adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5b337e5f-4810-4cbe-bb0e-4b79950d210f.json

7529 lines
No EOL
259 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2018-06-26",
"extends_uuid": "",
"info": "OSINT - RedAlpha: New Campaigns Discovered Targeting the Tibetan Community",
"publish_timestamp": "1534250396",
"published": true,
"threat_level_id": "3",
"timestamp": "1534250303",
"uuid": "5b337e5f-4810-4cbe-bb0e-4b79950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:rat=\"NJRat\"",
"relationship_type": ""
},
{
"colour": "#054000",
"local": false,
"name": "misp-galaxy:tool=\"njRAT\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:threat-actor=\"RedAlpha\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:sector=\"NGO\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530101388",
"to_ids": false,
"type": "link",
"uuid": "5b337e8c-cee4-4d6d-b810-4276950d210f",
"value": "https://www.recordedfuture.com/redalpha-cyber-campaigns/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530101467",
"to_ids": false,
"type": "link",
"uuid": "5b337edb-8318-4ec6-a18f-48db950d210f",
"value": "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530101672",
"to_ids": false,
"type": "text",
"uuid": "5b337fa8-09a0-4771-b1cc-2f80950d210f",
"value": "Scope Note: Recorded Future analyzed new malware targeting the Tibetan community. This report includes a detailed analysis of the malware itself and associated infrastructure. Sources include Recorded Future\u00e2\u20ac\u2122s platform, VirusTotal, ReversingLabs, and third-party metadata, as well as common OSINT and network metadata enrichments, such as DomainTools Iris and PassiveTotal, and researcher collaboration.1 The impetus of this research is twofold: to provide indicators to leverage for protection for likely victims and to raise awareness of a possible shift in adversary TTPs."
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533041438",
"to_ids": true,
"type": "hostname",
"uuid": "5b605b1e-d01c-4031-8026-4d1e950d210f",
"value": "doc.internetdocss.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533043351",
"to_ids": true,
"type": "url",
"uuid": "5b606297-aa30-4385-853f-41f9950d210f",
"value": "http://doc.internetdocss.com/nethelpx86.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533043351",
"to_ids": true,
"type": "filename",
"uuid": "5b606297-8378-4d8c-8df2-4705950d210f",
"value": "%WINDIR%\\nethelp.dll"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533043419",
"to_ids": true,
"type": "url",
"uuid": "5b6062db-b7c4-4424-a0cc-40fa950d210f",
"value": "http://doc.internetdocss.com/audiox86.exe"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533118828",
"to_ids": true,
"type": "hostname",
"uuid": "5b61896c-d2a0-4f40-94a5-4215950d210f",
"value": "www.hktechy.com"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533118828",
"to_ids": true,
"type": "hostname",
"uuid": "5b61896c-cc28-4b71-be77-4c17950d210f",
"value": "index.ackques.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533121995",
"to_ids": true,
"type": "url",
"uuid": "5b6195cb-7940-40be-ba96-46b1950d210f",
"value": "index.acques.com/index.html"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533126103",
"to_ids": true,
"type": "hostname",
"uuid": "5b61a5d7-5810-45cb-a80d-4a7d950d210f",
"value": "striker.internetdocss.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533131835",
"to_ids": true,
"type": "url",
"uuid": "5b61bc3b-c298-44cf-85f7-4624950d210f",
"value": "http://doc.internetdocss.com/index?"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533563982",
"to_ids": true,
"type": "url",
"uuid": "5b68544e-a118-4b18-a3a1-8674950d210f",
"value": "http://220.218.70.160/sec.hta"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533632901",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696185-abd8-4c4a-a7c0-4d3c950d210f",
"value": "122.10.84.146"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533632902",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696186-2ba0-4bdb-8835-4fa4950d210f",
"value": "103.245.22.117"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533632903",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696187-3674-4d2b-af94-40c7950d210f",
"value": "103.245.22.124"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533634582",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696816-b788-4c94-ad87-4f9d950d210f",
"value": "103.30.7.76"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533634582",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696816-05d4-4748-8410-46d8950d210f",
"value": "103.30.7.77"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533634583",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696817-66d0-439e-b619-4269950d210f",
"value": "103.20.192.59"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533634583",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696817-0fa0-4020-bf22-4a1a950d210f",
"value": "103.20.195.140"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533634584",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696818-c060-4f3c-9a48-4054950d210f",
"value": "103.20.192.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533634584",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696818-0924-4d39-847b-4a71950d210f",
"value": "103.20.192.248"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533640072",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b697d88-0db0-4536-a89e-436d950d210f",
"value": "142.4.62.249"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533640073",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b697d89-1520-42cb-a2cc-4ad1950d210f",
"value": "27.126.179.156"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533640074",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b697d8a-3054-4ae5-9c06-4b72950d210f",
"value": "27.126.179.160"
},
{
"category": "Payload delivery",
"comment": "2017 Campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533640543",
"to_ids": false,
"type": "yara",
"uuid": "5b697f5f-3324-436c-93e1-4532950d210f",
"value": "import \"pe\"\r\nrule apt_ZZ_RedAlpha_2017Campaign_Dropper\r\n{\r\n meta:\r\n desc = \"RedAlpha 2017 Campaign, Dropper\"\r\n author = \"JAG-S, Insikt Group, RecordedFuture\"\r\n TLP = \"White\"\r\n md5_x86 = \"cb71f3b4f08eba58857532ac90bac77d\"\r\n md5_x64 = \"1412102eda0c2e5a5a85cb193dbb1524\"\r\n strings:\r\n $drops1 = \"http://doc.internetdocss.com/nethelp x86.dll\" ascii wide\r\n $drops2 = \"http://doc.internetdocss.com/audio x86.exe\" ascii wide\r\n $drops3 = \"http://doc.internetdocss.com/nethelp x64.dll\" ascii wide\r\n $drops4 = \"http://doc.internetdocss.com/audio x64.exe\" ascii wide\r\n $source1 = \"http://doc.internetdocss.com/word x86.exe\" ascii wide\r\n $source2 = \"http://doc.internetdocss.com/word x64.exe\" ascii wide\r\n $path1 = \"\\\\Programs\\\\Startup\\\\audio.exe\" ascii wide\r\n $path2 = \"c:\\\\Windows\\\\nethelp.dll\" ascii wide\r\n $persistence1 = \"SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\svchost\" ascii\r\nwide\r\n $persistence2 = \"%SystemRoot%\\\\system32\\\\svchost.exe -k \" ascii wide\r\n $persistence3 = \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\\" ascii wide\r\n $persistence4 = \"Parameters\" ascii wide\r\n $persistence5 = \"ServiceDll\" ascii wide\r\n $persistence6 = \"NetHelp\" ascii wide\r\n $persistence7 = \"Windows Internet Help\" ascii wide\r\n condition:\r\n uint16(0)==0x5A4D\r\n and\r\n filesize < 500KB\r\n and\r\n (\r\n (pe.imphash() == \"3697a1f9150de181026ce089c10657c3\" or pe.imphash() ==\r\n\"e6e566fc8a1dee3019821e84c5ad58cc\")\r\n or\r\n (\r\n any of ($drops*)\r\n or\r\n any of ($source*)\r\n or\r\n any of ($path*)\r\n or\r\n 6 of ($persistence*)\r\n )\r\n )\r\n}\r\n\r\nrule apt_ZZ_RedAlpha_2017Campaign_nethelp\r\n{\r\nmeta:\r\ndesc = \"RedAlpha 2017 Campaign, NetHelp Drop\"\r\nauthor = \"JAG-S, Insikt Group, RecordedFuture\"\r\nTLP = \"White\"\r\nmd5_x86 = \"42256b4753724f7feb411bc9912155fd\"\r\nmd5_x86 = \"6d1d6987d0677f40e473befab121ab1b\"\r\nmd5_x64 = \"8f0fe2620f8dadf93eee285834e35655\"\r\nmd5_x64 = \"cd32ce54ed94dfbde7fb85930a16597d\"\r\nmd5_x64_striker = \"6dd1be1e491d5bf9cd14686c185c3009\"\r\nstrings:\r\n$postreq1 = \"POST /index.html HTTP/1.1\" ascii wide\r\n$postreq2 = \"Host: index.ackques.com\" ascii wide\r\n$postreq3 = \"User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101\r\nChrome /53.0\" ascii wide\r\n$postreq4 = \"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*\" ascii\r\nwide\r\n$postreq5 = \"Accept-Language: en-US;q=0.5,en;q=0.3\" ascii wide\r\n$postreq6 = \"Accept-Encoding: gzip, deflate\" ascii wide\r\n$postreq7 = \"Content-Type: application/x-www-form-urlencoded\" ascii wide\r\n$postreq8 = \"Content-Length: %d\" ascii wide\r\n$postreq9 = \"Connection: keep-alive\" ascii wide\r\n$postreq10 = \"Upgrade-Insecure-Requests: 1\" ascii wide\r\n$cnc1 = \"index.ackques.com\" ascii wide\r\n$cnc2 = \"www.hktechy.com\" ascii wide\r\n $cnc3 = \"striker.internetdocss.com\" ascii wide\r\n$service1 = \"Windows Internet Help\" ascii wide\r\n$service2 = \"Client.dll\" ascii wide\r\n$service3 = \"ServiceMain\" ascii wide\r\ncondition:\r\nuint16(0)==0x5A4D\r\nand\r\nfilesize < 500KB\r\nand\r\n(\r\n(pe.imphash() == \"bc902a5e56cbbaa82f4af26cf9f4567e\"\r\nor pe.imphash() == \"af5487e77c16d987ca02d59bdcf38489\"\r\nor pe.imphash() == \"6e109cbbd181ad567b90463d48302c72\"\r\nor pe.imphash() == \"df09df6d5ae774f280c43e3cc0e4a142\"\r\n)\r\nor\r\n(\r\nall of ($postreq*)\r\nor\r\nany of ($cnc*)\r\nor\r\nall of ($service*)\r\n)\r\n)\r\n}"
},
{
"category": "Payload delivery",
"comment": "2018 Campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533640730",
"to_ids": false,
"type": "yara",
"uuid": "5b69801a-f90c-4c6e-952e-41fb950d210f",
"value": "import \"pe\"\r\nrule apt_ZZ_RedAlpha_Dropper\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n tlp = \"White\"\r\n md5 = \"e6c0ac26b473d1e0fa9f74fdf1d01af8\"\r\n md5 = \"e28db08b2326a34958f00d68dfb034b0\"\r\n md5 = \"c94a39d58450b81087b4f1f5fd304add\"\r\n md5 = \"3a2b1a98c0a31ed32759f48df34b4bc8\"\r\n desc = \"RedAlpha Dropper\"\r\n version = \"1.0\"\r\n strings:\r\n $cnc = \"http://doc.internetdocss.com/index?\"\r\n condition:\r\n uint16(0) == 0x5A4D\r\n and filesize < 500KB\r\n and\r\n (pe.imphash() == \"17030637d18335c7267d09ec0ebc637c\" or pe.imphash() ==\r\n\"617fd4619e215a00dae98de5980a4210\")\r\n and\r\n all of them\r\n}\r\nrule apt_ZZ_RedAlpha_njRat\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n TLP = \"White\"\r\n md5 = \"c74608c70a59371cbf016316bebfab06\"\r\n date = \"04-14-2018\"\r\n desc = \"Second-stage njRAT, RedAlpha config\"\r\n version = \"1.1\"\r\n strings:\r\n $installName = \"serverdo.exe\" wide\r\n $port = \"9527\" wide\r\n $version = \"0.7d\" wide\r\n $c2 = \"doc.internetdocss.com\" wide\r\n condition:\r\n uint16(0) == 0x5A4D and filesize < 50KB\r\n and\r\n pe.imphash() == \"f34d5f2d4577ed6d9ceec516c1f5a744\"\r\n and\r\n all of them\r\n}"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "4",
"timestamp": "1530102009",
"uuid": "5b33808f-c060-4227-891c-2f80950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1530101903",
"to_ids": false,
"type": "text",
"uuid": "5b33808f-96b0-4315-aceb-2f80950d210f",
"value": "Based on links to #malware used by Chinese APTs, our research team makes assessments about who exactly is behind the newly discovered RedAlpha campaigns: (link: http://bit.ly/2KaCeS0) bit.ly/2KaCeS0 #Analysis"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1530101904",
"to_ids": false,
"type": "text",
"uuid": "5b338090-97ac-4266-af6a-2f80950d210f",
"value": "Twitter"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1530101904",
"to_ids": true,
"type": "url",
"uuid": "5b338090-7bc0-4dc3-8e93-2f80950d210f",
"value": "https://mobile.twitter.com/RecordedFuture/status/1011675584198529024"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1530102008",
"to_ids": true,
"type": "link",
"uuid": "5b338092-51b8-45b2-b1f6-2f80950d210f",
"value": "https://t.co/D1MIxdpuBK?amp=1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1530101906",
"to_ids": true,
"type": "url",
"uuid": "5b338092-8fdc-46a8-91f2-2f80950d210f",
"value": "https://www.recordedfuture.com/redalpha-cyber-campaigns/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "creation-date",
"timestamp": "1530101907",
"to_ids": false,
"type": "datetime",
"uuid": "5b338093-a724-4628-9d75-2f80950d210f",
"value": "2018-06-26T20:20:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1530101907",
"to_ids": false,
"type": "text",
"uuid": "5b338093-7b6c-4274-9555-2f80950d210f",
"value": "@RecordedFuture"
}
]
},
{
"comment": "PE32 executable (GUI) Intel 80386, for MS Windows\r\n2017 Audio dropper. Also observed being\r\ndeployed from Japanese IP\r\n220.218.70.160",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250191",
"uuid": "5b605571-86c8-4306-806d-495f950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b605571-86c8-4306-806d-495f950d210f",
"referenced_uuid": "af9cbff4-9e65-4a79-a1ec-e88133cdfb98",
"relationship_type": "analysed-with",
"timestamp": "1533049058",
"uuid": "5b6078e2-0014-4cb1-83d2-493902de0b81"
},
{
"comment": "",
"object_uuid": "5b605571-86c8-4306-806d-495f950d210f",
"referenced_uuid": "ab089f9c-349f-46f0-a2b2-ecfb3da24370",
"relationship_type": "analysed-with",
"timestamp": "1533204209",
"uuid": "5b62d6f1-66c4-467c-95aa-487c02de0b81"
},
{
"comment": "",
"object_uuid": "5b605571-86c8-4306-806d-495f950d210f",
"referenced_uuid": "5b605736-14d8-416e-beb0-4c30950d210f",
"relationship_type": "derived-from",
"timestamp": "1533645737",
"uuid": "5b6993a9-c62c-4484-8001-4b8d950d210f"
},
{
"comment": "",
"object_uuid": "5b605571-86c8-4306-806d-495f950d210f",
"referenced_uuid": "6c1f2aee-af3d-4af0-a272-8aef0d5da562",
"relationship_type": "analysed-with",
"timestamp": "1534250212",
"uuid": "5b72cce4-e9b8-48de-813d-408502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533645473",
"to_ids": true,
"type": "md5",
"uuid": "5b605572-fbc4-4af1-891d-4f58950d210f",
"value": "cb71f3b4f08eba58857532ac90bac77d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533645473",
"to_ids": true,
"type": "sha1",
"uuid": "5b605572-d850-488f-985d-470e950d210f",
"value": "3142029872c39f393e765d59d68cf4f912170629"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533645473",
"to_ids": true,
"type": "sha256",
"uuid": "5b605572-e970-4baa-8fc9-4d8c950d210f",
"value": "e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533645473",
"to_ids": true,
"type": "filename",
"uuid": "5b605573-c15c-4c0c-bd97-4284950d210f",
"value": "wordx86.exe\u00e2\u20ac\u009d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533645473",
"to_ids": true,
"type": "filename",
"uuid": "5b605573-3af8-4092-94ee-4b03950d210f",
"value": "audiox86.exe\u00e2\u20ac\u009d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533645473",
"to_ids": false,
"type": "text",
"uuid": "5b605573-31fc-4351-9b7b-4195950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533645473",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b605573-d884-4dc2-b007-49e3950d210f",
"value": "93000"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533040438",
"uuid": "5b605736-14d8-416e-beb0-4c30950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533040438",
"to_ids": false,
"type": "text",
"uuid": "5b605736-ce18-443d-9209-4e0d950d210f",
"value": "exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533040438",
"to_ids": true,
"type": "filename",
"uuid": "5b605736-7e14-456f-b433-4492950d210f",
"value": "wordx86.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533040438",
"to_ids": false,
"type": "datetime",
"uuid": "5b605736-30c0-4b61-8103-43da950d210f",
"value": "2017-06-11T06:40:50"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1533040439",
"to_ids": true,
"type": "imphash",
"uuid": "5b605737-1098-4659-ba09-4f52950d210f",
"value": "3697a1f9150de181026ce089c10657c3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533041410",
"uuid": "5b605b02-8624-40ab-99a1-4f5c950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533041411",
"to_ids": false,
"type": "text",
"uuid": "5b605b03-1884-4d72-a42b-4ea6950d210f",
"value": "exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533041411",
"to_ids": true,
"type": "filename",
"uuid": "5b605b03-3adc-45d6-9bf7-4290950d210f",
"value": "audiox86.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533041411",
"to_ids": false,
"type": "datetime",
"uuid": "5b605b03-a6e4-4fcf-bde3-449f950d210f",
"value": "2017-06-11T06:40:50"
}
]
},
{
"comment": "PE32+ executable (GUI) x86-64, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204188",
"uuid": "5b6063f0-5f28-4309-9719-4bf1950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b6063f0-5f28-4309-9719-4bf1950d210f",
"referenced_uuid": "c0793ff5-50a6-4817-8df9-8c28ab90f3d1",
"relationship_type": "analysed-with",
"timestamp": "1533204209",
"uuid": "5b62d6f1-b158-4fd0-87ab-4c6602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533043697",
"to_ids": true,
"type": "md5",
"uuid": "5b6063f1-ab8c-4a6a-bcd0-47ef950d210f",
"value": "1412102eda0c2e5a5a85cb193dbb1524"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533043697",
"to_ids": true,
"type": "filename",
"uuid": "5b6063f1-1e7c-42e9-9c54-4481950d210f",
"value": "wordx64.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533043697",
"to_ids": true,
"type": "filename",
"uuid": "5b6063f1-ee2c-4ecd-8323-4f41950d210f",
"value": "audiox64.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533043697",
"to_ids": false,
"type": "text",
"uuid": "5b6063f1-8430-4484-aa75-4f24950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533049058",
"uuid": "951dbf05-efee-46a0-b2aa-89e5c6d0c898",
"ObjectReference": [
{
"comment": "",
"object_uuid": "951dbf05-efee-46a0-b2aa-89e5c6d0c898",
"referenced_uuid": "4d6cc362-fb2b-4576-919d-8d66294873be",
"relationship_type": "analysed-with",
"timestamp": "1533049059",
"uuid": "5b6078e3-6ddc-429f-8e73-4c9f02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533049055",
"to_ids": true,
"type": "md5",
"uuid": "863fb0fe-83c5-44ff-b7fb-a4b81791ce32",
"value": "1412102eda0c2e5a5a85cb193dbb1524"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533049055",
"to_ids": true,
"type": "sha1",
"uuid": "b0899bd5-2cf9-460c-8248-0cfb64b9ea8f",
"value": "f243d9d60dbae71ef36c0200372835f5093e954c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533049056",
"to_ids": true,
"type": "sha256",
"uuid": "1b204906-63d8-4660-b0ca-a59b33bb14fd",
"value": "da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533049056",
"uuid": "4d6cc362-fb2b-4576-919d-8d66294873be",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533049056",
"to_ids": false,
"type": "datetime",
"uuid": "cdc06ac9-6db1-4e66-afc7-5f284c4b0d71",
"value": "2018-07-05T10:54:21"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533049057",
"to_ids": false,
"type": "link",
"uuid": "f625803b-9836-40a9-8fc4-badb7641d32a",
"value": "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533049057",
"to_ids": false,
"type": "text",
"uuid": "39deaf89-4d50-41f0-94a8-231614288d89",
"value": "51/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533049057",
"uuid": "af9cbff4-9e65-4a79-a1ec-e88133cdfb98",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533049058",
"to_ids": false,
"type": "datetime",
"uuid": "c07ff68e-441d-4c99-95ef-3442a02573da",
"value": "2018-07-05T10:55:00"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533049058",
"to_ids": false,
"type": "link",
"uuid": "fb7703c7-c989-4040-9e80-20cbefe11bad",
"value": "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533049058",
"to_ids": false,
"type": "text",
"uuid": "cbecb56f-21ab-4fa0-8932-db8eeee8f165",
"value": "48/67"
}
]
},
{
"comment": "NetHelp Infostealer",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250191",
"uuid": "5b61631b-a13c-4dc0-b949-4342950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b61631b-a13c-4dc0-b949-4342950d210f",
"referenced_uuid": "2e9f7a81-d071-4fa8-bb22-eae520f03d51",
"relationship_type": "analysed-with",
"timestamp": "1533204209",
"uuid": "5b62d6f1-ea7c-4cb5-8578-468102de0b81"
},
{
"comment": "",
"object_uuid": "5b61631b-a13c-4dc0-b949-4342950d210f",
"referenced_uuid": "3ed9a824-86f6-44c8-addb-00ba19e4b915",
"relationship_type": "analysed-with",
"timestamp": "1534250212",
"uuid": "5b72cce4-0c18-4e63-ba8b-4d6402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533109019",
"to_ids": true,
"type": "md5",
"uuid": "5b61631b-1264-44d0-82a7-41c0950d210f",
"value": "42256b4753724f7feb411bc9912155fd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533109020",
"to_ids": true,
"type": "sha1",
"uuid": "5b61631c-cf48-4726-8c53-4915950d210f",
"value": "7e7d38b1687c5949528d35d8e405d995ac15d1b2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533109020",
"to_ids": true,
"type": "sha256",
"uuid": "5b61631c-4344-4e42-b8a3-4746950d210f",
"value": "293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533109020",
"to_ids": true,
"type": "filename",
"uuid": "5b61631c-c9a8-4e48-a219-40f9950d210f",
"value": "nethelpx86.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533109021",
"to_ids": true,
"type": "filename",
"uuid": "5b61631d-2bc8-4881-afbf-45bf950d210f",
"value": "nethelp.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533109021",
"to_ids": true,
"type": "filename",
"uuid": "5b61631d-0254-48cb-a845-4b67950d210f",
"value": "audiox86.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533109021",
"to_ids": false,
"type": "text",
"uuid": "5b61631d-9e18-493a-8c92-4443950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533109021",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b61631d-1344-49d7-9955-413d950d210f",
"value": "198000"
}
]
},
{
"comment": "PE32 executable (DLL) (console) Intel 80386, for MS Windows",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533116691",
"uuid": "5b6165b7-2d18-4189-bffe-4096950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533116691",
"to_ids": false,
"type": "text",
"uuid": "5b6165b7-33c4-4e29-b628-4ba7950d210f",
"value": "dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533116691",
"to_ids": true,
"type": "filename",
"uuid": "5b6165b7-8058-4284-9a8b-4dea950d210f",
"value": "nethelpx86.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1533116691",
"to_ids": true,
"type": "imphash",
"uuid": "5b6165b7-3780-4a96-bc8b-4f06950d210f",
"value": "bc902a5e56cbbaa82f4af26cf9f4567e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1533116691",
"to_ids": true,
"type": "filename",
"uuid": "5b61665f-6c4c-4e0d-9a33-4005950d210f",
"value": "Client.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533116692",
"to_ids": false,
"type": "datetime",
"uuid": "5b618114-5810-43c8-aa5f-45de950d210f",
"value": "2017-06-11T03:18:30"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533117140",
"uuid": "5b6182d4-67b8-4785-ba0e-4d23950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533117140",
"to_ids": false,
"type": "text",
"uuid": "5b6182d4-4a58-43ff-9ddf-451d950d210f",
"value": "dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533117140",
"to_ids": true,
"type": "filename",
"uuid": "5b6182d4-7f90-4446-ae50-4f49950d210f",
"value": "nethelp.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533117140",
"to_ids": false,
"type": "datetime",
"uuid": "5b6182d4-0804-463b-ac5b-4eb4950d210f",
"value": "2017-06-11T03:18:30"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1533117141",
"to_ids": true,
"type": "filename",
"uuid": "5b6182d5-2268-4f31-aee4-413e950d210f",
"value": "Client.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1533117141",
"to_ids": true,
"type": "imphash",
"uuid": "5b6182d5-4cd0-4dce-a3b0-47e0950d210f",
"value": "bc902a5e56cbbaa82f4af26cf9f4567e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533118742",
"uuid": "5b618916-06bc-4a4b-971e-49dc950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533118743",
"to_ids": false,
"type": "text",
"uuid": "5b618917-5e2c-446a-b223-43b1950d210f",
"value": "exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533118743",
"to_ids": true,
"type": "filename",
"uuid": "5b618917-38d4-4689-8596-4da4950d210f",
"value": "audiox86.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533118743",
"to_ids": false,
"type": "datetime",
"uuid": "5b618917-b9d8-4b3b-ba68-4be3950d210f",
"value": "2017-06-11T03:18:30"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1533118743",
"to_ids": true,
"type": "filename",
"uuid": "5b618917-b2dc-4b13-b319-4867950d210f",
"value": "Client.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1533118743",
"to_ids": true,
"type": "imphash",
"uuid": "5b618917-b3c4-4cac-bf8d-4403950d210f",
"value": "bc902a5e56cbbaa82f4af26cf9f4567e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1533120021",
"uuid": "5b618e15-2084-466a-8f5c-44df950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533120021",
"to_ids": true,
"type": "domain",
"uuid": "5b618e15-949c-4933-98e7-43c4950d210f",
"value": "www.hktechy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "dst-port",
"timestamp": "1533120022",
"to_ids": false,
"type": "port",
"uuid": "5b618e16-5098-453a-ab75-4c9f950d210f",
"value": "80"
}
]
},
{
"comment": "PE32 executable (GUI) Intel 80386, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533123302",
"uuid": "5b619ae6-dff0-4f29-bc32-471a950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533123303",
"to_ids": true,
"type": "md5",
"uuid": "5b619ae7-c104-4be9-a206-46e4950d210f",
"value": "6d1d6987d0677f40e473befab121ab1b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533123303",
"to_ids": true,
"type": "filename",
"uuid": "5b619ae7-a50c-4a08-ad8d-400c950d210f",
"value": "audiox86"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533123303",
"to_ids": false,
"type": "text",
"uuid": "5b619ae7-7c6c-4c6c-b36a-483a950d210f",
"value": "Malicious"
}
]
},
{
"comment": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250191",
"uuid": "5b619c3f-9644-4d94-a4ac-4d40950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b619c3f-9644-4d94-a4ac-4d40950d210f",
"referenced_uuid": "280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63",
"relationship_type": "analysed-with",
"timestamp": "1534250212",
"uuid": "5b72cce4-66a8-47be-8af8-4bc702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533123647",
"to_ids": true,
"type": "md5",
"uuid": "5b619c3f-226c-4016-8e2c-4a5e950d210f",
"value": "8f0fe2620f8dadf93eee285834e35655"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533123648",
"to_ids": true,
"type": "filename",
"uuid": "5b619c40-9f88-4daa-9dd3-4be8950d210f",
"value": "nethelp%20x64.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533123648",
"to_ids": false,
"type": "text",
"uuid": "5b619c40-8334-4dc8-bbba-4231950d210f",
"value": "Malicious"
}
]
},
{
"comment": "PE32+ executable (GUI) x86-64, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250191",
"uuid": "5b619eb3-4dac-4efa-b562-43ab950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b619eb3-4dac-4efa-b562-43ab950d210f",
"referenced_uuid": "8f903648-f534-497c-8096-7eba34dfcdd4",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-e658-4ded-87da-47de02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533124275",
"to_ids": true,
"type": "md5",
"uuid": "5b619eb3-9c80-489e-bb4b-43df950d210f",
"value": "cd32ce54ed94dfbde7fb85930a16597d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533124276",
"to_ids": true,
"type": "filename",
"uuid": "5b619eb4-228c-4c31-beaa-435b950d210f",
"value": "audio%20x64.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533124276",
"to_ids": false,
"type": "text",
"uuid": "5b619eb4-1e20-47fd-bc66-414f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "PE32+ executable (DLL) (console) x86-64, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250191",
"uuid": "5b61a1be-f9ec-428a-aede-468e950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b61a1be-f9ec-428a-aede-468e950d210f",
"referenced_uuid": "90f35bd9-30a9-467b-9f6e-7ed7648b7119",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-6f3c-4f1e-a554-4c0702de0b81"
},
{
"comment": "",
"object_uuid": "5b61a1be-f9ec-428a-aede-468e950d210f",
"referenced_uuid": "b5a9119a-4fae-4d63-8679-c0fcbe967f1c",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-9338-4927-b222-402102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533125123",
"to_ids": true,
"type": "md5",
"uuid": "5b61a1be-7f80-4030-aba7-4429950d210f",
"value": "6dd1be1e491d5bf9cd14686c185c3009"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533125123",
"to_ids": true,
"type": "sha1",
"uuid": "5b61a1bf-84ec-4d3d-9b55-4d1b950d210f",
"value": "1e9a0a147198b8dfb4a33fc5bb1406635bfbe514"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533125123",
"to_ids": true,
"type": "sha256",
"uuid": "5b61a1bf-3a3c-4ca5-aeb1-4b4b950d210f",
"value": "d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533125123",
"to_ids": false,
"type": "text",
"uuid": "5b61a1c0-604c-4a6f-86c0-409b950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533125123",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b61a1c0-2918-4b36-bf45-42bd950d210f",
"value": "254000"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533125125",
"to_ids": true,
"type": "filename",
"uuid": "5b61a205-2da0-4066-b25e-4ebe950d210f",
"value": "nethelp.dll"
}
]
},
{
"comment": "PE32+ executable (DLL) (console) x86-64, for MS Windows",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533125922",
"uuid": "5b61a522-1fe8-431f-8471-4467950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533125923",
"to_ids": false,
"type": "text",
"uuid": "5b61a523-bee0-4d8b-947b-4c46950d210f",
"value": "exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533125923",
"to_ids": true,
"type": "filename",
"uuid": "5b61a523-29b0-4e75-9c35-4167950d210f",
"value": "nethelp.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533125923",
"to_ids": false,
"type": "datetime",
"uuid": "5b61a523-2030-4428-b82a-470e950d210f",
"value": "2017-07-06T02:14:08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1533125923",
"to_ids": true,
"type": "filename",
"uuid": "5b61a523-bfb8-410d-a3fa-4fec950d210f",
"value": "Client.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1533125923",
"to_ids": true,
"type": "imphash",
"uuid": "5b61a523-7278-4a45-a316-415e950d210f",
"value": "9098d75f516f191276ef1836aecc30d4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250191",
"uuid": "5b61b7e1-e898-4c28-af5b-4a86950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b61b7e1-e898-4c28-af5b-4a86950d210f",
"referenced_uuid": "db693d26-2826-4534-9718-84cf465571bc",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-06e4-40dd-a7cf-4e2302de0b81"
},
{
"comment": "",
"object_uuid": "5b61b7e1-e898-4c28-af5b-4a86950d210f",
"referenced_uuid": "bf7d4471-6524-4cdd-821d-63b550a8d3c7",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-1000-4522-ba77-42dc02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533130722",
"to_ids": true,
"type": "md5",
"uuid": "5b61b7e2-9550-4d7a-9fbf-4c40950d210f",
"value": "5228914b534a437eb7985702e78772be"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533130722",
"to_ids": true,
"type": "sha1",
"uuid": "5b61b7e2-0ed0-4e25-84f5-4a0b950d210f",
"value": "83d7ceb2e55ae3d6bbf0936376e82fe5bc97a963"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533130723",
"to_ids": true,
"type": "sha256",
"uuid": "5b61b7e3-ef90-44b4-8955-470b950d210f",
"value": "02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533130723",
"to_ids": false,
"type": "text",
"uuid": "5b61b7e3-22bc-4342-97f7-4088950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533130723",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b61b7e3-37d0-4cc6-b937-41b7950d210f",
"value": "798000"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250192",
"uuid": "5b61b964-b078-4a41-9a1e-48e3950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b61b964-b078-4a41-9a1e-48e3950d210f",
"referenced_uuid": "7e3abe32-cfe8-485f-a22b-7e2989d16ffa",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-e340-4fca-9713-435902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533131108",
"to_ids": true,
"type": "md5",
"uuid": "5b61b964-41d4-4e50-9a28-4416950d210f",
"value": "e6c0ac26b473d1e0fa9f74fdf1d01af8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533131109",
"to_ids": false,
"type": "text",
"uuid": "5b61b965-abe4-4a38-9d0a-4bfd950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250192",
"uuid": "5b61b972-4cb4-4556-8dc2-4bf3950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b61b972-4cb4-4556-8dc2-4bf3950d210f",
"referenced_uuid": "bc18676c-a419-4493-882b-dbffc94fae97",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-dca4-4fee-8c9f-41be02de0b81"
},
{
"comment": "",
"object_uuid": "5b61b972-4cb4-4556-8dc2-4bf3950d210f",
"referenced_uuid": "4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-9888-4736-8617-4f0e02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533131728",
"to_ids": true,
"type": "filename",
"uuid": "5b61b972-077c-4aec-8f74-4199950d210f",
"value": "winlogon.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533131728",
"to_ids": false,
"type": "text",
"uuid": "5b61b972-dc64-4a2e-84cf-4d78950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533131728",
"to_ids": true,
"type": "md5",
"uuid": "5b61bbd0-038c-445b-afe4-4c6e950d210f",
"value": "e28db08b2326a34958f00d68dfb034b0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533131729",
"to_ids": true,
"type": "sha1",
"uuid": "5b61bbd1-d20c-46af-9a64-4091950d210f",
"value": "28bc84813b9dec660fe95d590ef33e574fe16254"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533131729",
"to_ids": true,
"type": "sha256",
"uuid": "5b61bbd1-aee8-447b-84e6-40f0950d210f",
"value": "50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533131730",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b61bbd2-4ca4-4ef7-a644-474e950d210f",
"value": "274000"
}
]
},
{
"comment": "PE32 executable (GUI) Intel 80386, for MS Windows",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533131814",
"uuid": "5b61bc26-8bb0-4860-8e09-4e88950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533131814",
"to_ids": false,
"type": "text",
"uuid": "5b61bc26-100c-40c4-aa30-4c7a950d210f",
"value": "exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533131814",
"to_ids": true,
"type": "filename",
"uuid": "5b61bc26-ec30-4437-9966-426f950d210f",
"value": "winlogon.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533131814",
"to_ids": false,
"type": "datetime",
"uuid": "5b61bc26-c360-46aa-acc8-460f950d210f",
"value": "2018-01-07T23:13:23"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1533131814",
"to_ids": true,
"type": "imphash",
"uuid": "5b61bc26-b3a8-40c7-a3e3-47af950d210f",
"value": "17030637d18335c7267d09ec0ebc637c"
}
]
},
{
"comment": "PE32 executable (GUI) Intel 80386, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250192",
"uuid": "5b62c621-9d58-40e1-9105-4272950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b62c621-9d58-40e1-9105-4272950d210f",
"referenced_uuid": "5c696617-e214-4531-a91a-45aee2b893ed",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-6f94-4533-bc08-46c502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533199905",
"to_ids": true,
"type": "md5",
"uuid": "5b62c621-5480-4c32-aafa-4a40950d210f",
"value": "c94a39d58450b81087b4f1f5fd304add"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533199905",
"to_ids": false,
"type": "text",
"uuid": "5b62c621-ba9c-4fdc-8953-48d4950d210f",
"value": "Malicious"
}
]
},
{
"comment": "PE32 executable (console) Intel 80386, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250192",
"uuid": "5b62c650-8358-49b9-9064-4ce8950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b62c650-8358-49b9-9064-4ce8950d210f",
"referenced_uuid": "e0407f5c-72da-4b58-8ae9-627189b8808d",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-9c30-48fe-b6e0-4cac02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533199953",
"to_ids": true,
"type": "md5",
"uuid": "5b62c651-ee90-417b-a7ac-4806950d210f",
"value": "3a2b1a98c0a31ed32759f48df34b4bc8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533199953",
"to_ids": false,
"type": "text",
"uuid": "5b62c651-b25c-44f8-a2ed-43ff950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204188",
"uuid": "5b62cb24-ebc0-4131-aa65-425b950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b62cb24-ebc0-4131-aa65-425b950d210f",
"referenced_uuid": "4c400be1-7bc4-4c3e-ad25-0c0056e9a6da",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-f2c4-45c5-b501-473602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533201188",
"to_ids": true,
"type": "md5",
"uuid": "5b62cb24-fff8-4592-9893-40ee950d210f",
"value": "c74608c70a59371cbf016316bebfab06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533201188",
"to_ids": true,
"type": "sha1",
"uuid": "5b62cb24-7d64-46e8-adc6-4341950d210f",
"value": "e781aa54be06e010f1096fcc39a95df144659bd3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533201189",
"to_ids": true,
"type": "sha256",
"uuid": "5b62cb25-1d90-4052-a76f-4706950d210f",
"value": "1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533201189",
"to_ids": true,
"type": "filename",
"uuid": "5b62cb25-aeb0-4f7a-a631-4aec950d210f",
"value": "serverdo.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533201189",
"to_ids": false,
"type": "text",
"uuid": "5b62cb25-8aa0-4244-a48b-4a39950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533201189",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b62cb25-fb64-4395-927f-45fa950d210f",
"value": "24000"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533201221",
"uuid": "5b62cb45-8260-4632-b14e-4a07950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533201222",
"to_ids": false,
"type": "text",
"uuid": "5b62cb46-c864-48bd-8db2-4ccb950d210f",
"value": "exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533201222",
"to_ids": true,
"type": "filename",
"uuid": "5b62cb46-c1e0-4cc5-b880-47f1950d210f",
"value": "serverdo.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1533201222",
"to_ids": false,
"type": "datetime",
"uuid": "5b62cb46-5980-4418-af04-451f950d210f",
"value": "2018-03-06T01:16:01"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1533201222",
"to_ids": true,
"type": "imphash",
"uuid": "5b62cb46-28f4-4975-b707-4819950d210f",
"value": "f34d5f2d4577ed6d9ceec516c1f5a744"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204188",
"uuid": "b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0",
"referenced_uuid": "a51ea5b5-2181-4905-bda3-b2b1698c7c27",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-c670-4811-a679-439102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533204185",
"to_ids": true,
"type": "md5",
"uuid": "35213e3c-d5a6-4793-b727-07b00eb0ef7b",
"value": "cd32ce54ed94dfbde7fb85930a16597d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533204186",
"to_ids": true,
"type": "sha1",
"uuid": "875ba602-45e6-4090-846c-459b586c387d",
"value": "da9c4aad7e38b904106a059b9b6318746fa6175d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533204186",
"to_ids": true,
"type": "sha256",
"uuid": "fd7f5120-d9a6-4382-9fd2-34ba9fe7fd74",
"value": "b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204187",
"uuid": "a51ea5b5-2181-4905-bda3-b2b1698c7c27",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204187",
"to_ids": false,
"type": "datetime",
"uuid": "4b9cdbc3-8039-4f5f-a5d8-0c044c4db001",
"value": "2018-07-05T10:54:06"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204187",
"to_ids": false,
"type": "link",
"uuid": "01bc974e-812b-4c2a-aff4-6edd4e5fe0db",
"value": "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204188",
"to_ids": false,
"type": "text",
"uuid": "c6aed43c-f6d9-4dec-948e-0a007f83ae47",
"value": "43/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204191",
"uuid": "d2ec20b7-d689-47e6-9228-01a281f3ad02",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d2ec20b7-d689-47e6-9228-01a281f3ad02",
"referenced_uuid": "100f1a8d-1bc3-4000-92fe-bce0b793b222",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-5924-4b65-bc0c-41e602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533204188",
"to_ids": true,
"type": "md5",
"uuid": "c53edc75-0569-4261-8b4b-4cd91271a502",
"value": "8f0fe2620f8dadf93eee285834e35655"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533204188",
"to_ids": true,
"type": "sha1",
"uuid": "21d4f1cf-a65c-4e7f-97e3-97d97d96885c",
"value": "84b80f942683d1b29180861664ec31d56321b975"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533204189",
"to_ids": true,
"type": "sha256",
"uuid": "8f974d54-0da9-4e33-b1cc-6b52c637ff9e",
"value": "25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204190",
"uuid": "100f1a8d-1bc3-4000-92fe-bce0b793b222",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204190",
"to_ids": false,
"type": "datetime",
"uuid": "03525361-029b-45e1-901d-d638b67da8d0",
"value": "2018-07-05T10:54:46"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204190",
"to_ids": false,
"type": "link",
"uuid": "c20c3051-7431-47f5-8e07-9f8cb38f4503",
"value": "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204191",
"to_ids": false,
"type": "text",
"uuid": "c48f0741-4780-4a4a-9228-e16aa95cdcb2",
"value": "41/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204194",
"uuid": "5510fbf8-41c8-4a11-bcf0-42aa4303742e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5510fbf8-41c8-4a11-bcf0-42aa4303742e",
"referenced_uuid": "578b25b7-97b8-4d39-8537-323e64ffc399",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-2ea8-4f03-9a6a-442e02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533204191",
"to_ids": true,
"type": "md5",
"uuid": "8d570cf4-393f-4bd5-8b2a-f0f248c74e92",
"value": "6d1d6987d0677f40e473befab121ab1b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533204191",
"to_ids": true,
"type": "sha1",
"uuid": "53862950-0525-4e30-ae46-f11545c96d0f",
"value": "ba977849cde0836a10da99cbb952f672b360a311"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533204192",
"to_ids": true,
"type": "sha256",
"uuid": "1bfa5ec2-1ca3-4b6f-a2a5-3c067a6fe718",
"value": "e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204192",
"uuid": "578b25b7-97b8-4d39-8537-323e64ffc399",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204192",
"to_ids": false,
"type": "datetime",
"uuid": "39d6d6c8-ce32-4e70-9f88-a969ff043882",
"value": "2018-07-05T10:53:56"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204193",
"to_ids": false,
"type": "link",
"uuid": "1b5c3a81-7820-4538-98eb-3e4805a6d9bb",
"value": "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204193",
"to_ids": false,
"type": "text",
"uuid": "684a278f-7203-49ac-981d-e5fe53e016d2",
"value": "47/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204196",
"uuid": "db3a215c-d9b8-4d91-952a-af20cfe86d4a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "db3a215c-d9b8-4d91-952a-af20cfe86d4a",
"referenced_uuid": "bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6",
"relationship_type": "analysed-with",
"timestamp": "1533204210",
"uuid": "5b62d6f2-305c-4f4c-9cfa-403502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533204193",
"to_ids": true,
"type": "md5",
"uuid": "f78632b9-91eb-4e6e-8315-b631c723bbe7",
"value": "3a2b1a98c0a31ed32759f48df34b4bc8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533204194",
"to_ids": true,
"type": "sha1",
"uuid": "072de239-5631-4093-a8d8-97da1e456c7d",
"value": "e86204a1c55448eb61c1d03895cf1aecf6c4ce07"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533204194",
"to_ids": true,
"type": "sha256",
"uuid": "03cfff83-937b-48d6-9552-66ca2c4e8da0",
"value": "30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204195",
"uuid": "bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204195",
"to_ids": false,
"type": "datetime",
"uuid": "1521fa81-70ac-4209-8ac0-020efaaf2b5c",
"value": "2018-08-01T23:46:03"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204195",
"to_ids": false,
"type": "link",
"uuid": "be25cd41-41af-469a-ab3a-72b7edd67d5e",
"value": "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533167163/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204196",
"to_ids": false,
"type": "text",
"uuid": "ee0ba7fa-de9b-4ed1-9dc1-4a7b1ade08f0",
"value": "50/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204199",
"uuid": "3ec440df-26e1-4883-94d8-cf5a44d48bbd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3ec440df-26e1-4883-94d8-cf5a44d48bbd",
"referenced_uuid": "c4f40e78-f5a3-449f-b8e0-bcb250e3da27",
"relationship_type": "analysed-with",
"timestamp": "1533204211",
"uuid": "5b62d6f3-39c4-4150-8891-406602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533204196",
"to_ids": true,
"type": "md5",
"uuid": "b35a31c5-1440-41eb-acdc-e5f7036a48f3",
"value": "c94a39d58450b81087b4f1f5fd304add"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533204196",
"to_ids": true,
"type": "sha1",
"uuid": "2779ea11-3119-43d2-8e82-1ab6187c3522",
"value": "e15ed8a83c9e1745497fbf33aa9af3b19b2ecbda"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533204197",
"to_ids": true,
"type": "sha256",
"uuid": "a5e615f2-5cc9-4517-b482-9658e8bc57c2",
"value": "d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204197",
"uuid": "c4f40e78-f5a3-449f-b8e0-bcb250e3da27",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204197",
"to_ids": false,
"type": "datetime",
"uuid": "f949f8be-c2c5-4941-a83c-e59cfb47047a",
"value": "2018-08-02T00:06:12"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204198",
"to_ids": false,
"type": "link",
"uuid": "41e31e37-9f2e-4fe9-9753-79101bd04941",
"value": "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533168372/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204198",
"to_ids": false,
"type": "text",
"uuid": "9d3bc97d-e36a-4746-ac96-c0a60d5e503f",
"value": "46/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204198",
"uuid": "c0793ff5-50a6-4817-8df9-8c28ab90f3d1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204198",
"to_ids": false,
"type": "datetime",
"uuid": "7daa5c0a-a5aa-4e39-a7c2-9cb774d3f09a",
"value": "2018-07-05T10:54:21"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204199",
"to_ids": false,
"type": "link",
"uuid": "eb42bd66-492e-4c88-893a-09743596dbb6",
"value": "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204199",
"to_ids": false,
"type": "text",
"uuid": "bf156d11-ec98-4904-9dbf-60d340f38d3c",
"value": "51/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533204202",
"uuid": "03b1be01-e7f1-41d2-bbeb-8c965ddd63d5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "03b1be01-e7f1-41d2-bbeb-8c965ddd63d5",
"referenced_uuid": "62a6d635-11fb-43df-b01e-c38b5a08489f",
"relationship_type": "analysed-with",
"timestamp": "1533204211",
"uuid": "5b62d6f3-09c4-4d17-8f97-493b02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533204200",
"to_ids": true,
"type": "md5",
"uuid": "cc15d9c5-d2a7-4dbb-b4f3-2f10ed04dc3b",
"value": "e6c0ac26b473d1e0fa9f74fdf1d01af8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533204200",
"to_ids": true,
"type": "sha1",
"uuid": "f35b9573-2e67-44fe-905f-bbd7f8a2971d",
"value": "acf58d62cdee49cacd253bc759b043d883aad30a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533204200",
"to_ids": true,
"type": "sha256",
"uuid": "46822baf-e078-4299-901c-2eed2dfa88a0",
"value": "d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204201",
"uuid": "62a6d635-11fb-43df-b01e-c38b5a08489f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204201",
"to_ids": false,
"type": "datetime",
"uuid": "a38f4d5e-021b-42cc-90bc-bb3e8532c5cf",
"value": "2018-07-31T23:56:41"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204202",
"to_ids": false,
"type": "link",
"uuid": "867b2ea8-5a62-4fa1-a78c-749209dd6e40",
"value": "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533081401/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204202",
"to_ids": false,
"type": "text",
"uuid": "730bccdd-09f3-49be-9abc-151632bee2ee",
"value": "46/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204202",
"uuid": "ab089f9c-349f-46f0-a2b2-ecfb3da24370",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204202",
"to_ids": false,
"type": "datetime",
"uuid": "b040a225-fc25-4c02-b728-f603912b7697",
"value": "2018-07-05T10:55:00"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204203",
"to_ids": false,
"type": "link",
"uuid": "88fb41f1-a0d8-4613-a27c-127fdd79f71b",
"value": "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204203",
"to_ids": false,
"type": "text",
"uuid": "5c49008c-9f4f-46be-936b-b3e89bcedefa",
"value": "48/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204203",
"uuid": "db693d26-2826-4534-9718-84cf465571bc",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204203",
"to_ids": false,
"type": "datetime",
"uuid": "a6f08c8a-389b-443f-8392-d683577b8359",
"value": "2018-08-01T23:49:09"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204204",
"to_ids": false,
"type": "link",
"uuid": "23854605-57d3-4c4c-b52e-e0f76fcc54b0",
"value": "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533167349/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204205",
"to_ids": false,
"type": "text",
"uuid": "46b9e96e-856d-4886-b317-f31a71f1e201",
"value": "36/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204205",
"uuid": "bc18676c-a419-4493-882b-dbffc94fae97",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204205",
"to_ids": false,
"type": "datetime",
"uuid": "4b3fd073-64b5-4d98-88b3-9b10f1b6a899",
"value": "2018-07-31T23:56:33"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204205",
"to_ids": false,
"type": "link",
"uuid": "8f213639-c885-4015-9237-dcb58587a00d",
"value": "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533081393/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204206",
"to_ids": false,
"type": "text",
"uuid": "5a1325fe-8172-4afc-8a53-9a6fcb44c68e",
"value": "48/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204206",
"uuid": "4c400be1-7bc4-4c3e-ad25-0c0056e9a6da",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204206",
"to_ids": false,
"type": "datetime",
"uuid": "815bce8f-9090-45ec-9b75-d1d992b21665",
"value": "2018-08-02T00:05:39"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204207",
"to_ids": false,
"type": "link",
"uuid": "f729015f-82c7-4ce3-82ca-29c870f12df8",
"value": "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533168339/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204207",
"to_ids": false,
"type": "text",
"uuid": "c058fdbf-c051-4377-9a58-e99faff08177",
"value": "61/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204207",
"uuid": "90f35bd9-30a9-467b-9f6e-7ed7648b7119",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204207",
"to_ids": false,
"type": "datetime",
"uuid": "d5f94bd5-fc5a-4aee-a7d6-f51eeda67291",
"value": "2018-07-05T10:53:51"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204208",
"to_ids": false,
"type": "link",
"uuid": "1ffceaf7-f028-4f96-bf93-a2e29e09a4a0",
"value": "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204208",
"to_ids": false,
"type": "text",
"uuid": "7eb90641-2c5d-4785-b834-92e79e6fa703",
"value": "28/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533204208",
"uuid": "2e9f7a81-d071-4fa8-bb22-eae520f03d51",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533204208",
"to_ids": false,
"type": "datetime",
"uuid": "fefb306a-a08f-44c8-b831-2f868d3d74da",
"value": "2018-07-05T10:54:11"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533204209",
"to_ids": false,
"type": "link",
"uuid": "07a85360-c323-45e7-aeac-b520d8ac5626",
"value": "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533204209",
"to_ids": false,
"type": "text",
"uuid": "21dc7abb-a099-458c-9512-a670a6a4f220",
"value": "43/67"
}
]
},
{
"comment": "Japanese IP (Ucom-Corp)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533542534",
"uuid": "5b67f371-c338-4728-8972-40ad950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533542534",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b67f371-0668-49a3-936d-4d4e950d210f",
"value": "220.218.70.160"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533542534",
"to_ids": true,
"type": "domain",
"uuid": "5b67f372-e180-4c42-ab01-4b0b950d210f",
"value": "doc.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533542534",
"to_ids": false,
"type": "datetime",
"uuid": "5b67f372-00f0-4dcc-bf3a-42fb950d210f",
"value": "2017-06-28T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533542534",
"to_ids": false,
"type": "datetime",
"uuid": "5b67f373-7f68-4967-805a-49a1950d210f",
"value": "2017-09-14T00:00:00"
}
]
},
{
"comment": "Japanese IP",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533540052",
"uuid": "5b67f468-6ce0-48a4-9f9e-4e4f950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533540052",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b67f468-cdb4-484c-84b8-4cd1950d210f",
"value": "220.218.70.160"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533540052",
"to_ids": true,
"type": "domain",
"uuid": "5b67f468-4638-4898-85a5-4358950d210f",
"value": "220x218x70x160.ap220.ftth.ucom.ne.jp"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533540052",
"to_ids": false,
"type": "datetime",
"uuid": "5b67f469-75b8-41a7-9e74-475d950d210f",
"value": "2016-10-27T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533540052",
"to_ids": false,
"type": "datetime",
"uuid": "5b67f46a-af44-4b33-a411-4b09950d210f",
"value": "2018-04-18T00:00:00"
}
]
},
{
"comment": "Japanese IP",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533540073",
"uuid": "5b67f49b-b550-450a-aabc-4439950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533540073",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b67f49b-cc84-4b9b-baf8-4a25950d210f",
"value": "220.218.70.160"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533540073",
"to_ids": true,
"type": "domain",
"uuid": "5b67f49c-d794-4a10-882d-4f8a950d210f",
"value": "u2xu2.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533540073",
"to_ids": false,
"type": "datetime",
"uuid": "5b67f49c-d4a4-471a-abb2-409a950d210f",
"value": "2017-08-20T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533540073",
"to_ids": false,
"type": "datetime",
"uuid": "5b67f49d-ef88-4789-9f54-49b3950d210f",
"value": "2018-04-08T00:00:00"
}
]
},
{
"comment": "Chinese IP belonging to Chinese VPS provider VPSQuan LLC.",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533540227",
"uuid": "5b67f783-02e0-44e8-8d8f-493f950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533540227",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b67f783-0ed8-455c-ab2d-491e950d210f",
"value": "198.44.172.97"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533540228",
"to_ids": true,
"type": "domain",
"uuid": "5b67f784-f380-4b47-ba9e-412c950d210f",
"value": "hktechy.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533540228",
"to_ids": false,
"type": "datetime",
"uuid": "5b67f784-0b34-4a3e-b52d-49ee950d210f",
"value": "2017-06-19T00:00:00"
}
]
},
{
"comment": "2017 campaign dropper variant. Also\r\nobserved being deployed from Japanese IP\r\n220.218.70[.]160",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250192",
"uuid": "5b67fc1a-9a38-404f-adcb-4b3a950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b67fc1a-9a38-404f-adcb-4b3a950d210f",
"referenced_uuid": "589e9254-4f90-490a-bc8c-fdea36be01b3",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-0e0c-4262-b216-40de02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533541402",
"to_ids": true,
"type": "md5",
"uuid": "5b67fc1a-278c-4103-b14f-4700950d210f",
"value": "1412102eda0c2e5a5a85cb193dbb1524"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533541402",
"to_ids": false,
"type": "text",
"uuid": "5b67fc1a-c530-445a-a3df-4295950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Observed being deployed from Japanese IP\r\n220.218.70[.]160. Sample not available at\r\ntime of research in malware multiscanner\r\nrepositories. Possible variant of 2017\r\ninfostealer or dropper.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533541455",
"uuid": "5b67fc4f-381c-4dbd-b49e-4e8b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533541455",
"to_ids": true,
"type": "md5",
"uuid": "5b67fc4f-2814-443e-8af2-43bb950d210f",
"value": "1b67183acc18d7641917f4fe07c1b053"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533541455",
"to_ids": false,
"type": "text",
"uuid": "5b67fc4f-168c-49a3-aaea-4060950d210f",
"value": "Malicious"
}
]
},
{
"comment": "2017 NetHelp infostealer variant",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250192",
"uuid": "5b67fc62-4c2c-4fd6-b2a3-410e950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b67fc62-4c2c-4fd6-b2a3-410e950d210f",
"referenced_uuid": "8b4dbb0e-58a1-4630-be3d-83e95966a6cf",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-f960-45c8-906b-446b02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533541475",
"to_ids": true,
"type": "md5",
"uuid": "5b67fc63-58ac-42b0-9eb2-4b0d950d210f",
"value": "6d1d6987d0677f40e473befab121ab1b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533541475",
"to_ids": false,
"type": "text",
"uuid": "5b67fc63-64f8-415f-9568-4e99950d210f",
"value": "Malicious"
}
]
},
{
"comment": "SG IP (Choopa LLC)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533542505",
"uuid": "5b680069-22b0-45f4-aba4-427d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533542505",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b680069-5144-4b58-a388-422e950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533542506",
"to_ids": true,
"type": "domain",
"uuid": "5b68006a-89b8-4e65-9898-4c0a950d210f",
"value": "doc.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533542506",
"to_ids": false,
"type": "datetime",
"uuid": "5b68006a-189c-4bd1-afe1-4005950d210f",
"value": "2018-03-30T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533542507",
"to_ids": false,
"type": "datetime",
"uuid": "5b68006b-7bf0-4e8f-a1b3-492a950d210f",
"value": "2018-05-25T00:00:00"
}
]
},
{
"comment": "HK IP (Cloudie Limited)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533542765",
"uuid": "5b68016d-a668-4301-8f51-4c52950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533542765",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b68016d-abb4-4f57-8bf0-41aa950d210f",
"value": "122.10.84.146"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533542765",
"to_ids": true,
"type": "domain",
"uuid": "5b68016d-36e8-4aaf-9c96-4264950d210f",
"value": "doc.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533542766",
"to_ids": false,
"type": "datetime",
"uuid": "5b68016e-24a4-4c8e-a961-40e8950d210f",
"value": "2018-02-08T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533542766",
"to_ids": false,
"type": "datetime",
"uuid": "5b68016e-a4d4-4fc7-a5b2-40fb950d210f",
"value": "2018-03-27T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533545596",
"uuid": "5b680c7c-77a0-4e19-814b-4245950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533545596",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b680c7c-bdd0-48f5-a872-47a6950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533545596",
"to_ids": true,
"type": "domain",
"uuid": "5b680c7d-9cc0-4cd9-a434-4964950d210f",
"value": "item.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533545597",
"to_ids": false,
"type": "datetime",
"uuid": "5b680c7d-7690-4b01-a082-442c950d210f",
"value": "2018-04-23T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533545597",
"to_ids": false,
"type": "datetime",
"uuid": "5b680c7d-36f8-4867-9035-41bd950d210f",
"value": "2018-05-01T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533547315",
"uuid": "5b681333-943c-4633-9a90-45cd950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533547315",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681333-8408-4ff8-b7ca-4c97950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533547316",
"to_ids": true,
"type": "domain",
"uuid": "5b681334-c1e4-4150-bdef-40fe950d210f",
"value": "cfr.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533547316",
"to_ids": false,
"type": "datetime",
"uuid": "5b681334-5d1c-42ae-b5fb-4146950d210f",
"value": "2018-04-17T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533547317",
"to_ids": false,
"type": "datetime",
"uuid": "5b681335-1da0-4302-aea8-42f6950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533547602",
"uuid": "5b681452-d5fc-45b4-af6f-4457950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533547602",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681452-1ce4-4f87-8860-4c27950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533547602",
"to_ids": true,
"type": "domain",
"uuid": "5b681452-40ac-424c-ae55-453a950d210f",
"value": "tootopia.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533547603",
"to_ids": false,
"type": "datetime",
"uuid": "5b681453-c6d0-4822-bf06-4c2f950d210f",
"value": "2018-04-23T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533547603",
"to_ids": false,
"type": "datetime",
"uuid": "5b681453-8814-44e2-b362-49c2950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533549066",
"uuid": "5b681a0a-4ab0-4f37-a19f-4726950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533549066",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681a0a-84d0-4868-bd42-477c950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533549067",
"to_ids": true,
"type": "domain",
"uuid": "5b681a0b-051c-4a8d-bd42-40f1950d210f",
"value": "oc.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533549068",
"to_ids": false,
"type": "datetime",
"uuid": "5b681a0c-0444-4a35-a5c3-4651950d210f",
"value": "2018-03-06T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533549069",
"to_ids": false,
"type": "datetime",
"uuid": "5b681a0d-92a8-4d11-86b6-43d5950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533549098",
"uuid": "5b681a2a-0324-4910-a7eb-415d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533549099",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681a2b-fa40-40c2-9888-4676950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533549100",
"to_ids": true,
"type": "domain",
"uuid": "5b681a2c-a6e8-49bc-8373-43d7950d210f",
"value": "thewire.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533549101",
"to_ids": false,
"type": "datetime",
"uuid": "5b681a2d-60e4-440f-9d75-40e7950d210f",
"value": "2018-02-05T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533549102",
"to_ids": false,
"type": "datetime",
"uuid": "5b681a2e-4324-4324-9bd8-48e3950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533549132",
"uuid": "5b681a4c-0d40-4247-8c55-45c7950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533549132",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681a4c-081c-4228-b329-4495950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533549133",
"to_ids": true,
"type": "domain",
"uuid": "5b681a4d-56d0-4768-8601-40a0950d210f",
"value": "tibet.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533549134",
"to_ids": false,
"type": "datetime",
"uuid": "5b681a4e-c620-4581-8526-41be950d210f",
"value": "2018-03-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533549135",
"to_ids": false,
"type": "datetime",
"uuid": "5b681a4f-1848-4213-8043-4899950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533549870",
"uuid": "5b681d2e-bd1c-4726-882d-406e950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533549870",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681d2e-b0d0-4025-ba0f-48af950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533549871",
"to_ids": true,
"type": "domain",
"uuid": "5b681d2f-da6c-43d3-8dbf-4921950d210f",
"value": "savetibet.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533549872",
"to_ids": false,
"type": "datetime",
"uuid": "5b681d30-6de4-4196-a03c-4b30950d210f",
"value": "2018-03-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533549873",
"to_ids": false,
"type": "datetime",
"uuid": "5b681d31-e028-484f-af4b-49f1950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533550129",
"uuid": "5b681e31-67a8-4296-8fb7-433c950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533550130",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681e32-2084-45d3-b780-478b950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533550131",
"to_ids": true,
"type": "domain",
"uuid": "5b681e33-6584-4310-878b-49cb950d210f",
"value": "blog.tibetcul.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533550132",
"to_ids": false,
"type": "datetime",
"uuid": "5b681e34-c434-49c2-a435-4ecc950d210f",
"value": "2018-03-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533550133",
"to_ids": false,
"type": "datetime",
"uuid": "5b681e35-c2e4-489f-816f-40be950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533550367",
"uuid": "5b681f1f-e07c-416a-8a29-4057950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533550367",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b681f1f-ba04-41ac-a8b1-4807950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533550369",
"to_ids": true,
"type": "domain",
"uuid": "5b681f21-f590-41fa-b1be-41d2950d210f",
"value": "rediff.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533550370",
"to_ids": false,
"type": "datetime",
"uuid": "5b681f22-f554-4833-9fa4-4195950d210f",
"value": "2018-03-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533550371",
"to_ids": false,
"type": "datetime",
"uuid": "5b681f23-8ef8-41f4-9fcf-4ab5950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533550694",
"uuid": "5b682066-abf8-46ca-9b9b-484d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533550694",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b682066-abe4-4a35-a22c-4168950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533550695",
"to_ids": true,
"type": "domain",
"uuid": "5b682067-ac14-4888-abeb-4874950d210f",
"value": "ndtv.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533550697",
"to_ids": false,
"type": "datetime",
"uuid": "5b682069-edb8-4b3b-9c01-4513950d210f",
"value": "2018-03-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533550698",
"to_ids": false,
"type": "datetime",
"uuid": "5b68206a-04ec-4bfa-a30a-4088950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533550795",
"uuid": "5b6820cb-7730-4294-af2c-4a2f950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533550795",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6820cb-1acc-4b4f-8e77-4136950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533550796",
"to_ids": true,
"type": "domain",
"uuid": "5b6820cc-0684-4cd9-8531-4e63950d210f",
"value": "business.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533550797",
"to_ids": false,
"type": "datetime",
"uuid": "5b6820cd-2384-498b-a8ed-42d7950d210f",
"value": "2018-03-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533550798",
"to_ids": false,
"type": "datetime",
"uuid": "5b6820ce-2d54-472c-9ea6-4a7d950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533551079",
"uuid": "5b6821e7-aad4-4228-910a-4d8a950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533551079",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6821e7-1b00-4ee6-80cf-4875950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533551079",
"to_ids": true,
"type": "domain",
"uuid": "5b6821e7-4c38-498a-9c67-4e5d950d210f",
"value": "apple.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533551080",
"to_ids": false,
"type": "datetime",
"uuid": "5b6821e8-6b6c-4593-957e-4b06950d210f",
"value": "2018-03-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533551080",
"to_ids": false,
"type": "datetime",
"uuid": "5b6821e8-aa40-49cc-a141-4efa950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533551271",
"uuid": "5b6822a7-f514-4918-a494-4246950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533551272",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6822a8-fdcc-404e-845a-4841950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533551272",
"to_ids": true,
"type": "domain",
"uuid": "5b6822a8-f58c-4e6b-8fb9-4a1f950d210f",
"value": "chinaaid.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533551272",
"to_ids": false,
"type": "datetime",
"uuid": "5b6822a8-e3b0-4c55-87d7-4dd9950d210f",
"value": "2018-04-25T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533551273",
"to_ids": false,
"type": "datetime",
"uuid": "5b6822a9-0980-44e5-b5c1-41e0950d210f",
"value": "2018-05-17T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533552325",
"uuid": "5b6826c5-14a8-476f-9cf6-4867950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533552326",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6826c6-57a4-4a70-93d4-40dd950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533552326",
"to_ids": true,
"type": "domain",
"uuid": "5b6826c6-e984-486a-a2b8-4430950d210f",
"value": "epochtimes.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533552327",
"to_ids": false,
"type": "datetime",
"uuid": "5b6826c7-c780-4046-996b-459a950d210f",
"value": "2018-04-21T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533552327",
"to_ids": false,
"type": "datetime",
"uuid": "5b6826c7-8acc-40eb-95f5-4874950d210f",
"value": "2018-05-16T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533552356",
"uuid": "5b6826e4-a924-400b-b8e4-44d5950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533552356",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6826e4-e664-4e97-9bc9-4c01950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533552356",
"to_ids": true,
"type": "domain",
"uuid": "5b6826e4-a64c-4160-930a-4a6b950d210f",
"value": "artvoice.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533552357",
"to_ids": false,
"type": "datetime",
"uuid": "5b6826e5-3518-403f-8ee5-4f8b950d210f",
"value": "2018-04-17T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533552357",
"to_ids": false,
"type": "datetime",
"uuid": "5b6826e5-1a68-4db1-b5ed-4363950d210f",
"value": "2018-05-16T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533552965",
"uuid": "5b682945-f85c-4fce-a9a0-45ef950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533552965",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b682945-64a8-4722-a3fb-4e15950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533552965",
"to_ids": true,
"type": "domain",
"uuid": "5b682945-7af8-401f-b7f1-490d950d210f",
"value": "docs.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533552966",
"to_ids": false,
"type": "datetime",
"uuid": "5b682946-aa7c-4232-9fba-45a3950d210f",
"value": "2018-02-05T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533552966",
"to_ids": false,
"type": "datetime",
"uuid": "5b682946-b508-408a-aa93-4568950d210f",
"value": "2018-05-16T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533553335",
"uuid": "5b682ab7-6624-450d-8b75-46cc950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533553335",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b682ab7-60cc-4916-bbba-44e0950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533553335",
"to_ids": true,
"type": "domain",
"uuid": "5b682ab7-cff8-4859-b1aa-4273950d210f",
"value": "www.apple.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533553336",
"to_ids": false,
"type": "datetime",
"uuid": "5b682ab8-d478-437e-8181-45b8950d210f",
"value": "2018-04-25T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533553336",
"to_ids": false,
"type": "datetime",
"uuid": "5b682ab8-8038-4ca0-93cd-485a950d210f",
"value": "2018-04-25T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533553512",
"uuid": "5b682b68-c684-4e35-9dd8-4f73950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533553512",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b682b68-fe74-442f-b95a-47c7950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533553512",
"to_ids": true,
"type": "domain",
"uuid": "5b682b68-6688-4678-86bc-407d950d210f",
"value": "www.doc.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533553513",
"to_ids": false,
"type": "datetime",
"uuid": "5b682b69-a364-4c54-89dd-4c30950d210f",
"value": "2018-04-23T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533553513",
"to_ids": false,
"type": "datetime",
"uuid": "5b682b69-0894-4305-8c2b-40d6950d210f",
"value": "2018-04-23T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533554951",
"uuid": "5b683107-e504-49db-9aed-4ce8950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533554951",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b683107-54f0-488c-8589-4eec950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533554952",
"to_ids": true,
"type": "domain",
"uuid": "5b683108-b8a4-4dfc-8fbe-4025950d210f",
"value": "doc.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533554952",
"to_ids": false,
"type": "datetime",
"uuid": "5b683108-b6b8-4df3-b610-467e950d210f",
"value": "2018-04-16T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533554953",
"to_ids": false,
"type": "datetime",
"uuid": "5b683109-dfdc-4486-b4b8-482d950d210f",
"value": "2018-04-18T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533554975",
"uuid": "5b68311f-a2b0-440f-b8c9-446e950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533554976",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b683120-0938-4fc3-bdad-4587950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533554976",
"to_ids": true,
"type": "domain",
"uuid": "5b683120-4830-4ae3-a090-42f5950d210f",
"value": "vot.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533554976",
"to_ids": false,
"type": "datetime",
"uuid": "5b683120-dfe8-4e94-aa1e-4f91950d210f",
"value": "2018-01-14T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533554977",
"to_ids": false,
"type": "datetime",
"uuid": "5b683121-8328-4d24-b318-4347950d210f",
"value": "2018-04-18T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533555013",
"uuid": "5b683145-03a4-424b-bae8-4737950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533555013",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b683145-f5a4-4139-9c48-4be3950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533555013",
"to_ids": true,
"type": "domain",
"uuid": "5b683145-c8d4-4172-b7bd-4001950d210f",
"value": "video.internetdocss.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533555014",
"to_ids": false,
"type": "datetime",
"uuid": "5b683146-7200-4191-8f28-4ee9950d210f",
"value": "2018-01-10T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533555014",
"to_ids": false,
"type": "datetime",
"uuid": "5b683146-6298-480a-b1f8-42ea950d210f",
"value": "2018-04-18T00:00:00"
}
]
},
{
"comment": "SG IP ",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533555036",
"uuid": "5b68315c-a318-4645-86cb-448f950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533555036",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b68315c-2864-4472-ac4b-464b950d210f",
"value": "45.77.250.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533555037",
"to_ids": true,
"type": "domain",
"uuid": "5b68315d-f408-496e-bec9-491b950d210f",
"value": "my.anti-spammail.services"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533555037",
"to_ids": false,
"type": "datetime",
"uuid": "5b68315d-1378-455c-96e5-49ee950d210f",
"value": "2017-12-28T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533555037",
"to_ids": false,
"type": "datetime",
"uuid": "5b68315d-b6e0-4c10-aa1b-4cf9950d210f",
"value": "2018-04-07T00:00:00"
}
]
},
{
"comment": "China IP (Shenzhen Katherine Heng Technology Information Co., Ltd.)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533557563",
"uuid": "5b683b3b-9bd8-4fa9-8352-4e8b950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533557564",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b683b3c-ba78-445e-954e-4d99950d210f",
"value": "144.48.220.167"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533557564",
"to_ids": true,
"type": "domain",
"uuid": "5b683b3c-a820-4f73-9aad-4d34950d210f",
"value": "u2xu2.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533557564",
"to_ids": false,
"type": "datetime",
"uuid": "5b683b3c-1b8c-46e6-bff8-4c4a950d210f",
"value": "2107-08-20T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533557565",
"to_ids": false,
"type": "datetime",
"uuid": "5b683b3d-fdbc-4098-8146-4624950d210f",
"value": "2017-09-07T00:00:00"
}
]
},
{
"comment": "Hong Kong IP (Forewin Telecom Group Isp)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533557772",
"uuid": "5b683c0c-ef74-4489-a7b6-5955950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533557772",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b683c0c-f38c-4946-a487-5955950d210f",
"value": "27.126.179.158"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533557772",
"to_ids": true,
"type": "domain",
"uuid": "5b683c0c-bfb0-4578-9bbe-5955950d210f",
"value": "u2xu2.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533557773",
"to_ids": false,
"type": "datetime",
"uuid": "5b683c0d-532c-4203-8509-5955950d210f",
"value": "2017-09-07T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533557773",
"to_ids": false,
"type": "datetime",
"uuid": "5b683c0d-418c-48e2-80fc-5955950d210f",
"value": "2017-09-07T00:00:00"
}
]
},
{
"comment": "Japan IP (UCom Corp)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533557973",
"uuid": "5b683cd5-0a60-4246-8575-4fd1950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533557974",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b683cd6-3c94-4195-ba28-4e6d950d210f",
"value": "220.218.70.160"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533557974",
"to_ids": true,
"type": "domain",
"uuid": "5b683cd6-f1a4-46e9-b1f7-4511950d210f",
"value": "u2xu2.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533557975",
"to_ids": false,
"type": "datetime",
"uuid": "5b683cd7-2eb0-439a-82fd-4456950d210f",
"value": "2017-08-20T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533557975",
"to_ids": false,
"type": "datetime",
"uuid": "5b683cd7-5308-4223-893a-4acf950d210f",
"value": "2018-04-08T00:00:00"
}
]
},
{
"comment": "South Korean IP (Korea Telecom)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533560363",
"uuid": "5b68462b-45c4-4b41-9f65-41b2950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533560364",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b68462c-24dc-4986-b31e-4115950d210f",
"value": "211.44.63.39"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533560364",
"to_ids": true,
"type": "domain",
"uuid": "5b68462c-1f04-437d-ac1f-46e1950d210f",
"value": "u2xu2.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533560365",
"to_ids": false,
"type": "datetime",
"uuid": "5b68462d-f5bc-4d93-8c60-429d950d210f",
"value": "2017-08-20T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-seen",
"timestamp": "1533560365",
"to_ids": false,
"type": "datetime",
"uuid": "5b68462d-d608-40f4-b762-4a05950d210f",
"value": "2018-05-27T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533563573",
"uuid": "5b6852b5-70f4-475c-8caa-8673950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533563573",
"to_ids": true,
"type": "md5",
"uuid": "5b6852b5-4a14-44e5-8ae3-8673950d210f",
"value": "1929db297c9d7d88a6427b8603a7145b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533563573",
"to_ids": true,
"type": "filename",
"uuid": "5b6852b5-0970-47fc-a00c-8673950d210f",
"value": "Microsoft_Word_97_-_2003___1.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533563573",
"to_ids": false,
"type": "text",
"uuid": "5b6852b5-c078-42a8-8397-8673950d210f",
"value": "Malicious"
}
]
},
{
"comment": "HK IP (Forewin Telecom Group Limited).",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533564207",
"uuid": "5b68552f-fc28-4fb4-b80b-c103950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533564207",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b68552f-43bc-4281-86d9-c103950d210f",
"value": "27.126.179.157"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533564208",
"to_ids": true,
"type": "domain",
"uuid": "5b685530-8150-443a-a25e-c103950d210f",
"value": "striker.internetdocss.com"
}
]
},
{
"comment": "SSL cert was observed on all Forewin Telecom registered IPs in the range 27.126.179[.]156 \u00e2\u20ac\u201d 27.126.179[.]160.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533564350",
"uuid": "5b6855be-76a8-40dc-bfe2-494e950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533564350",
"to_ids": true,
"type": "sha1",
"uuid": "5b6855be-39c4-4dcb-a34c-4a39950d210f",
"value": "c8e61a4282589c93774be2cddc109599316087b7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533564350",
"to_ids": false,
"type": "text",
"uuid": "5b6855be-4c1c-45a4-a9e7-4add950d210f",
"value": "Malicious"
}
]
},
{
"comment": "SSL cert was active on the 27.126.179[.]159 Forewin IP when it had tk.u2xu2[.]com pointing to it",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533564490",
"uuid": "5b68564a-409c-43d2-a63b-c086950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533564491",
"to_ids": true,
"type": "sha1",
"uuid": "5b68564b-4094-44fb-87cb-c086950d210f",
"value": "dd3f4da890fa00b0b6032d1141f54490c093c297"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533564491",
"to_ids": false,
"type": "text",
"uuid": "5b68564b-2578-47ac-a55c-c086950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533627533",
"uuid": "5b694c8d-d2d0-4373-83a1-4223950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533627533",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b694c8d-bc20-4708-9794-46cb950d210f",
"value": "7.126.179.159"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533627533",
"to_ids": true,
"type": "domain",
"uuid": "5b694c8d-a0bc-499e-a4f3-4d03950d210f",
"value": "http.ackques.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533628712",
"uuid": "5b6950dc-d308-4352-ab07-474b950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533628712",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6950dc-ff50-47b1-b339-4686950d210f",
"value": "122.10.84.146"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533628712",
"to_ids": true,
"type": "domain",
"uuid": "5b6950dd-52e0-434b-9241-4d5a950d210f",
"value": "sp.u2xu2.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "first-seen",
"timestamp": "1533628713",
"to_ids": false,
"type": "datetime",
"uuid": "5b695129-360c-4f7b-b25f-48fe950d210f",
"value": "2018-03-23T00:00:00"
}
]
},
{
"comment": "alternate\r\nMD5 should be 3a2b1a98c0a31ed32759f48df34b4bc8\u00e2\u20ac\u2039\r\nfirst-stage validator that includes a second stage payload that drops njRAT.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533628890",
"uuid": "5b6951da-54fc-4427-a661-4464950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533628890",
"to_ids": true,
"type": "filename",
"uuid": "5b6951da-4fe4-45bd-85a0-4f90950d210f",
"value": "qww.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533628890",
"to_ids": false,
"type": "text",
"uuid": "5b6951da-17ec-4a23-96e4-4199950d210f",
"value": "Malicious"
}
]
},
{
"comment": "version of njRAT (also\r\nknown as Bladibindi) hosted on the same 122.10.84.146 Hong Kong IP \r\nLikely related to the \u00e2\u20ac\u0153qww.exe\u00e2\u20ac\u009d validator.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250192",
"uuid": "5b6957dc-9424-494b-964a-49ed950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b6957dc-9424-494b-964a-49ed950d210f",
"referenced_uuid": "71e73500-e019-4027-8696-5f48e8e0fd38",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-8768-4c42-ada5-44fa02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533630429",
"to_ids": true,
"type": "md5",
"uuid": "5b6957dd-8bbc-42f5-ba70-4531950d210f",
"value": "c74608c70a59371cbf016316bebfab06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533630429",
"to_ids": true,
"type": "filename",
"uuid": "5b6957dd-b13c-4a7d-985d-48b6950d210f",
"value": "serverdo7468.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533630429",
"to_ids": false,
"type": "text",
"uuid": "5b6957dd-c3dc-4baa-9d35-45f0950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1533631617",
"uuid": "5b695c81-e640-449a-a7c7-4a0e950d210f",
"Attribute": [
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "registrant-email",
"timestamp": "1533631617",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5b695c81-92b0-492b-902f-4abb950d210f",
"value": "steven-jain@outlook.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533631618",
"to_ids": true,
"type": "domain",
"uuid": "5b695c82-a494-49a2-8702-4395950d210f",
"value": "ktechy.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1533631855",
"uuid": "5b695d6f-e188-4826-9b69-4ecb950d210f",
"Attribute": [
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "registrant-email",
"timestamp": "1533631855",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5b695d6f-bd1c-4571-a75c-4c1b950d210f",
"value": "steven-jain@outlook.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533631856",
"to_ids": true,
"type": "domain",
"uuid": "5b695d70-7270-4afc-859c-4e30950d210f",
"value": "angtechy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip-address",
"timestamp": "1533631857",
"to_ids": true,
"type": "ip-src",
"uuid": "5b695d71-305c-4846-a468-4554950d210f",
"value": "15.126.39.107"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "creation-date",
"timestamp": "1533631857",
"to_ids": false,
"type": "datetime",
"uuid": "5b695d71-d858-4785-a9e1-452a950d210f",
"value": "2017-06-20T00:00:00"
}
]
},
{
"comment": "Spoofed Organization: China National Hotel Education Network (cqledi.org)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632430",
"uuid": "5b695fae-b2a4-4cf6-8334-4e93950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632430",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b695fae-03bc-4a17-b2f8-4090950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632431",
"to_ids": true,
"type": "domain",
"uuid": "5b695faf-2260-4cb4-81fc-4ad0950d210f",
"value": "cqledu.com"
}
]
},
{
"comment": "Spoofed Organization: AOL webmail (mail.aol.com)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632483",
"uuid": "5b695fe3-aadc-45f7-ac2b-4416950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632483",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b695fe3-936c-4cbb-9d22-41d7950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632484",
"to_ids": true,
"type": "domain",
"uuid": "5b695fe4-f1d8-4706-bf7a-439b950d210f",
"value": "mail-aol.space"
}
]
},
{
"comment": "Spoofed Organization: Google Drive (drive.google.com)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632603",
"uuid": "5b696006-2e38-4f9f-a314-480f950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632603",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696007-e8a4-44e7-b333-457e950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632603",
"to_ids": true,
"type": "domain",
"uuid": "5b696007-752c-47e1-b53c-40a2950d210f",
"value": "drlve-gooog1e.com"
}
]
},
{
"comment": "Spoofed Organization: Microsoft Live (login.live.com)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632559",
"uuid": "5b69602f-90e8-466d-aa74-4a12950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632559",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b69602f-d100-4112-95c5-4f5f950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632560",
"to_ids": true,
"type": "domain",
"uuid": "5b696030-4080-45ef-b31a-444b950d210f",
"value": "login-live.space"
}
]
},
{
"comment": "Spoofed Organization: Department of Special Investigations, Ministry of Justice of Thailand (mail.dsi.go.th)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632626",
"uuid": "5b696072-e840-4ab7-8f2b-4eec950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632626",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696072-bebc-4c9e-af90-4ebb950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632627",
"to_ids": true,
"type": "domain",
"uuid": "5b696073-a3e0-4243-b082-430c950d210f",
"value": "mail-dsi-go.space"
}
]
},
{
"comment": "Spoofed Organization: Epoch Times, founded by Chinese-American Falun Gong practitioners (mail.epochtimes.com)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632677",
"uuid": "5b6960a5-8d20-405e-a193-4e1d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632677",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6960a5-386c-4a97-908c-4d0e950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632678",
"to_ids": true,
"type": "domain",
"uuid": "5b6960a6-b9c4-4418-bec7-46da950d210f",
"value": "mail-epochtimes.space"
}
]
},
{
"comment": "Spoofed Organization: Sri Lankan Ministry of Defence (mail.defence.lk)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632703",
"uuid": "5b6960bf-e118-455d-a813-0b55950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632703",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6960bf-1be0-479d-9020-0b55950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632704",
"to_ids": true,
"type": "domain",
"uuid": "5b6960c0-f780-41c5-ad14-0b55950d210f",
"value": "mail-defense.tk"
}
]
},
{
"comment": "Spoofed Organization: Official website of His Holiness the Dalai Lama (webmail.dalailama.com)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632732",
"uuid": "5b6960dc-86ec-4f89-b8dd-4088950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632732",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6960dc-452c-4c8f-98b7-4daa950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632733",
"to_ids": true,
"type": "domain",
"uuid": "5b6960dd-b910-471c-817e-42da950d210f",
"value": "webmail-dalailama.com"
}
]
},
{
"comment": "Spoofed Organization: Youxinpai (Beijing) Information Technology Co., Ltd. (Chinese used car auction site)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632759",
"uuid": "5b6960f7-3ba8-42cc-a2f7-402d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632759",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b6960f7-a7a4-4a1c-a6d0-4459950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632760",
"to_ids": true,
"type": "domain",
"uuid": "5b6960f8-45e0-40ae-9a50-4b69950d210f",
"value": "mail.youxinpai.com"
}
]
},
{
"comment": "Spoofed Organization: Possibly a reference to \u00e2\u20ac\u2039GALVmed\u00e2\u20ac\u2122s\u00e2\u20ac\u2039 \u00e2\u20ac\u0153protecting livestock, saving human life\u00e2\u20ac\u009d mission statement. GALVmed stands for the Global Alliance for Livestock Veterinary Medicines.",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632804",
"uuid": "5b696124-92cc-4823-9c30-40ab950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632805",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696125-0d9c-47d4-afac-46af950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632805",
"to_ids": true,
"type": "domain",
"uuid": "5b696125-d280-4ff4-9a59-4bef950d210f",
"value": "plshl.com"
}
]
},
{
"comment": "Spoofed Organization: Webmail login for Myanmar Posts and Telecommunications (webmail.mpt.net.mm)",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632827",
"uuid": "5b69613b-db30-4ec1-852f-44bc950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632827",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b69613b-4968-4d42-8646-427f950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632827",
"to_ids": true,
"type": "domain",
"uuid": "5b69613b-509c-430f-8249-4a38950d210f",
"value": "webmail-mpt.space"
}
]
},
{
"comment": "Spoofed Organization: Likely impersonating a website for exiled Chinese billionaire, Guo Wengui, who has made allegations of corruption against high-ranking individuals in the Communist Party of China.",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533632848",
"uuid": "5b696150-9900-466c-8b82-45a8950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533632849",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696151-453c-4104-ac5a-4553950d210f",
"value": "115.126.39.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533632849",
"to_ids": true,
"type": "domain",
"uuid": "5b696151-6be0-4d2e-b676-4e8d950d210f",
"value": "wengiguowengui.space"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1533633829",
"uuid": "5b69642b-02cc-49b3-b97c-44f5950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533633829",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b69642c-7024-46be-bbb9-4fb1950d210f",
"value": "27.126.179.159"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533633829",
"to_ids": true,
"type": "domain",
"uuid": "5b69642d-4678-4b2b-99d1-4b9b950d210f",
"value": "tk.u2xu2.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1533633830",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b696526-330c-47b5-b795-f924950d210f",
"value": "103.20.193.156"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533633993",
"uuid": "5b6965c9-39b4-47c1-9084-46f2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533633993",
"to_ids": true,
"type": "md5",
"uuid": "5b6965c9-750c-4450-8fc3-4e30950d210f",
"value": "83ffd697edd0089204779f5bfb031023"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533633994",
"to_ids": false,
"type": "text",
"uuid": "5b6965ca-45bc-4b68-8be2-4545950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1533634315",
"uuid": "5b69670b-b290-44f4-a9fc-42e4950d210f",
"Attribute": [
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "registrant-email",
"timestamp": "1533634315",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5b69670b-06c0-434e-a8f5-423b950d210f",
"value": "13316874955@163.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip-address",
"timestamp": "1533634315",
"to_ids": true,
"type": "ip-src",
"uuid": "5b69670b-6d2c-43e0-940a-47ef950d210f",
"value": "103.20.193.156"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1533634732",
"uuid": "5b6968ac-71ec-4a55-887d-47b7950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533634732",
"to_ids": true,
"type": "domain",
"uuid": "5b6968ac-d304-45e9-9141-4b83950d210f",
"value": "cqyrxy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip-address",
"timestamp": "1533634732",
"to_ids": true,
"type": "ip-src",
"uuid": "5b6968ac-1118-427b-b30b-4a82950d210f",
"value": "115.126.39.107"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "registrant-name",
"timestamp": "1533634733",
"to_ids": false,
"type": "whois-registrant-name",
"uuid": "5b6968ad-c7d4-4c30-a301-4b78950d210f",
"value": "ren minjie"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1533634903",
"uuid": "5b696957-9e2c-49d6-8bdb-4ffa950d210f",
"Attribute": [
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "registrant-email",
"timestamp": "1533634903",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5b696957-8c18-4cd2-9113-4a5c950d210f",
"value": "6060841@qq.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533634903",
"to_ids": true,
"type": "domain",
"uuid": "5b696957-8560-4a7d-a84c-4392950d210f",
"value": "drive-mail-google.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1533634954",
"uuid": "5b69698a-8dd8-4aab-95b3-444e950d210f",
"Attribute": [
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "registrant-email",
"timestamp": "1533634954",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5b69698a-8e20-4a08-bb7c-4a5b950d210f",
"value": "6060841@qq.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1533634955",
"to_ids": true,
"type": "domain",
"uuid": "5b69698b-20c4-49c4-ba14-4437950d210f",
"value": "drive-accounts-gooogle.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533636629",
"uuid": "5b697015-cc1c-4720-8f44-442a950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533636629",
"to_ids": true,
"type": "md5",
"uuid": "5b697015-76cc-484d-868b-464c950d210f",
"value": "c6e336550bd1c087ee2a211781fd9280"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533636629",
"to_ids": false,
"type": "text",
"uuid": "5b697015-4ec8-470e-b3be-4b51950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533636646",
"uuid": "5b697026-b170-41b0-937d-48cb950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533636647",
"to_ids": true,
"type": "md5",
"uuid": "5b697027-7628-4a70-aa93-44e2950d210f",
"value": "d4ea9027edca1d01c62d9f43a2975d30"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533636647",
"to_ids": false,
"type": "text",
"uuid": "5b697027-b3a0-4f47-8b8f-4f1f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250189",
"uuid": "8f903648-f534-497c-8096-7eba34dfcdd4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250189",
"to_ids": false,
"type": "datetime",
"uuid": "75b563cb-40ff-4062-bcd1-d850e8b003b2",
"value": "2018-07-05T10:54:06"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250190",
"to_ids": false,
"type": "link",
"uuid": "471715ec-3776-45f7-8724-492559aa6773",
"value": "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250190",
"to_ids": false,
"type": "text",
"uuid": "afa8f64a-5c41-4303-a067-340cee586424",
"value": "43/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250190",
"uuid": "280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250190",
"to_ids": false,
"type": "datetime",
"uuid": "ac377751-3114-40cb-81b4-acfaa910e898",
"value": "2018-07-05T10:54:46"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250191",
"to_ids": false,
"type": "link",
"uuid": "c2e4a91e-cd71-4894-8da1-b955fcabc837",
"value": "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250191",
"to_ids": false,
"type": "text",
"uuid": "06841d51-e4b1-477b-8385-bf774915accc",
"value": "41/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250191",
"uuid": "e0407f5c-72da-4b58-8ae9-627189b8808d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250191",
"to_ids": false,
"type": "datetime",
"uuid": "a32635f7-ed70-4cb9-8b8e-99865d2631aa",
"value": "2018-08-08T00:29:46"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250192",
"to_ids": false,
"type": "link",
"uuid": "22d24b16-6991-437a-9d86-e487cc42a4e6",
"value": "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533688186/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250192",
"to_ids": false,
"type": "text",
"uuid": "c6aac747-6dd5-4712-a7b8-2ed5a0526323",
"value": "49/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250192",
"uuid": "5c696617-e214-4531-a91a-45aee2b893ed",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250192",
"to_ids": false,
"type": "datetime",
"uuid": "4cf28e26-60e2-4d7b-a15f-39b145132431",
"value": "2018-08-08T00:48:00"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250193",
"to_ids": false,
"type": "link",
"uuid": "e15793af-bb6d-4a2d-a804-4c95fa23d290",
"value": "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533689280/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250193",
"to_ids": false,
"type": "text",
"uuid": "90b0702d-0975-4f6a-b449-a80d8493d9d9",
"value": "51/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250196",
"uuid": "b0e324d4-65be-418a-a8f8-735564d00606",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b0e324d4-65be-418a-a8f8-735564d00606",
"referenced_uuid": "a9c8e203-1200-4950-8f13-6732275ea6ad",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-5138-4742-810f-4c1802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1534250194",
"to_ids": true,
"type": "md5",
"uuid": "41ebe380-6455-4b98-a210-a546c40b04d1",
"value": "c6e336550bd1c087ee2a211781fd9280"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1534250194",
"to_ids": true,
"type": "sha1",
"uuid": "591553f5-a608-4682-86d3-b1417ef0c659",
"value": "ebedaa84b473d939ba91e2dff7b47e8c0d5716b2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1534250194",
"to_ids": true,
"type": "sha256",
"uuid": "c2cae92d-c676-4c70-8d8f-d154446b3ce8",
"value": "7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250195",
"uuid": "a9c8e203-1200-4950-8f13-6732275ea6ad",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250195",
"to_ids": false,
"type": "datetime",
"uuid": "778d6594-3b6f-4855-b1de-cf1221a1b205",
"value": "2018-07-05T10:54:51"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250195",
"to_ids": false,
"type": "link",
"uuid": "4530a287-d37f-41e5-8a0e-2f5666455b9a",
"value": "https://www.virustotal.com/file/7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14/analysis/1530788091/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250196",
"to_ids": false,
"type": "text",
"uuid": "7b7b3c82-0a1a-4738-a570-ba1bb99065b2",
"value": "38/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250199",
"uuid": "6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8",
"referenced_uuid": "21992a3f-2d25-4b0d-847d-154ab2829796",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-3354-437b-9d48-48ba02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1534250196",
"to_ids": true,
"type": "md5",
"uuid": "cd2278e2-6d36-4913-b3e4-73fbfe2bb0ff",
"value": "1929db297c9d7d88a6427b8603a7145b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1534250196",
"to_ids": true,
"type": "sha1",
"uuid": "b8096a43-81d2-42fe-9d2a-c0dda13617d8",
"value": "f3ebba32e13b355e301d310cc63fbd799787f6c2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1534250197",
"to_ids": true,
"type": "sha256",
"uuid": "33b0759c-f78a-4c06-9706-52c01d073457",
"value": "aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250197",
"uuid": "21992a3f-2d25-4b0d-847d-154ab2829796",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250197",
"to_ids": false,
"type": "datetime",
"uuid": "82312aee-19bb-46da-8cf8-9d180b42ae54",
"value": "2018-08-08T00:25:06"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250198",
"to_ids": false,
"type": "link",
"uuid": "89a63c2c-369a-4ebf-8a4d-aef203be5d31",
"value": "https://www.virustotal.com/file/aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd/analysis/1533687906/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250198",
"to_ids": false,
"type": "text",
"uuid": "bef9095d-e1a6-4490-afed-46a607ef4ada",
"value": "24/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250198",
"uuid": "8b4dbb0e-58a1-4630-be3d-83e95966a6cf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250199",
"to_ids": false,
"type": "datetime",
"uuid": "777aad28-4b29-4948-95a3-1299b7d2071e",
"value": "2018-07-05T10:53:56"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250199",
"to_ids": false,
"type": "link",
"uuid": "6f7d201e-e079-4834-a62a-4239770943f4",
"value": "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250200",
"to_ids": false,
"type": "text",
"uuid": "72c46566-7c5f-412c-83ed-f69f6c0a5ce7",
"value": "47/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250203",
"uuid": "d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f",
"referenced_uuid": "7771644b-6de2-4a18-bc5f-c30dad0bd508",
"relationship_type": "analysed-with",
"timestamp": "1534250213",
"uuid": "5b72cce5-8e98-49cb-9925-436f02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1534250200",
"to_ids": true,
"type": "md5",
"uuid": "9f90de6a-6f19-4d6a-90c1-b9e0d9277f7f",
"value": "d4ea9027edca1d01c62d9f43a2975d30"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1534250200",
"to_ids": true,
"type": "sha1",
"uuid": "44ecda96-11b1-45c9-b84d-a51fa232952a",
"value": "0163c73acebe691907f4100321dbbefc95a0da49"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1534250201",
"to_ids": true,
"type": "sha256",
"uuid": "9cfcbaef-d000-49a0-b66b-d2221cce2e02",
"value": "8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250201",
"uuid": "7771644b-6de2-4a18-bc5f-c30dad0bd508",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250201",
"to_ids": false,
"type": "datetime",
"uuid": "98d5ca3c-7c60-4fde-a810-07b50e3432bd",
"value": "2018-07-25T21:34:14"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250202",
"to_ids": false,
"type": "link",
"uuid": "5183e393-9731-466d-9aa0-837301040fd9",
"value": "https://www.virustotal.com/file/8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d/analysis/1532554454/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250202",
"to_ids": false,
"type": "text",
"uuid": "dc6a8dd9-5875-4eea-9ff1-a01509cc81ef",
"value": "0/61"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1534250205",
"uuid": "304084df-e41e-4456-88e4-353baeb7d839",
"ObjectReference": [
{
"comment": "",
"object_uuid": "304084df-e41e-4456-88e4-353baeb7d839",
"referenced_uuid": "40e4d320-c62e-4322-ae15-b20e3369832d",
"relationship_type": "analysed-with",
"timestamp": "1534250214",
"uuid": "5b72cce6-b710-469e-a3a1-424a02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1534250202",
"to_ids": true,
"type": "md5",
"uuid": "c7f7d737-4513-4cf0-a05a-eb1697d7e753",
"value": "83ffd697edd0089204779f5bfb031023"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1534250202",
"to_ids": true,
"type": "sha1",
"uuid": "23a4113c-b45c-4c5d-9394-e656b3e730d9",
"value": "c2862a30d486297a005915421f75703ae9b35223"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1534250203",
"to_ids": true,
"type": "sha256",
"uuid": "5ae38128-5e0b-4cb5-b8a5-ef05ad2b91e2",
"value": "9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250203",
"uuid": "40e4d320-c62e-4322-ae15-b20e3369832d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250203",
"to_ids": false,
"type": "datetime",
"uuid": "33d0f34d-43c8-4cb4-9b8a-689c381d498d",
"value": "2018-07-23T12:02:40"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250204",
"to_ids": false,
"type": "link",
"uuid": "dcf618e1-7785-4bec-92e0-c53e9a9554b3",
"value": "https://www.virustotal.com/file/9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907/analysis/1532347360/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250204",
"to_ids": false,
"type": "text",
"uuid": "aebf6ce8-ce50-465c-a45f-128529204545",
"value": "41/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250204",
"uuid": "589e9254-4f90-490a-bc8c-fdea36be01b3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250205",
"to_ids": false,
"type": "datetime",
"uuid": "bf1f3939-4ec3-4333-a357-2fea7066bcbb",
"value": "2018-07-05T10:54:21"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250205",
"to_ids": false,
"type": "link",
"uuid": "026a9339-6f67-4387-9edf-194aea014a88",
"value": "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250205",
"to_ids": false,
"type": "text",
"uuid": "9aa50299-3e3e-4f06-bba1-c9a42b6b1289",
"value": "51/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250205",
"uuid": "71e73500-e019-4027-8696-5f48e8e0fd38",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250206",
"to_ids": false,
"type": "datetime",
"uuid": "daa79b42-ca0d-4e2b-ab63-11a84ee71104",
"value": "2018-08-08T00:46:50"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250206",
"to_ids": false,
"type": "link",
"uuid": "cb2216af-140c-4ca2-8286-8c27cd5055c8",
"value": "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533689210/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250206",
"to_ids": false,
"type": "text",
"uuid": "3f2ba997-79c0-4973-90f8-280d414805f1",
"value": "56/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250206",
"uuid": "7e3abe32-cfe8-485f-a22b-7e2989d16ffa",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250206",
"to_ids": false,
"type": "datetime",
"uuid": "a4c73e44-0dac-4016-a40c-6c422ce1041b",
"value": "2018-08-08T00:52:12"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250207",
"to_ids": false,
"type": "link",
"uuid": "05f75ddc-2a93-4453-a9af-d3d9e6b8139a",
"value": "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533689532/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250207",
"to_ids": false,
"type": "text",
"uuid": "551d7e5c-1f9b-4c34-85f6-8bd7bc16df9c",
"value": "46/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250207",
"uuid": "6c1f2aee-af3d-4af0-a272-8aef0d5da562",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250207",
"to_ids": false,
"type": "datetime",
"uuid": "deffbcff-7552-4ba9-a3de-2c2d42dd124e",
"value": "2018-08-03T00:10:07"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250208",
"to_ids": false,
"type": "link",
"uuid": "903ad04e-95ce-4294-a54d-619a30d55c09",
"value": "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1533255007/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250208",
"to_ids": false,
"type": "text",
"uuid": "451dbe9e-271c-4fd7-9f0e-fd0f5312e2c7",
"value": "47/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250208",
"uuid": "4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250208",
"to_ids": false,
"type": "datetime",
"uuid": "54d361e2-c296-49da-a4be-a50848f24982",
"value": "2018-08-08T00:51:25"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250209",
"to_ids": false,
"type": "link",
"uuid": "c2563df5-adf7-421b-87c9-cfdd9a5cd842",
"value": "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533689485/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250209",
"to_ids": false,
"type": "text",
"uuid": "c45c27d0-e143-4d53-b466-6baf239f345d",
"value": "51/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250209",
"uuid": "bf7d4471-6524-4cdd-821d-63b550a8d3c7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250209",
"to_ids": false,
"type": "datetime",
"uuid": "60642d41-e70f-4883-a8de-19c025106808",
"value": "2018-08-08T00:32:51"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250210",
"to_ids": false,
"type": "link",
"uuid": "f19c2bd6-eb00-43ee-9aa5-9b9986ecce34",
"value": "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533688371/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250210",
"to_ids": false,
"type": "text",
"uuid": "60267fd9-e404-424b-8019-da9bc7560f51",
"value": "40/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250210",
"uuid": "b5a9119a-4fae-4d63-8679-c0fcbe967f1c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250210",
"to_ids": false,
"type": "datetime",
"uuid": "aa3de294-1dc1-41bd-b1f4-370ca5bf2fd6",
"value": "2018-07-05T10:53:51"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250211",
"to_ids": false,
"type": "link",
"uuid": "7f22d474-a70c-470a-9ac9-c8631ca9848f",
"value": "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250211",
"to_ids": false,
"type": "text",
"uuid": "39546021-dba9-455b-bc52-7c06b92d3707",
"value": "28/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1534250211",
"uuid": "3ed9a824-86f6-44c8-addb-00ba19e4b915",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1534250211",
"to_ids": false,
"type": "datetime",
"uuid": "03c95ebb-bf6d-424e-8f1d-bdd3efeaab83",
"value": "2018-07-05T10:54:11"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1534250212",
"to_ids": false,
"type": "link",
"uuid": "6630d978-a6e1-4ea1-be98-527448caba04",
"value": "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1534250212",
"to_ids": false,
"type": "text",
"uuid": "8484bea3-c438-41ff-a461-458d1b85d880",
"value": "43/67"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink