misp-circl-feed/feeds/circl/misp/5a9c4472-55e8-4734-b23b-401702de0b81.json

2929 lines
No EOL
100 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2018-03-04",
"extends_uuid": "",
"info": "OSINT - McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups",
"publish_timestamp": "1520191869",
"published": true,
"threat_level_id": "3",
"timestamp": "1520191817",
"uuid": "5a9c4472-55e8-4734-b23b-401702de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#001cad",
"name": "estimative-language:likelihood-probability=\"very-likely\""
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Modify Existing Service\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Code Signing\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"File Deletion\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Deobfuscate/Decode Files or Information\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-mobile-attack-attack-pattern=\"System Information Discovery\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-mobile-attack-attack-pattern=\"Process Discovery\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Service Execution\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Rundll32\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Scripting\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Command-Line Interface\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Data from Local System\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Automated Exfiltration\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Data Encrypted\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-mobile-attack-attack-pattern=\"Commonly Used Port\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-entreprise-attack-attack-pattern=\"Bypass User Account Control\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191754",
"to_ids": false,
"type": "link",
"uuid": "5a9c44b4-1728-4a7c-a65a-458102de0b81",
"value": "https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#005829",
"name": "misp:confidence-level=\"usually-confident\""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191754",
"to_ids": false,
"type": "text",
"uuid": "5a9c44cb-ba2c-4bd3-872a-4d2302de0b81",
"value": "McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the names of the malicious documents used in the attacks.\r\n\r\nAdvanced Threat Research analysts have also discovered malicious documents authored by the same actor that indicate a tactical shift. These documents do not contain the typical lures by this actor, instead using Word compatibility messages to entice victims into opening them.\r\n\r\nThe Advanced Threat Research team also observed a heavy concentration of the implant in Vietnam from January 15\u00e2\u20ac\u201c17.",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#005829",
"name": "misp:confidence-level=\"usually-confident\""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191755",
"to_ids": true,
"type": "hostname",
"uuid": "5a9c45f8-8e9c-49ef-b239-454b02de0b81",
"value": "ftp.byethost31.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191755",
"to_ids": true,
"type": "hostname",
"uuid": "5a9c45f9-a280-4cd9-87e4-455302de0b81",
"value": "ftp.byethost11.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191756",
"to_ids": true,
"type": "hostname",
"uuid": "5a9c45f9-05c8-4883-a183-466e02de0b81",
"value": "1113427185.ifastnet.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191757",
"to_ids": true,
"type": "hostname",
"uuid": "5a9c45fa-ff6c-445a-aa8b-4cf702de0b81",
"value": "navermail.byethost3.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191757",
"to_ids": true,
"type": "hostname",
"uuid": "5a9c45fa-681c-4292-bda0-491d02de0b81",
"value": "nihon.byethost3.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191493",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4805-c09c-4690-8e98-486e02de0b81",
"value": "fe32d29fa16b1b71cd27b23a78ee9f6b7791bff3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191493",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4805-2880-44af-ab46-462102de0b81",
"value": "f684e15dd2e84bac49ea9b89f9b2646dc32a2477"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191494",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4806-c684-4736-ac98-4bb202de0b81",
"value": "1d280a77595a2d2bbd36b9b5d958f99be20f8e06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191494",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4806-8fa0-40c4-8680-4d4602de0b81",
"value": "19d9573f0b2c2100accd562cc82d57adb12a57ec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191495",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4807-5ea4-4ef2-93e5-49da02de0b81",
"value": "f90a2155ac492c3c2d5e1d83e384e1a734e59cc0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191496",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4808-10c0-4208-9231-409702de0b81",
"value": "9b832dda912cce6b23da8abf3881fcf4d2b7ce09"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191496",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4808-f624-4e20-b0f1-4e9902de0b81",
"value": "f3b62fea38cb44e15984d941445d24e6b309bc7b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191497",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4809-ec64-4b39-be1d-4a3d02de0b81",
"value": "66d2cea01b46c3353f4339a986a97b24ed89ee18"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191497",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4809-85c8-4f4e-8444-48be02de0b81",
"value": "7113aaab61cacb6086c5531a453adf82ca7e7d03"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191497",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4809-8fa4-4b77-99cb-44ea02de0b81",
"value": "d41daba0ebfa55d0c769ccfc03dbf6a5221e006a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191498",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480a-81cc-4a6b-8fd2-4f5f02de0b81",
"value": "25f4819e7948086d46df8de2eeeaa2b9ec6eca8c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191498",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480a-f628-4d4f-86ae-49a502de0b81",
"value": "35ab747c15c20da29a14e8b46c07c0448cef4999"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191499",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480b-aed0-448d-984e-442e02de0b81",
"value": "e87de3747d7c12c1eea9e73d3c2fb085b5ae8b42"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191499",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480b-f484-40f1-87c8-45d802de0b81",
"value": "0e4a7c0242b98723dc2b8cce1fbf1a43dd025cf0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191500",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480c-4ce8-45e0-9b94-4a6c02de0b81",
"value": "bca861a46d60831a3101c50f80a6d626fa99bf16"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191500",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480c-a5f4-4702-b3c0-4aaa02de0b81",
"value": "01530adb3f947fabebae5d9c04fb69f9000c3cef"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191501",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480d-d130-4cb6-9a2f-4e4402de0b81",
"value": "4229896d61a5ad57ed5c247228606ce62c7032d0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191501",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480d-2208-4f82-8389-4da702de0b81",
"value": "4c7e975f95ebc47423923b855a7530af52977f57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191502",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480e-bf30-42c0-8f75-4a3b02de0b81",
"value": "5a6ad7a1c566204a92dd269312d1156d51e61dc4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191502",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480e-5c64-4636-ba9e-4e1202de0b81",
"value": "1dc50bfcab2bc80587ac900c03e23afcbe243f64"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191503",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480f-11ac-4159-98df-4bc302de0b81",
"value": "003e21b02be3248ff72cc2bfcd05bb161b6a2356"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191503",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c480f-ac00-4184-9f88-4b4102de0b81",
"value": "9b7c3c48bcef6330e3086de592b3223eb198744a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1520191504",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4810-85e0-4e93-8e9f-445902de0b81",
"value": "85e2453b37602429596c9681a8c58a5c6faf8d0c"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191761",
"uuid": "2e961d04-28b4-4bb2-9733-a9eb1b50319c",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2e961d04-28b4-4bb2-9733-a9eb1b50319c",
"referenced_uuid": "09fa2b85-feaa-4636-9097-217bbf42c4e8",
"relationship_type": "analysed-with",
"timestamp": "1520191815",
"uuid": "5a9c4947-f440-45e7-ac03-4e3602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191759",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c490f-2970-495a-b2a0-46d302de0b81",
"value": "d41daba0ebfa55d0c769ccfc03dbf6a5221e006a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191759",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c490f-eaa4-4488-bafa-408702de0b81",
"value": "670002bceaf387608a27827a95854b0a33ecad5c83255f03b98bfe18fe5e9768"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191760",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4910-9c30-4e19-a0b9-473d02de0b81",
"value": "3eb415f905e896ef1d43d8aac74d0039"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191760",
"uuid": "09fa2b85-feaa-4636-9097-217bbf42c4e8",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191760",
"to_ids": false,
"type": "link",
"uuid": "5a9c4910-a73c-4e50-94f8-4d5902de0b81",
"value": "https://www.virustotal.com/file/670002bceaf387608a27827a95854b0a33ecad5c83255f03b98bfe18fe5e9768/analysis/1520006385/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191761",
"to_ids": false,
"type": "text",
"uuid": "5a9c4911-d6c8-4552-9c8e-4e3d02de0b81",
"value": "29/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191761",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4911-bda4-4e2d-9cdb-4dd202de0b81",
"value": "2018-03-02T15:59:45"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191764",
"uuid": "6a4bcdf2-3620-4da2-9b36-deec766fdaf1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6a4bcdf2-3620-4da2-9b36-deec766fdaf1",
"referenced_uuid": "2ffa5aed-ea08-4422-8686-d2ba03550afd",
"relationship_type": "analysed-with",
"timestamp": "1520191815",
"uuid": "5a9c4948-f394-4141-b4ab-402402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191761",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4911-1634-40ea-a45d-432302de0b81",
"value": "1d280a77595a2d2bbd36b9b5d958f99be20f8e06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191762",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4912-3404-45cc-8d0f-4d5802de0b81",
"value": "d4be329aa00c2610a4ab48e7924cd77212de1648392ae3914527eaafa8014dc0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191762",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4912-ca48-49a4-a98e-494b02de0b81",
"value": "97e2323d884a96b1207005b6b8c041d4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191762",
"uuid": "2ffa5aed-ea08-4422-8686-d2ba03550afd",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191763",
"to_ids": false,
"type": "link",
"uuid": "5a9c4913-5f38-4d1b-954a-407902de0b81",
"value": "https://www.virustotal.com/file/d4be329aa00c2610a4ab48e7924cd77212de1648392ae3914527eaafa8014dc0/analysis/1517611004/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191763",
"to_ids": false,
"type": "text",
"uuid": "5a9c4913-5f94-4b2c-ab3c-4ecb02de0b81",
"value": "28/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191763",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4913-07b4-4d89-a370-4dae02de0b81",
"value": "2018-02-02T22:36:44"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191766",
"uuid": "33266df5-c97f-4067-8738-8912d5f44104",
"ObjectReference": [
{
"comment": "",
"object_uuid": "33266df5-c97f-4067-8738-8912d5f44104",
"referenced_uuid": "b287872a-da15-4eeb-9420-7eb029fddac9",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-869c-4d00-aae1-4c5402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191763",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4913-7840-4cf1-b67e-42af02de0b81",
"value": "25f4819e7948086d46df8de2eeeaa2b9ec6eca8c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191764",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4914-8494-4b98-bfc3-427e02de0b81",
"value": "d31fe5cfa884e04ee26f323b8d104dcaa91146f5c7c216212fd3053afaade80f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191764",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4914-ac1c-4b54-a54c-4a2d02de0b81",
"value": "bb2fbd8d143e1fb0717d21d4443729fc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191765",
"uuid": "b287872a-da15-4eeb-9420-7eb029fddac9",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191765",
"to_ids": false,
"type": "link",
"uuid": "5a9c4915-2ecc-4a83-b82e-472b02de0b81",
"value": "https://www.virustotal.com/file/d31fe5cfa884e04ee26f323b8d104dcaa91146f5c7c216212fd3053afaade80f/analysis/1520006253/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191765",
"to_ids": false,
"type": "text",
"uuid": "5a9c4915-c8c0-4d05-84af-4c7b02de0b81",
"value": "35/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191765",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4915-12a4-4e41-9af8-47d002de0b81",
"value": "2018-03-02T15:57:33"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191769",
"uuid": "bf7c6241-225f-4187-bcb9-451fdb15ecda",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bf7c6241-225f-4187-bcb9-451fdb15ecda",
"referenced_uuid": "32b43043-8774-440d-b442-ce1eaea26709",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-6ca8-434e-aa47-491402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191766",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4916-7864-46b4-b40b-4de202de0b81",
"value": "e87de3747d7c12c1eea9e73d3c2fb085b5ae8b42"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191766",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4916-91c8-41d5-b2da-4dae02de0b81",
"value": "439c305cd408dbb508e153caab29d17021a7430f1dbaec0c90ac750ba2136f5f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191767",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4917-0974-41cc-95e3-4ca802de0b81",
"value": "36614876eea3d174e1b1a9f0c5e58034"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191767",
"uuid": "32b43043-8774-440d-b442-ce1eaea26709",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191767",
"to_ids": false,
"type": "link",
"uuid": "5a9c4917-c5dc-4b2c-ae7c-48a202de0b81",
"value": "https://www.virustotal.com/file/439c305cd408dbb508e153caab29d17021a7430f1dbaec0c90ac750ba2136f5f/analysis/1520006340/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191768",
"to_ids": false,
"type": "text",
"uuid": "5a9c4918-2728-49a8-9dd8-44e902de0b81",
"value": "37/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191768",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4918-6d2c-43cb-a638-41d602de0b81",
"value": "2018-03-02T15:59:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191771",
"uuid": "04640a00-f2ab-4c38-8b33-2df082780575",
"ObjectReference": [
{
"comment": "",
"object_uuid": "04640a00-f2ab-4c38-8b33-2df082780575",
"referenced_uuid": "378c8adb-0b81-4d33-9176-a03c16216593",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-50a8-4ee4-aad1-4cf302de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191768",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4918-d9b8-48fc-ba88-4f2002de0b81",
"value": "35ab747c15c20da29a14e8b46c07c0448cef4999"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191769",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4919-f27c-49bc-840e-4cf302de0b81",
"value": "392b1eaf242eaa780bddde2d0babd5c2723e0ecadc4aa3fb64a3357ca0698987"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191769",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4919-c758-462d-9342-40f002de0b81",
"value": "155842c2c1824e0e4f17f63646d23aac"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191769",
"uuid": "378c8adb-0b81-4d33-9176-a03c16216593",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191770",
"to_ids": false,
"type": "link",
"uuid": "5a9c491a-2540-4934-a798-43ec02de0b81",
"value": "https://www.virustotal.com/file/392b1eaf242eaa780bddde2d0babd5c2723e0ecadc4aa3fb64a3357ca0698987/analysis/1520006046/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191770",
"to_ids": false,
"type": "text",
"uuid": "5a9c491a-f0c0-4b54-bb9e-49fc02de0b81",
"value": "23/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191770",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c491a-b0fc-426c-86b8-4b7b02de0b81",
"value": "2018-03-02T15:54:06"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191774",
"uuid": "8c8f576e-3820-4e89-ba34-12a566864e58",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8c8f576e-3820-4e89-ba34-12a566864e58",
"referenced_uuid": "2c9eaabb-ebc9-4309-b7c7-ef1ac1c59145",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-d65c-4833-bf61-44ba02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191771",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c491b-8024-4406-9716-427c02de0b81",
"value": "5a6ad7a1c566204a92dd269312d1156d51e61dc4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191771",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c491b-01b0-426a-8d48-4c5a02de0b81",
"value": "d60a03b67683d80fa2f74bd933ec93cbb8b40a247d9d3c31aea9794e50fbd2e2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191772",
"to_ids": true,
"type": "md5",
"uuid": "5a9c491c-cf7c-416e-9285-477402de0b81",
"value": "9a925e048612e1c24b44974fc9b4bb6a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191772",
"uuid": "2c9eaabb-ebc9-4309-b7c7-ef1ac1c59145",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191772",
"to_ids": false,
"type": "link",
"uuid": "5a9c491c-96e8-483a-be3b-46c502de0b81",
"value": "https://www.virustotal.com/file/d60a03b67683d80fa2f74bd933ec93cbb8b40a247d9d3c31aea9794e50fbd2e2/analysis/1516022902/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191773",
"to_ids": false,
"type": "text",
"uuid": "5a9c491d-18f8-4303-a7ac-464202de0b81",
"value": "33/65"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191773",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c491d-c950-4a8f-b456-49e702de0b81",
"value": "2018-01-15T13:28:22"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191776",
"uuid": "514a1f78-bf75-4f64-898a-4e2be87489d5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "514a1f78-bf75-4f64-898a-4e2be87489d5",
"referenced_uuid": "9d63c363-35ff-45fb-9535-c26c9788f769",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-8e98-41ad-a9b1-40bd02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191773",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c491d-4bf8-48d5-95b3-43a302de0b81",
"value": "0e4a7c0242b98723dc2b8cce1fbf1a43dd025cf0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191773",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c491d-e9fc-4ea7-ad11-407702de0b81",
"value": "795acde1e841354fd82b8ae976fba9bfc620bc85ec374a891a40776a7d1fbcdc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191774",
"to_ids": true,
"type": "md5",
"uuid": "5a9c491e-4fc4-47cb-a596-430002de0b81",
"value": "fac0a84c3d04cba36dd21ab68d759225"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191774",
"uuid": "9d63c363-35ff-45fb-9535-c26c9788f769",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191774",
"to_ids": false,
"type": "link",
"uuid": "5a9c491e-28a4-4fe1-844e-467702de0b81",
"value": "https://www.virustotal.com/file/795acde1e841354fd82b8ae976fba9bfc620bc85ec374a891a40776a7d1fbcdc/analysis/1520096392/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191775",
"to_ids": false,
"type": "text",
"uuid": "5a9c491f-a3d8-415d-a3ff-4bdd02de0b81",
"value": "27/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191775",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c491f-1de4-4a40-a557-46ed02de0b81",
"value": "2018-03-03T16:59:52"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191778",
"uuid": "a2063520-46ea-4639-8633-cf5381334d18",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a2063520-46ea-4639-8633-cf5381334d18",
"referenced_uuid": "28105c15-e542-4dad-a548-faae9d5e4769",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-9130-45f7-9015-415902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191775",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c491f-df50-4932-95c0-42b802de0b81",
"value": "1dc50bfcab2bc80587ac900c03e23afcbe243f64"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191776",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4920-0d74-478f-a467-476f02de0b81",
"value": "24eb02947168753e8215661d2f1a38304a227cb798baab3882d504394127a7d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191776",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4920-0a04-44c0-862d-493802de0b81",
"value": "4017ce64f321fd1b75c9bb7815bde12a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191776",
"uuid": "28105c15-e542-4dad-a548-faae9d5e4769",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191776",
"to_ids": false,
"type": "link",
"uuid": "5a9c4920-bdb0-4f4b-a934-4afe02de0b81",
"value": "https://www.virustotal.com/file/24eb02947168753e8215661d2f1a38304a227cb798baab3882d504394127a7d5/analysis/1516168268/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191777",
"to_ids": false,
"type": "text",
"uuid": "5a9c4921-3fe4-41ff-930d-414a02de0b81",
"value": "33/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191777",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4921-baac-499b-a38b-497c02de0b81",
"value": "2018-01-17T05:51:08"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191781",
"uuid": "d5fc0820-91ec-4544-bdd4-2f87e2fa9467",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d5fc0820-91ec-4544-bdd4-2f87e2fa9467",
"referenced_uuid": "05084373-ae18-4394-b9f2-e740d2b08ccc",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-d5a8-463f-856f-476302de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191778",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4922-905c-4b5f-b27f-49a302de0b81",
"value": "4229896d61a5ad57ed5c247228606ce62c7032d0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191778",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4922-c094-4d11-93ed-437902de0b81",
"value": "ac0d7424715b79b4e73c427336e1ce08ec14fb74fd9bc3ab0a2057e1de256c97"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191779",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4923-4b18-42e7-8e00-421302de0b81",
"value": "1acd45c751fa80ae8fc860b9f4127f5e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191779",
"uuid": "05084373-ae18-4394-b9f2-e740d2b08ccc",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191779",
"to_ids": false,
"type": "link",
"uuid": "5a9c4923-bc10-4544-9c41-400102de0b81",
"value": "https://www.virustotal.com/file/ac0d7424715b79b4e73c427336e1ce08ec14fb74fd9bc3ab0a2057e1de256c97/analysis/1520026930/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191780",
"to_ids": false,
"type": "text",
"uuid": "5a9c4924-731c-4119-84e7-440c02de0b81",
"value": "37/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191780",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4924-0830-48d6-b53b-417d02de0b81",
"value": "2018-03-02T21:42:10"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191783",
"uuid": "58f55dfa-eed0-4746-9069-5146ed2103fc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "58f55dfa-eed0-4746-9069-5146ed2103fc",
"referenced_uuid": "cb61e17c-f9cd-493c-96c5-ea78e5ae6961",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-81c8-4168-a99d-44f402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191780",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4924-7840-4027-bcc6-484202de0b81",
"value": "01530adb3f947fabebae5d9c04fb69f9000c3cef"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191781",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4925-bc90-41fc-b0ca-4be902de0b81",
"value": "0aaf6668fdb194d74c3c83bc6bd098588f1d3884b7f05429a8e3bdb0a3d48f40"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191781",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4925-7080-4fbd-8945-455902de0b81",
"value": "41e9397a9e0f9770ac3342bc353528d5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191782",
"uuid": "cb61e17c-f9cd-493c-96c5-ea78e5ae6961",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191782",
"to_ids": false,
"type": "link",
"uuid": "5a9c4926-7bc4-446d-9604-417402de0b81",
"value": "https://www.virustotal.com/file/0aaf6668fdb194d74c3c83bc6bd098588f1d3884b7f05429a8e3bdb0a3d48f40/analysis/1516171550/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191782",
"to_ids": false,
"type": "text",
"uuid": "5a9c4926-5760-45c9-967a-46f602de0b81",
"value": "38/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191782",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4926-0928-4049-9d16-4f5102de0b81",
"value": "2018-01-17T06:45:50"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191786",
"uuid": "97a7c6eb-3a2f-432b-8e97-b106d469e964",
"ObjectReference": [
{
"comment": "",
"object_uuid": "97a7c6eb-3a2f-432b-8e97-b106d469e964",
"referenced_uuid": "f6ae7fb6-d975-4d07-a411-06fe28c989d2",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-13b4-4cc6-b306-41ae02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191783",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4927-183c-40ef-888e-466202de0b81",
"value": "7113aaab61cacb6086c5531a453adf82ca7e7d03"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191783",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4927-4334-4b4a-947a-4a2d02de0b81",
"value": "ca2ac4409093b8865dad6f821fbfb2cc768351e0585b4327123a7a67323e2eb4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191784",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4928-696c-405c-8b41-427802de0b81",
"value": "eac38d878c466ec7f7df1cd8153dfb2f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191784",
"uuid": "f6ae7fb6-d975-4d07-a411-06fe28c989d2",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191784",
"to_ids": false,
"type": "link",
"uuid": "5a9c4928-6d04-4782-9651-49a302de0b81",
"value": "https://www.virustotal.com/file/ca2ac4409093b8865dad6f821fbfb2cc768351e0585b4327123a7a67323e2eb4/analysis/1520006842/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191784",
"to_ids": false,
"type": "text",
"uuid": "5a9c4928-e1b4-4334-b497-46fe02de0b81",
"value": "23/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191784",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4928-5bfc-4346-b69e-4bb702de0b81",
"value": "2018-03-02T16:07:22"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191788",
"uuid": "c66c5308-cc4a-4435-b9a5-bcd7e48550fd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c66c5308-cc4a-4435-b9a5-bcd7e48550fd",
"referenced_uuid": "835ea6a0-be27-4835-8496-15b1400125ca",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-32f0-442e-8aa4-4cb802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191785",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4929-bd04-4499-ae9d-4c6502de0b81",
"value": "fe32d29fa16b1b71cd27b23a78ee9f6b7791bff3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191785",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4929-cfac-4b53-9e3d-4f7902de0b81",
"value": "909d70f6d91957b20a8ed09bcd881fb1416d23b63083c03840edc8c80d256a15"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191786",
"to_ids": true,
"type": "md5",
"uuid": "5a9c492a-2cac-4a5f-877e-419e02de0b81",
"value": "e69500f133b4f02d7ead478af8e7e29d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191786",
"uuid": "835ea6a0-be27-4835-8496-15b1400125ca",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191786",
"to_ids": false,
"type": "link",
"uuid": "5a9c492a-e8dc-4dd4-85b9-465302de0b81",
"value": "https://www.virustotal.com/file/909d70f6d91957b20a8ed09bcd881fb1416d23b63083c03840edc8c80d256a15/analysis/1520006627/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191787",
"to_ids": false,
"type": "text",
"uuid": "5a9c492b-afc8-4224-946a-465102de0b81",
"value": "14/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191787",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c492b-e1d0-4def-9e6f-41fd02de0b81",
"value": "2018-03-02T16:03:47"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191790",
"uuid": "933893e5-8c93-4dbb-981b-5f13107031ba",
"ObjectReference": [
{
"comment": "",
"object_uuid": "933893e5-8c93-4dbb-981b-5f13107031ba",
"referenced_uuid": "c4433d08-1723-4a90-9430-4550b1304464",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-5378-4e23-9ba2-4a1802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191787",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c492b-8ed8-4294-8d4c-4b4b02de0b81",
"value": "f3b62fea38cb44e15984d941445d24e6b309bc7b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191788",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c492c-b474-48f5-81b2-401102de0b81",
"value": "4588f52af10e123b050539fe48c317056e944b3ff0f9db9807cfcafaf74e1b8f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191789",
"to_ids": true,
"type": "md5",
"uuid": "5a9c492d-9a28-48ac-a691-413402de0b81",
"value": "4a67dfd94df2581aeeefacdd8f97e7de"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191789",
"uuid": "c4433d08-1723-4a90-9430-4550b1304464",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191789",
"to_ids": false,
"type": "link",
"uuid": "5a9c492d-c43c-42ec-98c0-4ccb02de0b81",
"value": "https://www.virustotal.com/file/4588f52af10e123b050539fe48c317056e944b3ff0f9db9807cfcafaf74e1b8f/analysis/1517608392/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191790",
"to_ids": false,
"type": "text",
"uuid": "5a9c492e-300c-4847-9d92-460a02de0b81",
"value": "29/58"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191790",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c492e-fcc8-4b07-825f-44af02de0b81",
"value": "2018-02-02T21:53:12"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191793",
"uuid": "cd84f8e1-762e-4825-b58e-abe40a0684dd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cd84f8e1-762e-4825-b58e-abe40a0684dd",
"referenced_uuid": "edd18574-a310-410d-98e7-4094acb57a27",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-f07c-4ea7-962f-4c3c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191790",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c492e-d53c-4318-8dde-477802de0b81",
"value": "4c7e975f95ebc47423923b855a7530af52977f57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191791",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c492f-25c4-459d-acd6-410a02de0b81",
"value": "fc2bcd38659ae83fd25b4f7091412ae9ba011612fa4dcc3ef665b2cae2a1d74f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191791",
"to_ids": true,
"type": "md5",
"uuid": "5a9c492f-3588-418d-82e5-489502de0b81",
"value": "81aa0527c789098f90c38967b276e331"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191792",
"uuid": "edd18574-a310-410d-98e7-4094acb57a27",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191792",
"to_ids": false,
"type": "link",
"uuid": "5a9c4930-68ac-407b-a7db-429602de0b81",
"value": "https://www.virustotal.com/file/fc2bcd38659ae83fd25b4f7091412ae9ba011612fa4dcc3ef665b2cae2a1d74f/analysis/1520026931/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191792",
"to_ids": false,
"type": "text",
"uuid": "5a9c4930-d048-42e9-a909-400c02de0b81",
"value": "29/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191792",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4930-4210-4e79-9c4d-48dd02de0b81",
"value": "2018-03-02T21:42:11"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191796",
"uuid": "3e3ac655-c8ff-4a06-8907-6e36b7e29f7f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3e3ac655-c8ff-4a06-8907-6e36b7e29f7f",
"referenced_uuid": "50d5693d-a1f9-405a-96ff-86a8a80d3849",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-6ccc-4c97-b865-400202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191793",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4931-a368-47ad-bc8e-4d2402de0b81",
"value": "66d2cea01b46c3353f4339a986a97b24ed89ee18"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191793",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4931-9a80-4a13-8459-496a02de0b81",
"value": "86981680172bbf0865e7693fe5a2bbe9b3ba12b3f1a1536ef67915daab78004c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191794",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4932-43b8-47c6-b4c8-4c5802de0b81",
"value": "5ccfdca9b2a3628841accdedb33217fc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191794",
"uuid": "50d5693d-a1f9-405a-96ff-86a8a80d3849",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191794",
"to_ids": false,
"type": "link",
"uuid": "5a9c4932-f714-4515-99b4-4e8102de0b81",
"value": "https://www.virustotal.com/file/86981680172bbf0865e7693fe5a2bbe9b3ba12b3f1a1536ef67915daab78004c/analysis/1520009613/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191795",
"to_ids": false,
"type": "text",
"uuid": "5a9c4933-15e0-40d0-affb-4f3502de0b81",
"value": "34/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191795",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4933-dfc4-4242-a5b4-44fc02de0b81",
"value": "2018-03-02T16:53:33"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191798",
"uuid": "354ee013-cc51-4dbc-a065-63407d7a79dc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "354ee013-cc51-4dbc-a065-63407d7a79dc",
"referenced_uuid": "667dd7e4-c149-42d7-b8da-2fa28338839b",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-9bd4-4d73-83e7-400802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191795",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4933-98b0-4475-a686-4cc402de0b81",
"value": "19d9573f0b2c2100accd562cc82d57adb12a57ec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191796",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4934-6390-438b-8e3e-4db502de0b81",
"value": "f9ed92a747b9c3596a22af0be9064af50e8adb3547e9b74b1178d5ef340c772d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191796",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4934-8e4c-435f-9f7a-4eae02de0b81",
"value": "acd00e87feacbd91c1466af3102a14fd"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191796",
"uuid": "667dd7e4-c149-42d7-b8da-2fa28338839b",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191796",
"to_ids": false,
"type": "link",
"uuid": "5a9c4934-a138-43d7-855d-4e5502de0b81",
"value": "https://www.virustotal.com/file/f9ed92a747b9c3596a22af0be9064af50e8adb3547e9b74b1178d5ef340c772d/analysis/1520096166/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191797",
"to_ids": false,
"type": "text",
"uuid": "5a9c4935-2da4-488c-8a2f-4ed102de0b81",
"value": "26/65"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191797",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4935-7824-4228-b47d-440b02de0b81",
"value": "2018-03-03T16:56:06"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191800",
"uuid": "ffde9d1b-07b8-4502-bc1c-8c61a050a0d1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ffde9d1b-07b8-4502-bc1c-8c61a050a0d1",
"referenced_uuid": "882a8ef5-40ac-432e-8cce-6c757d3dad16",
"relationship_type": "analysed-with",
"timestamp": "1520191816",
"uuid": "5a9c4948-6cf0-4f3d-baee-421502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191797",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4935-e1a4-4c5a-9be9-440402de0b81",
"value": "f90a2155ac492c3c2d5e1d83e384e1a734e59cc0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191798",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4936-6888-4851-852a-44ca02de0b81",
"value": "96c88682880bcb9e657f87ed7e0f4e47b13d0ddfd56abaf78707aa75e1e59fda"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191798",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4936-b714-4f9b-8045-497402de0b81",
"value": "587da1534b7ecf6fc8abc01f8c80c78b"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191799",
"uuid": "882a8ef5-40ac-432e-8cce-6c757d3dad16",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191799",
"to_ids": false,
"type": "link",
"uuid": "5a9c4937-2ce8-49cf-beeb-44de02de0b81",
"value": "https://www.virustotal.com/file/96c88682880bcb9e657f87ed7e0f4e47b13d0ddfd56abaf78707aa75e1e59fda/analysis/1518154717/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191800",
"to_ids": false,
"type": "text",
"uuid": "5a9c4938-9e50-43bf-8f04-436d02de0b81",
"value": "29/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191800",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4938-32a4-479c-8522-45dc02de0b81",
"value": "2018-02-09T05:38:37"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191803",
"uuid": "d988240f-156a-4bef-95fe-5ae0aed363ef",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d988240f-156a-4bef-95fe-5ae0aed363ef",
"referenced_uuid": "8459a3bb-9154-46f0-bc77-9f157f360bc8",
"relationship_type": "analysed-with",
"timestamp": "1520191817",
"uuid": "5a9c4949-02e8-409e-a9de-433402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191800",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4938-7e34-4883-bf40-428202de0b81",
"value": "85e2453b37602429596c9681a8c58a5c6faf8d0c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191801",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4939-da88-4b2d-9030-459502de0b81",
"value": "0d4352322160339f87be70c2f3fe096500cfcdc95a8dea975fdfc457bd347c44"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191801",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4939-365c-4d5c-a97e-4ec602de0b81",
"value": "9b5f6d131519880c72b13b3dde5508b2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191802",
"uuid": "8459a3bb-9154-46f0-bc77-9f157f360bc8",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191802",
"to_ids": false,
"type": "link",
"uuid": "5a9c493a-9ff4-43cb-8207-45b502de0b81",
"value": "https://www.virustotal.com/file/0d4352322160339f87be70c2f3fe096500cfcdc95a8dea975fdfc457bd347c44/analysis/1520005941/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191802",
"to_ids": false,
"type": "text",
"uuid": "5a9c493a-b844-498e-b31d-499702de0b81",
"value": "36/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191802",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c493a-2a5c-4573-b88f-48ab02de0b81",
"value": "2018-03-02T15:52:21"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191805",
"uuid": "8b9b4bf9-53db-44f1-93cb-6b2f285acd0d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8b9b4bf9-53db-44f1-93cb-6b2f285acd0d",
"referenced_uuid": "abfef57f-d54f-4348-b8fb-e89c39e87d10",
"relationship_type": "analysed-with",
"timestamp": "1520191817",
"uuid": "5a9c4949-b19c-41e0-9815-4ccc02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191803",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c493b-4148-4c11-821e-4fed02de0b81",
"value": "bca861a46d60831a3101c50f80a6d626fa99bf16"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191803",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c493b-a8e4-40a9-9e64-47e702de0b81",
"value": "60eee55b6ec18d81db6258277951e69cff31d518d821c566802d1408dd64f898"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191803",
"to_ids": true,
"type": "md5",
"uuid": "5a9c493b-2544-436f-afe1-40a202de0b81",
"value": "828930dcd7c0bd10efceff42b79096c9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191804",
"uuid": "abfef57f-d54f-4348-b8fb-e89c39e87d10",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191804",
"to_ids": false,
"type": "link",
"uuid": "5a9c493c-1a38-4193-99a5-4e4102de0b81",
"value": "https://www.virustotal.com/file/60eee55b6ec18d81db6258277951e69cff31d518d821c566802d1408dd64f898/analysis/1520096471/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191804",
"to_ids": false,
"type": "text",
"uuid": "5a9c493d-c668-4df5-86ce-477302de0b81",
"value": "27/65"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191805",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c493d-6380-4ee9-b6cf-454602de0b81",
"value": "2018-03-03T17:01:11"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191808",
"uuid": "e839410b-4086-442f-b5e0-ac197b937903",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e839410b-4086-442f-b5e0-ac197b937903",
"referenced_uuid": "f3f9b826-0e95-4e38-b843-da58ddbe059a",
"relationship_type": "analysed-with",
"timestamp": "1520191817",
"uuid": "5a9c4949-0134-46a2-9eaf-460002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191805",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c493d-55d4-4018-b0cf-45f702de0b81",
"value": "f684e15dd2e84bac49ea9b89f9b2646dc32a2477"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191805",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c493d-c49c-4402-8e48-4aec02de0b81",
"value": "1c514d9fbd2210b6469174d234daf2cb19d6b098592409164eaa92f9af3b1e8b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191806",
"to_ids": true,
"type": "md5",
"uuid": "5a9c493e-0e68-419b-8991-408b02de0b81",
"value": "9abd1767b449110a37f60c2dd41624d3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191806",
"uuid": "f3f9b826-0e95-4e38-b843-da58ddbe059a",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191806",
"to_ids": false,
"type": "link",
"uuid": "5a9c493e-d4f8-4642-b78d-430802de0b81",
"value": "https://www.virustotal.com/file/1c514d9fbd2210b6469174d234daf2cb19d6b098592409164eaa92f9af3b1e8b/analysis/1520006158/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191807",
"to_ids": false,
"type": "text",
"uuid": "5a9c493f-6e5c-4095-b5d1-47b402de0b81",
"value": "18/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191807",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c493f-01d8-4c28-a0e4-4eb202de0b81",
"value": "2018-03-02T15:55:58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191810",
"uuid": "b8494d13-1838-4cde-96ae-acd8f48e83a2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b8494d13-1838-4cde-96ae-acd8f48e83a2",
"referenced_uuid": "e4282726-dc94-4aed-a732-7045fe4d8ade",
"relationship_type": "analysed-with",
"timestamp": "1520191817",
"uuid": "5a9c4949-1ad0-4c3f-a956-4c8602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191807",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c493f-bd7c-412a-941b-499c02de0b81",
"value": "9b832dda912cce6b23da8abf3881fcf4d2b7ce09"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191808",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4940-03c0-482e-a994-4c2b02de0b81",
"value": "a15f8b68df8e444761a7475d3dce311e6315e8f8c43e5f4bfb4873040bc9c232"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191808",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4940-0170-4b9f-8217-46e602de0b81",
"value": "8d4210935ba3f15bd0e1ef5dbc9037a9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191809",
"uuid": "e4282726-dc94-4aed-a732-7045fe4d8ade",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191809",
"to_ids": false,
"type": "link",
"uuid": "5a9c4941-8a5c-4dc7-972f-462302de0b81",
"value": "https://www.virustotal.com/file/a15f8b68df8e444761a7475d3dce311e6315e8f8c43e5f4bfb4873040bc9c232/analysis/1520096221/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191809",
"to_ids": false,
"type": "text",
"uuid": "5a9c4941-1560-4ce8-8564-4fbf02de0b81",
"value": "31/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191809",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4941-0d54-45a5-9143-4c4602de0b81",
"value": "2018-03-03T16:57:01"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191813",
"uuid": "8db98fbb-2cbf-4e8d-b3ea-fbf95bc53388",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8db98fbb-2cbf-4e8d-b3ea-fbf95bc53388",
"referenced_uuid": "176f32f4-a6bc-4cdc-9810-f05b6dc37aed",
"relationship_type": "analysed-with",
"timestamp": "1520191817",
"uuid": "5a9c4949-e5cc-426c-9a6f-499602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191810",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4942-b708-4b4f-bef4-47ac02de0b81",
"value": "003e21b02be3248ff72cc2bfcd05bb161b6a2356"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191811",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4943-aeec-4942-aea9-4b4302de0b81",
"value": "2c5e5c86ca4fa172341c6bcbaa50984fb168d650ae9a33f2c6e6dccc1d57b369"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191811",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4943-4228-4357-9ce1-473902de0b81",
"value": "e00e2d202f5a4a84d895254d6c0d447f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191811",
"uuid": "176f32f4-a6bc-4cdc-9810-f05b6dc37aed",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191812",
"to_ids": false,
"type": "link",
"uuid": "5a9c4944-afdc-49fd-b2c2-483c02de0b81",
"value": "https://www.virustotal.com/file/2c5e5c86ca4fa172341c6bcbaa50984fb168d650ae9a33f2c6e6dccc1d57b369/analysis/1520006289/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191812",
"to_ids": false,
"type": "text",
"uuid": "5a9c4944-5910-4860-b2ed-415802de0b81",
"value": "20/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191812",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4944-b25c-460d-ba89-4e9002de0b81",
"value": "2018-03-02T15:58:09"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1520191815",
"uuid": "50ed765b-7319-4df8-ab5a-fec415cc1eb2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "50ed765b-7319-4df8-ab5a-fec415cc1eb2",
"referenced_uuid": "df58b1a3-6916-4801-b680-d868be75750a",
"relationship_type": "analysed-with",
"timestamp": "1520191817",
"uuid": "5a9c4949-540c-440d-bab4-4a3102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1520191812",
"to_ids": true,
"type": "sha1",
"uuid": "5a9c4944-5504-4b78-aa83-4cea02de0b81",
"value": "9b7c3c48bcef6330e3086de592b3223eb198744a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1520191813",
"to_ids": true,
"type": "sha256",
"uuid": "5a9c4945-51e8-46cf-8c7c-417702de0b81",
"value": "42a782d342fb70169b07a5c2be054af49f88ffa92d04243b070b5b939eaa4465"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1520191813",
"to_ids": true,
"type": "md5",
"uuid": "5a9c4945-81f4-433d-affb-428002de0b81",
"value": "9b93066b085a7929aabbab8ccfd331be"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1520191814",
"uuid": "df58b1a3-6916-4801-b680-d868be75750a",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1520191814",
"to_ids": false,
"type": "link",
"uuid": "5a9c4946-f9dc-408d-8952-4aad02de0b81",
"value": "https://www.virustotal.com/file/42a782d342fb70169b07a5c2be054af49f88ffa92d04243b070b5b939eaa4465/analysis/1520009561/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1520191814",
"to_ids": false,
"type": "text",
"uuid": "5a9c4946-dcdc-4bf2-9331-4e8c02de0b81",
"value": "35/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1520191814",
"to_ids": false,
"type": "datetime",
"uuid": "5a9c4946-9100-4e21-b6df-4f3f02de0b81",
"value": "2018-03-02T16:52:41"
}
]
}
]
}
}