adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5c463bd0-63bc-41f1-91dc-622168f8e8cf.json

951 lines
No EOL
32 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "0",
"date": "2019-01-21",
"extends_uuid": "",
"info": "2019-01-21: APT28 Autoit Zebrocy Progression",
"publish_timestamp": "1622020049",
"published": true,
"threat_level_id": "2",
"timestamp": "1621849993",
"uuid": "5c463bd0-63bc-41f1-91dc-622168f8e8cf",
"Orgc": {
"name": "VK-Intel",
"uuid": "5bfa439e-c978-4dcd-b474-73f568f8e8cf"
},
"Tag": [
{
"colour": "#aa6c53",
"local": false,
"name": "Actor: APT28",
"relationship_type": ""
},
{
"colour": "#ab875e",
"local": false,
"name": "Autoit",
"relationship_type": ""
},
{
"colour": "#671079",
"local": false,
"name": "Actor: Sofacy",
"relationship_type": ""
},
{
"colour": "#0dcd05",
"local": false,
"name": "Downloader",
"relationship_type": ""
},
{
"colour": "#89a9b6",
"local": false,
"name": "Malware: Zebrocy",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys / Start Folder - T1060\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation - T1047\"",
"relationship_type": ""
},
{
"colour": "#12e000",
"local": false,
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "APT28 Zebrocy Autoit Samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548106781",
"to_ids": true,
"type": "md5",
"uuid": "5c463bd0-a7c8-4670-8a27-622168f8e8cf",
"value": "d6751b148461e0f863548be84020b879"
},
{
"category": "External analysis",
"comment": "APT28 Zebrocy Autoit C2 AS9009 M247, GB @m247.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548132590",
"to_ids": true,
"type": "url",
"uuid": "5c463bd0-2174-48b9-bfe3-622168f8e8cf",
"value": "http://194.187.249.126"
},
{
"category": "Payload installation",
"comment": "APT28 Zebrocy Autoit Samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548106762",
"to_ids": true,
"type": "md5",
"uuid": "5c463c0a-0f30-4502-9cf3-79aa68f8e8cf",
"value": "311f24eb2dda26c26f572c727a25503b"
},
{
"category": "Payload installation",
"comment": "APT28 Zebrocy Autoit Samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548106762",
"to_ids": true,
"type": "md5",
"uuid": "5c463c0a-de14-441b-8ec9-79aa68f8e8cf",
"value": "7b1974e61795e84b6aacf33571320c2a"
},
{
"category": "Payload installation",
"comment": "APT28 Zebrocy Autoit Samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548106762",
"to_ids": true,
"type": "md5",
"uuid": "5c463c0a-eb38-4d29-9bf5-79aa68f8e8cf",
"value": "c2e1f2cf18ca987ebb3e8f4c09a4ef7e"
},
{
"category": "Network activity",
"comment": "APT28 Zebrocy C2 AS201011 NETZBETRIEB-GMBH, DE @core-backbone.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548132452",
"to_ids": true,
"type": "url",
"uuid": "5c463c55-d144-426e-a69c-622168f8e8cf",
"value": "http://80.255.6.5"
},
{
"category": "Network activity",
"comment": "APT28 Zebrocy C2 AS49544 I3DNET, NL Qhoster",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548132475",
"to_ids": true,
"type": "url",
"uuid": "5c463c55-ee08-441f-bd1a-622168f8e8cf",
"value": "http://220.158.216.127"
},
{
"category": "Network activity",
"comment": "APT28 Zebrocy C2 AS29073 QUASINETWORKS, NL @libertyvps.net",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548132418",
"to_ids": true,
"type": "url",
"uuid": "5c463c55-d868-4e4b-9235-622168f8e8cf",
"value": "https://145.249.106.198/"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548220887",
"to_ids": false,
"type": "threat-actor",
"uuid": "5c47f9d7-5f30-4893-a12d-1cfe68f8e8cf",
"value": "APT28"
},
{
"category": "Payload installation",
"comment": "Zebrocy AutoIt Jan 16, 2019",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548313502",
"to_ids": true,
"type": "md5",
"uuid": "5c49639e-7110-4d64-8050-631968f8e8cf",
"value": "ec57bb4980ea0190f4ad05d0ea9c9447"
},
{
"category": "Network activity",
"comment": "Zebrocy January 16, 2019 URL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548313552",
"to_ids": true,
"type": "url",
"uuid": "5c4963d0-3650-436c-b82e-631868f8e8cf",
"value": "http://185.236.203.53"
},
{
"category": "Other",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549569107",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b3e-49cc-4e88-9a48-0ff9354b4518",
"value": "virus (suspicious);AVG;"
},
{
"category": "Other",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549569190",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b3e-fcc8-4845-8bcd-0ff9354b4518",
"value": "PUA.Win.Packer.AcprotectUltraprotect-1;ClamAV;"
},
{
"category": "Other",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549569100",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b3e-b370-4841-863a-0ff9354b4518",
"value": "Win32/Spy.Autoit.EK trojan;ESETnod32;"
},
{
"category": "Other",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549569200",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b3e-807c-4433-93b2-0ff9354b4518",
"value": "W32/Autoit.EK!tr.spy;Fortinet;"
},
{
"category": "Other",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568995",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5c5c8b3f-6948-461b-bd88-0ff9354b4518",
"value": "1150976"
},
{
"category": "Payload type",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549569143",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b3f-f40c-409c-bb03-0ff9354b4518",
"value": "9ea0c70001000000f1c6cd0033000000f1c6ce00ae000000f1c6cf003200000009788300090000000978930025000000000001001402000066eed8004d00000066eecd000200000066eec90001000000000097000100000066eecc0001000000;0;"
},
{
"category": "Payload type",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": true,
"timestamp": "1549569185",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b3f-3110-4eed-af28-0ff9354b4518",
"value": "VC8 -> Microsoft Corporation"
},
{
"category": "Payload delivery",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568974",
"to_ids": false,
"type": "sha256",
"uuid": "5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
"value": "121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999"
},
{
"category": "Payload delivery",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568969",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b40-e5a0-453c-80a6-0ff9354b4518",
"value": "MS certificate checker 3.3.12.0 12.5.34.0 Certificate verify checker Certificate verify checker"
},
{
"category": "Payload delivery",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568931",
"to_ids": false,
"type": "imphash",
"uuid": "5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
"value": "c1d258acab237961164a925272293413"
},
{
"category": "Other",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568961",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b40-4604-4e08-a5b0-0ff9354b4518",
"value": "%WINDIR%\\temp\\Invoice-59947267.exe"
},
{
"category": "Payload delivery",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568953",
"to_ids": false,
"type": "sha1",
"uuid": "5c5c8b40-0508-4724-9882-0ff9354b4518",
"value": "ce3b60fbad031c9bd5a10779cc8beb185035d407"
},
{
"category": "Attribution",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": true,
"timestamp": "1549568938",
"to_ids": false,
"type": "text",
"uuid": "5c5c8b40-d5bc-4e51-8a0f-0ff9354b4518",
"value": "LANG_ENGLISH/SUBLANG_ENGLISH_UK"
},
{
"category": "Other",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568922",
"to_ids": false,
"type": "datetime",
"uuid": "5c5c8b41-8ee0-4dd4-af84-0ff9354b4518",
"value": "2018-03-02T01:31:48"
},
{
"category": "Payload delivery",
"comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549568911",
"to_ids": false,
"type": "pehash",
"uuid": "5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
"value": "791574aad9b238c5093e3c83a5db553ef45b01f1"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1548365888",
"uuid": "b800728f-5a34-4730-a91b-f138e14c98c7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b800728f-5a34-4730-a91b-f138e14c98c7",
"referenced_uuid": "99c1af3e-6e2a-4e7e-ae0d-785719b629de",
"relationship_type": "analysed-with",
"timestamp": "1621849993",
"uuid": "5c4a3042-49e8-4d9d-80c5-78ef02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548365889",
"to_ids": true,
"type": "md5",
"uuid": "6cb2100b-1854-4c31-b7f5-9e66e5531142",
"value": "d6751b148461e0f863548be84020b879"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548365889",
"to_ids": true,
"type": "sha1",
"uuid": "12bee859-b960-4113-b4cb-689c7cfaf1cf",
"value": "bab1d2c668e597d19f9ee9395944c1ce0f34f279"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548365889",
"to_ids": true,
"type": "sha256",
"uuid": "dfc3c0a2-2185-4733-896b-f784580ea4ed",
"value": "1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548365889",
"uuid": "99c1af3e-6e2a-4e7e-ae0d-785719b629de",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548365889",
"to_ids": false,
"type": "datetime",
"uuid": "2fe07c1b-96ab-4f81-987a-8db6f28c9942",
"value": "2019-01-24T11:36:53"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548365889",
"to_ids": false,
"type": "link",
"uuid": "5b56cfbc-246d-4782-b0bf-8fe1c528f788",
"value": "https://www.virustotal.com/file/1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27/analysis/1548329813/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548365889",
"to_ids": false,
"type": "text",
"uuid": "792b941e-1e36-488a-bc89-bfd79ada3391",
"value": "43/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1548365889",
"uuid": "d89b9e2c-fbdb-4504-858e-2cac4f989268",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d89b9e2c-fbdb-4504-858e-2cac4f989268",
"referenced_uuid": "4b15b1fa-1951-422f-8212-1f96c5f99af3",
"relationship_type": "analysed-with",
"timestamp": "1621849993",
"uuid": "5c4a3043-b82c-442a-9f6d-78ef02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548365889",
"to_ids": true,
"type": "md5",
"uuid": "c5402abf-a94a-4da9-916b-a6b82850e76f",
"value": "c2e1f2cf18ca987ebb3e8f4c09a4ef7e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548365889",
"to_ids": true,
"type": "sha1",
"uuid": "c9808069-4bd1-4542-b208-89fc033256b8",
"value": "e757ea599a1d6f1d06d90589d7f19dd1c1bf8b7b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548365889",
"to_ids": true,
"type": "sha256",
"uuid": "ed9e6dcd-25bc-4de8-8fef-490203cbf2b4",
"value": "5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548365889",
"uuid": "4b15b1fa-1951-422f-8212-1f96c5f99af3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548365889",
"to_ids": false,
"type": "datetime",
"uuid": "6da72563-3cc7-4780-a07e-55ff265b9308",
"value": "2018-10-25T17:04:30"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548365889",
"to_ids": false,
"type": "link",
"uuid": "71f1982a-d31f-42ea-8e9f-ef485841b836",
"value": "https://www.virustotal.com/file/5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db/analysis/1540487070/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548365889",
"to_ids": false,
"type": "text",
"uuid": "3ec5fc33-7d0b-4ae9-a429-670577bea696",
"value": "40/65"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1548365889",
"uuid": "14b16764-ddf9-4007-b47e-3aef5cc6f36a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "14b16764-ddf9-4007-b47e-3aef5cc6f36a",
"referenced_uuid": "587de82f-4aae-4200-b88f-a8d0fcfc24ed",
"relationship_type": "analysed-with",
"timestamp": "1621849993",
"uuid": "5c4a3043-a5c8-494b-8aba-78ef02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548365889",
"to_ids": true,
"type": "md5",
"uuid": "03a94d3c-789d-4b1b-a96b-e8f9cff24235",
"value": "ec57bb4980ea0190f4ad05d0ea9c9447"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548365889",
"to_ids": true,
"type": "sha1",
"uuid": "b6fae6a7-72d5-46ce-9723-d00b73cf0cac",
"value": "6b300486d17d07a02365d32b673cd6638bd384f3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548365889",
"to_ids": true,
"type": "sha256",
"uuid": "01935c35-da34-4f6c-8c80-97ccb807d69a",
"value": "e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548365890",
"uuid": "587de82f-4aae-4200-b88f-a8d0fcfc24ed",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548365890",
"to_ids": false,
"type": "datetime",
"uuid": "5a292dc8-ad4d-40ac-8462-bc25b6767fb9",
"value": "2019-01-23T17:12:32"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548365890",
"to_ids": false,
"type": "link",
"uuid": "8c6e54b1-8393-4723-9851-47466fe07a81",
"value": "https://www.virustotal.com/file/e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d/analysis/1548263552/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548365890",
"to_ids": false,
"type": "text",
"uuid": "0028b781-c4c6-4957-846f-b9a97cd4afe9",
"value": "34/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1548365890",
"uuid": "63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
"referenced_uuid": "80a7973b-8573-413c-a2be-73b4062f2654",
"relationship_type": "analysed-with",
"timestamp": "1621849993",
"uuid": "5c4a3043-7310-4841-896d-78ef02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548365890",
"to_ids": true,
"type": "md5",
"uuid": "13d0182a-a372-441d-9acd-284d8b3cbbd1",
"value": "311f24eb2dda26c26f572c727a25503b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548365890",
"to_ids": true,
"type": "sha1",
"uuid": "cdb778cc-5cf0-4934-b90a-0ad50ca0ab5c",
"value": "74e12fbcac14b2f1b2d83cabb057f8e059c95d68"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548365890",
"to_ids": true,
"type": "sha256",
"uuid": "d107115d-7f07-4897-98cc-cfe62f7a0f51",
"value": "01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548365890",
"uuid": "80a7973b-8573-413c-a2be-73b4062f2654",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548365890",
"to_ids": false,
"type": "datetime",
"uuid": "fc0041a5-dc4f-4fcf-a5b6-6a9fcb978a7f",
"value": "2018-11-06T17:34:50"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548365890",
"to_ids": false,
"type": "link",
"uuid": "3640584d-273d-4d8f-8976-37156c0a0593",
"value": "https://www.virustotal.com/file/01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889/analysis/1541525690/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548365890",
"to_ids": false,
"type": "text",
"uuid": "89221de2-e8a5-433e-93aa-ee73006ae663",
"value": "33/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1548365890",
"uuid": "18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
"referenced_uuid": "ad488ad1-01c8-4a0e-80ee-a7f7257b1f13",
"relationship_type": "analysed-with",
"timestamp": "1621849993",
"uuid": "5c4a3043-0878-4e69-83b7-78ef02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548365890",
"to_ids": true,
"type": "md5",
"uuid": "5d15cac4-cba5-49ae-ba7e-52912d6452d0",
"value": "7b1974e61795e84b6aacf33571320c2a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548365890",
"to_ids": true,
"type": "sha1",
"uuid": "9b7709c9-a002-4553-8a02-f5fd6b975584",
"value": "ce3b60fbad031c9bd5a10779cc8beb185035d407"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548365890",
"to_ids": true,
"type": "sha256",
"uuid": "9632ae25-37d4-4daf-869b-886795d6bce1",
"value": "121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548365890",
"uuid": "ad488ad1-01c8-4a0e-80ee-a7f7257b1f13",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548365890",
"to_ids": false,
"type": "datetime",
"uuid": "ea4f7140-d3c9-46cb-8d71-627dc47ee8e1",
"value": "2019-01-12T06:28:05"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548365890",
"to_ids": false,
"type": "link",
"uuid": "3897fb76-7663-4961-8bc6-27bd0f697402",
"value": "https://www.virustotal.com/file/121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999/analysis/1547274485/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548365890",
"to_ids": false,
"type": "text",
"uuid": "d7b594d5-8ae7-4c4e-bb62-9d0a9f402523",
"value": "47/69"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink