4044 lines
No EOL
136 KiB
JSON
4044 lines
No EOL
136 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2019-03-27",
|
|
"extends_uuid": "",
|
|
"info": "OSINT- WinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns",
|
|
"publish_timestamp": "1554375618",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1554375589",
|
|
"uuid": "5c9b46dc-f354-4e45-b44a-4966950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:malpedia=\"Azorult\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:malpedia=\"Quasar RAT\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-malware=\"NETWIRE - S0198\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:ransomware=\"Razy\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:rat=\"Netwire\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:rat=\"Quasar RAT\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:stealer=\"AZORult\""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554199776",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca334cd-3c38-4206-b4bd-44f8950d210f",
|
|
"value": "WinRAR, an over 20-year-old file archival utility used by over 500 million users worldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability, disclosed in CVE-2018-20250 by Check Point Research, enables attackers to specify arbitrary destinations during file extraction of \u00e2\u20ac\u02dcACE\u00e2\u20ac\u2122 formatted files, regardless of user input. Attackers can easily achieve persistence and code execution by creating malicious archives that extract files to sensitive locations, like the Windows \u00e2\u20ac\u0153Startup\u00e2\u20ac\u009d Start Menu folder. While this vulnerability has been fixed in the latest version of WinRAR (5.70), WinRAR itself does not contain auto-update features, increasing the likelihood that many existing users remain running out-of-date versions.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554210403",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5ca34188-a4c0-4be1-a512-4809950d210f",
|
|
"value": "185.162.131.92"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Payload download",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554203782",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca34486-c174-4835-a726-43cf950d210f",
|
|
"value": "http://185.49.71.101/i/pwi_crs.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Netwire C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554210433",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5ca35e81-e368-425f-9334-4c26950d210f",
|
|
"value": "89.34.111.113"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554213604",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca36ae4-99c8-4929-8075-472a950d210f",
|
|
"value": "%USERPROFILE%\\Desktop\\100m.bat"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554281779",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca47533-79f4-4c4a-b7a3-4c9e950d210f",
|
|
"value": "www.alahbabgroup.com/bakala/verify.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554281782",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca47536-ecbc-43b5-9e7c-474a950d210f",
|
|
"value": "103.225.168.159/admin/verify.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554281782",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca47536-1d78-46c4-bcea-491c950d210f",
|
|
"value": "www.khuyay.org/odin_backup/public/loggoff.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554281782",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca47536-e118-4430-a1bc-4eba950d210f",
|
|
"value": "47.91.56.21/verify.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554286287",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5ca486cf-f20c-40e1-acd4-4be7950d210f",
|
|
"value": "31.148.220.53"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554286287",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca486cf-e3c4-4378-a2bf-4429950d210f",
|
|
"value": "http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554365037",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca5ba6d-a63c-4e1b-8207-4c96950d210f",
|
|
"value": "http://103.225.168.159/admin/verify.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554365038",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca5ba6e-c3d4-4e66-bc47-4b73950d210f",
|
|
"value": "http://185.162.131.92"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554365038",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f",
|
|
"value": "http://47.91.56.21/verify.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554365038",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca5ba6e-35a8-484e-b044-4986950d210f",
|
|
"value": "http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554365038",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca5ba6e-01fc-4117-8ff6-4d6f950d210f",
|
|
"value": "http://www.alahbabgroup.com/bakala/verify.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1554365038",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ca5ba6e-be44-4314-b8e5-4c12950d210f",
|
|
"value": "http://www.khuyay.org/odin_backup/public/loggoff.php"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
|
|
"meta-category": "misc",
|
|
"name": "microblog",
|
|
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
|
|
"template_version": "5",
|
|
"timestamp": "1553697780",
|
|
"uuid": "5c9b8bf4-11d4-4450-882b-4d83950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "post",
|
|
"timestamp": "1553697780",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c9b8bf4-81a0-484a-94aa-4524950d210f",
|
|
"value": "\u00e2\u0161\u00a0\r\n WARNING \r\n\u00e2\u0161\u00a0\r\n\r\nWinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns\r\n(link: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html) fireeye.com/blog/threat-re\u00e2\u20ac\u00a6\r\nAll IOCs:\r\n(link: https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a) otx.alienvault.com/pulse/5c9a4ff3\u00e2\u20ac\u00a6\r\nExploit Details:\r\n(link: https://research.checkpoint.com/extracting-code-execution-from-winrar/) research.checkpoint.com/extracting-cod\u00e2\u20ac\u00a6"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "type",
|
|
"timestamp": "1553697780",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c9b8bf4-b480-4cf3-80c3-4e97950d210f",
|
|
"value": "Twitter"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1553697780",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5c9b8bf4-0bfc-4d15-9eca-4640950d210f",
|
|
"value": "https://mobile.twitter.com/Bank_Security/status/1110795166762307585"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1553698134",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "5c9b8bf4-b578-4b65-ab12-4f46950d210f",
|
|
"value": "https://t.co/WXbZ8UEIUY?amp=1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1553698104",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "5c9b8bf4-daa4-45d3-949e-4814950d210f",
|
|
"value": "https://t.co/4QpF7PmDLH?amp=1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1553698109",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "5c9b8bf4-da6c-4fd2-a520-4e67950d210f",
|
|
"value": "https://t.co/arJH9cqHID?amp=1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1554374942",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "5c9b8bf4-f79c-4eab-8203-4699950d210f",
|
|
"value": "https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html",
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1554374999",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "5c9b8bf4-a76c-4085-914a-4fa0950d210f",
|
|
"value": "https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a",
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1554375000",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "5c9b8bf4-7c20-48fc-9447-4dd3950d210f",
|
|
"value": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1553697780",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5c9b8bf4-aa90-4700-8335-43c2950d210f",
|
|
"value": "2019-03-27T07:46:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "username",
|
|
"timestamp": "1553697780",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c9b8bf4-f9d0-4d81-8a45-4059950d210f",
|
|
"value": "Bank_Security"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554204429",
|
|
"uuid": "5ca3352d-5220-47a1-acbf-4da1950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554204429",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca3352d-fe40-4df4-aa41-4f09950d210f",
|
|
"value": "Scan_Letter_of_Approval.rar"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554204429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca3352d-6d04-4b13-8ff1-438b950d210f",
|
|
"value": "Malicious"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554204432",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca34710-d240-4483-9fba-4cd8950d210f",
|
|
"value": "8e067e4cda99299b0bf2481cc1fd8e12"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554207363",
|
|
"uuid": "5ca33543-c790-4983-b1bb-4663950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554207363",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca33543-4910-49a0-bcb9-49ca950d210f",
|
|
"value": "winSrvHost.vbs"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554207363",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca33543-a95c-4e6c-8c8c-4551950d210f",
|
|
"value": "Malicious"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554207363",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca35283-f62c-4978-97e5-4bc8950d210f",
|
|
"value": "3aabc9767d02c75ef44df6305bc6a41f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "decoy document",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554208790",
|
|
"uuid": "5ca3355c-383c-4caa-be6c-4c46950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554208790",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca3355c-1e60-46af-b5a9-49f5950d210f",
|
|
"value": "Letter of Approval.pdf"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554208790",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca3355c-f078-46b5-986d-4ea2950d210f",
|
|
"value": "Malicious"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554208790",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca35816-bbdc-48dc-96be-4351950d210f",
|
|
"value": "dc63d5affde0db95128dac52f9d19578"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554210292",
|
|
"uuid": "5ca35df4-911c-46d0-a997-43f9950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554210292",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca35df4-5dc8-429b-bdf8-4dcc950d210f",
|
|
"value": "pwi_crs.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554210292",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca35df4-0358-40b3-902c-4000950d210f",
|
|
"value": "12def981952667740eb06ee91168e643"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554210292",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca35df4-4a08-42ec-950a-4e55950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554213946",
|
|
"uuid": "5ca36c3a-433c-4a6f-a46e-4084950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554213946",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca36c3a-5338-461b-9f48-4084950d210f",
|
|
"value": "SysAid-Documentation.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554213946",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca36c3a-bca4-4f5e-878a-4084950d210f",
|
|
"value": "062801f6fdbda4dd67b77834c62e82a4"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554213946",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca36c3a-8870-4f77-b7ec-4084950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554214721",
|
|
"uuid": "5ca36f41-1ccc-4fd2-82b8-4062950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554214721",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca36f41-9e38-4ac2-8a91-4062950d210f",
|
|
"value": "SysAid-Documentation.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554214721",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca36f41-ca18-487c-9586-4062950d210f",
|
|
"value": "49419d84076b13e96540fdd911f1c2f0"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554214721",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca36f41-efec-4c1b-8c3d-4062950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554278919",
|
|
"uuid": "5ca46a07-81c0-4819-91b2-d709950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554278919",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca46a07-94a0-4fdf-bdc6-d709950d210f",
|
|
"value": "ekrnview.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554278920",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca46a08-f3f8-42f0-976f-d709950d210f",
|
|
"value": "96986b18a8470f4020ea78df0b3db7d4"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554278920",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca46a08-c240-485f-a69e-d709950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554279888",
|
|
"uuid": "5ca46dd0-955c-47b9-9511-ced9950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554279888",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca46dd0-eb5c-42e5-9016-ced9950d210f",
|
|
"value": "Thumbs.db.lnk"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554279890",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca46dd2-ae64-4386-9716-ced9950d210f",
|
|
"value": "31718d7b9b3261688688bdc4e026db99"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554279894",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca46dd6-9b28-4a0f-a280-ced9950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Email",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554281669",
|
|
"uuid": "5ca474c5-95f8-435f-aff2-8a88950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554281670",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca474c6-c9a4-4a0e-9c9f-8a88950d210f",
|
|
"value": "8c93e024fc194f520e4e72e761c0942d"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554281676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca474cc-ef7c-4629-adf2-8a88950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554285781",
|
|
"uuid": "5ca484d5-7b60-46fe-851d-41f7950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554285781",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca484d5-5304-40f8-b382-4afe950d210f",
|
|
"value": "zakon.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554285781",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca484d5-6554-4b71-a8fd-407d950d210f",
|
|
"value": "9b19753369b6ed1187159b95fc8a81cd"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554285781",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca484d5-4a10-49bd-aa54-4acc950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554286191",
|
|
"uuid": "5ca4866f-f878-4e2d-84dc-4095950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554286191",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4866f-2808-4f01-ba46-4713950d210f",
|
|
"value": "mssconf.bat"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554286191",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4866f-13c0-4909-bd5d-4083950d210f",
|
|
"value": "79b53b4555c1fb39ba3c7b8ce9a4287e"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554286191",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4866f-8a3c-453b-8968-474b950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554288808",
|
|
"uuid": "5ca490a8-46c0-4464-8d48-456d950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554288809",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca490a9-8e18-467a-b8dd-4370950d210f",
|
|
"value": "leaks copy.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554288809",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca490a9-4bf8-4ca2-95d2-405e950d210f",
|
|
"value": "e9815dfb90776ab449539a2be7c16de5"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554288809",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca490a9-c0b4-4a29-ad71-4d26950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554293937",
|
|
"uuid": "5ca4a4b1-b8cc-40d3-95a9-4090950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554293937",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4a4b1-fe08-4297-8fe1-49d2950d210f",
|
|
"value": "cc.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554293937",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4a4b1-00ac-44bf-9996-4448950d210f",
|
|
"value": "9b81b3174c9b699f594d725cf89ffaa4"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554293937",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4a4b1-ae38-4e86-8f8b-4a8a950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554294283",
|
|
"uuid": "5ca4a60b-9d04-4f5c-93f2-4d91950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554294283",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4a60b-489c-42f0-90a1-433e950d210f",
|
|
"value": "zabugor.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294283",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4a60b-9fd8-4b69-90fe-4cee950d210f",
|
|
"value": "914ac7ecf2557d5836f26a151c1b9b62"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554294283",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4a60b-cc90-46c2-bb49-4fcf950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554294764",
|
|
"uuid": "5ca4a7ec-7f2c-437a-a124-4b84950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554294764",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4a7ec-732c-4c62-8b60-429f950d210f",
|
|
"value": "zabugorV.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294764",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4a7ec-eea4-4f2a-957e-45ee950d210f",
|
|
"value": "eca09fe8dcbc9d1c097277f2b3ef1081"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554294764",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4a7ec-fe1c-4daf-b0bc-4f3c950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554294796",
|
|
"uuid": "5ca4a80c-2170-4c49-b18e-4018950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554294797",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4a80d-ce34-4f89-b5b1-43c2950d210f",
|
|
"value": "Combolist.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294797",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4a80d-d078-4c34-a694-46cb950d210f",
|
|
"value": "1f5fa51ac9517d70f136e187d45f69de"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554294797",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4a80d-6728-4ed0-8532-4ee4950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554294829",
|
|
"uuid": "5ca4a82d-0f6c-4877-b8a4-4073950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554294829",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4a82d-58ec-4299-8f74-4c0a950d210f",
|
|
"value": "Nulled2019.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294829",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4a82d-fb34-4a85-b92d-4650950d210f",
|
|
"value": "f36404fb24a640b40e2d43c72c18e66b"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554294829",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4a82d-5e0c-4674-8947-446c950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554296565",
|
|
"uuid": "5ca4aef5-a100-4a27-bc1d-43b1950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554296565",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4aef5-b590-4678-91f0-4920950d210f",
|
|
"value": "IT.rar"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554296569",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4aef9-30bc-4579-a6b7-4754950d210f",
|
|
"value": "0f56b04a4e9a0df94c7f89c1bccf830c"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554296573",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4aefd-489c-4d83-9ab2-4622950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "QuasarRAT",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554300197",
|
|
"uuid": "5ca4bd25-7734-4740-bac3-4cab950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554300197",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4bd25-3378-4916-bfa1-4f17950d210f",
|
|
"value": "explorer.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300198",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4bd26-b850-4b8a-8ee3-490f950d210f",
|
|
"value": "1ba398b0a14328b9604eeb5ebf139b40"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554300198",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4bd26-d76c-4599-9727-448c950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554300221",
|
|
"uuid": "5ca4bd3d-3320-411a-86ce-48fc950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554300221",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4bd3d-fa18-475b-8c96-42cf950d210f",
|
|
"value": "explorer.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300221",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4bd3d-c5e0-4eab-9c7b-4a2f950d210f",
|
|
"value": "aac00312a961e81c4af4664c49b4a2b2"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554300221",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4bd3d-956c-457c-927a-4dc7950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Netwire",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554300248",
|
|
"uuid": "5ca4bd58-9274-4fc3-9eae-424e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554300248",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4bd58-dd34-4802-8111-49eb950d210f",
|
|
"value": "IntelAudio.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300249",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4bd59-d288-4ea4-b6ea-479f950d210f",
|
|
"value": "2961c52f04b7fdf7ccf6c01ac259d767"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554300249",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4bd59-04dc-4c35-8047-4a35950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Razy",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554300276",
|
|
"uuid": "5ca4bd74-949c-45b2-9290-4e09950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554300276",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4bd74-2764-4dfe-ba20-492f950d210f",
|
|
"value": "Discord.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300276",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4bd74-81f8-405b-b459-458a950d210f",
|
|
"value": "97d74671d0489071baa21f38f456eb74"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554300276",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4bd74-f748-466c-8d1d-4add950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Buzy",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554300303",
|
|
"uuid": "5ca4bd8f-6bac-4726-87b5-49ef950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554300303",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4bd8f-491c-49f6-a8d7-40c3950d210f",
|
|
"value": "Discord.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300312",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4bd98-d874-4eed-ab8c-472f950d210f",
|
|
"value": "bcc49643833a4d8545ed4145fb6fdfd2"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554300313",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4bd99-4ed4-41ff-a4c0-4932950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554302428",
|
|
"uuid": "5ca4c5dc-542c-48e1-91be-4b39950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1554302428",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ca4c5dc-1d24-45a3-a121-4edc950d210f",
|
|
"value": "old.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554302428",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca4c5dc-f3e4-47e0-816f-49e8950d210f",
|
|
"value": "119a0fd733bc1a013b0d4399112b8626"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554302428",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca4c5dc-e128-42c4-afa9-449a950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "16",
|
|
"timestamp": "1554368840",
|
|
"uuid": "5ca5c948-d538-4f46-850c-4867950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554368840",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ca5c948-6308-4c7c-9400-4438950d210f",
|
|
"value": "7dae2d144dae4447a152bef586520ef8"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1554368840",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ca5c948-a84c-481c-be5d-41b7950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375558",
|
|
"uuid": "93cde704-eb81-46a1-bf16-412a7c6abbdf",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "93cde704-eb81-46a1-bf16-412a7c6abbdf",
|
|
"referenced_uuid": "bb78d9ea-99dd-4557-8135-d577734bdace",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375564",
|
|
"uuid": "5ca5e38c-1ef0-40d7-ac41-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554302428",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8c9f104c-fcb9-4583-b414-6869383edc6a",
|
|
"value": "119a0fd733bc1a013b0d4399112b8626"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554302428",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "8314350d-9f25-4c9a-9e93-d0f60cc0a84b",
|
|
"value": "092e7d2aa0c518a499e8cc5aaf3e827ad3b66512"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554302428",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f985c436-aec4-4a6d-830c-94964de578ab",
|
|
"value": "87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375558",
|
|
"uuid": "bb78d9ea-99dd-4557-8135-d577734bdace",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554302428",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9beab9c9-b030-42d5-963a-07948cc15406",
|
|
"value": "2019-03-27T21:41:06"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554302428",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "96552c73-8407-4a1b-b581-1d8a1f67e8bc",
|
|
"value": "https://www.virustotal.com/file/87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0/analysis/1553722866/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554302428",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6229267a-31f2-4c37-a98f-fcad7f56d641",
|
|
"value": "50/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375559",
|
|
"uuid": "e6a06d80-1a38-4b89-8be3-0242f4f284be",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e6a06d80-1a38-4b89-8be3-0242f4f284be",
|
|
"referenced_uuid": "382da157-8d8e-479d-8449-2a7a7c54b674",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375564",
|
|
"uuid": "5ca5e38c-878c-4b26-8654-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294797",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e133f567-a1d3-4756-8519-8603ac348dfa",
|
|
"value": "1f5fa51ac9517d70f136e187d45f69de"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554294797",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "1f3c34da-dbc4-41f1-a890-c8a6d1e5f25c",
|
|
"value": "fddc26459a6c6055a320f282a5ac51d1b74f2fd3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554294797",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3d38637a-7545-4a83-80a9-9cbc3e096100",
|
|
"value": "6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375559",
|
|
"uuid": "382da157-8d8e-479d-8449-2a7a7c54b674",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554294797",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fcc179d9-1bd5-410d-99fa-718daee19a8d",
|
|
"value": "2019-03-27T21:40:58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554294797",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f29a7f37-dd60-4a5d-8591-8b002722574c",
|
|
"value": "https://www.virustotal.com/file/6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f/analysis/1553722858/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554294797",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c6e43a6d-edf5-48a5-b634-1c79b8ff11b1",
|
|
"value": "31/56"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375559",
|
|
"uuid": "f6d2b694-c79b-465e-979a-cb05135b5a97",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f6d2b694-c79b-465e-979a-cb05135b5a97",
|
|
"referenced_uuid": "ecd4d490-5fe8-46c8-8434-ecdaf383d422",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375564",
|
|
"uuid": "5ca5e38c-7d64-4a8b-adc8-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554210292",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "741ebd2e-bb0e-4cef-aac2-35725bdf9dfe",
|
|
"value": "12def981952667740eb06ee91168e643"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554210292",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ad271343-b160-4ff9-9e07-296444724260",
|
|
"value": "1df08806e39ed6f9f3a5cb228f3be744936e201e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554210292",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b33a14f5-aa8a-4d4a-ac13-f0523d01d912",
|
|
"value": "c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375559",
|
|
"uuid": "ecd4d490-5fe8-46c8-8434-ecdaf383d422",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554210292",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "565b6568-d456-4e2e-acf6-5d67b8b522f5",
|
|
"value": "2019-04-04T06:32:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554210292",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c4b3f8ec-089e-4ea0-8c3f-c9da23acd89e",
|
|
"value": "https://www.virustotal.com/file/c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b/analysis/1554359555/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554210292",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "76664654-df97-4498-997b-dd21a0e35b7e",
|
|
"value": "43/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375559",
|
|
"uuid": "b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
|
|
"referenced_uuid": "54777b78-ec4c-4356-8e7e-47c9bf4cdcda",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375564",
|
|
"uuid": "5ca5e38c-0eb4-4aa6-a170-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294764",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "08d5cbe0-46a5-4113-8a0c-873eaaf3eb91",
|
|
"value": "eca09fe8dcbc9d1c097277f2b3ef1081"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554294764",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4be583dc-4e17-4cd5-82e0-de5510b68b8a",
|
|
"value": "a4185a50ccac29056e2e56ad85b8d74adc8ec7ac"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554294764",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6bf9d606-8171-4ddf-a307-aed9a1302ad0",
|
|
"value": "83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375559",
|
|
"uuid": "54777b78-ec4c-4356-8e7e-47c9bf4cdcda",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554294764",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ca8a2227-5e14-449f-992f-103c90818e66",
|
|
"value": "2019-03-27T21:41:05"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554294764",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4bde1856-53a3-4a92-a62a-e087a5257d82",
|
|
"value": "https://www.virustotal.com/file/83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce/analysis/1553722865/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554294764",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cc548348-c570-441e-aacb-63ce091ad1a8",
|
|
"value": "33/55"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375559",
|
|
"uuid": "c945a6c0-c445-4c44-be12-83436bcfd415",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c945a6c0-c445-4c44-be12-83436bcfd415",
|
|
"referenced_uuid": "94d10499-0534-45c0-8ecf-770f73b5db6c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375564",
|
|
"uuid": "5ca5e38c-5cb0-49d6-8ba4-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300276",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "16842bfe-8993-4130-b60a-1f123150c538",
|
|
"value": "97d74671d0489071baa21f38f456eb74"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554300276",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "15558512-09f1-4c84-8d73-a3f44818bf0f",
|
|
"value": "3bb63aa0b92cc1bde8d027112e5b037cc65ca9cb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554300276",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d223bb7c-cec3-444c-87ab-679d29c3459f",
|
|
"value": "73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375559",
|
|
"uuid": "94d10499-0534-45c0-8ecf-770f73b5db6c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554300276",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "bb8a1c29-37ad-4712-8597-af71d8026d8f",
|
|
"value": "2019-04-02T04:08:58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554300276",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f77ff9ca-1dbc-4c38-be3b-8825ba4b08e9",
|
|
"value": "https://www.virustotal.com/file/73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9/analysis/1554178138/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554300276",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "dbe53327-a8b6-4672-b914-156659f88f9e",
|
|
"value": "51/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375560",
|
|
"uuid": "9328597f-c9b9-417d-8c35-0a3a6c45d73b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9328597f-c9b9-417d-8c35-0a3a6c45d73b",
|
|
"referenced_uuid": "36ac2225-5a1d-4974-b50b-0867497073fc",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375564",
|
|
"uuid": "5ca5e38c-9ae0-4f14-8f19-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554204432",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "09ef8dac-712e-4354-ae34-ab09598f2d62",
|
|
"value": "8e067e4cda99299b0bf2481cc1fd8e12"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554204432",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2760db2c-5fea-4d9e-9233-bbf726aed4ef",
|
|
"value": "3a92a121201c209d3e091b795274c22a4ea71963"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554204432",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5c6deb0c-4d5b-4f95-b3fd-ce2ea22126d5",
|
|
"value": "e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375560",
|
|
"uuid": "36ac2225-5a1d-4974-b50b-0867497073fc",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554204432",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "cda7e557-6ee3-4683-81fe-b8720b5b641b",
|
|
"value": "2019-03-29T05:20:01"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554204432",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e24d4bfd-ae1d-4397-a389-8645acbf8d90",
|
|
"value": "https://www.virustotal.com/file/e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649/analysis/1553836801/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554204432",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "942e32c4-826a-4e1c-b527-aed28d14a14f",
|
|
"value": "28/56"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375560",
|
|
"uuid": "550a0ca7-ccf5-4143-96dd-b372c9d532f3",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "550a0ca7-ccf5-4143-96dd-b372c9d532f3",
|
|
"referenced_uuid": "99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375564",
|
|
"uuid": "5ca5e38c-a4a4-4532-8cfd-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554288809",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2cbaa580-2cba-4fe2-8ec1-8fca9ce11cb6",
|
|
"value": "e9815dfb90776ab449539a2be7c16de5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554288809",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "efaa759b-f294-475e-a99f-52ad0487a89b",
|
|
"value": "178b02f21efd10a7c98f654fc68c88468738042e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554288809",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "47eff58e-c35f-44c2-8b96-267e38986963",
|
|
"value": "c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375560",
|
|
"uuid": "99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554288809",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e7dec0a9-afee-44ae-823c-12179dc2ad7e",
|
|
"value": "2019-03-27T21:41:31"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554288809",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3e484ad3-5997-4ccf-b1a6-3a5d891365be",
|
|
"value": "https://www.virustotal.com/file/c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c/analysis/1553722891/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554288809",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e82b82e1-cc43-4eb8-bf51-b1158a1cc0ec",
|
|
"value": "28/55"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375560",
|
|
"uuid": "ff40c2e7-d34c-4542-a26c-17e782a6fafb",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "ff40c2e7-d34c-4542-a26c-17e782a6fafb",
|
|
"referenced_uuid": "947c136b-e247-4529-849b-09ddeea124f0",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-a610-4f01-a173-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554208790",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "a3992e22-9023-406c-b82e-b9ee8dbbd704",
|
|
"value": "dc63d5affde0db95128dac52f9d19578"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554208790",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "78597b69-4c97-4e9c-98a5-8e053ea43943",
|
|
"value": "539efdad458cf6563d1735632df1fb2c39acfedd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554208790",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "79fbb42d-a4db-4397-9e11-085fd2e4d568",
|
|
"value": "17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375560",
|
|
"uuid": "947c136b-e247-4529-849b-09ddeea124f0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554208790",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d4e3ba49-f61e-4e67-8187-7474cc86df81",
|
|
"value": "2019-03-29T12:43:20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554208790",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "0e086d43-d432-448f-b93f-a3b9837cba45",
|
|
"value": "https://www.virustotal.com/file/17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6/analysis/1553863400/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554208790",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "712ff8c6-b9e0-4729-91fc-ff6ccab2a2a0",
|
|
"value": "0/61"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375560",
|
|
"uuid": "6d055204-92e1-440c-9a0b-6e0fd09d72e9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "6d055204-92e1-440c-9a0b-6e0fd09d72e9",
|
|
"referenced_uuid": "f517121e-0639-45a7-a0ce-7d7e1826730a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-ddc8-42bc-ab5e-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554281670",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f7b08be2-c0b6-4469-8521-2e5377f66454",
|
|
"value": "8c93e024fc194f520e4e72e761c0942d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554281670",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e787a6ec-fef9-4e94-89a7-977559dbe0b9",
|
|
"value": "b7dd83d96a480e2f8c653f5339764dd3fe38ce81"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554281670",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fb923894-ac5e-48c2-8336-8d025003e449",
|
|
"value": "5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375560",
|
|
"uuid": "f517121e-0639-45a7-a0ce-7d7e1826730a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554281670",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "350bd5bd-90e5-4b64-b8f3-7c854166a4a2",
|
|
"value": "2019-03-29T05:29:07"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554281670",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "05677bc0-97e1-4004-8169-6db4587a5b4e",
|
|
"value": "https://www.virustotal.com/file/5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c/analysis/1553837347/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554281670",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e6f88c2a-7758-4953-a88b-1ee84a1e99d4",
|
|
"value": "29/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375560",
|
|
"uuid": "eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
|
|
"referenced_uuid": "ef1af813-b308-4fb3-89ad-b57491d76acb",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-99ec-4f20-b560-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554207363",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "a267ec4f-0e9d-41e0-b257-b41b47afb899",
|
|
"value": "3aabc9767d02c75ef44df6305bc6a41f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554207363",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5f79ad02-5c58-4f4a-b134-d675434c8e98",
|
|
"value": "1210766d7137be26f84d1882357559841b698cef"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554207363",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "da3d7193-f067-4da7-be09-2e4d1e1ac22d",
|
|
"value": "e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375560",
|
|
"uuid": "ef1af813-b308-4fb3-89ad-b57491d76acb",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554207363",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "109fdc32-8735-4b87-a3d2-503b63da577b",
|
|
"value": "2019-04-01T20:02:27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554207363",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "36eb457b-417a-44cd-a001-d228d29c6b6f",
|
|
"value": "https://www.virustotal.com/file/e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967/analysis/1554148947/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554207363",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2829ad9f-6b97-4d49-92e0-68243c3d4bd0",
|
|
"value": "22/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375561",
|
|
"uuid": "dd29a4a3-c07e-4a56-9f27-410b1e070559",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "dd29a4a3-c07e-4a56-9f27-410b1e070559",
|
|
"referenced_uuid": "2681a029-e095-4a15-a60e-5b39bb9cf743",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-8c5c-4b40-bdef-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554286191",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3aa41c9e-942d-44fd-9146-3cc00fd659a8",
|
|
"value": "79b53b4555c1fb39ba3c7b8ce9a4287e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554286191",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d9a12014-ed87-469c-a1e7-b2de06c6d0a4",
|
|
"value": "90764c28ce62b6ea005dd7e616f7ada4fcd170ad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554286191",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fe4c1661-ddf2-4529-b764-6d93c0041423",
|
|
"value": "08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375561",
|
|
"uuid": "2681a029-e095-4a15-a60e-5b39bb9cf743",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554286191",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "14e0668a-3a17-4bf4-b32d-3ba02a2049ac",
|
|
"value": "2019-03-29T05:35:29"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554286191",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "20e3fd93-1dd9-4456-9948-f99675ea9dd3",
|
|
"value": "https://www.virustotal.com/file/08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf/analysis/1553837729/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554286191",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "dcd9fa6f-0f51-4a76-835c-be1653c74242",
|
|
"value": "26/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375561",
|
|
"uuid": "996e8502-42f2-46ce-a819-264bd1c0374e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "996e8502-42f2-46ce-a819-264bd1c0374e",
|
|
"referenced_uuid": "5508860a-3775-4c49-a97c-234666b38510",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-a9b8-4780-b19b-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294829",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "798ccebb-f6bd-488a-acc0-6c34699b49c9",
|
|
"value": "f36404fb24a640b40e2d43c72c18e66b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554294829",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b0051f49-ec1c-4a1f-bc3f-698b58e6e6d7",
|
|
"value": "ed6b9c876a8a4fe01623972e8733ec2a90177ad1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554294829",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b7a830c-7fe6-4f89-9936-06eacb77dbb6",
|
|
"value": "6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375561",
|
|
"uuid": "5508860a-3775-4c49-a97c-234666b38510",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554294829",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "192f5431-d8c0-430a-a04b-bb1afbb10f4d",
|
|
"value": "2019-03-27T21:40:57"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554294829",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "494ad934-586f-49c7-9fe4-1cb4b357a506",
|
|
"value": "https://www.virustotal.com/file/6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2/analysis/1553722857/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554294829",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e0cce08c-a0d6-4eaf-aad6-7c377cc0e74f",
|
|
"value": "34/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375561",
|
|
"uuid": "ffebb241-ef81-48b2-91e3-fe715182f904",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "ffebb241-ef81-48b2-91e3-fe715182f904",
|
|
"referenced_uuid": "ace2107f-3ab5-4b01-a221-521235ac2753",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-883c-413b-9c0d-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554278920",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "688a80dc-8b95-4ca3-9c35-9900ff90badc",
|
|
"value": "96986b18a8470f4020ea78df0b3db7d4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554278920",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "02430c61-5e25-44d4-b380-46a075b3ebaa",
|
|
"value": "431c792fcc8ba9b58f0ffde5c8fe6fd93066ec45"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554278920",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2a2156ce-6abe-4714-9929-0336aa005ba4",
|
|
"value": "2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375561",
|
|
"uuid": "ace2107f-3ab5-4b01-a221-521235ac2753",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554278920",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "cf481ea6-dd65-435c-8e37-e4554834e0e1",
|
|
"value": "2019-04-02T15:27:29"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554278920",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1c745f93-920c-44e0-9d4e-f226b5351a46",
|
|
"value": "https://www.virustotal.com/file/2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e/analysis/1554218849/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554278920",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "026dd833-b81e-4428-8adc-145c79c1a7d2",
|
|
"value": "50/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375561",
|
|
"uuid": "5565b852-a761-4c28-b520-91f0eac10203",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5565b852-a761-4c28-b520-91f0eac10203",
|
|
"referenced_uuid": "0c6ca9fc-6775-4329-819b-0af00f86b722",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-377c-4a63-8bf2-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300249",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8d663d77-0e7e-41e3-aa08-22f34c53c1fd",
|
|
"value": "2961c52f04b7fdf7ccf6c01ac259d767"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554300249",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "1acee4fe-87c3-47b9-8128-6060fbce24f8",
|
|
"value": "2c1ff2f2d463fd66bb630e02a4596e42f73f3ea9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554300249",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "25337546-0af5-4792-9a66-6c993e5e0027",
|
|
"value": "bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375561",
|
|
"uuid": "0c6ca9fc-6775-4329-819b-0af00f86b722",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554300249",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ae154983-4c39-4a58-aa86-95e0573452df",
|
|
"value": "2019-04-01T15:09:35"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554300249",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9731d4df-bede-4c7b-a84f-e3409931ef31",
|
|
"value": "https://www.virustotal.com/file/bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283/analysis/1554131375/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554300249",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "13d3e396-14a1-4642-9dea-e61e30a2c7bf",
|
|
"value": "33/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375561",
|
|
"uuid": "4226488e-3eca-40fe-b7cd-7cd72eac36ed",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4226488e-3eca-40fe-b7cd-7cd72eac36ed",
|
|
"referenced_uuid": "f42cd377-f5d2-4495-a22b-e072af84b53d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-ec34-4e2c-9dde-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554296569",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "dfe0429d-e71b-4f9e-a626-bff95708742c",
|
|
"value": "0f56b04a4e9a0df94c7f89c1bccf830c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554296569",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "878a67a9-4ce2-4ab6-860d-b62f011ca7c9",
|
|
"value": "73895da7b3f1780eeca9750172e1a9545fa63782"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554296569",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "eb7df52e-3a53-45d7-a17b-d3bfb01b3f47",
|
|
"value": "d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375561",
|
|
"uuid": "f42cd377-f5d2-4495-a22b-e072af84b53d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554296569",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9c7704c6-2d0d-44e5-9a55-f7a5459016dc",
|
|
"value": "2019-03-27T21:41:37"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554296569",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6a2896ea-9cdf-4461-b8cc-b02fa1353e37",
|
|
"value": "https://www.virustotal.com/file/d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c/analysis/1553722897/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554296569",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f45ebe03-d435-4aef-a6ae-8b4a83142f23",
|
|
"value": "31/54"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375562",
|
|
"uuid": "b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
|
|
"referenced_uuid": "e846f5c4-79f6-4e64-b744-222508aad1f8",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-8b70-48a5-a35f-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554294283",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f46e90d9-b96c-4fc2-a662-2c81fac59cd9",
|
|
"value": "914ac7ecf2557d5836f26a151c1b9b62"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554294283",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9cb9336e-b263-44b2-b5ea-6e37755314c2",
|
|
"value": "49b7c035cead28573b793b3947621a330b216b2b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554294283",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7eedffe8-a464-404c-9ba2-381252b45150",
|
|
"value": "245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375562",
|
|
"uuid": "e846f5c4-79f6-4e64-b744-222508aad1f8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554294283",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f04f4c69-06c2-4ae6-b54c-103f2ea7b273",
|
|
"value": "2019-03-26T01:43:50"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554294283",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "74ab99c3-0e96-43f9-b286-6058716bd1e5",
|
|
"value": "https://www.virustotal.com/file/245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc/analysis/1553564630/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554294283",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "75cff71b-ee95-4f7a-aae1-06e70db035f8",
|
|
"value": "35/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375562",
|
|
"uuid": "1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
|
|
"referenced_uuid": "67497812-2875-4d21-b39b-84c4814b8589",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-75ac-47f5-962a-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300221",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c28c87af-8f66-4af0-a914-fee188788177",
|
|
"value": "aac00312a961e81c4af4664c49b4a2b2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554300221",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b64b27f4-4f80-4454-9cb2-6bf2fe50eaa9",
|
|
"value": "ab4fb9d8f917d2c45f3792c05c29799bf27cdd9f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554300221",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "49000e3a-6c75-4e9b-91ce-fca1e7f2191d",
|
|
"value": "a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375562",
|
|
"uuid": "67497812-2875-4d21-b39b-84c4814b8589",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554300221",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f5b5ee0e-d5ea-48b9-bbd6-b7ca034d1926",
|
|
"value": "2019-03-27T21:41:15"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554300221",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "02fc2be9-9f6a-4e0f-bfde-4d104ce30909",
|
|
"value": "https://www.virustotal.com/file/a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14/analysis/1553722875/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554300221",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e13fd81b-0e00-4ede-83e3-d81894abf9e5",
|
|
"value": "53/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375562",
|
|
"uuid": "e540d071-510e-4aa4-a9b2-9bc49249b5d9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e540d071-510e-4aa4-a9b2-9bc49249b5d9",
|
|
"referenced_uuid": "99640379-c5b4-4f87-9607-87df8a39953c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-11c8-40b1-81ff-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554300312",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9a7edd40-d1a7-4c3e-9786-034dda8c6f3b",
|
|
"value": "bcc49643833a4d8545ed4145fb6fdfd2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554300312",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9e7398f9-61b8-40d8-a284-937b2e447f80",
|
|
"value": "a88113c715c8ee254057bc7926d3535ab841e122"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554300312",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a126247a-9fcc-4be2-94af-e8275ff97040",
|
|
"value": "98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375562",
|
|
"uuid": "99640379-c5b4-4f87-9607-87df8a39953c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554300312",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c84221c1-2109-44be-80bb-c2ba345a8982",
|
|
"value": "2019-04-02T03:51:02"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554300312",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "1bf2ee69-ee15-46ba-bdd4-50bd88c487c5",
|
|
"value": "https://www.virustotal.com/file/98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad/analysis/1554177062/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554300312",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "96e1c7d8-951a-4d53-9c3d-3a63867a2545",
|
|
"value": "49/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375562",
|
|
"uuid": "2f03f8ef-703c-4570-9f50-3a5819b28a8f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2f03f8ef-703c-4570-9f50-3a5819b28a8f",
|
|
"referenced_uuid": "41e4fe85-b192-4277-b98a-00b4a08132bc",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-c93c-4a37-9a2a-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554285781",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "72d87698-f4b1-43dd-a87e-fee4b1142d0f",
|
|
"value": "9b19753369b6ed1187159b95fc8a81cd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554285781",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5ffa4482-0107-4725-a754-c6beed1d5716",
|
|
"value": "cafb67eeb2de076e7e6b0143dac87bb11f7134ac"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554285781",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d57c3f47-e49b-48d0-8701-fb3dba1295ad",
|
|
"value": "6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375562",
|
|
"uuid": "41e4fe85-b192-4277-b98a-00b4a08132bc",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554285781",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3ece6471-807f-4c4d-b89c-79398038f291",
|
|
"value": "2019-04-03T06:46:43"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554285781",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d09276c9-1ad3-45d7-8c11-ce53d55b1260",
|
|
"value": "https://www.virustotal.com/file/6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c/analysis/1554274003/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554285781",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "85c82a65-c099-4c8b-925c-86dccbcb56c4",
|
|
"value": "27/51"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375563",
|
|
"uuid": "a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
|
|
"referenced_uuid": "2af039b9-991a-4586-8fda-41e7098a1803",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-bcb4-4108-9c0c-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554213946",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "76f75e7e-0d23-45ca-8d6f-ae6c4d282d03",
|
|
"value": "062801f6fdbda4dd67b77834c62e82a4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554213946",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4b65f7d9-6670-4695-991f-604f925f750b",
|
|
"value": "c02e298f63acb20246683c302f0a71bfd7081f88"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554213946",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "eda98cc1-f4f7-4db4-b6b7-0bea3f654923",
|
|
"value": "eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375563",
|
|
"uuid": "2af039b9-991a-4586-8fda-41e7098a1803",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554213946",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "27d9d610-e0f2-4341-b907-c0c9f30cba10",
|
|
"value": "2019-04-04T01:15:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554213946",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4720cca9-9ec5-4768-b5ae-212af40fe5e0",
|
|
"value": "https://www.virustotal.com/file/eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0/analysis/1554340533/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554213946",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "4e900f7c-0a63-48f0-8b15-ad1f62b94084",
|
|
"value": "36/61"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375563",
|
|
"uuid": "adc64a31-03f0-414f-9a20-51da35e8f47d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "adc64a31-03f0-414f-9a20-51da35e8f47d",
|
|
"referenced_uuid": "23fa7a2f-f0b6-4dd1-91d5-64fd38f60409",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-25c8-4f20-96dc-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554293937",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "465c1a40-fa43-4db1-9b07-3c37052e220a",
|
|
"value": "9b81b3174c9b699f594d725cf89ffaa4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554293937",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b6f8eebc-36fa-47db-923c-cd1b25512cdd",
|
|
"value": "c9967af445a3416d0ff3701555e83529ff482ff9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554293937",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4ef01858-98b8-4152-8201-de49fc274584",
|
|
"value": "4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375563",
|
|
"uuid": "23fa7a2f-f0b6-4dd1-91d5-64fd38f60409",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554293937",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2ed2edb7-aaa6-4812-9244-fd3fc3919580",
|
|
"value": "2019-03-29T05:33:11"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554293937",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a77aacfd-49a3-4eaf-8962-ff0fae0b7eea",
|
|
"value": "https://www.virustotal.com/file/4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22/analysis/1553837591/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554293937",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "488706c1-fcfa-4db9-af64-9e79cc1748e8",
|
|
"value": "33/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1554375563",
|
|
"uuid": "631d6673-b540-4d35-891c-0583af76d3cc",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "631d6673-b540-4d35-891c-0583af76d3cc",
|
|
"referenced_uuid": "86d59c0c-a662-4aa5-8dcb-34823bc70f44",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1554375565",
|
|
"uuid": "5ca5e38d-33b0-463f-8e76-3771950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1554214721",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "514f51a2-dbe8-4cf0-a839-21fe606a6091",
|
|
"value": "49419d84076b13e96540fdd911f1c2f0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1554214721",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e167f6d6-c023-494a-bae0-3619c739cf97",
|
|
"value": "35749e82cd605e07b4145b48ef677721a113ae20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1554214721",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f5a6c128-0d32-4483-98b2-c7ebc863862a",
|
|
"value": "e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1554375564",
|
|
"uuid": "86d59c0c-a662-4aa5-8dcb-34823bc70f44",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1554214721",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e7fd965e-5fbe-4d19-8861-6bb7aecad60e",
|
|
"value": "2019-03-29T03:27:04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1554214721",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b65b97c1-4007-41e6-a420-eb82e6db6754",
|
|
"value": "https://www.virustotal.com/file/e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b/analysis/1553830024/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1554214721",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9eb24880-f920-444d-963e-624562a666d9",
|
|
"value": "29/58"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |