1712 lines
No EOL
58 KiB
JSON
1712 lines
No EOL
58 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2018-03-10",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - New traces of Hacking Team in the wild",
|
|
"publish_timestamp": "1520714114",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1520714084",
|
|
"uuid": "5aa43c06-fbdc-4a8f-b607-406402de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#420014",
|
|
"name": "collaborative-intelligence:request=\"sample\""
|
|
},
|
|
{
|
|
"colour": "#001cad",
|
|
"name": "estimative-language:likelihood-probability=\"very-likely\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520714044",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43c14-ebf4-403b-8c58-492d02de0b81",
|
|
"value": "https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520714045",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c26-c0ac-46b7-b67b-421902de0b81",
|
|
"value": "Previously unreported samples of Hacking Team\u00e2\u20ac\u2122s infamous surveillance tool \u00e2\u20ac\u201c the Remote Control System (RCS) \u00e2\u20ac\u201c are in the wild, and have been detected by ESET systems in fourteen countries.\r\n\r\nOur analysis of the samples reveals evidence suggesting that Hacking Team\u00e2\u20ac\u2122s developers themselves are actively continuing the development of this spyware.\r\nFrom Hacking Team to Hacked Team to\u00e2\u20ac\u00a6?\r\n\r\nSince being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world.\r\n\r\nThe capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device\u00e2\u20ac\u2122s webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments \u00e2\u20ac\u201c an allegation it has consistently denied.\r\n\r\nWhen the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data \u00e2\u20ac\u201c including the once-secret list of customers, internal communications, and spyware source code \u00e2\u20ac\u201c leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future.\r\n\r\nFollowing the hack, the security community has been keeping a close eye on the company\u00e2\u20ac\u2122s efforts to get back on its feet. The first reports suggesting Hacking Team\u00e2\u20ac\u2122s resumed operations came six months later \u00e2\u20ac\u201c a new sample of Hacking Team\u00e2\u20ac\u2122s Mac spyware was apparently in the wild. A year after the breach, an investment by a company named Tablem Limited brought changes to Hacking Team\u00e2\u20ac\u2122s shareholder structure, with Tablem Limited taking 20% of Hacking Team\u00e2\u20ac\u2122s shareholding. Tablem Limited is officially based in Cyprus; however, recent news suggests it has ties to Saudi Arabia.\r\n\r\nHaving just concluded our research into another commercial spyware product, FinFisher, two interesting events involving Hacking Team occurred in close succession \u00e2\u20ac\u201c the report about Hacking Team\u00e2\u20ac\u2122s apparent financial recovery and our discovery of a new RCS variant in the wild with a valid digital certificate.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713140",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7b-6758-4fec-8cd1-4a6102de0b81",
|
|
"value": "Trojan.Win32/CrisisHT.F"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713141",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7b-b740-446e-903c-421302de0b81",
|
|
"value": "Trojan.Win32/CrisisHT.H"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713141",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7b-b9d0-4e61-bcc1-4b8102de0b81",
|
|
"value": "Trojan.Win32/CrisisHT.E"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713142",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7b-c2a0-4b08-98e8-464302de0b81",
|
|
"value": "Trojan.Win32/CrisisHT.L"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713142",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7b-ce90-4a4e-b761-4c1802de0b81",
|
|
"value": "Trojan.Win32/CrisisHT.J"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713142",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7b-d378-4585-b20f-455202de0b81",
|
|
"value": "Trojan.Win32/Agent.ZMW"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713143",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7c-5390-409f-9ac2-435202de0b81",
|
|
"value": "Trojan.Win32/Agent.ZMX"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713143",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7c-b2b4-4dfb-97f3-475502de0b81",
|
|
"value": "Trojan.Win32/Agent.ZMY"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713144",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43c7c-1430-45b3-8489-469402de0b81",
|
|
"value": "Trojan.Win32/Agent.ZMZ"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712853",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c95-e3e0-4d94-9481-4afe02de0b81",
|
|
"value": "2eebf9d864bef5e08e2e8abd93561322de2ab33b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712854",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c96-2cb8-4b0f-9be4-40b702de0b81",
|
|
"value": "51506ed3392b9e59243312b0f798c898804913db"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712854",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c96-0988-4e47-9025-4d5502de0b81",
|
|
"value": "61eda4847845f49689ae582391cd1e6a216a8fa3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712854",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c96-df04-4c30-9a8e-476302de0b81",
|
|
"value": "68ffd64b7534843ac2c66ed68f8b82a6ec81b3e8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712855",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c97-4e58-463c-980a-4dcc02de0b81",
|
|
"value": "6fd86649c6ca3d2a0653fd0da724bada9b6a6540"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712855",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c97-a97c-4c31-af16-4f1602de0b81",
|
|
"value": "92439f659f14dac5b353b1684a4a4b848ecc70ef"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712856",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c98-a020-47ff-94f3-4fa902de0b81",
|
|
"value": "a10ca5d8832bc2085592782bd140eb03cb31173a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712856",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c98-1808-4f2c-ada6-474b02de0b81",
|
|
"value": "a1c41f3dad59c9a1a126324a4612628fa174c45a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712856",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c98-48a4-4608-a83d-460902de0b81",
|
|
"value": "b7229303d71b500157fa668cece7411628d196e2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712857",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43c99-02d0-49f0-92e3-4b2202de0b81",
|
|
"value": "eede2e3fa512a0b1ac8230156256fc7d4386eb24"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712868",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43ca4-6a18-40e4-8fe6-49a702de0b81",
|
|
"value": "149.154.153.223"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713145",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43ca4-2720-4611-b256-4d7b02de0b81",
|
|
"value": "192.243.101.125"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713145",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43ca4-ff80-4124-ba0f-474002de0b81",
|
|
"value": "180.235.133.23"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713146",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43ca4-dc2c-4b74-925c-4e7202de0b81",
|
|
"value": "192.243.101.124"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713146",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43ca4-7138-42aa-b450-4ee902de0b81",
|
|
"value": "95.110.167.74"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712868",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43ca4-ed44-4129-bb6c-410402de0b81",
|
|
"value": "149.154.153.223"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712882",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43cb2-12dc-4d85-8cc9-4da102de0b81",
|
|
"value": "341dbcb6d17a3bc7fa813367414b023309eb69c4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712882",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43cb2-f574-4a31-b58a-4d6802de0b81",
|
|
"value": "86fad7c362a45097823220b77dcc30fb5671d6d4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712883",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43cb3-a204-40db-aa2c-42b702de0b81",
|
|
"value": "9dfc7e78892a9f18d2d15adbfa52cda379ddd963"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712883",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43cb3-7e68-44ce-8f20-449702de0b81",
|
|
"value": "e8f6b7d10b90ad64f976c3bfb4c822cb1a3c34b2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713147",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43cc7-d4c8-40c9-8d51-412b02de0b81",
|
|
"value": "188.166.244.225"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713147",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43cc7-b114-4aca-81a6-4f8202de0b81",
|
|
"value": "45.33.108.172"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713148",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43cc8-4b84-4fb2-a247-4abb02de0b81",
|
|
"value": "178.79.186.40"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713148",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43cc8-b824-448e-ab9c-4fae02de0b81",
|
|
"value": "173.236.149.166"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712917",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43cd5-0af4-4fd8-a42f-423402de0b81",
|
|
"value": "27f4287e1a5348714a308e9175fb9486d95815a2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712917",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43cd5-034c-4fdb-95d7-4b0902de0b81",
|
|
"value": "71a68c6140d066ca016efa9087d71f141e9e2806"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712918",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43cd6-12ec-4347-91d9-40af02de0b81",
|
|
"value": "dc817f86c1282382a1c21f64700b79fcd064ae5c"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713149",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43cf3-0308-4a5a-bb37-475702de0b81",
|
|
"value": "188.226.170.222"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712962",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d02-80a4-4797-b7e3-430302de0b81",
|
|
"value": "508f935344d95ffe9e7aedff726264a9b500b854"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712963",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d03-0550-478f-9a06-482702de0b81",
|
|
"value": "7cc213a26f8df47ddd252365fadbb9cca611be20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712963",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d03-0610-46a7-9d62-44b602de0b81",
|
|
"value": "98a98bbb488b6a6737b12344b7db1acf0b92932a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712964",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d04-8054-43df-8749-474f02de0b81",
|
|
"value": "cd29b37272f8222e19089205975ac7798aac7487"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712964",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d04-bc10-4a18-a457-4a5c02de0b81",
|
|
"value": "d21fe0171f662268ca87d4e142aedfbe6026680b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712965",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d05-62e4-43b5-8403-43bf02de0b81",
|
|
"value": "5bf1742d540f08a187b571c3bf2aeb64f141c4ab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712965",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d05-3020-4b87-9fd7-4b5002de0b81",
|
|
"value": "854600b2e42bd45acea9a9114747864be002bf0b"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713150",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43d11-f3c0-47a4-87fe-45d702de0b81",
|
|
"value": "46.165.236.62"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712995",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d23-659c-4cbf-8ddd-406402de0b81",
|
|
"value": "4ac42c9a479b34302e1199762459b5e775eec037"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712995",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d23-a85c-41bc-86c5-467602de0b81",
|
|
"value": "2059e2a90744611c7764c3b1c7dcf673bb36f7ab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712996",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d24-d1b8-4d3e-b0f1-453c02de0b81",
|
|
"value": "b5fb3147b43b5fe66da4c50463037c638e99fb41"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712996",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d24-5b14-496a-b6d6-487b02de0b81",
|
|
"value": "9cd2ff4157e4028c58cef9372d3bb99b8f2077ec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712996",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d24-1560-40df-9ce7-439602de0b81",
|
|
"value": "b23046f40fbc931b364888a7bc426b56b186d60e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712997",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d25-77f8-4f1a-b051-422e02de0b81",
|
|
"value": "cc209f9456f0a2c5a17e2823bdb1654789fcadc8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712997",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d25-cde4-410b-9218-4a2d02de0b81",
|
|
"value": "99c978219fe49e55441e11db0d1df4bda932e021"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712998",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d26-d6e4-41b1-9308-467d02de0b81",
|
|
"value": "e85c2eab4c9eea8d0c99e58199f313ca4e1d1735"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520712998",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d26-d448-4bd3-a55b-4d9d02de0b81",
|
|
"value": "141d126d41f1a779dca69dd09640aa125afed15a"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713150",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43d34-bb64-459d-acc8-4b8302de0b81",
|
|
"value": "199.175.54.209"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713151",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43d34-e254-4c60-aa40-4fa502de0b81",
|
|
"value": "199.175.54.228"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713026",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d42-ce14-4bf1-9e81-4e9802de0b81",
|
|
"value": "baa53ddba627f2c38b26298d348ca2e1a31be52e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713026",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d42-9420-42b2-aeca-4c0e02de0b81",
|
|
"value": "5690a51384661602cd796e53229872ff87ab8aa4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713027",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d43-648c-4922-9c6b-451502de0b81",
|
|
"value": "aa2a408fcaa5c86d2972150fc8dd3ad3422f807a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713027",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43d43-cb8c-4185-bde5-434e02de0b81",
|
|
"value": "83503513a76f82c8718fad763f63fcd349b8b7fc"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Sample with RFC1918 network",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1520713151",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"value": "172.16.1.206"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713155",
|
|
"uuid": "8f1ac29d-1dac-4bb8-b8cd-d43918109c56",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8f1ac29d-1dac-4bb8-b8cd-d43918109c56",
|
|
"referenced_uuid": "6ffffa16-5287-41a8-b0bc-1011a2f90542",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-2bb8-4bd5-b2e8-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713152",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dc0-8ed0-404e-9236-5a3902de0b81",
|
|
"value": "cd29b37272f8222e19089205975ac7798aac7487"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713152",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dc0-45a8-41ab-9d32-5a3902de0b81",
|
|
"value": "23bd1bd8124b07092e4ff894af2c7a892ea5c05a89daf4d9d39e18be7d098b3f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713153",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dc1-d73c-45b5-9390-5a3902de0b81",
|
|
"value": "e56c0bb65c68e89921b4a8348976a0e9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713153",
|
|
"uuid": "6ffffa16-5287-41a8-b0bc-1011a2f90542",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713153",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dc1-c88c-4353-8bdb-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/23bd1bd8124b07092e4ff894af2c7a892ea5c05a89daf4d9d39e18be7d098b3f/analysis/1520698055/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713154",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dc2-e724-4f6d-bd9b-5a3902de0b81",
|
|
"value": "27/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713154",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dc2-c94c-48d5-8ee2-5a3902de0b81",
|
|
"value": "2018-03-10T16:07:35"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713157",
|
|
"uuid": "c514a618-21cc-4848-8b7d-b32d3c2590f4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c514a618-21cc-4848-8b7d-b32d3c2590f4",
|
|
"referenced_uuid": "00dc0efd-2673-4a9a-8e63-4016fae10397",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-b01c-47c3-a80b-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713154",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dc2-d6c8-499e-99b6-5a3902de0b81",
|
|
"value": "aa2a408fcaa5c86d2972150fc8dd3ad3422f807a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713155",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dc3-03d8-43b2-8558-5a3902de0b81",
|
|
"value": "de4906e8e68e5b74dad0bcfa8b9950f64adea9c38b4d0f122bdf2c561cd080f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713155",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dc3-7b80-4622-991b-5a3902de0b81",
|
|
"value": "f3001d31503a2c610a6c490c24e87aba"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713155",
|
|
"uuid": "00dc0efd-2673-4a9a-8e63-4016fae10397",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713156",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dc4-0a24-4cdc-a716-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/de4906e8e68e5b74dad0bcfa8b9950f64adea9c38b4d0f122bdf2c561cd080f8/analysis/1520698380/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713156",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dc4-aa2c-40f2-965e-5a3902de0b81",
|
|
"value": "18/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713156",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dc4-89e0-4b9d-a7a2-5a3902de0b81",
|
|
"value": "2018-03-10T16:13:00"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713159",
|
|
"uuid": "0cf3262b-d9cd-4511-bc13-399ac4e64747",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0cf3262b-d9cd-4511-bc13-399ac4e64747",
|
|
"referenced_uuid": "9c7a5201-6887-49ed-8980-1b5a9e474827",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-17fc-4149-bfe4-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713157",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dc5-74dc-4c3a-b73b-5a3902de0b81",
|
|
"value": "61eda4847845f49689ae582391cd1e6a216a8fa3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713157",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dc5-97cc-4398-a7f9-5a3902de0b81",
|
|
"value": "d485eaaed66a97822fd8b3317d2d61df50c1e1647ad37d6f42805b11eac37746"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713157",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dc5-3958-4d06-9f9c-5a3902de0b81",
|
|
"value": "c0618556e9ef16b35b042bc29aeb9291"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713158",
|
|
"uuid": "9c7a5201-6887-49ed-8980-1b5a9e474827",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713158",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dc6-37ec-420a-bc0e-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/d485eaaed66a97822fd8b3317d2d61df50c1e1647ad37d6f42805b11eac37746/analysis/1520697613/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713158",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dc6-a180-4d4d-ae82-5a3902de0b81",
|
|
"value": "15/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713158",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dc6-f194-4f02-b168-5a3902de0b81",
|
|
"value": "2018-03-10T16:00:13"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713162",
|
|
"uuid": "23ae982a-dca9-4fca-944b-124be14c0c9f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "23ae982a-dca9-4fca-944b-124be14c0c9f",
|
|
"referenced_uuid": "7422e526-4992-4cb4-b1b5-8d1545afa39e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-50d8-498c-999f-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713159",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dc7-3b00-4cdd-9595-5a3902de0b81",
|
|
"value": "5690a51384661602cd796e53229872ff87ab8aa4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713159",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dc7-3e14-44fa-b60d-5a3902de0b81",
|
|
"value": "60a3fb6c7e520bd27a218feda00d45383bf937eb43de823b0c3247cd1959e2ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713160",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dc8-31f4-4cb9-b7b0-5a3902de0b81",
|
|
"value": "2612c832ffebbdb7dab7e5b8d1905390"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713160",
|
|
"uuid": "7422e526-4992-4cb4-b1b5-8d1545afa39e",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713160",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dc8-c858-4bcb-93dc-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/60a3fb6c7e520bd27a218feda00d45383bf937eb43de823b0c3247cd1959e2ee/analysis/1520698295/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713161",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dc9-31dc-4708-85d0-5a3902de0b81",
|
|
"value": "21/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713161",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dc9-7948-419f-b795-5a3902de0b81",
|
|
"value": "2018-03-10T16:11:35"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713165",
|
|
"uuid": "af2d44db-3090-4ba3-b8a7-ee2d0d4258fc",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "af2d44db-3090-4ba3-b8a7-ee2d0d4258fc",
|
|
"referenced_uuid": "73679752-9aec-4797-b143-16fb695da756",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-b3b4-46eb-8d3c-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713162",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dca-ad40-4936-90a4-5a3902de0b81",
|
|
"value": "baa53ddba627f2c38b26298d348ca2e1a31be52e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713162",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dca-db6c-4877-bb5f-5a3902de0b81",
|
|
"value": "d632340e513002dce71b8427dc5cb3c2bda0432ca0a64112b023545bc33fcfc0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713163",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dcb-c758-4c6e-a0dd-5a3902de0b81",
|
|
"value": "8f56458f3fb710c4c1d103e7e9951703"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713163",
|
|
"uuid": "73679752-9aec-4797-b143-16fb695da756",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713163",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dcb-12f0-41e5-9a7a-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/d632340e513002dce71b8427dc5cb3c2bda0432ca0a64112b023545bc33fcfc0/analysis/1520698270/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713164",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dcc-b1b0-4e41-8e7f-5a3902de0b81",
|
|
"value": "19/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713164",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dcc-b1dc-4d6b-a745-5a3902de0b81",
|
|
"value": "2018-03-10T16:11:10"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713167",
|
|
"uuid": "4d5a2ae4-7ffb-44e5-90e0-30adb5a8f2d0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4d5a2ae4-7ffb-44e5-90e0-30adb5a8f2d0",
|
|
"referenced_uuid": "8bce23ef-625e-4fa0-a04f-d6ea5143db09",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-3580-4802-91b4-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713164",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dcc-1fe4-42c6-92a5-5a3902de0b81",
|
|
"value": "e85c2eab4c9eea8d0c99e58199f313ca4e1d1735"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713165",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dcd-b860-4cc7-ab3a-5a3902de0b81",
|
|
"value": "7ad11df43e76e61bde4ef6b7357cf0ce51363fda911e7504a5b3e45051249dd7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713165",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dcd-860c-455d-97f0-5a3902de0b81",
|
|
"value": "80eab4d4b117ef420fe9cdd63d6a9b99"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713166",
|
|
"uuid": "8bce23ef-625e-4fa0-a04f-d6ea5143db09",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713166",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dce-4538-4ac9-9e50-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/7ad11df43e76e61bde4ef6b7357cf0ce51363fda911e7504a5b3e45051249dd7/analysis/1520698195/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713166",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dce-5434-4583-9e21-5a3902de0b81",
|
|
"value": "37/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713166",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dce-1ea8-40e5-b94e-5a3902de0b81",
|
|
"value": "2018-03-10T16:09:55"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713170",
|
|
"uuid": "a684e0aa-5fde-4266-8526-e2e4e1534034",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a684e0aa-5fde-4266-8526-e2e4e1534034",
|
|
"referenced_uuid": "8d39fa5f-4b17-4163-b1c7-5d0927e8a66d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-02e4-42db-bb8d-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713167",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dcf-68cc-4bbc-8879-5a3902de0b81",
|
|
"value": "71a68c6140d066ca016efa9087d71f141e9e2806"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713167",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dcf-3dac-48ec-a3b9-5a3902de0b81",
|
|
"value": "2d839ea7a0e0b371b40401c521d9253a9bc969855c36a1a0275bff599d683123"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713167",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dcf-662c-4fce-ad69-5a3902de0b81",
|
|
"value": "d6ca39fef03cf67f8ddc2a560874d80d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713168",
|
|
"uuid": "8d39fa5f-4b17-4163-b1c7-5d0927e8a66d",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713168",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dd0-b910-48fe-ab56-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/2d839ea7a0e0b371b40401c521d9253a9bc969855c36a1a0275bff599d683123/analysis/1520697957/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713168",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dd0-bc10-4b59-8555-5a3902de0b81",
|
|
"value": "40/64"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713169",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dd1-9870-4cae-bee5-5a3902de0b81",
|
|
"value": "2018-03-10T16:05:57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713172",
|
|
"uuid": "73a783a2-4a26-45d7-8a48-4891b2074c3e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "73a783a2-4a26-45d7-8a48-4891b2074c3e",
|
|
"referenced_uuid": "e37bb3f3-dff5-4ad1-baed-1dfe0cda7d7c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-3d10-4954-9d80-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713169",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dd1-2cf4-4cb6-80bd-5a3902de0b81",
|
|
"value": "99c978219fe49e55441e11db0d1df4bda932e021"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713169",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dd1-f6fc-42cb-960c-5a3902de0b81",
|
|
"value": "d828682e72ea7953a3b62d2a7d97f69b6087595b82fb8df1e75ef66ddbd52bb9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713170",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dd2-a0a4-4bcc-b877-5a3902de0b81",
|
|
"value": "6f5c89473c9e6baf741629549ec52fe1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713170",
|
|
"uuid": "e37bb3f3-dff5-4ad1-baed-1dfe0cda7d7c",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713170",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dd2-4aa8-4857-bb26-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/d828682e72ea7953a3b62d2a7d97f69b6087595b82fb8df1e75ef66ddbd52bb9/analysis/1520698181/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713171",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dd3-e060-4efe-b6f3-5a3902de0b81",
|
|
"value": "38/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713171",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dd3-4a78-4345-8f53-5a3902de0b81",
|
|
"value": "2018-03-10T16:09:41"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1520713174",
|
|
"uuid": "74749933-0413-4182-aa63-26f29f66d794",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "74749933-0413-4182-aa63-26f29f66d794",
|
|
"referenced_uuid": "e9d32494-70d3-498d-b857-0f882c3d7a90",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1520713174",
|
|
"uuid": "5aa43dd6-5a34-408c-9046-5a3902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1520713171",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aa43dd3-c79c-41c2-8832-5a3902de0b81",
|
|
"value": "83503513a76f82c8718fad763f63fcd349b8b7fc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1520713172",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aa43dd4-97ec-4727-9a25-5a3902de0b81",
|
|
"value": "e785eac2917af3f1a5bdd8c3a2210588c7ac4ab3cd0c168938f526cbd823aa27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1520713172",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa43dd4-9550-429b-a5c2-5a3902de0b81",
|
|
"value": "7f1f9fa306c2e71ecb96daefafadc6e3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1520713172",
|
|
"uuid": "e9d32494-70d3-498d-b857-0f882c3d7a90",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1520713173",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aa43dd5-3738-43f3-856a-5a3902de0b81",
|
|
"value": "https://www.virustotal.com/file/e785eac2917af3f1a5bdd8c3a2210588c7ac4ab3cd0c168938f526cbd823aa27/analysis/1520701204/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1520713173",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aa43dd5-d4ec-426a-8ec9-5a3902de0b81",
|
|
"value": "19/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1520713173",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aa43dd5-2360-45ea-b7ec-5a3902de0b81",
|
|
"value": "2018-03-10T17:00:04"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |