misp-circl-feed/feeds/circl/misp/0165e5d7-51e6-4c2e-a382-1dd1e706f7bb.json

899 lines
No EOL
30 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2021-03-12",
"extends_uuid": "",
"info": "OSINT - DearCry ransomware (abusing Exchange Server)",
"publish_timestamp": "1615541662",
"published": true,
"threat_level_id": "1",
"timestamp": "1615541608",
"uuid": "0165e5d7-51e6-4c2e-a382-1dd1e706f7bb",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"",
"relationship_type": ""
},
{
"colour": "#001cad",
"local": "0",
"name": "estimative-language:likelihood-probability=\"very-likely\"",
"relationship_type": ""
},
{
"colour": "#0029ff",
"local": "0",
"name": "estimative-language:confidence-in-analytic-judgment=\"high\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": "0",
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
},
{
"colour": "#0fc000",
"local": "0",
"name": "admiralty-scale:information-credibility=\"2\"",
"relationship_type": ""
},
{
"colour": "#002642",
"local": "0",
"name": "osint:source-type=\"microblog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": false,
"type": "regkey",
"uuid": "2bc0505c-6566-416f-9f4b-2a689d78edb8",
"value": "Files\\Microsoft\\Exchange"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "eebfaac3-846d-4883-a01e-706600c5aab2",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\logout.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "a6e83ff7-f43c-400a-9f85-6f856e537ff2",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\one.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "33d7df07-f728-435d-a4c9-c6dc3bfc58a6",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\one1.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "659fb6ca-6a34-42ae-a798-554150d716dd",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\shel.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "b785388f-7f42-4382-97ab-f5bb8e586793",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\shel2.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "1bf257cf-b1f9-457b-a1d5-ffc08402fe9f",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\shel90.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "385ab9dd-f6f1-435c-a94c-796f27a3475f",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\a.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "ea27a275-6569-4c5c-89ff-2ba423b7ac22",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\default.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "70785d0d-f6b8-471f-9c3d-a4ee4ae7511c",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\shell.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "f9dccc8f-cb0c-43b6-9ff2-fff4711aace3",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\Server.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "b8e0ffb1-7c06-4b51-8f4d-e6d32df77fb4",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_client.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "b3f915e3-c214-4f6b-8e5e-0129044c6bab",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_iisstart.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "8a3d4a95-0ede-4778-91c3-e25d87b6ff88",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_pages.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "1fd1f2ff-d962-438a-a263-639317387e0b",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\aspnet_www.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "49c945e7-bda4-4dbe-97fa-49c5d9bc244f",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\default1.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "e7b12b41-978f-44a0-94aa-f55ed363999c",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\errorcheck.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "487375ca-a928-4e80-a1d4-01a7a2bddb38",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\iispage.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "4b7f848c-acaf-44c3-878c-3e49aecf8b2e",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\s.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "ec2dd593-27fe-42aa-a23d-e603c8d4ca0d",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\session.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538748",
"to_ids": true,
"type": "filename",
"uuid": "baa0ad8b-693e-4e5f-b539-3754c9fdedf6",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\system_web\\log.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "02ae1c30-289a-4d98-8336-d9d18d6afa51",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\xclkmcfldfi948398430fdjkfdkj.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "4ca3f931-8ea7-4de3-bd4a-98047b0d9324",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\xx.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "42011bba-0ed6-4c7b-b31e-ad3d49df36a5",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\discover.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "590576c4-12cf-4306-a9e4-c5182a85a245",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\HttpProxy.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "bc1997bb-17e3-4bfb-833b-1b274e2a82cb",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\OutlookEN.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "5e91ee04-575a-4615-b6fd-53ad330d644f",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\supp0rt.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "0e8c43b8-bd08-4b5b-8aaf-19b0a8d92d22",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\OAB\\log.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "0043684b-9df2-4546-8f05-ef32aac85874",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\log.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "334f2ae3-8046-4b5b-9ff2-0c19fa8a4b48",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\logg.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "0365e572-3f31-4bc9-aede-e30469650995",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\Current\\google.log"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "72a56236-6e66-4b46-855b-223aeb029f5b",
"value": "C:\\inetpub\\wwwroot\\aspnet_client\\google.log"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "a720a45a-cc2b-4e27-9e06-224f5dd76644",
"value": "Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\google.log"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "filename",
"uuid": "6a5beae0-0706-480e-9340-b5cb8672e518",
"value": "%PUBLIC%\\opera\\opera_browser.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "sha256",
"uuid": "43df033b-306b-4455-bfaf-74eb97a2ceb8",
"value": "e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "sha256",
"uuid": "819aa63f-c38b-4f23-a333-01eab7b6cd40",
"value": "2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1615538749",
"to_ids": true,
"type": "sha256",
"uuid": "2f1d3fa9-b509-4417-b456-d56c5e1639d0",
"value": "feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "20",
"timestamp": "1615538857",
"uuid": "c917ee01-9118-4758-8b0e-a540ac4c5c88",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "archive",
"timestamp": "1615538857",
"to_ids": false,
"type": "link",
"uuid": "547e8ead-a5cf-45e7-87fb-1657fccf4e13",
"value": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.csv"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "archive",
"timestamp": "1615538857",
"to_ids": false,
"type": "link",
"uuid": "e77e3518-e613-4893-8ea0-4f2a5e3566fd",
"value": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1615538857",
"to_ids": false,
"type": "text",
"uuid": "b7d9750f-a60e-41a3-b01b-d86f27e78ac4",
"value": "Twitter"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1615538857",
"to_ids": false,
"type": "text",
"uuid": "aebf2aec-c108-4ef9-80b4-e94ab02602f8",
"value": "We've updated our IoC feed to include hashes for #DearCry ransomware\r\n\r\nAccess the feed here:\r\n\r\nJSON: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json\r\n\r\nCSV: https://raw.githubusercontent.com/Azure/Azure-Se"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1615538857",
"to_ids": false,
"type": "text",
"uuid": "8e666a82-666c-4062-997b-403895a09b30",
"value": "Informative"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "verified-username",
"timestamp": "1615538857",
"to_ids": false,
"type": "text",
"uuid": "36991467-d111-449f-97de-dfddcb130938",
"value": "Unverified"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1615538888",
"uuid": "c54f901a-2381-43a4-bb4f-42d1f09a1e4a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c54f901a-2381-43a4-bb4f-42d1f09a1e4a",
"referenced_uuid": "846c7daa-dc4a-4990-9b33-a914529c88f8",
"relationship_type": "analysed-with",
"timestamp": "1615538889",
"uuid": "86f5851f-81e5-4bbd-ab5d-f6ca71c1c02d"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1615538749",
"to_ids": true,
"type": "md5",
"uuid": "0942a810-b3e6-43cc-bbea-692976f2a17b",
"value": "cdda3913408c4c46a6c575421485fa5b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1615538749",
"to_ids": true,
"type": "sha1",
"uuid": "4f742241-e30f-4c71-bb09-fcc5814fb7e3",
"value": "56eec7392297e7301159094d7e461a696fe5b90f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1615538749",
"to_ids": true,
"type": "sha256",
"uuid": "f0c56ba8-403d-4e9b-bfbb-03d4e4c2c8d6",
"value": "e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1615538888",
"uuid": "846c7daa-dc4a-4990-9b33-a914529c88f8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1615538749",
"to_ids": false,
"type": "datetime",
"uuid": "89392aa6-f741-4651-ac58-9087c6d9f1f4",
"value": "2021-03-12T08:23:23+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1615538749",
"to_ids": false,
"type": "link",
"uuid": "1660120c-4d4b-4e7d-b972-6c02945cec53",
"value": "https://www.virustotal.com/gui/file/e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6/detection/f-e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6-1615537403"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1615538749",
"to_ids": false,
"type": "text",
"uuid": "67ad0ceb-473a-4604-ad34-529e4ef137bd",
"value": "33/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1615538889",
"uuid": "56459f25-ccd4-4b89-91de-773056bab60f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "56459f25-ccd4-4b89-91de-773056bab60f",
"referenced_uuid": "525e04d3-3258-4f44-85b5-74e76f4ed55e",
"relationship_type": "analysed-with",
"timestamp": "1615538889",
"uuid": "9f11b6d2-89fc-4cce-8021-276666e9bc83"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1615538749",
"to_ids": true,
"type": "md5",
"uuid": "63bdaa30-614f-41b9-8f27-d64aac6ba506",
"value": "c6eeb14485d93f4e30fb79f3a57518fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1615538749",
"to_ids": true,
"type": "sha1",
"uuid": "e3560eca-f3d7-4131-b26c-64d06bc0e85a",
"value": "b7d99521348d319f57d2b2ba7045295fc99cf6a7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1615538749",
"to_ids": true,
"type": "sha256",
"uuid": "cb018875-32e5-41f5-8229-851afee081cc",
"value": "feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1615538889",
"uuid": "525e04d3-3258-4f44-85b5-74e76f4ed55e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1615538749",
"to_ids": false,
"type": "datetime",
"uuid": "27892d2b-fe0a-4efd-9610-45e9d64ab4bf",
"value": "2021-03-12T08:28:27+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1615538749",
"to_ids": false,
"type": "link",
"uuid": "08e03713-7e15-4afb-af95-c621caa6b004",
"value": "https://www.virustotal.com/gui/file/feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede/detection/f-feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede-1615537707"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1615538749",
"to_ids": false,
"type": "text",
"uuid": "0a7a9678-69db-4d38-84ee-f3a8187afd88",
"value": "34/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1615538889",
"uuid": "fe33598b-e5ff-4af5-ae8b-47fed4de0d4e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "fe33598b-e5ff-4af5-ae8b-47fed4de0d4e",
"referenced_uuid": "d8bfca0a-f8de-45ed-9a5f-eb88fefe808b",
"relationship_type": "analysed-with",
"timestamp": "1615538889",
"uuid": "a7b4a8f8-e10e-4af5-8a32-54e0427bbbb3"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1615538749",
"to_ids": true,
"type": "md5",
"uuid": "a3168205-0d7c-418d-b161-6a8253cc9662",
"value": "0e55ead3b8fd305d9a54f78c7b56741a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1615538749",
"to_ids": true,
"type": "sha1",
"uuid": "250feadb-b0cb-4983-8bf7-ef85b687fb38",
"value": "f7b084e581a8dcea450c2652f8058d93797413c3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1615538749",
"to_ids": true,
"type": "sha256",
"uuid": "2b1c73c7-f587-4ed0-9b8d-9dafd1573345",
"value": "2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1615538889",
"uuid": "d8bfca0a-f8de-45ed-9a5f-eb88fefe808b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1615538749",
"to_ids": false,
"type": "datetime",
"uuid": "352701e7-8d7b-4934-9a8f-e72fc25966a3",
"value": "2021-03-12T08:28:47+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1615538749",
"to_ids": false,
"type": "link",
"uuid": "e061d577-1ad8-4024-be7b-f65a599e48ae",
"value": "https://www.virustotal.com/gui/file/2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff/detection/f-2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff-1615537727"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1615538749",
"to_ids": false,
"type": "text",
"uuid": "1ae336dd-7832-408c-8237-6b7c5a50e451",
"value": "37/69"
}
]
}
]
}
}