81cb-4a30950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d1826644-634f-44dd-8d79-64f1f4088714",
|
|
"value": "59287133730f114570cce0d6b2bfec47"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7d764a33-96c3-4420-af3e-6f9e7942a1a6",
|
|
"value": "d15c97b8e5ef165bbbecedb1abf553ae9fec20e0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8ae6dd3b-3ddd-4a6c-a09b-43927cded8f1",
|
|
"value": "b39c5992c2cb70c76c82d6fba3cc0b7972c2f9b35227934b766e810f20a5f053"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460608",
|
|
"uuid": "82e1a278-1e8f-42da-9165-88748d3b97e9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a453a41b-f067-472f-b4fc-2296f6214cbe",
|
|
"value": "2019-05-31T20:38:24"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a6c96f8f-9eb9-4adc-a903-f638befde839",
|
|
"value": "https://www.virustotal.com/file/b39c5992c2cb70c76c82d6fba3cc0b7972c2f9b35227934b766e810f20a5f053/analysis/1559335104/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "3317b910-c2b9-4ade-aff8-7f6d17b1c4d9",
|
|
"value": "51/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460609",
|
|
"uuid": "e129d219-2e21-4bb0-80f5-b86c12280449",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e129d219-2e21-4bb0-80f5-b86c12280449",
|
|
"referenced_uuid": "58e83e28-fbea-4868-a994-60f4de007d99",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-d614-4039-a773-40c8950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "36eb1630-3c30-46fb-a4ec-a8d9a028e421",
|
|
"value": "654f1b90cf1f1969ecdcd738f1eb70a7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "451c76e7-e3e1-4f35-a229-0becfb8049d9",
|
|
"value": "4888eed3cfbe66ec23ab1fdaaa1ade65d2a49732"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9c68d6fa-b73c-4e29-8ea1-84f0ea302fd4",
|
|
"value": "1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460609",
|
|
"uuid": "58e83e28-fbea-4868-a994-60f4de007d99",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460335",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fa230657-879a-4f45-b450-9c6e998f4c90",
|
|
"value": "2019-05-31T20:37:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460335",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "0023fe5f-b385-4a33-8d7e-0f22c0697799",
|
|
"value": "https://www.virustotal.com/file/1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6/analysis/1559335055/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460335",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "27b9460c-7af1-40ab-8f76-f311bc90eb38",
|
|
"value": "36/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460609",
|
|
"uuid": "493a431d-5b81-4845-b0ef-251375c0373b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "493a431d-5b81-4845-b0ef-251375c0373b",
|
|
"referenced_uuid": "350e44bd-9cf3-49c4-b79d-4085722249f1",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-8c7c-43ce-8d2c-4baf950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c3e8c41c-3794-4269-b4ba-0ef74d0808c0",
|
|
"value": "821e593e80c598883433da88a5431e9d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d8f7fa00-3418-4f5d-a81f-ce40bf125f39",
|
|
"value": "95ddd765865919f7328fef4d15f69b1ee67c0841"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1f907103-5673-487a-84a7-2e9b9902f15e",
|
|
"value": "3f5ff48aa4dc2c1af3deeb33a9cc576616dad37156ae9182831b1b2a5ae4ae20"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460609",
|
|
"uuid": "350e44bd-9cf3-49c4-b79d-4085722249f1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "089319d9-21fa-4479-9f0e-0421b84f1103",
|
|
"value": "2019-05-09T15:56:49"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2c25b5f2-0ed3-4747-b319-699890219caa",
|
|
"value": "https://www.virustotal.com/file/3f5ff48aa4dc2c1af3deeb33a9cc576616dad37156ae9182831b1b2a5ae4ae20/analysis/1557417409/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e142a0fa-e22a-4b8f-a555-d0706f9de24f",
|
|
"value": "48/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460609",
|
|
"uuid": "1a246cda-41a5-49f3-8cda-6268811a7b9c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1a246cda-41a5-49f3-8cda-6268811a7b9c",
|
|
"referenced_uuid": "6180ec62-cb52-473e-a755-69730222ba29",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-148c-4591-a28d-4065950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "6dc4ebf8-4105-4c09-85df-9e7d5d83cf98",
|
|
"value": "f18a9fd8178ebbcaac9baf6b7acc417a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "04473540-c233-40d5-83a5-23144543cc22",
|
|
"value": "e4f3d0267ea70186e5a0feaacc7b5d1b4cc80b33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b3856146-5b70-4496-8c36-a63a605c3131",
|
|
"value": "622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460609",
|
|
"uuid": "6180ec62-cb52-473e-a755-69730222ba29",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "30239132-d04b-43d5-bbdf-70e8d5dc3a05",
|
|
"value": "2019-05-31T20:37:56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "af6993c2-0adf-404c-a10c-f7de33181ec7",
|
|
"value": "https://www.virustotal.com/file/622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829/analysis/1559335076/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "3d8098f3-ffe1-47bc-8039-980495c25e49",
|
|
"value": "29/65"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460609",
|
|
"uuid": "2be66c70-853f-4f7c-a92c-06f6ba36e77c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2be66c70-853f-4f7c-a92c-06f6ba36e77c",
|
|
"referenced_uuid": "db4d615e-ac5f-4345-9443-a1f21f120cc5",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-37d0-421e-ad78-43d5950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "a463bd4c-42d1-4be3-80fb-a36de710b8e8",
|
|
"value": "fce2550a8a4b3c8feb0fec704b16cd43"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "de5613ea-ed41-429b-b5d2-aa3f8b0762b6",
|
|
"value": "a061d9f0bd75735e891e3a1fd7f279bd4e285c28"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2d02bae7-ae31-4cb0-bb3d-0974c260feb8",
|
|
"value": "5c838658b25d44edab79a4bd2af7c56bef96768b93addbbaaaea36da604fca62"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460609",
|
|
"uuid": "db4d615e-ac5f-4345-9443-a1f21f120cc5",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "874606a3-5638-487b-9464-705886de1c7b",
|
|
"value": "2019-05-31T20:37:57"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ba027047-a1cb-4645-aede-2100be04dea2",
|
|
"value": "https://www.virustotal.com/file/5c838658b25d44edab79a4bd2af7c56bef96768b93addbbaaaea36da604fca62/analysis/1559335077/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0e99f221-8808-4aa3-8ad9-90b2364b3bc0",
|
|
"value": "35/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460609",
|
|
"uuid": "a131f43e-2785-48a1-8947-8b82e1aaa5ab",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a131f43e-2785-48a1-8947-8b82e1aaa5ab",
|
|
"referenced_uuid": "3066167d-9e78-4ed6-9459-f009a151fe41",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-9cf4-4c9f-9796-484b950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "fbd93919-1e20-4883-831a-39bfda2ce054",
|
|
"value": "e563e3113918a59745e98e2a425b4e81"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "916c82c6-9f99-49d5-aa2d-e1d22eda89f5",
|
|
"value": "fa8e5a1a0542facc5729f33591e5b8152fb4ea9f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "702cd876-8265-4b4e-be1a-f9bf79f5d16e",
|
|
"value": "2721a5a6478bfff2c5de0d105623ba5f411401bbd92bd3e2bee4c51c2d12f5a8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460610",
|
|
"uuid": "3066167d-9e78-4ed6-9459-f009a151fe41",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1d9c31f8-e68f-4b59-9372-44f5bea67c5f",
|
|
"value": "2019-05-31T20:37:41"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "af7e9b88-5f3c-4163-b3b3-5b7463de07ed",
|
|
"value": "https://www.virustotal.com/file/2721a5a6478bfff2c5de0d105623ba5f411401bbd92bd3e2bee4c51c2d12f5a8/analysis/1559335061/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "19a6d030-b575-4569-9fa2-b44f52425be6",
|
|
"value": "45/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460610",
|
|
"uuid": "3181de68-5e89-497e-b087-57b51ecbef08",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "3181de68-5e89-497e-b087-57b51ecbef08",
|
|
"referenced_uuid": "6aa56cbd-16ee-4811-81d9-4af960c3518d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-3e04-421a-a08b-441d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3ee2f21f-e914-4109-95ab-c0381ab02795",
|
|
"value": "328ec445fce0ec1e15972fef9ec4ce38"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "953431a0-8c34-4e93-b4d5-403c3fb77ed9",
|
|
"value": "ad8a7c5d1287b1fb8b8e874ba9bdb7be0ee971f9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e179135c-b9de-4be9-8066-53f3a53cd7bd",
|
|
"value": "0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460610",
|
|
"uuid": "6aa56cbd-16ee-4811-81d9-4af960c3518d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "cfddc425-816e-4fe1-ae00-e1ef4e5c0ae2",
|
|
"value": "2019-05-31T20:37:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "edb0333b-cb0f-456d-bc3c-ae4c68dac66e",
|
|
"value": "https://www.virustotal.com/file/0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5/analysis/1559335053/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a147ae32-c478-4c64-ac27-c23e7b46dff8",
|
|
"value": "50/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460610",
|
|
"uuid": "6b2065b0-b2fc-431a-9ab4-94b1a58b9d1d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "6b2065b0-b2fc-431a-9ab4-94b1a58b9d1d",
|
|
"referenced_uuid": "89320365-5158-4b98-9194-f2883d3c2c36",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-4f30-49ea-af3b-4e7b950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c316c952-b2c9-470a-8018-8602c165ec6d",
|
|
"value": "01390aeb5c4bbf2eebdb154d706e7117"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9f739f41-997d-48e5-8195-da3f0c435559",
|
|
"value": "0d484d7adc95caf1b375c30dc949a32bd8b932c1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6ac2b694-7fb9-440b-80d5-7ec6ad80fd21",
|
|
"value": "34e7060e7a0c0ba24fcb55c641e5b586cef744e10ebd5a9f73ecd2ed2f4e9c1f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460610",
|
|
"uuid": "89320365-5158-4b98-9194-f2883d3c2c36",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d74d1e16-3996-43b7-87fb-575448bd2d7b",
|
|
"value": "2019-06-01T10:08:28"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4b9e05d9-cce0-4697-a4d0-17c72750eac4",
|
|
"value": "https://www.virustotal.com/file/34e7060e7a0c0ba24fcb55c641e5b586cef744e10ebd5a9f73ecd2ed2f4e9c1f/analysis/1559383708/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5fce43e6-4f67-46eb-ab4e-00c89aa89940",
|
|
"value": "56/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460610",
|
|
"uuid": "c75413c5-ac2d-48e1-85a6-26d59da40b2d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c75413c5-ac2d-48e1-85a6-26d59da40b2d",
|
|
"referenced_uuid": "22de11ea-f09d-456d-b04a-d9d2ed231361",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-1b58-4d25-b6d3-49e0950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "98635b23-580e-4873-8957-6cfb6a8fa6f0",
|
|
"value": "a7441033925c390ddfc360b545750ff4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "deefb6bd-af4f-4460-9f1b-3fc8a8a9d862",
|
|
"value": "3022e60790e17303def03761c8fa7e7393a0ad26"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "71659780-9fcf-49b2-87d7-a021a5aebd5d",
|
|
"value": "d90257af70401984d5d41dd057114df88566d00329874ced3103a6f8cd1991e5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460610",
|
|
"uuid": "22de11ea-f09d-456d-b04a-d9d2ed231361",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "93816fde-2b73-4fd4-96ce-0076fabeafa1",
|
|
"value": "2019-05-31T20:38:37"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ae473f3b-5f7a-4fdc-8c39-bd14d3686e4a",
|
|
"value": "https://www.virustotal.com/file/d90257af70401984d5d41dd057114df88566d00329874ced3103a6f8cd1991e5/analysis/1559335117/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "28f17295-0f98-4300-9d39-c20df51f22c7",
|
|
"value": "41/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460610",
|
|
"uuid": "0f1722a1-311b-4965-b355-7ae365e38a1b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0f1722a1-311b-4965-b355-7ae365e38a1b",
|
|
"referenced_uuid": "b187b049-a9e0-4e18-b1f5-32350b0d2b33",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-18e8-43b0-ba94-4e98950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460186",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e8198751-4711-45e4-8ef0-29b71c64dd8c",
|
|
"value": "733678dda902f949234c227c8b7e4882"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460186",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d6078201-e42c-4d9e-828a-f2c43ff676bb",
|
|
"value": "350e40aad87380faa51bd8f63afc6f5311f38148"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460186",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b9e78ea9-f7ef-40fc-bc88-5a9f54a489e0",
|
|
"value": "1243c478a7145fa08a03200611fcf5fae9bb58039c5069ef93e150d53cf22524"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460610",
|
|
"uuid": "b187b049-a9e0-4e18-b1f5-32350b0d2b33",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460186",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9aeacd2b-77ca-4940-96c9-cc77d8883dd6",
|
|
"value": "2019-05-31T20:37:36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460186",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "964f08ae-5f2f-4899-8448-d0c57b01ba5e",
|
|
"value": "https://www.virustotal.com/file/1243c478a7145fa08a03200611fcf5fae9bb58039c5069ef93e150d53cf22524/analysis/1559335056/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460186",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "765f3762-a249-4683-9945-0a9c2f0395a0",
|
|
"value": "46/65"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460611",
|
|
"uuid": "e623166e-60c6-48c5-9d77-dc65668de4bb",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e623166e-60c6-48c5-9d77-dc65668de4bb",
|
|
"referenced_uuid": "b7bb76ce-eba0-43ff-8242-af513ba697ac",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-56fc-4934-8688-4885950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5d81bf1b-3ee8-45f8-a924-19fcb95d38e4",
|
|
"value": "ea40b06b673d190b4edf38d4b3eef48b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "71ba4218-4ab2-4c88-af55-10075710b03d",
|
|
"value": "7a53ad4a579b5518d42259f3bfa8c97a84a4dff0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a188ca8d-5c41-4b79-9a5d-a6a09fc6bc8c",
|
|
"value": "85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460611",
|
|
"uuid": "b7bb76ce-eba0-43ff-8242-af513ba697ac",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3a5e8201-87e9-4423-99d5-dc9a81093cef",
|
|
"value": "2019-05-31T20:38:10"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "19b3baec-0141-4c1c-b5cc-e3e15975982f",
|
|
"value": "https://www.virustotal.com/file/85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6/analysis/1559335090/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "93e20d2e-83c8-4e55-92b4-ca83010e648e",
|
|
"value": "38/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460611",
|
|
"uuid": "518e8321-d45d-47c1-94a5-4ed465d2122f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "518e8321-d45d-47c1-94a5-4ed465d2122f",
|
|
"referenced_uuid": "2bd8993a-3374-4868-895b-31745d45d556",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460635",
|
|
"uuid": "5cf37b1b-9c64-4034-b625-4d0f950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "657b623f-783a-407b-8976-803a28d0708a",
|
|
"value": "d5d6fd384de9fb23b3a65efeadac7e21"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "005271df-68ea-46c6-b7f7-290ef3b05989",
|
|
"value": "d075dd37f436b5d6d9353ccb25dfdd5b875b0567"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "921ed156-f14d-4008-9ae1-6d28241d3c52",
|
|
"value": "9feea4b7a5b438335353bb4eac82f8f2a16232a90b7cddbf77dc73dd451e9a6e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460611",
|
|
"uuid": "2bd8993a-3374-4868-895b-31745d45d556",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "98827caa-4040-4f46-b4c0-69b5500dd062",
|
|
"value": "2019-05-31T20:38:20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "8a13a2ad-fc9f-492f-b0ae-f125129a1d27",
|
|
"value": "https://www.virustotal.com/file/9feea4b7a5b438335353bb4eac82f8f2a16232a90b7cddbf77dc73dd451e9a6e/analysis/1559335100/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cd268ae1-8e9c-499d-aa26-fce56fd10097",
|
|
"value": "32/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460611",
|
|
"uuid": "a0e70bcc-2c0d-4556-a3e8-4bdd6ce2ab00",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a0e70bcc-2c0d-4556-a3e8-4bdd6ce2ab00",
|
|
"referenced_uuid": "a1aca217-f549-4846-99ad-85432a8ee8fa",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-d5e8-45ad-89b3-4b5c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4000a655-43ac-4502-be9f-8dd604c26a15",
|
|
"value": "fa1fb907051b8f95830792fc534ddf9d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "efc605f9-d093-42c5-a4d9-3597fb756ead",
|
|
"value": "d02b95adb54f0f1578316faa03e5df7a2d799a5c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5de66ec5-e4f2-49e2-9910-fa74005206c4",
|
|
"value": "64499b2584d239380ffecf07e94167e0414c4bb5438620659fe37d595ef3f361"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460611",
|
|
"uuid": "a1aca217-f549-4846-99ad-85432a8ee8fa",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "03705c86-322a-4e1b-a6ae-f4dd21546064",
|
|
"value": "2019-05-31T20:37:57"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "eeb47eca-9cf5-475a-a9d0-001af82adc25",
|
|
"value": "https://www.virustotal.com/file/64499b2584d239380ffecf07e94167e0414c4bb5438620659fe37d595ef3f361/analysis/1559335077/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0c34a5ef-002d-4c20-9154-802941e19c0c",
|
|
"value": "47/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460611",
|
|
"uuid": "426bf823-1fe0-47a8-8a28-28f1c6c12911",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "426bf823-1fe0-47a8-8a28-28f1c6c12911",
|
|
"referenced_uuid": "052c17c1-fc2a-4922-8d1f-c1c4659677c9",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-0eb0-4b49-8374-4ce7950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e3e9220f-4112-41c6-9106-14ce0caf0ee6",
|
|
"value": "46b318bbb72ee68c9d9183d78e79fb5a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5cebfb7e-d81b-4253-973e-1a7da8ed5603",
|
|
"value": "5375ad3746ce42a6f262f55c4f1f0d273fb69c54"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460032",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2f4349c1-fd07-40af-9b89-0c94a169e1ba",
|
|
"value": "10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460611",
|
|
"uuid": "052c17c1-fc2a-4922-8d1f-c1c4659677c9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7164ac9f-f644-41e4-911e-cde0b1b38254",
|
|
"value": "2019-02-28T10:46:34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c71e6526-5bca-4baa-b317-ba6fba8f79f2",
|
|
"value": "https://www.virustotal.com/file/10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba/analysis/1551350794/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Fastcash",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460032",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1741853f-c1df-4ce9-85bb-6987de46a57a",
|
|
"value": "28/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460611",
|
|
"uuid": "285bf247-3a77-4b6b-b0cf-95f327d8e720",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "285bf247-3a77-4b6b-b0cf-95f327d8e720",
|
|
"referenced_uuid": "ee92cc82-3b6b-4b3d-b7b4-62deb508eced",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-8a34-407b-8286-416a950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "53c56ee1-5572-4544-bbe0-311abf7fdc45",
|
|
"value": "085b70e88f7de403194c7b6c725ea9ba"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f2b0c299-ca0b-448f-baf6-bc1e97c8991d",
|
|
"value": "52da479911e86ad5b7da6105de6b23becb746632"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5e6555e8-2430-4af7-9fd5-9639b145b13f",
|
|
"value": "8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460612",
|
|
"uuid": "ee92cc82-3b6b-4b3d-b7b4-62deb508eced",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c9a659ad-4ddf-46b5-8a6e-6d842ffa189a",
|
|
"value": "2019-05-31T20:38:07"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2feaf6d0-838d-434e-984b-b7f1224deed2",
|
|
"value": "https://www.virustotal.com/file/8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b/analysis/1559335087/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "84b9b008-3daf-4615-97c2-6d714f54d382",
|
|
"value": "39/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460612",
|
|
"uuid": "3f4eda4d-eadf-47f8-8901-1f598dd74fee",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "3f4eda4d-eadf-47f8-8901-1f598dd74fee",
|
|
"referenced_uuid": "71681f92-49fb-4c75-8174-fb659cb4d73b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-8fc8-4c4e-8c03-418d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8d6c647c-0f2c-4c59-9815-57a3dce3dcf7",
|
|
"value": "27640bb7908ca7303d13d50c14ccf669"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3278d383-db14-4bbf-aec2-7c1881d5b3f4",
|
|
"value": "7813becfec5dba77f94131c943137d8642449881"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "da127fb5-d356-48d9-9ad6-0d8eb32a127f",
|
|
"value": "05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460612",
|
|
"uuid": "71681f92-49fb-4c75-8174-fb659cb4d73b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c260303a-a917-4163-839b-f8b2da03fe42",
|
|
"value": "2019-05-31T20:37:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "37ea0123-036e-4f30-a066-1ea04ac5b13c",
|
|
"value": "https://www.virustotal.com/file/05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd/analysis/1559335053/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "02d2beb5-d011-46d7-aca1-57eb941c373d",
|
|
"value": "50/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460613",
|
|
"uuid": "ca412922-c341-4132-b68c-29881ecfc37c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "ca412922-c341-4132-b68c-29881ecfc37c",
|
|
"referenced_uuid": "b1eff610-3c61-4201-8d01-263133fba839",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-faac-4f78-927f-4ffd950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "486a4529-18e3-474e-a55d-29566c3dc737",
|
|
"value": "f66c4d00d9b415dde0a81e8b8dab850b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e766ace3-d7f4-4ba1-a751-28aeaf713b9a",
|
|
"value": "beb5a2ce8c43cd16be5cd46c3ac2246b40e23e39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "bff9a1aa-5381-480b-9ccc-d933e5e54f1a",
|
|
"value": "e78e6155b8dfd206ba5a5e7253409891bfed1b943d217e0fbc416a25fa761580"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460613",
|
|
"uuid": "b1eff610-3c61-4201-8d01-263133fba839",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "48380e82-5d2e-46ee-b44c-6ae83f2341b5",
|
|
"value": "2019-05-31T20:38:39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "bda6809d-8daa-4bfe-98cc-086634da4d47",
|
|
"value": "https://www.virustotal.com/file/e78e6155b8dfd206ba5a5e7253409891bfed1b943d217e0fbc416a25fa761580/analysis/1559335119/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8147e7f3-408a-4b41-ba72-57cf2cbb04d4",
|
|
"value": "45/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460614",
|
|
"uuid": "bf924e79-ad8a-431e-ba9b-c5492520e160",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "bf924e79-ad8a-431e-ba9b-c5492520e160",
|
|
"referenced_uuid": "cc21c434-9260-41d3-a614-b133375f24ee",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-a794-4e48-bf94-4f4c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "61532096-4365-4352-a30e-ea279344edbf",
|
|
"value": "f0f0095484f014b3062603721fecf2cf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3c586e20-73b7-4af9-be6c-eeed2849ab55",
|
|
"value": "7b7479391cc1654b068b77d4c1e58d3a5b85dfc9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3dc35bb4-803e-464d-aa67-1cae2bc67d8a",
|
|
"value": "0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460614",
|
|
"uuid": "cc21c434-9260-41d3-a614-b133375f24ee",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460097",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "0a2d9377-d49c-43ac-8a54-fa6c68fd3480",
|
|
"value": "2019-05-31T20:37:32"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460097",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a58e1c94-44a6-420e-874c-461ddcb6ef74",
|
|
"value": "https://www.virustotal.com/file/0149667c0f8cbfc216ef9d1f3154643cbbf6940e6f24a09c92a82dd7370a5027/analysis/1559335052/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460097",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "bc5ccc6f-352d-483e-a1be-887acbc1a46a",
|
|
"value": "26/61"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460614",
|
|
"uuid": "1a5bddeb-8677-4a75-ac19-99205239f3b7",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1a5bddeb-8677-4a75-ac19-99205239f3b7",
|
|
"referenced_uuid": "66eed121-39b0-4068-8398-65d6e5555d7c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-42e8-4a4c-9fbd-432f950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "b475c1a9-3b85-43c2-a8f6-d2de9b204c64",
|
|
"value": "af945758905e0615a10fe23070998b9b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "83edd3d8-ccd4-45ba-806f-f5740f5b1726",
|
|
"value": "0c3e6c1d4873416dec94c16e97163746d580603d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "30b2fc50-ee36-4e34-a914-34a2e72cd55a",
|
|
"value": "b670fe2d803705f811b5a0c9e69ccfec3a6c3a31cfd42a30d9e8902af7b9ed80"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460614",
|
|
"uuid": "66eed121-39b0-4068-8398-65d6e5555d7c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d5223a80-a681-4753-82d1-c5318d77aa4e",
|
|
"value": "2019-05-31T20:38:27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "bdfbc162-32a9-46ad-b5f1-6f65e1c403c5",
|
|
"value": "https://www.virustotal.com/file/b670fe2d803705f811b5a0c9e69ccfec3a6c3a31cfd42a30d9e8902af7b9ed80/analysis/1559335107/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "23615656-fa40-42e1-b754-d9694c955b88",
|
|
"value": "56/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460614",
|
|
"uuid": "489c0352-e36f-4cb3-874b-7724ebb7b544",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "489c0352-e36f-4cb3-874b-7724ebb7b544",
|
|
"referenced_uuid": "3789a48b-d259-456e-9cb6-4dcd8d8b332a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-aca0-46e1-8302-4941950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1a18e9bf-d0fb-4856-b6b8-61ef4ee0123a",
|
|
"value": "035484d750f13e763eae758a5f243133"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d506c628-931f-4bf8-9ebc-00be246f7fce",
|
|
"value": "74758372d3860ef97ab5b9a7060600a929134543"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "192c40fc-aa05-4ff9-b070-7f287bbce86d",
|
|
"value": "b51973c530802ae19df8ac4d9643fc3317952242d9d42f951e094c72d730dd66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460614",
|
|
"uuid": "3789a48b-d259-456e-9cb6-4dcd8d8b332a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "082f0a76-1673-411b-bf62-6ffcb4442b95",
|
|
"value": "2019-05-31T20:38:26"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "8aaf8d34-5aa8-4a01-9d8a-e492eac6299d",
|
|
"value": "https://www.virustotal.com/file/b51973c530802ae19df8ac4d9643fc3317952242d9d42f951e094c72d730dd66/analysis/1559335106/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "72b0fd79-19b4-4676-b2f9-eb62bf3d9e7d",
|
|
"value": "43/62"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460614",
|
|
"uuid": "6de5692d-8e5c-460c-a525-2041d7a48c6b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "6de5692d-8e5c-460c-a525-2041d7a48c6b",
|
|
"referenced_uuid": "c579698f-d8ca-4926-a3d1-faee6b1d14fa",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-a99c-4d06-9ee9-4743950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "66811e68-8130-4051-8158-3c072b080cde",
|
|
"value": "e6c44150a0eea3f3ff3919953cfe3ff8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "35462288-22a7-483d-8640-13b98981da34",
|
|
"value": "8c51cc3df79dd894e6349bd0e3958db654dcdc47"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4571b8cf-e76e-4e7d-8c73-e580ed894122",
|
|
"value": "c3a5c8e9195163cef8e0e70bd8f3d49c8048e37af7c969341e1753aee63df0ae"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460614",
|
|
"uuid": "c579698f-d8ca-4926-a3d1-faee6b1d14fa",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "cf60897a-8193-4d4f-abef-abeb49ee6fa5",
|
|
"value": "2019-05-31T20:38:32"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3b5a1470-2fbf-4641-93ea-b21e12556143",
|
|
"value": "https://www.virustotal.com/file/c3a5c8e9195163cef8e0e70bd8f3d49c8048e37af7c969341e1753aee63df0ae/analysis/1559335112/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9130ba00-8ad6-4c2c-9dae-5e37167bdba6",
|
|
"value": "51/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460614",
|
|
"uuid": "7e9b9964-9f85-457b-a68e-4d57d216a676",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7e9b9964-9f85-457b-a68e-4d57d216a676",
|
|
"referenced_uuid": "c65d59bb-2353-4255-a521-00491026938e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-6d2c-4425-9d0e-4831950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e2956d9e-9263-4244-9903-ede36aee5137",
|
|
"value": "8f4c346007c2273fbf95ababd3e39e3a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c21da9be-20b0-4cc8-94c2-e1c08cf849ee",
|
|
"value": "8212b6b2e73581ae9a077f84c18982e5e94c5148"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "64fdbf78-52ff-4218-b336-be064cd2a4b7",
|
|
"value": "d74cbd2e39dc0a00dc4c0fb0823c5a86455cdad2be48d32866165c9e5557c3e0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460615",
|
|
"uuid": "c65d59bb-2353-4255-a521-00491026938e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e94a836a-6e9e-46a4-ba9f-73a1cb02b5d4",
|
|
"value": "2019-05-31T20:38:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2b8bb496-60e9-40ac-a4cb-d6b57d9c3255",
|
|
"value": "https://www.virustotal.com/file/d74cbd2e39dc0a00dc4c0fb0823c5a86455cdad2be48d32866165c9e5557c3e0/analysis/1559335115/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "97378694-1401-435b-ba49-1a4d9d422e0b",
|
|
"value": "49/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460615",
|
|
"uuid": "7701de0b-39e3-4f29-92d3-367acfaf7da4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7701de0b-39e3-4f29-92d3-367acfaf7da4",
|
|
"referenced_uuid": "5a66509e-55c3-4f73-ba44-ef9d7a670687",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-7374-4a3b-a6a7-44c6950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5dc3f097-3cef-4d54-8edd-24a3c6f8b127",
|
|
"value": "44707298e30eef47e2f50b7fbcf187d0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "66e8cc61-bd8f-4c32-ab3e-12a1b9e7d8f4",
|
|
"value": "2fe0089a68b1d039ea166a2b6b782e5ef22753fb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460097",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "88760d8f-f237-490a-9be5-4ab9f1197472",
|
|
"value": "ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460615",
|
|
"uuid": "5a66509e-55c3-4f73-ba44-ef9d7a670687",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460097",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3624bfd0-c8c0-4680-89b4-5c3b13596bf1",
|
|
"value": "2019-05-31T20:38:44"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460097",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1565608f-5edb-4809-8b5c-a4622c78f3c5",
|
|
"value": "https://www.virustotal.com/file/ef407db8c79033027858364fd7a04eeb70cf37b7c3a10069a92bae96da88dfaa/analysis/1559335124/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Java/Dispcash",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460097",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "450f695a-3460-4863-94e1-6a3b8976d04f",
|
|
"value": "24/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460615",
|
|
"uuid": "64e6740d-db89-4721-b931-cca5f3131f24",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "64e6740d-db89-4721-b931-cca5f3131f24",
|
|
"referenced_uuid": "985dd522-fd96-47a8-9271-703843c2e8fa",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-d4cc-4d0b-aea2-4999950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c4d796f7-cfd8-4d86-966a-984f9c79289f",
|
|
"value": "c10b0157f6fd6590424a748f3c6c80ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "1508f76f-fc78-42d6-a512-ccd889126119",
|
|
"value": "b3401a57ddde3b944bafd348f6575ce195883acc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d6db24ae-0f06-4efa-82ab-fe3b8dfc79f9",
|
|
"value": "20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460615",
|
|
"uuid": "985dd522-fd96-47a8-9271-703843c2e8fa",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d02f0643-4b00-43f1-8ceb-0342aee7c9d9",
|
|
"value": "2019-05-31T20:37:38"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e099554e-378d-4e76-a215-d1dba5769ba1",
|
|
"value": "https://www.virustotal.com/file/20a1490b666f8c75c47b682cf10a48b7b0278068cb260b14d8d0584ee6c006a5/analysis/1559335058/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d0e4882f-c60c-437e-a840-9fa36278d0a2",
|
|
"value": "52/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460615",
|
|
"uuid": "f67a4b48-4754-4364-ba60-cffdf6098346",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f67a4b48-4754-4364-ba60-cffdf6098346",
|
|
"referenced_uuid": "51f62180-23c6-4f50-8b29-60f208683bba",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-55d4-4d14-b060-4733950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "90a79407-3b54-4766-bd46-1bd7b1d9614e",
|
|
"value": "f19b2e94ddfcc7bcee9c2065ebeaa66c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "17b8e6d4-cda4-4da4-b4d8-28037278898c",
|
|
"value": "83989be7e0de579b1bd99079c490e00a997e6709"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460081",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f010ebe8-eead-4571-b43e-79e9240dd11a",
|
|
"value": "653701d02c5d8d39b3da9b0848d20921cd65ea28e77c8e9254e222601264bcc6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460615",
|
|
"uuid": "51f62180-23c6-4f50-8b29-60f208683bba",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "448e960d-3165-49ff-8199-ff4a6830df4f",
|
|
"value": "2019-05-31T20:37:58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2b4434db-c95d-44c0-bd9e-c1b368d35a11",
|
|
"value": "https://www.virustotal.com/file/653701d02c5d8d39b3da9b0848d20921cd65ea28e77c8e9254e222601264bcc6/analysis/1559335078/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Trojan.Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460081",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "21d1dd8e-82fa-4347-816f-ed1786a343f1",
|
|
"value": "52/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460615",
|
|
"uuid": "be9ecc17-1c1d-4a40-9401-954926e240c5",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "be9ecc17-1c1d-4a40-9401-954926e240c5",
|
|
"referenced_uuid": "217bba47-5310-4bf5-914b-c0d3015a1b0f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-ae54-4be3-9a70-4153950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9304f507-38fd-4745-9763-186b147e9be1",
|
|
"value": "162ad6dbd50f3be407f49f65b938512a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "bc10d7a8-dee9-4496-bda0-f52927fd7ce2",
|
|
"value": "535f24c37102387fb3dd7869523aedb1805f3733"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "887dbf40-4ec4-46ac-9937-706d143d9ac8",
|
|
"value": "8bb5c766de0a73dc0eff7c9fce086565b6220465185e258c21c5b9dfb0bef51d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460616",
|
|
"uuid": "217bba47-5310-4bf5-914b-c0d3015a1b0f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "62ea8bf7-1eaa-4674-99d6-da35eb2e4f84",
|
|
"value": "2019-05-31T20:38:10"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4b9d2857-ccc5-4414-a615-52c13b9a091c",
|
|
"value": "https://www.virustotal.com/file/8bb5c766de0a73dc0eff7c9fce086565b6220465185e258c21c5b9dfb0bef51d/analysis/1559335090/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9db2254b-cea0-478b-8970-0f5939ca4d55",
|
|
"value": "47/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460616",
|
|
"uuid": "a32b0183-4187-4dd2-a8dd-af1f550a895d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a32b0183-4187-4dd2-a8dd-af1f550a895d",
|
|
"referenced_uuid": "8edd7b20-8c0d-4ec5-8377-f91b2bc14df9",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-b0f0-491f-8326-4129950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ae02e2ae-3447-4c14-8ba0-9ba4842115dd",
|
|
"value": "ebc66db4dd04ca972de9d4a3a59552d2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "213f329c-ba42-451d-8c64-24e019059674",
|
|
"value": "ef6f5acfe78a50fd5fa61a9f8c3b04e78733d9a3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1543ec77-b7b8-48de-af1d-8716b0f01421",
|
|
"value": "7bd2c97ac5027c360011dc5aa8f2371cd934f73e885e41f7e80152332b3af1db"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460616",
|
|
"uuid": "8edd7b20-8c0d-4ec5-8377-f91b2bc14df9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460303",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ac569e80-185e-48ad-8f43-6e4242aacabc",
|
|
"value": "2019-05-31T20:38:06"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460303",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "de30922b-25bf-4ed8-81a0-66587f10c607",
|
|
"value": "https://www.virustotal.com/file/7bd2c97ac5027c360011dc5aa8f2371cd934f73e885e41f7e80152332b3af1db/analysis/1559335086/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460303",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2eaa45a1-a927-4799-b26a-0bc4e1de98b8",
|
|
"value": "45/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460616",
|
|
"uuid": "4e16407e-a152-4a11-a169-e45b71d2f5b9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4e16407e-a152-4a11-a169-e45b71d2f5b9",
|
|
"referenced_uuid": "f7be55e7-5559-4dc2-a64c-3b399c676e28",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-bfbc-4a79-9ae0-4b1f950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "7e384555-0ad8-4f12-950b-daefce27133b",
|
|
"value": "1876442db107de88ad1dd01cb6c764a3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "698bd7c8-9fcf-4225-93c7-db4199de9d75",
|
|
"value": "232163c4c6e6455d22c57453166269dbf3140692"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7b2ea4f3-ebe6-4b02-991a-0f3222e7a2b1",
|
|
"value": "0e37b8a6711a3118daa1ce2e2f22c09b3f3c6179155b98215a1d96a81c767889"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460616",
|
|
"uuid": "f7be55e7-5559-4dc2-a64c-3b399c676e28",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c9626a4f-252f-4960-b63f-209f3c73cba8",
|
|
"value": "2019-05-31T20:37:34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "34b19d17-7266-47b6-8850-bfc6f821e8a9",
|
|
"value": "https://www.virustotal.com/file/0e37b8a6711a3118daa1ce2e2f22c09b3f3c6179155b98215a1d96a81c767889/analysis/1559335054/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c13d9539-a0b9-48f8-953b-719e56f3a901",
|
|
"value": "49/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460616",
|
|
"uuid": "47e549fb-5165-4fde-8894-16f554d846b2",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "47e549fb-5165-4fde-8894-16f554d846b2",
|
|
"referenced_uuid": "38eb9333-7756-4ef1-84f3-40b11f95c38b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-bcb8-4ed3-ae37-415c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "6c0fef09-dd85-492e-bde9-214c60eb5f37",
|
|
"value": "5e6986ebf2ccf69347569c75c054c1a8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "400024de-cac8-4391-a57d-fbe86df12287",
|
|
"value": "fda071723db7a1de6a1c11984c843ea3a54bf0c5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d49c2c64-4496-4a1d-bf22-e74e96b3a980",
|
|
"value": "359bb8596e4befafdaca706630bec598400694305622c116acdfa59074f1858e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460617",
|
|
"uuid": "38eb9333-7756-4ef1-84f3-40b11f95c38b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "868af5ab-1eba-4848-abf9-f6952c70f7b0",
|
|
"value": "2019-05-31T20:37:45"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "50a35d55-3ffc-45ba-8e62-2ba549e1911b",
|
|
"value": "https://www.virustotal.com/file/359bb8596e4befafdaca706630bec598400694305622c116acdfa59074f1858e/analysis/1559335065/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d6c023f6-1636-4259-b48e-78010e213023",
|
|
"value": "44/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460617",
|
|
"uuid": "4323e483-a2d7-4c59-a770-d6f7603eaeda",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4323e483-a2d7-4c59-a770-d6f7603eaeda",
|
|
"referenced_uuid": "cb558419-e9a9-4864-96b4-e0c1a05bf28c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460636",
|
|
"uuid": "5cf37b1c-f170-4c7d-a7c9-4efd950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0cbb8935-4212-489c-ab7f-416038985909",
|
|
"value": "1dbac403209d1f5aac9bdac28d4ea335"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9b07bfb8-9458-41ff-bbec-e5a152e2deb0",
|
|
"value": "8f9428c689aa1953293d240e83530ec00fe1df47"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8b8a2554-13f7-4a81-b6d8-65c67d95915b",
|
|
"value": "50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460617",
|
|
"uuid": "cb558419-e9a9-4864-96b4-e0c1a05bf28c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "dd55cea0-87c7-4392-81c6-13b90d01a518",
|
|
"value": "2019-05-31T20:37:54"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "bf1dc769-100e-41db-aac0-698dfa97704c",
|
|
"value": "https://www.virustotal.com/file/50db1f5e9692f217f356a592e413e6c9cb31105a94efc70a5ca1c2c73d95d572/analysis/1559335074/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e50575d3-5e5a-4e33-a40e-08ebdd5da510",
|
|
"value": "52/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460617",
|
|
"uuid": "c1485cd8-7304-4ab9-867d-657b3b4539eb",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c1485cd8-7304-4ab9-867d-657b3b4539eb",
|
|
"referenced_uuid": "92d58414-05a5-4064-89fa-4064243cd9e0",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-b7a4-45e7-99df-47e0950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55e61e1f-9778-44ec-a2e4-963b3d2462e2",
|
|
"value": "5e5b867ad32f3eb31197ec038215230d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c88ba1d0-0d53-4a6b-819b-283fd4006108",
|
|
"value": "4d5493d93e600a61b21debad299dc178dcdadca3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2786fdb2-b882-4019-ac2f-5545aa89c2a1",
|
|
"value": "6c59cd1e12bc1037031af48b934e9398fc85efb2a067d03b6a100dd8423e5d9b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460617",
|
|
"uuid": "92d58414-05a5-4064-89fa-4064243cd9e0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fd203916-0e9a-44ee-879f-22b57f34ab5b",
|
|
"value": "2019-05-31T20:37:58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "565f8d77-e8a5-4e79-ba9c-fa612b5326a3",
|
|
"value": "https://www.virustotal.com/file/6c59cd1e12bc1037031af48b934e9398fc85efb2a067d03b6a100dd8423e5d9b/analysis/1559335078/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "265f4a01-a74a-43e9-a7b0-f273f6d12bf5",
|
|
"value": "52/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460617",
|
|
"uuid": "035ba73e-cc14-4912-baf9-e93dd6d802f0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "035ba73e-cc14-4912-baf9-e93dd6d802f0",
|
|
"referenced_uuid": "e3388a02-63e9-47b4-be96-b98ef6445e5d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-b0fc-4152-969d-4b23950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "80e81471-5d61-463d-b800-2f3239bc5580",
|
|
"value": "69c9595b8b5fa249a96a4e6cd60bc969"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "18d1e335-649b-4088-a285-a07ea5d5485d",
|
|
"value": "b9abd8b934a56e47c62745b77cca16d6de8ec5cc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d2069698-dfe4-4bbd-8dae-63c71dda31dd",
|
|
"value": "70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460617",
|
|
"uuid": "e3388a02-63e9-47b4-be96-b98ef6445e5d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "663fd72d-df27-40b6-8e33-23ade6849dd9",
|
|
"value": "2019-05-31T20:38:01"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "42f69ce4-ffc6-484a-9525-26d60e608fcb",
|
|
"value": "https://www.virustotal.com/file/70cc5070ce058682c1d44cef887c0ec8a50dba6b717802c5a8f2c8f2ed377c13/analysis/1559335081/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "058441f4-3c74-4dc7-9e35-70d1143162c1",
|
|
"value": "45/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460620",
|
|
"uuid": "2a858aa7-dba0-494e-b925-3b66b5fc616a",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2a858aa7-dba0-494e-b925-3b66b5fc616a",
|
|
"referenced_uuid": "4abf6300-36e7-4563-a282-6bec690732a6",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-394c-4db8-b6f4-4932950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c34eef1-1c7b-4fff-9d6a-738188535313",
|
|
"value": "bff1bf173b934a4255b4eca0fbaa6309"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "0d2dff3e-d73c-49c1-bbcf-d7583250830d",
|
|
"value": "d9aae7e14b1f6267bc37d5c2ea3ee681b90fbed2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "035d9abe-ad59-49f4-9fe3-09684f5d4ac6",
|
|
"value": "7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460620",
|
|
"uuid": "4abf6300-36e7-4563-a282-6bec690732a6",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "499961e9-6afc-4cf2-8686-7ef57873acbf",
|
|
"value": "2019-05-31T20:38:04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b5343cb9-2da4-413d-a54a-9e0ef8cd266d",
|
|
"value": "https://www.virustotal.com/file/7544e7a798b791cb36caaa1860974f33d30bc4659ceab3063d1ab4fd71c8c7e0/analysis/1559335084/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e458f237-e696-4e93-af55-04e885be1c4e",
|
|
"value": "52/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460620",
|
|
"uuid": "442e577a-51c7-479e-a130-2354ce9fa332",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "442e577a-51c7-479e-a130-2354ce9fa332",
|
|
"referenced_uuid": "4590636d-859a-4a7e-8de0-1abe61c45dd3",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-a770-4ce9-8ee1-4f6d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "82e5b48d-5127-4e6d-ba6b-fd0fc0090392",
|
|
"value": "c092bf1244c88b6e7e112e3614db79dc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "cc6b7406-b66d-45cf-bffc-a1a93862d8aa",
|
|
"value": "bc32ac2ce56f12baae935b684b2022e4366a9117"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e6330a93-643d-4c21-8713-e7feb750c0c0",
|
|
"value": "22db6a994eb057715b499c5641cc608fb0380aeea25f78180436c35ecd81ce7d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460620",
|
|
"uuid": "4590636d-859a-4a7e-8de0-1abe61c45dd3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ca749cd3-6b37-4dc7-ad55-80a102f492de",
|
|
"value": "2019-05-31T20:37:39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "497b2c10-75e8-41b3-b896-0898adb436fb",
|
|
"value": "https://www.virustotal.com/file/22db6a994eb057715b499c5641cc608fb0380aeea25f78180436c35ecd81ce7d/analysis/1559335059/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d4beb9ae-5437-4455-baa0-a772509d9b8d",
|
|
"value": "48/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460620",
|
|
"uuid": "82522c87-2116-4ad0-9878-6e93503b2f34",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "82522c87-2116-4ad0-9878-6e93503b2f34",
|
|
"referenced_uuid": "e9fd0c43-dfc9-4b41-b257-74df3185bee2",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-3090-40c0-a78b-4acd950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9e0b4f85-bcbe-462e-91f8-fd83808458f4",
|
|
"value": "90613e037c12dd0d1eb1a7d3747e908f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e4b01337-d9e8-4a59-8440-88e3ea14daf2",
|
|
"value": "09899d4095fc77e8deac787f60eb98571aec919c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b05ec5be-e475-4920-bdfb-3a989554b82f",
|
|
"value": "e267fb3044c31256f06dd712c7aeae97ad148fd3157995a7e536e5473c1a2bc0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460620",
|
|
"uuid": "e9fd0c43-dfc9-4b41-b257-74df3185bee2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3f9cd594-cfef-4ed2-a134-530655857e09",
|
|
"value": "2019-05-31T20:38:40"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "cb503571-a33d-4573-a2dd-ec3be397e1ba",
|
|
"value": "https://www.virustotal.com/file/e267fb3044c31256f06dd712c7aeae97ad148fd3157995a7e536e5473c1a2bc0/analysis/1559335120/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "53482472-805d-4035-bdbb-c7e769ef9dd5",
|
|
"value": "47/65"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460620",
|
|
"uuid": "2690ba26-376c-4046-9976-b415e1a49af5",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2690ba26-376c-4046-9976-b415e1a49af5",
|
|
"referenced_uuid": "dafea516-a72d-4320-8339-0361507b10a0",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-91d0-4523-bffc-4a5e950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "732f6a44-5c3f-4d6e-8ce0-3d37213b1914",
|
|
"value": "4bdd67ff852c221112337fecd0681eac"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "0a3174e8-ba89-41e1-bab6-d548d9556872",
|
|
"value": "4610093687b0f2c42fe80adca217988c8947a546"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460268",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "21146364-7685-4139-b6e0-537110341ae1",
|
|
"value": "d33d69b454efba519bffd3ba63c99ffce058e3105745f8a7ae699f72db1e70eb"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460621",
|
|
"uuid": "dafea516-a72d-4320-8339-0361507b10a0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460268",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5e0ce246-fdb2-4afc-a9f7-c667aec52df1",
|
|
"value": "2019-05-31T20:38:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460268",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ed40136c-d6cf-426c-8d2e-bd5738659d62",
|
|
"value": "https://www.virustotal.com/file/d33d69b454efba519bffd3ba63c99ffce058e3105745f8a7ae699f72db1e70eb/analysis/1559335115/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Suceful",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460268",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d71b81b4-5456-41a2-bd02-b3f3b937219a",
|
|
"value": "52/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460621",
|
|
"uuid": "9df2dfe6-af34-4439-a39c-99bb002afc9f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9df2dfe6-af34-4439-a39c-99bb002afc9f",
|
|
"referenced_uuid": "b989eb7e-8f0a-4093-8a1c-3381331b0479",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-9598-42a9-941e-4770950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1fcce76d-e2a3-4137-88e6-913da33700d8",
|
|
"value": "80d6a5f6796a2ef2cd8b3b170ec1a23b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ff7938b9-2a76-4262-9bc0-ae910dfc7062",
|
|
"value": "9b909caafebc353643fd030c0faecabffa592f90"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460303",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "432fe9f2-f99e-401c-b6ba-2e1b3cae84ed",
|
|
"value": "a4b42f503090cd3cd53963ddaf0be3e4eeedbd81ff02664668e68612816e727f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460621",
|
|
"uuid": "b989eb7e-8f0a-4093-8a1c-3381331b0479",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460303",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d65b14ac-a4da-4272-993d-7f7b8eb02baa",
|
|
"value": "2019-05-31T20:38:18"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460303",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6dcf2013-696f-410e-97b8-7ae27cb048fe",
|
|
"value": "https://www.virustotal.com/file/a4b42f503090cd3cd53963ddaf0be3e4eeedbd81ff02664668e68612816e727f/analysis/1559335098/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMWizX",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460303",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cad09be2-5c14-4cb9-92d9-c33c5046942f",
|
|
"value": "45/64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460621",
|
|
"uuid": "1acc6608-0f9d-436a-9543-691bda129647",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1acc6608-0f9d-436a-9543-691bda129647",
|
|
"referenced_uuid": "e79f4594-9967-4fc4-98fb-02be42825e7e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-b518-4192-b0b3-497c950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460162",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "50f9cd9d-28d8-464b-97ed-1fab722a6ed9",
|
|
"value": "1a6a240d2d03eb2c66c17a6593d4b6d2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460162",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "540537c2-e277-4c08-a902-7f36ff657be8",
|
|
"value": "6905848e0f6b5d760cdb553ca30a13e29cb22504"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460162",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "27f7aa1a-bf57-4995-9b83-ae07b12fbda9",
|
|
"value": "85652bbd0379d73395102edc299c892f21a4bba3378aa3b0aaea9b1130022bdd"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460621",
|
|
"uuid": "e79f4594-9967-4fc4-98fb-02be42825e7e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "NeoPocket",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460162",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2440e701-c9df-4962-bc7d-d63e0c4de979",
|
|
"value": "2019-05-31T20:38:10"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460162",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6066831d-cc44-4eec-b9da-44b9c972044a",
|
|
"value": "https://www.virustotal.com/file/85652bbd0379d73395102edc299c892f21a4bba3378aa3b0aaea9b1130022bdd/analysis/1559335090/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NeoPocket",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460162",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "bb1d7b2a-1d69-4ee3-beb5-cfa5650989dd",
|
|
"value": "44/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460621",
|
|
"uuid": "8e8c4134-70b1-427a-8163-af67d04e06f5",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8e8c4134-70b1-427a-8163-af67d04e06f5",
|
|
"referenced_uuid": "1f00f0b0-4b93-41ac-9296-86159172b56f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-afbc-4980-927c-45ca950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4986da88-e47c-4387-b49b-c106305406cf",
|
|
"value": "58f98bf643ce58be13d9daaf51b055a1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "21c8dbc4-9e40-4aed-8c37-a2ae01f28bf9",
|
|
"value": "45343fc8ba75e188174d0b09dd71345b88fa0a24"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "40e075f6-c2b0-474e-89f8-19f93bb67fd2",
|
|
"value": "639d2d926325275cb023014d0b446d03f1dcc8526bff1aa72373e27d78a6a674"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460621",
|
|
"uuid": "1f00f0b0-4b93-41ac-9296-86159172b56f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3744443c-8710-456b-a2b0-2d730b72099f",
|
|
"value": "2019-05-31T20:37:57"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7cf997cd-cd32-4cc8-8f6a-65e9c86044ea",
|
|
"value": "https://www.virustotal.com/file/639d2d926325275cb023014d0b446d03f1dcc8526bff1aa72373e27d78a6a674/analysis/1559335077/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8b089596-b60a-4be7-980c-9f9c68fae77f",
|
|
"value": "53/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460621",
|
|
"uuid": "efbdd787-1c2f-4f98-af94-73bace5b1e7c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "efbdd787-1c2f-4f98-af94-73bace5b1e7c",
|
|
"referenced_uuid": "56630769-4583-4a48-8dc7-e9cc3db3fa04",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-815c-41ee-a648-4c87950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2b16c481-cf4f-4039-9fd5-e0eca7454d75",
|
|
"value": "a0293bffb47843bc67897b3351f54a88"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9b6d1aca-87f3-43eb-a9c7-3ef9c9a94353",
|
|
"value": "3a0fa3deb4b5bfc2a2decc25a11a742399663ca1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7a929435-29c2-4f87-9496-82f280908f63",
|
|
"value": "cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460621",
|
|
"uuid": "56630769-4583-4a48-8dc7-e9cc3db3fa04",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e5e9fb49-7834-4efa-a786-6683ebf0471b",
|
|
"value": "2019-05-31T20:38:32"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "15dd3d88-89e3-416c-bd3c-427a3019bc81",
|
|
"value": "https://www.virustotal.com/file/cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187/analysis/1559335112/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1f2c286b-3fec-4ae5-ab00-621d8322d3a7",
|
|
"value": "50/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460622",
|
|
"uuid": "8c0a6865-151d-4949-a7f3-0b55c4c2b816",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8c0a6865-151d-4949-a7f3-0b55c4c2b816",
|
|
"referenced_uuid": "decdf69d-655d-4289-9fb8-bcb04b66e6de",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-5b94-4f0e-a796-4f4b950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "b181de60-bbcb-44e9-8303-be9a071a9003",
|
|
"value": "b9f5bd514485fb06da39beff051b9fdc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "37c6cca2-2e33-44c0-9ce2-725055d2929d",
|
|
"value": "c72a2e50410475a51d897d29ffbbaf2103754d53"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "806e289d-83f9-4797-a669-bc1d363d903e",
|
|
"value": "34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460622",
|
|
"uuid": "decdf69d-655d-4289-9fb8-bcb04b66e6de",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1e826067-1296-4031-a407-24d6e2f7b579",
|
|
"value": "2019-05-31T20:37:44"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d8a61439-38ad-4769-9dd8-b472b6a716da",
|
|
"value": "https://www.virustotal.com/file/34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1/analysis/1559335064/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "eafd0e3b-e7a5-4d65-bb5e-81741fb443c5",
|
|
"value": "56/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460622",
|
|
"uuid": "fa27fb54-023e-4b33-945f-f261e5d27510",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "fa27fb54-023e-4b33-945f-f261e5d27510",
|
|
"referenced_uuid": "f7d70b47-467c-4d41-96cd-c3679cd22a38",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-79e0-4bf1-bad1-4033950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "167c5da3-2782-4b43-affb-118994ed4438",
|
|
"value": "bcd3cdbded825b96861bfbc7a399b89a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4c09a272-5c07-4f1d-83a4-2a1ca69aacf9",
|
|
"value": "25f4d7bd393fb8e65de716e6353a1ec11bf6d3b2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460064",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a956dc6c-dcd7-4bc7-b7a6-7fe928e29b6e",
|
|
"value": "b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460622",
|
|
"uuid": "f7d70b47-467c-4d41-96cd-c3679cd22a38",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a4923e4e-9ba2-416b-a4db-0ee06d8f0d38",
|
|
"value": "2019-05-31T20:38:27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "52c2014b-c414-4935-a48d-697cf593ff53",
|
|
"value": "https://www.virustotal.com/file/b7e61f65e147885ec1fe6a787b62d9ee82d1f34f1c9ba8068d3570adca87c54f/analysis/1559335107/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "GreenDispenser",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460064",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ce8f8e4f-3f4e-49e6-9e0c-3556b4272b2f",
|
|
"value": "51/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460622",
|
|
"uuid": "2d557448-fab3-4cdb-9b5b-93f6fff5dcb3",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2d557448-fab3-4cdb-9b5b-93f6fff5dcb3",
|
|
"referenced_uuid": "024c8a02-43dc-446c-8ea1-070a1a7e6f7d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-1854-4622-a13a-4d04950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0a43ccad-7f87-4a1b-81ec-9448bf991ba2",
|
|
"value": "21b42a3b18333f10f21099eb72e6a385"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3e2d1b2d-e088-4bec-9b8f-eea7f3fdb2b3",
|
|
"value": "e3c4807778eacec75f3f3df3914affaff630494d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ec6e14fa-aef2-40c0-9cbd-b9344a212791",
|
|
"value": "0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460622",
|
|
"uuid": "024c8a02-43dc-446c-8ea1-070a1a7e6f7d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6fa159ff-1554-43f3-b28c-1164ac7ae06e",
|
|
"value": "2019-05-31T20:37:32"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e69194aa-941f-4b6e-9007-b5768fc9b6fb",
|
|
"value": "https://www.virustotal.com/file/0720db2469a61d41c1e67a8f32020927a32422a5d58067bb328a2ff407e14e98/analysis/1559335052/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "477d3466-90b1-4516-8a99-dcc6c0a12a9c",
|
|
"value": "50/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460622",
|
|
"uuid": "30ca555e-8a3e-4752-b272-9456cdd3e99e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "30ca555e-8a3e-4752-b272-9456cdd3e99e",
|
|
"referenced_uuid": "fe4b52be-56bc-4161-ad46-14bbf2f0b4e4",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-c5a0-43d9-a6ea-4afe950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "adce8046-8b6c-4b8a-af7f-d4fc1f08d4ed",
|
|
"value": "6404449efdd356d270a015e9659772bb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "79c54361-842d-4f90-b976-1f8fd3b2f07f",
|
|
"value": "8584ba9a58d90264c1ff91d7ca8710545d67b4f5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f5ca922e-cbed-4d21-a495-2f038112ce82",
|
|
"value": "c18b23cc493f89d73a2710ebb177d54beafe0edf0e17cc79e28d9efdfb69a630"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460622",
|
|
"uuid": "fe4b52be-56bc-4161-ad46-14bbf2f0b4e4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "96ffeca5-080d-42b9-a4d8-5d3e826498c2",
|
|
"value": "2019-05-31T20:38:31"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "706b87fb-c313-459b-a59b-36ff600d3408",
|
|
"value": "https://www.virustotal.com/file/c18b23cc493f89d73a2710ebb177d54beafe0edf0e17cc79e28d9efdfb69a630/analysis/1559335111/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "99471c47-015d-48c1-8bf3-856d8da90bda",
|
|
"value": "43/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460623",
|
|
"uuid": "26300a37-bcc7-42ff-b086-d71cfc768584",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "26300a37-bcc7-42ff-b086-d71cfc768584",
|
|
"referenced_uuid": "ae2273a7-8af8-401d-8c92-34bdd0b35db2",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-aeb0-45dd-95a6-4c29950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "db09c859-e7c8-4acc-87b5-0321ae136972",
|
|
"value": "6b4d26b3b61ae1696331dac07d99a603"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c65184e1-fcd2-48b0-8763-5073095cc3fb",
|
|
"value": "acca4aa8884ad923cb54530463e2b73a1bdbe11a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ee6b9ae9-39a7-47a6-a107-161f05001223",
|
|
"value": "d4a463c135d17239047ad4151ab2f2d084e223970e900904ecedabc0fd916545"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460623",
|
|
"uuid": "ae2273a7-8af8-401d-8c92-34bdd0b35db2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7bbc7694-6248-48ef-a18b-c378a0691f41",
|
|
"value": "2019-05-31T20:38:34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5474ce46-69c6-4579-8a50-699224958a06",
|
|
"value": "https://www.virustotal.com/file/d4a463c135d17239047ad4151ab2f2d084e223970e900904ecedabc0fd916545/analysis/1559335114/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Cutlet",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460394",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d705fd4-56cc-478e-961a-0bfc445117fa",
|
|
"value": "39/55"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460623",
|
|
"uuid": "73cbad38-3b4a-4427-9146-ad2e627cf51b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "73cbad38-3b4a-4427-9146-ad2e627cf51b",
|
|
"referenced_uuid": "413bde3c-386d-4b7a-b090-becb555e4c93",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-6cf0-4e83-a3b1-4dd4950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "85b0d2be-951d-4b47-9fd1-b20d9a8ba5fd",
|
|
"value": "3a989d5de21268d200fd1ca7476fe918"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "25189fd4-3daa-45d9-92c1-3b5e8b884381",
|
|
"value": "2c3f69391f6e1d841f29872932aa9bb02d4d8921"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a2d8f6a7-9f08-40c2-ba9e-663fa3d94f17",
|
|
"value": "23c50f1c37b7c55554c282ba1781e9d6279cbbd7bfc5f64772d2e7a8962ebe70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460624",
|
|
"uuid": "413bde3c-386d-4b7a-b090-becb555e4c93",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ec240f46-fba6-42bb-aa31-3844135fe665",
|
|
"value": "2019-05-31T20:37:40"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "de9c6895-1a75-4d54-84d8-644d8c113442",
|
|
"value": "https://www.virustotal.com/file/23c50f1c37b7c55554c282ba1781e9d6279cbbd7bfc5f64772d2e7a8962ebe70/analysis/1559335060/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "705e119d-2920-497a-8341-468d740cf62b",
|
|
"value": "45/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460624",
|
|
"uuid": "5da215ba-d9ed-48bc-b3f2-e04e17764277",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5da215ba-d9ed-48bc-b3f2-e04e17764277",
|
|
"referenced_uuid": "ac1ba177-5e24-475d-b3ca-58ec1fc3a28d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-e774-4554-9506-4015950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9beb7bdd-f925-47fd-b8fb-b88280564435",
|
|
"value": "06b767c73f35fd2e7770ff91a18bb2ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4ebcb970-8cc4-4599-b834-5f225d9176c5",
|
|
"value": "ef7d7ec3530fb7bd14ccff5ac29abf5d0d78c276"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d555e50c-2730-4268-a7ed-4b3e2ff094b1",
|
|
"value": "c5b43b02a62d424a4e8a63b23bef8b022c08a889a15a6ad7f5bf1fd4fe73291f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460624",
|
|
"uuid": "ac1ba177-5e24-475d-b3ca-58ec1fc3a28d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "00001f7a-eef5-4e27-9cbb-000e54a8fdbb",
|
|
"value": "2019-05-31T20:38:29"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "38ffee9f-e6ed-4c29-930e-d04513c0bd48",
|
|
"value": "https://www.virustotal.com/file/c5b43b02a62d424a4e8a63b23bef8b022c08a889a15a6ad7f5bf1fd4fe73291f/analysis/1559335109/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "06c1584c-76e5-4078-93d7-7e5cacf6bbc3",
|
|
"value": "41/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460625",
|
|
"uuid": "be260f87-96de-48c6-9fee-5d96cbdc5b40",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "be260f87-96de-48c6-9fee-5d96cbdc5b40",
|
|
"referenced_uuid": "7de7c441-438b-43cc-9a44-519fdbac2468",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460637",
|
|
"uuid": "5cf37b1d-9394-4843-ac30-4d2d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8c85be34-e036-4fa4-8b30-8155ddc6b697",
|
|
"value": "c0105ada8686dc537a64919c73a18db7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "62ffbce8-67c8-4371-b04d-0a79d2c6c850",
|
|
"value": "04daa15196bee693690f530d32d4ace5fb14f03f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fd44dd30-b9e1-4191-ac18-c1271e07d418",
|
|
"value": "f27e27244233f2bb5b02412d4b05315625928adaa340708e91d61ad3bce54bf6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460625",
|
|
"uuid": "7de7c441-438b-43cc-9a44-519fdbac2468",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7ca9e67b-eb7d-40fe-bbc4-c727fcd6f524",
|
|
"value": "2019-05-31T20:38:44"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "888c400c-1b07-4b4d-bb5f-cb8260284ddb",
|
|
"value": "https://www.virustotal.com/file/f27e27244233f2bb5b02412d4b05315625928adaa340708e91d61ad3bce54bf6/analysis/1559335124/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cabc8060-af44-4491-b225-eda533e9e989",
|
|
"value": "47/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460625",
|
|
"uuid": "e8e28f79-ae78-4ace-8753-952848d0df64",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e8e28f79-ae78-4ace-8753-952848d0df64",
|
|
"referenced_uuid": "08764b70-0639-4974-a1d7-464db05a4a01",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-6400-40fd-897c-4e39950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "fc5cc1e7-8282-4d1d-8c03-7d614951b856",
|
|
"value": "9cceef84ddef8c165800004aa0a30000"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "6f254a62-d44b-40e3-9eda-0bb78f3be73b",
|
|
"value": "e0fbc9e643923d2b4fe58e227911b36942cf1150"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c2f70bfe-c537-47df-b85f-fced67de2edf",
|
|
"value": "c8d57b32ab86a3a97f89ae7f1044a63cca2b58f748bed250a1f9df5c50fc8fbb"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460625",
|
|
"uuid": "08764b70-0639-4974-a1d7-464db05a4a01",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "72b287f5-a8d8-4deb-8178-20ecfd7e074c",
|
|
"value": "2019-05-31T20:38:30"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "68117ab4-226b-4a47-914c-e6b099ec0618",
|
|
"value": "https://www.virustotal.com/file/c8d57b32ab86a3a97f89ae7f1044a63cca2b58f748bed250a1f9df5c50fc8fbb/analysis/1559335110/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a28a15c9-e414-42d8-b265-441082642563",
|
|
"value": "49/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460625",
|
|
"uuid": "75977ea0-6f0b-4d63-a3ad-152ae3c63086",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "75977ea0-6f0b-4d63-a3ad-152ae3c63086",
|
|
"referenced_uuid": "2836199b-90bb-4f44-9546-81df3c53aaba",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-317c-491c-8e2e-49e3950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460380",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ee5232f0-aab3-4025-bfd0-21e1938a5082",
|
|
"value": "7faec476c914cdf0a595bdb9a1b5d59d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460380",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "02f73b81-5d77-4ca0-8120-01d05dd6c839",
|
|
"value": "e19d68ac17c1787ecf795261f7c38a88ab7fdcbc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460380",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "14f64e2a-2d55-46ca-9b6e-68c763149108",
|
|
"value": "5f4215368817570e7a390c9f6e265a7db343c9664d22008d5971dac707751524"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460625",
|
|
"uuid": "2836199b-90bb-4f44-9546-81df3c53aaba",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Piolin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460380",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "aa69bfda-3ea1-4431-8171-6ecc6ba6ded5",
|
|
"value": "2019-05-31T20:37:55"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460380",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ae45c292-f498-43c7-a38f-6ce6984e09db",
|
|
"value": "https://www.virustotal.com/file/5f4215368817570e7a390c9f6e265a7db343c9664d22008d5971dac707751524/analysis/1559335075/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Piolin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460380",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e1c3714d-e3a8-4816-8381-3a157007104a",
|
|
"value": "49/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460625",
|
|
"uuid": "349fb1c6-9d44-4be6-a30e-6373fe3973de",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "349fb1c6-9d44-4be6-a30e-6373fe3973de",
|
|
"referenced_uuid": "c8cc9792-d686-490a-91d7-d207bc62a3c8",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-ce60-49df-a94e-4078950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ce563a40-f751-453e-b9a5-70f2d4968557",
|
|
"value": "3ed14dd6dec1d56dc514974449229398"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "78ec6bb9-24ba-487f-b7ea-deeed21ee4cb",
|
|
"value": "187465383031c02aa3c079dc06e14688d344850b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7be48240-93e6-4ef6-8599-8d50cd5f28a4",
|
|
"value": "db1169df116fda46319c4b87607df7b6a5e80b48de5411d47684974ca22dd35a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460625",
|
|
"uuid": "c8cc9792-d686-490a-91d7-d207bc62a3c8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e1240c1c-0243-4254-9531-6c207c86a67a",
|
|
"value": "2019-05-31T20:38:36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "df845d01-69b4-4317-b53c-c00e44da0ad7",
|
|
"value": "https://www.virustotal.com/file/db1169df116fda46319c4b87607df7b6a5e80b48de5411d47684974ca22dd35a/analysis/1559335116/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7f31f1a1-70cf-45e8-8574-3585cf6067db",
|
|
"value": "40/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460625",
|
|
"uuid": "dc144da4-b0aa-4d36-a788-453eafbeb938",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "dc144da4-b0aa-4d36-a788-453eafbeb938",
|
|
"referenced_uuid": "3c8cc20e-2fd8-43c4-adb6-72b3caceaa43",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-629c-4b79-afed-4dbf950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460112",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c2d7e872-b320-42dc-bd0e-18eba533a5f2",
|
|
"value": "6f04dc904cd11c7a1a67e0ebe78b8f5f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460112",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9a61d40a-e614-4871-9061-ebe97a73b81b",
|
|
"value": "556739ba7c6d3a310c2ce187387385c8dcd110ad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460112",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "89a6c255-f958-48ac-8454-d8e6905cce74",
|
|
"value": "2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460626",
|
|
"uuid": "3c8cc20e-2fd8-43c4-adb6-72b3caceaa43",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460112",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c5520fba-8188-4ce8-bc56-f768b0b5f8da",
|
|
"value": "2019-05-31T20:37:41"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460112",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1146ec5e-f6df-4a3f-9abe-14485c66cedd",
|
|
"value": "https://www.virustotal.com/file/2de4a510ee303c04c8d7bd59b7987b22c3471c9f4ba69b5f83ba36de88b63a8d/analysis/1559335061/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "HelloWorld",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460112",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a5238c7f-cf0b-4266-b5c4-41dd76fd3528",
|
|
"value": "47/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460626",
|
|
"uuid": "82676173-677a-4196-b3aa-4aca467cb3a2",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "82676173-677a-4196-b3aa-4aca467cb3a2",
|
|
"referenced_uuid": "66c25aae-8335-4191-b0d4-7a8dac19fa89",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-76e0-4cfb-8099-414d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0c75549b-4fcf-4bf7-b1af-ddd994e3e4b3",
|
|
"value": "488acf3e6ba215edef77fd900e6eb33b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e30d9bc2-1970-4d79-9c57-38a93cdc4470",
|
|
"value": "8c52518f3e0208b8e1ba6174a988e2378d69fae0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6415e0ee-0866-4931-b33c-4b2d0a2a0537",
|
|
"value": "0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460626",
|
|
"uuid": "66c25aae-8335-4191-b0d4-7a8dac19fa89",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9d160c11-1039-47ce-ba35-0dabb96d0a5c",
|
|
"value": "2019-05-31T20:37:31"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c89b9b56-b4dd-4eda-919c-9da663a7d051",
|
|
"value": "https://www.virustotal.com/file/0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025/analysis/1559335051/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8ca5b570-519b-4532-8e82-51f759a1868a",
|
|
"value": "59/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460627",
|
|
"uuid": "0341606e-3420-4a27-88a9-da0563f82bdf",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0341606e-3420-4a27-88a9-da0563f82bdf",
|
|
"referenced_uuid": "b1dcedec-f5fa-4e0e-a90d-c877950b4c98",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-4d7c-42c4-a2d9-4466950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "679ea64a-0c43-4300-a277-7f0f1798bf3e",
|
|
"value": "180fa13f1c5174b273b3a531090e0edb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "0556dc08-111f-447a-9844-e85131327324",
|
|
"value": "607af637784ebe5902ec10bba8abefee9df00b62"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "438c3f14-6431-441b-9053-fd9a0f6167f9",
|
|
"value": "646433de5c56fdbc7e6e934a05e9e99012ef39a0ed6cc4bdb1d984cd4435379e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460627",
|
|
"uuid": "b1dcedec-f5fa-4e0e-a90d-c877950b4c98",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "b2b4ece5-065b-422e-a141-ef173b898f5e",
|
|
"value": "2019-05-31T20:37:58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a51dcd4f-0c03-4a6e-b26d-d2b90885c8f7",
|
|
"value": "https://www.virustotal.com/file/646433de5c56fdbc7e6e934a05e9e99012ef39a0ed6cc4bdb1d984cd4435379e/analysis/1559335078/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "410a59e1-68d6-4f1d-a528-4c29433fc628",
|
|
"value": "10/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460627",
|
|
"uuid": "f8a6c308-c897-4dac-842c-da63ce7f81f6",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f8a6c308-c897-4dac-842c-da63ce7f81f6",
|
|
"referenced_uuid": "4a6b3dcf-f1df-4fcc-8b84-6b88bde168a0",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-dfb0-4cd5-ab19-45bd950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "fc4140b9-460b-4482-8026-9fc0b8615778",
|
|
"value": "53aff010e2eb70a7afbe661b1c25a216"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ca01de76-d9f2-44ff-9262-687619d9d232",
|
|
"value": "2b28ce1b6e861cbc4ca728235edfd6c398674857"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559459989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "23d87f8f-ed6a-4bde-97e4-cda09f038ab0",
|
|
"value": "20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460627",
|
|
"uuid": "4a6b3dcf-f1df-4fcc-8b84-6b88bde168a0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "12b7665f-29bb-4c67-ba4e-8c788dd6f88c",
|
|
"value": "2019-05-31T20:37:38"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "44c2b076-98d3-4bf9-8716-02c992a23e3a",
|
|
"value": "https://www.virustotal.com/file/20fb2edfcece271f87d006e263c4a6de48ed518901211a76dc38aac43e1b9d19/analysis/1559335058/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPotv3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559459989",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "65567e5c-8cdc-4928-aacf-dcfea84cb5ad",
|
|
"value": "42/63"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460627",
|
|
"uuid": "db74144a-938d-41c5-b3e0-fea80fd6f893",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "db74144a-938d-41c5-b3e0-fea80fd6f893",
|
|
"referenced_uuid": "7adac80c-5633-46de-8404-4c999375f9e6",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-1938-4521-8c5f-4eca950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "46f6c04e-36bd-4775-8a5e-857521dd8845",
|
|
"value": "cef6c2aa78ff69d894903e41a3308452"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "287c7d06-8443-4bc6-bee9-892f9691a1aa",
|
|
"value": "8615ef60b17d16fcf7fb23a57bfd155c22ac4378"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460335",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f03ac0f4-749a-418a-9d1d-d862491a8705",
|
|
"value": "ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7e6e772a1ab"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460627",
|
|
"uuid": "7adac80c-5633-46de-8404-4c999375f9e6",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460335",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "64740d78-72d9-492c-86da-b04beeb5ad3b",
|
|
"value": "2019-05-31T20:38:40"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460335",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "8e6b6a2f-5ecc-43e5-98f1-fdbfdbe4b804",
|
|
"value": "https://www.virustotal.com/file/ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7e6e772a1ab/analysis/1559335120/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMitch",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460335",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ec45f7e8-d4d7-44dd-b3fe-0e611629ae3f",
|
|
"value": "44/64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460628",
|
|
"uuid": "d5caf1d8-c7fe-4023-9874-154c2e351c15",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d5caf1d8-c7fe-4023-9874-154c2e351c15",
|
|
"referenced_uuid": "b5ef1fa1-84c0-4899-84b0-b6a8ecc51556",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460638",
|
|
"uuid": "5cf37b1e-77bc-476d-956a-47c9950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "52017b82-5da9-45ff-ae8b-9d27ffb98291",
|
|
"value": "acaf7bafb7304e38e6a478c8738d9db3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3b0fdeb3-bab2-42a5-8f50-979cd410d5a5",
|
|
"value": "8e9242dcbb1ce1e6c3794aec9ae5b3279641a5cf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460049",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5a39b7dd-f150-4098-9b03-0cbb3cdd7038",
|
|
"value": "6efedf9bde951ad6c3e240ec498767bb693ecc8fa62040e624c5a7fa21c5bdaa"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460628",
|
|
"uuid": "b5ef1fa1-84c0-4899-84b0-b6a8ecc51556",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9401ab4f-108c-446f-825a-7abe01de9c59",
|
|
"value": "2019-05-31T20:38:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "862ecdb8-ed0d-4fb6-923c-56eb8503ede3",
|
|
"value": "https://www.virustotal.com/file/6efedf9bde951ad6c3e240ec498767bb693ecc8fa62040e624c5a7fa21c5bdaa/analysis/1559335080/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATM.DispCash.3",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460049",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "165557f6-b492-41f6-bdb7-f0e948c7d92b",
|
|
"value": "42/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460628",
|
|
"uuid": "7410379c-c381-45ea-8a33-b4bcc85818b4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7410379c-c381-45ea-8a33-b4bcc85818b4",
|
|
"referenced_uuid": "4eb96ae6-5b0a-4ded-bf8c-57cfc03e1d25",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460640",
|
|
"uuid": "5cf37b20-15e8-4388-a480-4032950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "86dae7f8-c977-49e9-892c-9ec5449558fe",
|
|
"value": "3fddbf20b41e335b6b1615536b8e1292"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9d3def14-c3aa-4c45-9426-728e9ccc0e75",
|
|
"value": "803693358e7b1f6a85eb194d4f582f628b0c1a5c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460425",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7d95290e-7476-420e-a941-86790209ed92",
|
|
"value": "7fac4b739c412b074ee13e181c0900a350b4df9499515febb75008e6955b9674"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460628",
|
|
"uuid": "4eb96ae6-5b0a-4ded-bf8c-57cfc03e1d25",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6bfa32bc-6125-41d8-86c5-8e47302dfe3e",
|
|
"value": "2019-06-01T06:11:19"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e815d4dd-adbf-4559-92d0-1fa1ae3577a9",
|
|
"value": "https://www.virustotal.com/file/7fac4b739c412b074ee13e181c0900a350b4df9499515febb75008e6955b9674/analysis/1559369479/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMii",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460425",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6b6a53d4-87f8-495d-9e21-dcb32b663fe5",
|
|
"value": "54/73"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460628",
|
|
"uuid": "c54c28e0-f02b-41c6-b8fc-d78dd9b5ef46",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c54c28e0-f02b-41c6-b8fc-d78dd9b5ef46",
|
|
"referenced_uuid": "4ab3206c-feda-4db4-adfb-98f2b681c6ed",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-cd0c-4d2d-b942-45c9950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "82ab5c7f-fd4b-45bb-a804-9592623707d7",
|
|
"value": "4dadb61081f7c8bce33510b0a812db17"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d7f9913a-2302-42d7-9fb0-25d2b99645e2",
|
|
"value": "b8a09e9aa17259b1d597af9805a8cb5ba7b2e849"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460235",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "82c6adf8-84df-441c-8a7c-f4a625034540",
|
|
"value": "dff7ee95100ffaec5848a73a7b306eaaee94ae691dfccff9fe6ce0a8f3b82c56"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460628",
|
|
"uuid": "4ab3206c-feda-4db4-adfb-98f2b681c6ed",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "4f120ff8-43c7-44b2-ba08-a8d24524c063",
|
|
"value": "2019-05-31T20:38:38"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2e9dffb5-e191-41e9-a0ac-0f48cfda9f5e",
|
|
"value": "https://www.virustotal.com/file/dff7ee95100ffaec5848a73a7b306eaaee94ae691dfccff9fe6ce0a8f3b82c56/analysis/1559335118/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "SkimerWC",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460235",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2177ec13-a1ef-49f6-8717-0ad620e1eee2",
|
|
"value": "51/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460628",
|
|
"uuid": "2b85c45c-2fdb-485c-a342-45cff2444d44",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2b85c45c-2fdb-485c-a342-45cff2444d44",
|
|
"referenced_uuid": "72c851a8-5a70-487d-b63c-b7df09475ddf",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-4d9c-40b3-a5ae-4197950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460317",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d9bae18c-ff94-4cfe-a1ba-4d9a3dce297d",
|
|
"value": "dc9eb40429d6fa2f15cd34479cb320c8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460317",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f71c6715-b278-45cb-a8dd-7b4c03b0a4e5",
|
|
"value": "a3b8abc42ea76a4e25c2fe5faf90ccb1f0f4616b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460317",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "21d9f62c-c42a-43d2-8456-70203df2a4a3",
|
|
"value": "9f8a7828d833ed7f28f9f5ceaf1c073c6de0645172b8316d86edc16c84b61c4f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460628",
|
|
"uuid": "72c851a8-5a70-487d-b63c-b7df09475ddf",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMtest",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460317",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "8099d012-68d7-4352-97ae-0840543cddc9",
|
|
"value": "2019-05-31T20:38:16"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460317",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6060a655-231e-43d0-9caf-b297ba2155d5",
|
|
"value": "https://www.virustotal.com/file/9f8a7828d833ed7f28f9f5ceaf1c073c6de0645172b8316d86edc16c84b61c4f/analysis/1559335096/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMtest",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460317",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e554a817-6308-441d-ad2c-20e596cb6644",
|
|
"value": "47/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460628",
|
|
"uuid": "09548961-d207-4312-a75a-b3cadedf47fa",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "09548961-d207-4312-a75a-b3cadedf47fa",
|
|
"referenced_uuid": "57e9b96b-f5eb-4937-8d9e-c7d91a1164ce",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-d930-44ec-9a2c-418d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8b91d0a6-4224-48fc-ac10-d7eab9063271",
|
|
"value": "d81ae5e0680d09c118a1705762b0bfce"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9891a37c-84ff-45f9-9487-727c14294778",
|
|
"value": "f164d1d85c1779f87663dc1ca390e118d5340caa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b7e0fa21-a38a-4f13-90c0-380003e1e99f",
|
|
"value": "26b2daa6fbf5ec13599d24e6819202ddb3f770428d732100be15c23be317bd47"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460629",
|
|
"uuid": "57e9b96b-f5eb-4937-8d9e-c7d91a1164ce",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7d1131fb-fd4d-4ce5-8f68-92ab223cd2d6",
|
|
"value": "2019-05-31T20:37:40"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9c6cd439-54ad-4d17-9a9a-d847f33d4fc8",
|
|
"value": "https://www.virustotal.com/file/26b2daa6fbf5ec13599d24e6819202ddb3f770428d732100be15c23be317bd47/analysis/1559335060/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "dd2cc77b-8296-41ae-8e1e-44cf79fad0d3",
|
|
"value": "47/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460629",
|
|
"uuid": "abcd01bc-8233-4915-8bed-8d4922d61868",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "abcd01bc-8233-4915-8bed-8d4922d61868",
|
|
"referenced_uuid": "669ac948-0bab-45ff-86e0-cc1c8907a62d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-7378-4a4e-9acb-4c58950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "813eb4f4-cb53-44ab-8663-87e5c7f82b03",
|
|
"value": "15632224b7e5ca0ccb0a042daf2adc13"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5f25aa7c-1c8b-46dc-8081-5ebf215538c2",
|
|
"value": "c9381c5d6f39c54aad5b57c3b1deecab6887af57"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460206",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e66184b7-5801-45dd-ae05-6a915f80812b",
|
|
"value": "cc85e8ca86c787a1c031e67242e23f4ef503840739f9cdc7e18a48e4a6773b38"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460629",
|
|
"uuid": "669ac948-0bab-45ff-86e0-cc1c8907a62d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "160a3839-2c62-4191-b73f-41799e329634",
|
|
"value": "2019-05-31T20:38:31"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "25bd3013-4b13-492c-8353-f86f72fe2bfa",
|
|
"value": "https://www.virustotal.com/file/cc85e8ca86c787a1c031e67242e23f4ef503840739f9cdc7e18a48e4a6773b38/analysis/1559335111/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMripper",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460206",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1677c75d-cdfc-45d2-beb9-7bf673d6bf2a",
|
|
"value": "50/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460629",
|
|
"uuid": "3d3585f0-1858-40c6-873c-538edfd12617",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "3d3585f0-1858-40c6-873c-538edfd12617",
|
|
"referenced_uuid": "addb0706-ec6b-440c-b41e-94f549ac73d0",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-e34c-4eb6-b184-483f950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ccecebd9-5ad7-4070-8944-ffda6947e89b",
|
|
"value": "19ed96914796770c7b86eaab0370c0e8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f9552d96-f3c3-4855-855a-4a8149832840",
|
|
"value": "6c838f3809e83e3661041574737ba859b335df4d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fecaf2db-5686-46b9-b656-c39a23878f06",
|
|
"value": "d9c6515fd0fb3cd14b4bb4d11ecda78602d17f370780a4b9ee006a9830106213"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460629",
|
|
"uuid": "addb0706-ec6b-440c-b41e-94f549ac73d0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c3615c32-faac-41cd-9b04-b73f70a9c2d0",
|
|
"value": "2019-05-31T20:38:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "395ff372-924d-4564-b25f-447bbad8f20e",
|
|
"value": "https://www.virustotal.com/file/d9c6515fd0fb3cd14b4bb4d11ecda78602d17f370780a4b9ee006a9830106213/analysis/1559335115/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0c838d83-acd3-4e08-9fa1-80dd29ff1179",
|
|
"value": "45/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460629",
|
|
"uuid": "2aa173da-7c89-4432-91ff-f2323a5f9281",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2aa173da-7c89-4432-91ff-f2323a5f9281",
|
|
"referenced_uuid": "204b34ed-6af4-489d-8b75-f633df8f76e4",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-bb0c-4af8-9020-4796950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4a3bd385-1881-4033-81dc-b84be0003937",
|
|
"value": "f1478aa747a976fb2ad526fa71eca853"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7de20d23-1507-4783-8713-b393a39f175e",
|
|
"value": "4292df415c11f4155e8910ebcde8bd2da24e4426"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9c20adda-dd92-4f77-a413-cdcab476b74e",
|
|
"value": "04f25013eb088d5e8a6e55bdb005c464123e6605897bd80ac245ce7ca12a7a70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460629",
|
|
"uuid": "204b34ed-6af4-489d-8b75-f633df8f76e4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "dfd6be3d-52fc-4a0a-bce3-0d002c935198",
|
|
"value": "2019-05-31T20:37:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ac0f3cb1-17f5-4a6e-a9b1-027d39d1365d",
|
|
"value": "https://www.virustotal.com/file/04f25013eb088d5e8a6e55bdb005c464123e6605897bd80ac245ce7ca12a7a70/analysis/1559335053/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "72a060d9-7994-421a-8abf-26152a9a9fc2",
|
|
"value": "46/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460629",
|
|
"uuid": "d72f8954-bc2a-4d03-a811-dbbf37f69c3f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d72f8954-bc2a-4d03-a811-dbbf37f69c3f",
|
|
"referenced_uuid": "fa1ceeb9-e779-4f3f-beb5-6fef609bd53f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-1c08-4d95-9800-4eb4950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "41b04cb2-de6c-4f43-8065-e42ada101c05",
|
|
"value": "cefd39402d7f91d8cf5f1cd6ecbf0681"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2fc54226-3ea4-447a-9aa2-dcec823b825b",
|
|
"value": "7b2be8be75a7e018d9038a33b129551275198f52"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460147",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f34f7a21-3468-47b3-a8c4-57c2c2d0a252",
|
|
"value": "956968e6f4bf611137ea0e747891ba8dc200ca809c252ef249294912fb3dbe3c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460629",
|
|
"uuid": "fa1ceeb9-e779-4f3f-beb5-6fef609bd53f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f101fec2-b9a4-4d39-af14-1ce381bfe6d8",
|
|
"value": "2019-05-31T20:38:13"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "47087de8-cb18-4f88-ada3-2c5ec820a2d3",
|
|
"value": "https://www.virustotal.com/file/956968e6f4bf611137ea0e747891ba8dc200ca809c252ef249294912fb3dbe3c/analysis/1559335093/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Atmosphere",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460147",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a6e93456-c00b-4fe4-b63d-337170e5c438",
|
|
"value": "40/65"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460629",
|
|
"uuid": "aebf0a64-4feb-4d83-8162-dfb6476c2d56",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "aebf0a64-4feb-4d83-8162-dfb6476c2d56",
|
|
"referenced_uuid": "45bec62c-cf12-4170-a37b-5cd249f4eb35",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-c4a4-42fb-b5d1-4c2f950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d5af9c92-bf84-482a-9fff-5fed4a4c12a9",
|
|
"value": "603dea23dba9c311705108d2daae9c66"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4efb48fd-abaa-41a5-8052-4adb282f17d4",
|
|
"value": "ca6af5c4d273b88a9e3ec78b5e77baabb6a54e36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460191",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b2d73d59-d6aa-4faa-8498-047c1a164fe5",
|
|
"value": "377f85562e9ec16cae8fed87e43b6dd230eaa6e1c8f2732f5096f1ec951f045a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460630",
|
|
"uuid": "45bec62c-cf12-4170-a37b-5cd249f4eb35",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "55b1cda9-7aac-47e8-a0ca-beaef402778d",
|
|
"value": "2019-05-31T20:37:46"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "da1c7e19-809e-40a4-a6ca-a3a9e591c7b5",
|
|
"value": "https://www.virustotal.com/file/377f85562e9ec16cae8fed87e43b6dd230eaa6e1c8f2732f5096f1ec951f045a/analysis/1559335066/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ligsterac",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460191",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "06e8c747-7af8-4c41-bb02-fe510a20ecc7",
|
|
"value": "37/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460630",
|
|
"uuid": "71dcf277-31eb-4415-997b-04ba8c086da4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "71dcf277-31eb-4415-997b-04ba8c086da4",
|
|
"referenced_uuid": "ed9c1aa8-0937-4724-8305-a6d19f28b737",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-f510-4bcf-8056-46d9950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460410",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "15a6b1ac-a969-4964-a5ae-58b558fe4e03",
|
|
"value": "49c708aad19596cca380fd02ab036eb2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460410",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "95eb7ba8-d67a-42fe-8eec-a4123580713c",
|
|
"value": "ef74bf742b3d15492e46fc6887f83f1785385332"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460410",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55a405dd-37f5-4518-a7ba-97d996fc9884",
|
|
"value": "03bb8decefc540bff5b08425adddb404b345452c8adedee0c8af13572891865b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460630",
|
|
"uuid": "ed9c1aa8-0937-4724-8305-a6d19f28b737",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "DIAGK",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460410",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a6ab0fb8-3ed2-4883-ac8b-faff471d7cf4",
|
|
"value": "2019-05-09T15:55:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460410",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "10dd7911-aaa2-4364-873c-80303cebaa51",
|
|
"value": "https://www.virustotal.com/file/03bb8decefc540bff5b08425adddb404b345452c8adedee0c8af13572891865b/analysis/1557417333/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "DIAGK",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460410",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e8e3e484-4027-4afa-8795-5150c8fe9e9b",
|
|
"value": "19/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460630",
|
|
"uuid": "87923be3-33e9-4404-875b-624d9b326db0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "87923be3-33e9-4404-875b-624d9b326db0",
|
|
"referenced_uuid": "4bf3bcb0-91ca-40e3-b2ba-1c9eab452263",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-0890-4ac0-8f99-4210950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c097ee79-d342-4297-8847-3fef30793c05",
|
|
"value": "ae3adcc482edc3e0579e152038c3844e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "977096d7-dfed-4744-967d-f2afe8604f2a",
|
|
"value": "f8bf68cba29aca320ad0bce63b9ce8754915524c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460285",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e1a1126f-a37c-479f-af31-9e2ea696de7e",
|
|
"value": "d93342bd12ef44d92bf58ed2f0f88443385a0192804a5d0976352484c0d37685"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460630",
|
|
"uuid": "4bf3bcb0-91ca-40e3-b2ba-1c9eab452263",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e2fad499-73cb-4d33-9755-554ce4fa8fba",
|
|
"value": "2019-05-31T20:38:37"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7e6f27a4-5b20-43ee-876b-da00fb284dc5",
|
|
"value": "https://www.virustotal.com/file/d93342bd12ef44d92bf58ed2f0f88443385a0192804a5d0976352484c0d37685/analysis/1559335117/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ploutus",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460285",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f4509677-0b6f-4bdb-b65f-d356703b8103",
|
|
"value": "47/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460630",
|
|
"uuid": "c6a31281-93cb-4294-b30a-0fe43608ae58",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c6a31281-93cb-4294-b30a-0fe43608ae58",
|
|
"referenced_uuid": "b24fd631-684d-43f3-b8d9-d1965c3ddea0",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460641",
|
|
"uuid": "5cf37b21-e438-4d44-96fa-412d950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "00f69a02-2c08-476d-83ee-2ef7c69f527a",
|
|
"value": "69be938abe7f28615d933d5ce155057c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d2c46fee-59eb-4716-a881-b4ae98788535",
|
|
"value": "bd8ab63f2544ca55858b6407e0b52d5494cf3715"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "cc6e81d1-26ed-42be-8f65-5082b73759af",
|
|
"value": "853fb4e85d8b0ad7c156ad6d3fc4b0340c8b29fa0548a3df758e7845ba8b23ae"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460630",
|
|
"uuid": "b24fd631-684d-43f3-b8d9-d1965c3ddea0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f3eab10b-1eef-4fe2-970b-6e246d4100f0",
|
|
"value": "2019-05-31T20:38:09"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "888afe31-f044-429c-a7fa-34e92e725855",
|
|
"value": "https://www.virustotal.com/file/853fb4e85d8b0ad7c156ad6d3fc4b0340c8b29fa0548a3df758e7845ba8b23ae/analysis/1559335089/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "87207f51-4fe3-4c66-8f3e-5d51c79fcd8e",
|
|
"value": "50/65"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460630",
|
|
"uuid": "73bca111-8ebf-4180-afeb-09889747699d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "73bca111-8ebf-4180-afeb-09889747699d",
|
|
"referenced_uuid": "bb1ceb2c-04eb-410a-84e1-a53f9ef26ec2",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460642",
|
|
"uuid": "5cf37b22-1460-4bb6-8bc7-4cda950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f1e4e6a9-7a46-488f-9029-3204b5f9f00f",
|
|
"value": "1b9b341b35ec9cf3fe1bac8cd6dd8775"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "cbd6489e-5bc6-4562-895a-62cd19247b76",
|
|
"value": "32c4f80726ce719b16be9bd6e5b123132eb16103"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460015",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7027ebc8-bab8-4408-b336-e854c565ec37",
|
|
"value": "ac8e8216e71e078198ef67d4cb48118767d0696610a02137492814422153d3c6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460631",
|
|
"uuid": "bb1ceb2c-04eb-410a-84e1-a53f9ef26ec2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6105d6c1-63db-4549-946f-7e6f9558e1e8",
|
|
"value": "2019-05-31T20:38:22"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "651a785e-6dbb-4aca-a100-3a9041b8f93b",
|
|
"value": "https://www.virustotal.com/file/ac8e8216e71e078198ef67d4cb48118767d0696610a02137492814422153d3c6/analysis/1559335102/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Skimer",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460015",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "67a12ce8-6647-4f7e-8fa9-7a31bf44c37c",
|
|
"value": "43/62"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460631",
|
|
"uuid": "b95b8d4e-c4f2-4c3a-ac56-5985c0f56426",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b95b8d4e-c4f2-4c3a-ac56-5985c0f56426",
|
|
"referenced_uuid": "db749366-5a6a-477f-b812-a468bc49f257",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460642",
|
|
"uuid": "5cf37b22-ad58-40be-af5d-4905950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3a18760a-5482-4190-aea6-62fd8ebc830f",
|
|
"value": "250b77dfbb1b666e95b3bcda082de287"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "fff5ed3f-f070-498f-af93-4db5907e80a1",
|
|
"value": "5a699a8f64046d3d7fb5014d0242c159a04b8eed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460251",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "21153455-5298-4709-8e7c-a168527d70e6",
|
|
"value": "3639e8cc463922b427ea20dce8f237c0c0e82aa51d2502c48662e60fb405f677"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460631",
|
|
"uuid": "db749366-5a6a-477f-b812-a468bc49f257",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "28e2b52c-8f1b-4ce7-94a8-c160c74819f1",
|
|
"value": "2019-05-31T20:37:46"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "8dc822e5-b917-49d5-8db1-b128feeece9b",
|
|
"value": "https://www.virustotal.com/file/3639e8cc463922b427ea20dce8f237c0c0e82aa51d2502c48662e60fb405f677/analysis/1559335066/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Tyupkin",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460251",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "3b04bfae-45ea-4666-9cce-8f76f5aec28e",
|
|
"value": "55/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460631",
|
|
"uuid": "dedbee2a-96ea-4afa-8c59-69d07be55fa4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "dedbee2a-96ea-4afa-8c59-69d07be55fa4",
|
|
"referenced_uuid": "31432274-c4b8-4983-af78-33ce823ffd68",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460643",
|
|
"uuid": "5cf37b23-881c-48cd-8421-4549950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "45f37e65-1cc4-432b-aedb-0c5afbb3d302",
|
|
"value": "2f08a942430e2dc7c7d8197e649954a4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3ac6be64-4a14-4e29-a2d3-3f51e7ac7d85",
|
|
"value": "9a6bbe7c8fe330a73f745b656ddfe240f5630412"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460131",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ce8c28e3-ea9b-4007-bb9f-89b6ac79b84b",
|
|
"value": "bf20c674a0533e7c0d825de097629a96cb42ae2d4840b07dd1168993d95163e8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460631",
|
|
"uuid": "31432274-c4b8-4983-af78-33ce823ffd68",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "b68b9397-ac16-49e7-b188-9846ba15447b",
|
|
"value": "2019-05-31T20:38:28"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d1fb3a2c-9d05-460c-bc40-ba098c33ab52",
|
|
"value": "https://www.virustotal.com/file/bf20c674a0533e7c0d825de097629a96cb42ae2d4840b07dd1168993d95163e8/analysis/1559335108/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ATMSpitter",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460131",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1babef85-4ba3-4da9-b3cf-43a15399684f",
|
|
"value": "43/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460631",
|
|
"uuid": "0b2c0f8e-1af9-4e8e-9f8e-8fb45c401224",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0b2c0f8e-1af9-4e8e-9f8e-8fb45c401224",
|
|
"referenced_uuid": "98feb68b-c2ad-4663-87c3-d1b523867d7a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460643",
|
|
"uuid": "5cf37b23-11a4-4f15-832a-4701950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "fdd511a6-6dab-4175-915e-56db3e7b9775",
|
|
"value": "6a2eecea0581e77a9d50ff0e57016383"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2d03bbd1-4d5c-428e-8892-20f62b3fecec",
|
|
"value": "1e3f1dd472169491047180e6b4a27b85fa1cabfb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8e61ad62-1ca5-46f8-a03b-0de537f73068",
|
|
"value": "a5d0cd1bc33f44d25695ebd6530757180f4fc4d87a1658ee2f0d8fc42d09fb80"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460631",
|
|
"uuid": "98feb68b-c2ad-4663-87c3-d1b523867d7a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "53fde2c9-b0fd-4b8b-a8c8-d9a002e65db2",
|
|
"value": "2019-05-31T20:38:18"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a07659da-86bc-4020-b0e0-78c12eaa8df3",
|
|
"value": "https://www.virustotal.com/file/a5d0cd1bc33f44d25695ebd6530757180f4fc4d87a1658ee2f0d8fc42d09fb80/analysis/1559335098/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "WinPot",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460351",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "4e1ac133-52f7-467b-be78-7cc8cf57f7da",
|
|
"value": "45/65"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1559460631",
|
|
"uuid": "e33f4932-2a00-4e6a-af61-d2fe8bb882e9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e33f4932-2a00-4e6a-af61-d2fe8bb882e9",
|
|
"referenced_uuid": "0657c5d4-40bc-4e82-9166-9e8b5a74e3fc",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1559460644",
|
|
"uuid": "5cf37b24-b5c4-423b-8f43-4797950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "05da73a3-ae13-495a-b8c3-c1f47e190cec",
|
|
"value": "9ff193d4bc804bdab34e1122c968dddc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "0a7623d0-500d-49ab-99d7-a0825f5528ed",
|
|
"value": "9701bf4e8a77a6c890251c89b5c8c984f9049627"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1559460439",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2c421ec6-3ee8-4e64-bb8c-1007152da684",
|
|
"value": "b8063f1323a4ae8846163cc6e84a3b8a80463b25b9ff35d70a1c497509d48539"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1559460631",
|
|
"uuid": "0657c5d4-40bc-4e82-9166-9e8b5a74e3fc",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c735ceb0-a65b-4370-8d44-dd5c78432258",
|
|
"value": "2019-05-31T20:38:27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6424fee6-3c6b-45cb-8787-0f948838a294",
|
|
"value": "https://www.virustotal.com/file/b8063f1323a4ae8846163cc6e84a3b8a80463b25b9ff35d70a1c497509d48539/analysis/1559335107/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Alice",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1559460439",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b99b7a2f-5f76-4e13-91bb-7b96368fa84c",
|
|
"value": "51/72"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |