adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5c912339-5ab4-4226-a5b2-9fc2950d210f.json

1146 lines
No EOL
40 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "1",
"date": "2019-03-19",
"extends_uuid": "",
"info": "LockerGoga - yara rules",
"publish_timestamp": "1553015876",
"published": true,
"threat_level_id": "3",
"timestamp": "1553015789",
"uuid": "5c912339-5ab4-4226-a5b2-9fc2950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:ransomware=\"LockerGoga\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015624",
"to_ids": false,
"type": "link",
"uuid": "5c912348-2ec0-4864-b4c0-9abd950d210f",
"value": "https://pastebin.com/5LCC0HNp"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-5284-4c79-a948-287f950d210f",
"value": "bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-5e3c-422f-aad8-287f950d210f",
"value": "8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-a690-4ac1-b9e9-287f950d210f",
"value": "bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-c830-48fd-9a06-287f950d210f",
"value": "5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-5194-42e5-9028-287f950d210f",
"value": "6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-4118-4277-b547-287f950d210f",
"value": "c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-5ab4-448c-b7f5-287f950d210f",
"value": "c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "5c912364-1a50-4191-b106-287f950d210f",
"value": "f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192"
},
{
"category": "Payload delivery",
"comment": "Ransom notes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015673",
"to_ids": true,
"type": "sha256",
"uuid": "5c912379-4278-4663-bf46-4cbc950d210f",
"value": "b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1553015754",
"to_ids": true,
"type": "yara",
"uuid": "5c9123ca-0b0c-49f1-8b86-20ae950d210f",
"value": "rule lockergoga {\r\n meta:\r\n description = \"LockerGoga Ransomware\"\r\n author = \"jeFF0Falltrades\"\r\n hash = \"bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f\"\r\n \r\n strings:\r\n $dinkum = \"licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED\" wide ascii nocase\r\n $ransom_1 = \"You should be thankful that the flaw was exploited by serious people and not some rookies.\" wide ascii nocase\r\n $ransom_2 = \"Your files are encrypted with the strongest military algorithms RSA4096 and AES-256\" wide ascii nocase\r\n $str_1 = \"(readme-now\" wide ascii nocase\r\n $mlcrosoft = \"Mlcrosoft\" wide ascii nocase\r\n $cert_1 = \"16 Australia Road Chickerell\" wide ascii nocase\r\n $cert_2 = { 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF } // MIKL LIMITED\r\n $cert_3 = { 3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF } // CCOMODO RSA Code Signing CA\r\n $cert_4 = { 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D } // COMODO SECURE\r\n \r\n condition:\r\n 4 of them\r\n}"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015725",
"uuid": "a3f2530b-30fe-41cd-b059-ad99969eff30",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a3f2530b-30fe-41cd-b059-ad99969eff30",
"referenced_uuid": "c651e649-6227-4ac6-b839-c687f8ccddc8",
"relationship_type": "analysed-with",
"timestamp": "1553015727",
"uuid": "5c9123af-6dcc-4575-b705-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Ransom notes",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015673",
"to_ids": true,
"type": "md5",
"uuid": "e7c12652-e6a0-4881-a1fe-2e62615d34d6",
"value": "2e2e4988a49f8b22d5909cf1964851cb"
},
{
"category": "Payload delivery",
"comment": "Ransom notes",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015673",
"to_ids": true,
"type": "sha1",
"uuid": "e2112782-e4f1-447e-b3a2-233b50d7fdbe",
"value": "cd3f6121705a3df9156d823b7da34c4745588ac5"
},
{
"category": "Payload delivery",
"comment": "Ransom notes",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015673",
"to_ids": true,
"type": "sha256",
"uuid": "17a68d8d-9526-43f6-b346-dc3f577abf23",
"value": "b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015725",
"uuid": "c651e649-6227-4ac6-b839-c687f8ccddc8",
"Attribute": [
{
"category": "Other",
"comment": "Ransom notes",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015673",
"to_ids": false,
"type": "datetime",
"uuid": "64db9dc1-3590-4b94-8372-48dd723f7d61",
"value": "2019-02-04T05:50:46"
},
{
"category": "Payload delivery",
"comment": "Ransom notes",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015673",
"to_ids": false,
"type": "link",
"uuid": "88349f79-00a6-44e8-a104-5a643c5a2515",
"value": "https://www.virustotal.com/file/b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7/analysis/1549259446/"
},
{
"category": "Payload delivery",
"comment": "Ransom notes",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015673",
"to_ids": false,
"type": "text",
"uuid": "4a13a84f-9f6b-42b4-b5eb-411be8e0a106",
"value": "2/56"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015726",
"uuid": "c24dad78-fc4b-4faa-b6d4-206978031fe0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c24dad78-fc4b-4faa-b6d4-206978031fe0",
"referenced_uuid": "a1f92386-f661-4405-b608-ce07dc6cdda8",
"relationship_type": "analysed-with",
"timestamp": "1553015727",
"uuid": "5c9123af-f7e4-4e7c-947c-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "363c6682-eb50-4c96-8c55-ea255b3c3534",
"value": "164f72dfb729ca1e15f99d456b7cf811"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "f89a37cd-943b-4b74-b238-fa6a2976aeac",
"value": "f92339e73c7e901c0c852d8e65615cfb588a4ff6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "aaa85da6-6dcb-4e7b-868b-53a91524edf9",
"value": "8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015726",
"uuid": "a1f92386-f661-4405-b608-ce07dc6cdda8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "a678d856-09a1-49ad-bd69-59488e77d3b7",
"value": "2019-03-19T13:53:33"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "ca56e3c8-2c6c-4848-ba56-ff6ce2b3d5d3",
"value": "https://www.virustotal.com/file/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29/analysis/1553003613/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "5794acde-ad4f-4ba3-8562-a92204ad10a6",
"value": "48/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015726",
"uuid": "a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
"referenced_uuid": "0391f4cd-c590-4610-8edd-feda88fdfa60",
"relationship_type": "analysed-with",
"timestamp": "1553015727",
"uuid": "5c9123af-984c-45c1-83f2-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "fd1abe54-0d45-48f9-bfc6-28bd84b848e3",
"value": "174e3d9c7b0380dd7576187c715c4681"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "2226837a-9e06-4483-8d50-0c20014873dc",
"value": "31fbfe814628db3b459ddc87bf5ed538700db17a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "e4562a95-7a68-402e-a698-c371fdf72b0e",
"value": "c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015726",
"uuid": "0391f4cd-c590-4610-8edd-feda88fdfa60",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "3a5e67c7-c74a-4315-9175-065963d5a8e4",
"value": "2019-03-12T13:06:36"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "c30aefba-5765-4246-8a36-0145c476abee",
"value": "https://www.virustotal.com/file/c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4/analysis/1552395996/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "56f36d81-5d79-4378-918a-276b2d12f9aa",
"value": "27/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015726",
"uuid": "148fbc6a-699e-42fd-87aa-5af9754c0e51",
"ObjectReference": [
{
"comment": "",
"object_uuid": "148fbc6a-699e-42fd-87aa-5af9754c0e51",
"referenced_uuid": "2338f16c-ece6-4921-a483-16ad32d48b6e",
"relationship_type": "analysed-with",
"timestamp": "1553015727",
"uuid": "5c9123af-4534-4e69-8a2c-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "669797d5-8952-4096-8111-0a31c9067e30",
"value": "4da135516f3da1c6ca04d17f83b99e65"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "ed474e8c-266a-4947-b4d7-7fe6394be9de",
"value": "127b2c4403995d35622487bd250d673d74b613b9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "bce6d153-b8aa-4f22-9986-204e4afae144",
"value": "bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015726",
"uuid": "2338f16c-ece6-4921-a483-16ad32d48b6e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "312ca56e-c396-4c37-884e-b7ebbf0bff58",
"value": "2019-03-19T13:40:41"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "508ee025-224d-4c90-84d2-fc69ce4ebabf",
"value": "https://www.virustotal.com/file/bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3/analysis/1553002841/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "eab40452-c7e1-43b7-9b51-15f8ffcd6477",
"value": "38/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015726",
"uuid": "5a84f101-86e6-43b0-ae3f-623dad8b69e1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5a84f101-86e6-43b0-ae3f-623dad8b69e1",
"referenced_uuid": "cdea4921-8644-4b08-a9b8-0fe386daa01d",
"relationship_type": "analysed-with",
"timestamp": "1553015727",
"uuid": "5c9123af-fc44-414e-a48e-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "07860923-ad2a-4a40-9165-6d93829720d8",
"value": "a1d732aa27e1ca2ae45a189451419ed5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "14ef2f06-e9c0-45b9-88a2-f2ddb4563c14",
"value": "50f5a5ec13d21d4df119140547d63bc40f93b079"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "24242ead-9222-40e4-84ec-6499d597ae41",
"value": "c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015726",
"uuid": "cdea4921-8644-4b08-a9b8-0fe386daa01d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "b1e65ff2-9d0e-43f3-9c2b-4baadd8cc1d1",
"value": "2019-03-12T12:39:49"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "edfa165d-5946-473b-963c-46fe77f0d672",
"value": "https://www.virustotal.com/file/c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a/analysis/1552394389/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "fea3eff1-2ffe-4120-8ab6-c8351102e057",
"value": "45/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015726",
"uuid": "14547b7b-c28e-4574-8cc4-106899809c9e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "14547b7b-c28e-4574-8cc4-106899809c9e",
"referenced_uuid": "21a5c0a3-ff33-435e-8048-f51d57fc8afe",
"relationship_type": "analysed-with",
"timestamp": "1553015728",
"uuid": "5c9123b0-b634-4903-bd10-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "03af5da0-ae94-4996-b900-6a596b7ceb3f",
"value": "52340664fe59e030790c48b66924b5bd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "61930c77-fcac-4890-90e1-d700560af50b",
"value": "73171ffa6dfee5f9264e3d20a1b6926ec1b60897"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "c8159062-3f18-4a5f-8713-5d23de229378",
"value": "bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015726",
"uuid": "21a5c0a3-ff33-435e-8048-f51d57fc8afe",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "b5962ae5-9f5f-4139-b4f8-32c00cf915a9",
"value": "2019-03-19T16:58:13"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "184fef18-605c-425d-bfc6-ab172d04ecd3",
"value": "https://www.virustotal.com/file/bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f/analysis/1553014693/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "4f40e57e-6c7e-4bd2-8790-69a88b362277",
"value": "50/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015726",
"uuid": "166751f4-ec05-4231-a8a2-b1eb730b2c43",
"ObjectReference": [
{
"comment": "",
"object_uuid": "166751f4-ec05-4231-a8a2-b1eb730b2c43",
"referenced_uuid": "085034fb-0daf-44cd-b7c9-77c1d25e7c43",
"relationship_type": "analysed-with",
"timestamp": "1553015728",
"uuid": "5c9123b0-68f8-4f46-b69b-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "81851780-3351-4024-9f3a-735d1b316c22",
"value": "3ebca21b1d4e2f482b3eda6634e89211"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "849db2f3-e82c-43e8-bb5f-ed71f5d0fb12",
"value": "37cdd1e3225f8da596dc13779e902d8d13637360"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "25261c2c-a6e6-476c-bae1-aced03aee4a9",
"value": "6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015727",
"uuid": "085034fb-0daf-44cd-b7c9-77c1d25e7c43",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "4d51e5b0-2f13-4636-80e7-04ef5a36146a",
"value": "2019-03-13T20:19:57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "520eb8ef-0225-4e1f-ae81-0401eddd9f4e",
"value": "https://www.virustotal.com/file/6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77/analysis/1552508397/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "1258ab17-ba69-4fd4-b328-6fc04f405d9d",
"value": "50/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015727",
"uuid": "8d86fb01-876c-4da9-bc62-9fdc843554c4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8d86fb01-876c-4da9-bc62-9fdc843554c4",
"referenced_uuid": "a743676f-ccfc-4a6c-be5b-f87e8f5aa597",
"relationship_type": "analysed-with",
"timestamp": "1553015728",
"uuid": "5c9123b0-56b8-4a0b-a735-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "84c57181-46f8-48a3-b442-5a0495fa909d",
"value": "e8c7c902bcb2191630e10a80ddf9d5de"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "02d952c6-147f-4a41-b7d2-07ce289e1c50",
"value": "e00ec019409a078e9819e09d0f3915cb41fc131f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "dd640306-46b1-46e3-8a21-800ca60a5bfb",
"value": "f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015727",
"uuid": "a743676f-ccfc-4a6c-be5b-f87e8f5aa597",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "ecaf0112-f076-4391-9080-21996a134b7a",
"value": "2019-02-26T19:40:39"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "c417809f-4161-4ce4-8ce7-29842ceaf1e8",
"value": "https://www.virustotal.com/file/f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192/analysis/1551210039/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "76fedccf-0b16-464e-b7e4-110651d1c6e9",
"value": "47/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1553015727",
"uuid": "718e18c1-0b60-45c7-9318-a2ca997d60ac",
"ObjectReference": [
{
"comment": "",
"object_uuid": "718e18c1-0b60-45c7-9318-a2ca997d60ac",
"referenced_uuid": "817671be-adde-446b-ac04-6532dd96a481",
"relationship_type": "analysed-with",
"timestamp": "1553015728",
"uuid": "5c9123b0-ad8c-4c2c-9866-9ad5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1553015652",
"to_ids": true,
"type": "md5",
"uuid": "b244cf0b-4c93-4a40-8394-d74b46dc3086",
"value": "9cad8641ac79688e09c5fa350aef2094"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha1",
"uuid": "c858b8f0-f8d9-4319-9af3-db6b59a407d4",
"value": "3da0a217bbda09561780f52f163a6aafeb721d60"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1553015652",
"to_ids": true,
"type": "sha256",
"uuid": "73db6738-896b-4a0f-8f9e-840da734cba4",
"value": "5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1553015727",
"uuid": "817671be-adde-446b-ac04-6532dd96a481",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1553015652",
"to_ids": false,
"type": "datetime",
"uuid": "8428c83d-d250-47d1-b7cc-ceed25f03b61",
"value": "2019-03-18T09:59:21"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1553015652",
"to_ids": false,
"type": "link",
"uuid": "0caaa8c4-1527-47bd-9e69-976486cbe6d7",
"value": "https://www.virustotal.com/file/5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c/analysis/1552903161/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1553015652",
"to_ids": false,
"type": "text",
"uuid": "23f17631-48af-4ea1-a977-57a2fa95234d",
"value": "40/66"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink