adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5de6335d-e128-4bc0-87e2-4db4950d210f.json

2332 lines
No EOL
78 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2019-11-13",
"extends_uuid": "",
"info": "OSINT - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting",
"publish_timestamp": "1579535914",
"published": true,
"threat_level_id": "1",
"timestamp": "1579534868",
"uuid": "5de6335d-e128-4bc0-87e2-4db4950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#22681c",
"local": "0",
"name": "\tmalware_classification:malware-category=\"Botnet\"",
"relationship_type": ""
},
{
"colour": "#22681c",
"local": "0",
"name": "malware_classification:malware-category=\"Botnet\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:threat-actor=\"APT33\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:threat-actor=\"MAGNALLIUM\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575373999",
"to_ids": false,
"type": "link",
"uuid": "5de6382a-2234-43eb-bff9-4682950d210f",
"value": "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/",
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575374016",
"to_ids": false,
"type": "text",
"uuid": "5de64234-f680-4632-8685-4637950d210f",
"value": "The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to run these C&C servers in extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-e800-4ad9-b5b0-3e72950d210f",
"value": "oorgans.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-5638-4021-91e9-3e72950d210f",
"value": "suncocity.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-42b8-43e5-8e6e-3e72950d210f",
"value": "zandelshop.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-3438-48ee-973c-3e72950d210f",
"value": "simsoshop.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-8bec-4c8b-acb0-3e72950d210f",
"value": "zeverco.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-9a94-4a54-815b-3e72950d210f",
"value": "qualitweb.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-8ae8-4c2b-8222-3e72950d210f",
"value": "service-explorer.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-0670-4133-b94e-3e72950d210f",
"value": "service-norton.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-fd84-4e19-b86d-3e72950d210f",
"value": "service-eset.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-1bcc-48fa-b76a-3e72950d210f",
"value": "service-essential.com"
},
{
"category": "Network activity",
"comment": "APT33 C&C domains for extreme narrow targeting",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575383102",
"to_ids": true,
"type": "domain",
"uuid": "5de66ed7-3118-4d36-8eb9-3e72950d210f",
"value": "update-symantec.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2016-12-31T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534624",
"uuid": "5de6523d-de58-472f-9156-4d3e950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2016-12-31T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534624",
"to_ids": true,
"type": "email-src",
"uuid": "5de6523d-c1b0-45d0-a3c4-479c950d210f",
"value": "recruitment@alsalam.aero"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2016-12-31T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534624",
"to_ids": false,
"type": "email-subject",
"uuid": "5de6523d-baec-4bbb-93bb-42a0950d210f",
"value": "Job Opportunity"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2016-12-31T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534624",
"to_ids": false,
"type": "datetime",
"uuid": "5de6523d-ac10-4b95-992a-46ef950d210f",
"value": "2016-12-31T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2017-04-17T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534756",
"uuid": "5de65459-590c-4181-98d5-4efa950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-04-17T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534756",
"to_ids": false,
"type": "datetime",
"uuid": "5de65459-9274-4633-86b4-43cf950d210f",
"value": "2017-04-17T00:00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-04-17T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534756",
"to_ids": false,
"type": "email-src",
"uuid": "5de65459-f94c-482e-b180-456c950d210f",
"value": "recruitment@alsalam.aero"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-04-17T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534756",
"to_ids": false,
"type": "email-subject",
"uuid": "5de65459-fd54-479b-9d39-40d8950d210f",
"value": "Vacancy Announcement"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-09-25T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534731",
"uuid": "5de654b1-2f18-4646-9819-4f1b950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-09-25T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534731",
"to_ids": false,
"type": "datetime",
"uuid": "5de654b2-1880-4812-90b5-4e4b950d210f",
"value": "2018-09-25T00:00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-09-25T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534731",
"to_ids": false,
"type": "email-src",
"uuid": "5de654b2-3690-4be9-abf9-431b950d210f",
"value": "careers@aramcojobs.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-09-25T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534731",
"to_ids": false,
"type": "email-subject",
"uuid": "5de654b2-8ab4-4849-a24d-4292950d210f",
"value": "AramCo Jobs"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-10-22T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534710",
"uuid": "5de65f8c-c9d0-4a61-99e6-4c6e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-10-22T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534710",
"to_ids": false,
"type": "datetime",
"uuid": "5de65f8c-bdcc-4eee-8861-484a950d210f",
"value": "2018-10-22T00:00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-10-22T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534710",
"to_ids": false,
"type": "email-src",
"uuid": "5de65f8c-46b0-4f42-9c4a-48a0950d210f",
"value": "jobs@samref.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-10-22T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534710",
"to_ids": false,
"type": "email-subject",
"uuid": "5de65f8c-b300-4adf-bcc9-4f69950d210f",
"value": "Job Openning at SAMREF"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-07-02T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534684",
"uuid": "5de66884-3dac-4677-a9a7-226f950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-07-02T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534684",
"to_ids": false,
"type": "datetime",
"uuid": "5de66884-5f60-49f4-a1cc-226f950d210f",
"value": "2018-07-02T00:00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-07-02T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534684",
"to_ids": false,
"type": "email-src",
"uuid": "5de66884-dbc4-4977-bbf5-226f950d210f",
"value": "careers@sipchem.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-07-02T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534684",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66884-116c-4f82-b7ae-226f950d210f",
"value": "Job Opportunity SIPCHEM"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2017-09-11T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534648",
"uuid": "5de668b6-6da0-4e21-a3ed-1e9a950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-09-11T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534648",
"to_ids": false,
"type": "datetime",
"uuid": "5de668b7-87e0-4990-a80d-1e9a950d210f",
"value": "2017-09-11T00:00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-09-11T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534648",
"to_ids": false,
"type": "email-src",
"uuid": "5de668b7-3984-4c0d-9f8e-1e9a950d210f",
"value": "jobs@ngaaksa.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-09-11T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534648",
"to_ids": false,
"type": "email-subject",
"uuid": "5de668b7-a770-470e-b915-1e9a950d210f",
"value": "Job Opportunity"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-08-28T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534605",
"uuid": "5de66aa6-89f8-4ef4-9464-4ae2950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-08-28T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534605",
"to_ids": false,
"type": "datetime",
"uuid": "5de66aa7-1db8-48d6-bb65-4ae2950d210f",
"value": "2018-08-28T00:00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-08-28T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534605",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66aa7-f008-4f1e-b244-4ae2950d210f",
"value": "Latest Vacancy"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-08-28T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534605",
"to_ids": false,
"type": "email-src",
"uuid": "5de66aa7-f6e4-45b1-8346-4ae2950d210f",
"value": "careers@aramcojobs.ga"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-08-26T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534568",
"uuid": "5de66b15-8000-4f4f-82f4-3e63950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-08-26T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534568",
"to_ids": true,
"type": "email-src",
"uuid": "5de66b15-b3bc-4c79-8ae8-3e63950d210f",
"value": "careers@aramcojobs.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-08-26T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534568",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66b15-ea74-4305-90d4-3e63950d210f",
"value": "Latest Vacancy"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2018-08-26T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534568",
"to_ids": false,
"type": "datetime",
"uuid": "5de66b15-f804-48c8-9d8c-3e63950d210f",
"value": "2018-08-26T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2017-07-17T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534281",
"uuid": "5de66b98-18b4-4a53-924a-1179950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-07-17T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534281",
"to_ids": false,
"type": "datetime",
"uuid": "5de66b98-fdcc-460e-bf3c-1179950d210f",
"value": "2017-07-17T00:00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-07-17T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534281",
"to_ids": false,
"type": "email-src",
"uuid": "5de66b98-b8f0-4c32-bde2-1179950d210f",
"value": "careers@ngaaksa.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-07-17T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534281",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66b98-ca74-4bb7-8a24-1179950d210f",
"value": "Job Openning"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2017-11-20T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534253",
"uuid": "5de66bc8-ea38-4b6f-866b-3e74950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-11-20T07:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534253",
"to_ids": true,
"type": "email-src",
"uuid": "5de66bc8-a578-4058-a898-3e74950d210f",
"value": "jobs@dyn-intl.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-11-20T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534253",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66bca-46b8-47be-a5af-3e74950d210f",
"value": "Job Openning"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2017-11-20T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534253",
"to_ids": false,
"type": "datetime",
"uuid": "5de66bca-32c8-4aca-9acc-3e74950d210f",
"value": "2017-11-20T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2017-11-28T07:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534220",
"uuid": "5de66be7-3a30-4ec6-b560-3e72950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2017-11-28T07:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534220",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66be8-b4ec-49d5-ab22-3e72950d210f",
"value": "Job Openning"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2017-11-28T07:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534220",
"to_ids": false,
"type": "datetime",
"uuid": "5de66be8-a318-434b-8445-3e72950d210f",
"value": "2017-11-28T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-03-05T00:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534800",
"uuid": "5de66e18-37bc-4d03-80a3-0458950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-03-05T00:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534800",
"to_ids": true,
"type": "email-src",
"uuid": "5de66e18-2360-42df-a37c-0458950d210f",
"value": "jobs@mail.dyn-corp.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-03-05T00:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534800",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66e19-89a4-4df5-8dcb-0458950d210f",
"value": "Job Openning"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2018-03-05T00:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534800",
"to_ids": false,
"type": "datetime",
"uuid": "5de66e19-4330-4f09-9fc2-0458950d210f",
"value": "2018-03-05T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-07-30T00:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534832",
"uuid": "5de66e3e-1334-4add-95d9-1bc6950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-07-30T00:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534832",
"to_ids": true,
"type": "email-src",
"uuid": "5de66e3e-2e7c-419a-81fa-1bc6950d210f",
"value": "jobs@sipchem.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-07-30T00:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534832",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66e3e-7af8-4336-99fc-1bc6950d210f",
"value": "Job Openning"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2018-07-30T00:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534832",
"to_ids": false,
"type": "datetime",
"uuid": "5de66e3e-9ad0-4c00-bbd0-1bc6950d210f",
"value": "2018-07-30T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"first_seen": "2018-08-14T00:00:00+00:00",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "13",
"timestamp": "1579534867",
"uuid": "5de66e5d-2724-41ec-8491-7ac9950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-08-14T00:00:00+00:00",
"object_relation": "from",
"timestamp": "1579534867",
"to_ids": true,
"type": "email-src",
"uuid": "5de66e5d-9a98-4c87-b1d4-7ac9950d210f",
"value": "jobs@sipchem.ga"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2018-08-14T00:00:00+00:00",
"object_relation": "subject",
"timestamp": "1579534867",
"to_ids": false,
"type": "email-subject",
"uuid": "5de66e5d-e128-4c20-bcf2-7ac9950d210f",
"value": "Job Openning"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2018-08-14T00:00:00+00:00",
"object_relation": "send-date",
"timestamp": "1579534867",
"to_ids": false,
"type": "datetime",
"uuid": "5de66e5d-2c70-4b88-98ec-7ac9950d210f",
"value": "2018-08-14T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384026",
"uuid": "c69e95e9-9f4a-47bd-9cca-df70112bf4ba",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384026",
"to_ids": true,
"type": "ip-dst",
"uuid": "b089e2e8-accd-43cb-91ac-c2681f0c065d",
"value": "5.135.120.57"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384026",
"to_ids": false,
"type": "datetime",
"uuid": "dc0fcf25-1d48-44ce-b46e-493ce19094da",
"value": "2018-12-04T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384026",
"to_ids": false,
"type": "datetime",
"uuid": "6cd20d4b-5c77-4c2b-b744-0145554c0ea5",
"value": "2019-01-24T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384027",
"uuid": "14ce7404-1d9e-489b-91c1-62bd49ac088a",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384027",
"to_ids": true,
"type": "ip-dst",
"uuid": "8034e87b-78c7-4d75-8d4a-1e170196dd82",
"value": "5.135.199.25"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384027",
"to_ids": false,
"type": "datetime",
"uuid": "145ee2c3-1102-417f-823a-1962a5a5152a",
"value": "2019-03-03T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384027",
"to_ids": false,
"type": "datetime",
"uuid": "532fe8ca-8814-4860-81a9-2c0dc0861591",
"value": "2019-03-03T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384027",
"uuid": "33757eab-39f8-4dd3-bdc3-abe31bdb329e",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384027",
"to_ids": true,
"type": "ip-dst",
"uuid": "ef19bdbb-8e5b-43f1-b261-5d82537fb2eb",
"value": "31.7.62.48"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384027",
"to_ids": false,
"type": "datetime",
"uuid": "75e4a9e9-0970-472b-8a8c-900bc4138c13",
"value": "2018-09-26T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384027",
"to_ids": false,
"type": "datetime",
"uuid": "4c67ac8c-ce0f-4f41-9da0-053abf269cca",
"value": "2018-09-29T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384028",
"uuid": "dbf15608-73c3-4fdd-abec-cbd4abf42b9b",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384028",
"to_ids": true,
"type": "ip-dst",
"uuid": "4026c957-9ca6-4a39-91cf-fcb3db0e6cab",
"value": "51.77.11.46"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384028",
"to_ids": false,
"type": "datetime",
"uuid": "9e0f64d9-188e-4ccc-b3b9-80ad46a8e71a",
"value": "2019-07-01T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384028",
"to_ids": false,
"type": "datetime",
"uuid": "1ce08a70-8433-4b17-9fb8-2adf50544de3",
"value": "2019-07-02T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384028",
"uuid": "825ee3e8-ec27-47b1-93fd-800aac6cb009",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384029",
"to_ids": true,
"type": "ip-dst",
"uuid": "29ad40f6-9ad2-4a27-8feb-bba192e9ac66",
"value": "54.36.73.108"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384029",
"to_ids": false,
"type": "datetime",
"uuid": "a444322f-b1a2-4d6a-a916-766c88093df7",
"value": "2019-07-22T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384029",
"to_ids": false,
"type": "datetime",
"uuid": "d408a77b-d5a5-4d19-ba5c-b12f50f8b82a",
"value": "2019-10-05T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384029",
"uuid": "286489c4-fc1a-4722-a1d2-0a2cef367629",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384029",
"to_ids": true,
"type": "ip-dst",
"uuid": "0db0cea5-9f4b-42f0-9ea0-d7947a2d5380",
"value": "54.37.48.172"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384029",
"to_ids": false,
"type": "datetime",
"uuid": "9e3b96a1-c562-478c-b2f7-5c8343c27f16",
"value": "2019-10-22T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384029",
"to_ids": false,
"type": "datetime",
"uuid": "5ee5910f-8fc8-4bb7-b619-8e80917a62a9",
"value": "2019-11-05T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384029",
"uuid": "0bdc7720-3ac3-40ae-bcc3-d6db34735dbd",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384030",
"to_ids": true,
"type": "ip-dst",
"uuid": "722829f8-0af4-47a8-a2f6-3b83b9d263bc",
"value": "54.38.124.150"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384030",
"to_ids": false,
"type": "datetime",
"uuid": "52227600-1a1c-445c-843a-7831eaebd476",
"value": "2018-10-28T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384030",
"to_ids": false,
"type": "datetime",
"uuid": "f98a307b-3c09-4c0b-953a-1daef0fdbe2a",
"value": "2018-11-17T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384030",
"uuid": "c2fc02ff-1e36-4f10-8b9f-684ebdc9854b",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384030",
"to_ids": true,
"type": "ip-dst",
"uuid": "7e2bb4d3-cca0-4377-b24a-d6f9438df0de",
"value": "88.150.221.107"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384031",
"to_ids": false,
"type": "datetime",
"uuid": "d4f0be23-ce0f-4cce-9402-a869307ed373",
"value": "2019-09-26T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384031",
"to_ids": false,
"type": "datetime",
"uuid": "f9107db9-e0f9-45d8-a694-55d0c68f56ab",
"value": "2019-11-07T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384031",
"uuid": "043a1485-d6a4-45dc-b086-c3ff04371713",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384031",
"to_ids": true,
"type": "ip-dst",
"uuid": "6b16c646-75fd-466f-83c3-876231fafb41",
"value": "91.134.203.59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384031",
"to_ids": false,
"type": "datetime",
"uuid": "176650f2-b2e6-4bbe-8f33-911942b7f90a",
"value": "2018-09-26T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384031",
"to_ids": false,
"type": "datetime",
"uuid": "3c2e8593-e233-4b69-b627-2d1758b585c7",
"value": "2018-12-04T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384032",
"uuid": "fbd5daea-0454-4809-9ce2-9b1bf3898953",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384032",
"to_ids": true,
"type": "ip-dst",
"uuid": "b7d28cec-ff12-4ef5-87e4-bb8f1727cce8",
"value": "109.169.89.103"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384032",
"to_ids": false,
"type": "datetime",
"uuid": "017c3aa7-d28e-4128-852c-901131eceb85",
"value": "2018-12-02T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384032",
"to_ids": false,
"type": "datetime",
"uuid": "9fc4bb22-fd6e-4100-a66b-a87002f9cba8",
"value": "2018-12-14T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384032",
"uuid": "54702d2c-5a8a-4a1f-8ab0-793464fc828f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384032",
"to_ids": true,
"type": "ip-dst",
"uuid": "efa7bf03-6950-4785-925c-c6f5bcbe67fc",
"value": "109.200.24.114"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384032",
"to_ids": false,
"type": "datetime",
"uuid": "6e1d89cc-73a2-41ff-90ad-a03d9019ec24",
"value": "2018-11-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384032",
"to_ids": false,
"type": "datetime",
"uuid": "508892cc-4557-41af-beb0-8661041fafb0",
"value": "2018-12-25T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384033",
"uuid": "2db4134a-4d62-4ebe-b3f1-6c1c15437ff8",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384033",
"to_ids": true,
"type": "ip-dst",
"uuid": "cc8cc669-5a79-4802-9243-a31825b906cb",
"value": "137.74.80.220"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384033",
"to_ids": false,
"type": "datetime",
"uuid": "7ace6caa-73ec-4ffb-a42b-1721411cadee",
"value": "2018-09-29T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384033",
"to_ids": false,
"type": "datetime",
"uuid": "ac0dd37c-5af2-413b-b393-e819934a83fa",
"value": "2018-10-23T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384033",
"uuid": "4cf21017-f924-403b-ab8e-380573ea512e",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384033",
"to_ids": true,
"type": "ip-dst",
"uuid": "56ab451d-53fd-4877-a010-a9756a3124c7",
"value": "137.74.157.84"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384033",
"to_ids": false,
"type": "datetime",
"uuid": "615b565d-fe75-4cab-bedd-ebc6747908e2",
"value": "2018-12-18T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384033",
"to_ids": false,
"type": "datetime",
"uuid": "a7b5f8c7-eb74-4776-a505-1c988a6d02c4",
"value": "2019-10-21T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384034",
"uuid": "94a30556-2476-4fd2-94d6-06a151831884",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384034",
"to_ids": true,
"type": "ip-dst",
"uuid": "f1191ce9-4066-4be0-bb1f-fd8de9f612ef",
"value": "185.122.56.232"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384034",
"to_ids": false,
"type": "datetime",
"uuid": "0ebff068-786b-4024-ae25-591da41d7697",
"value": "2018-09-29T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384034",
"to_ids": false,
"type": "datetime",
"uuid": "ef6e7ae3-7ffd-4f08-ba35-669ab8546ff0",
"value": "2018-11-04T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384034",
"uuid": "87d3ad19-a9e7-4e25-a695-ea5b4a1b8c5d",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384034",
"to_ids": true,
"type": "ip-dst",
"uuid": "98a29ae5-070e-4ef9-bf79-be08db43c311",
"value": "185.125.204.57"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384034",
"to_ids": false,
"type": "datetime",
"uuid": "aaabe5b8-b435-40fd-b9bf-22c5f0937348",
"value": "2018-10-25T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384034",
"to_ids": false,
"type": "datetime",
"uuid": "7fceb1c4-9508-40d9-b215-9c989fd9e4f3",
"value": "2019-01-14T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384035",
"uuid": "ee15f4bd-db1d-4297-a53b-9ab11ab65716",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384035",
"to_ids": true,
"type": "ip-dst",
"uuid": "c4c92cdc-6368-4f85-a2e6-ddd6a3b57854",
"value": "185.175.138.173"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384035",
"to_ids": false,
"type": "datetime",
"uuid": "9ebdc9ee-000b-4766-b253-5afbb53788e7",
"value": "2019-01-19T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384035",
"to_ids": false,
"type": "datetime",
"uuid": "7605eeb1-a765-4a95-8e0b-f4ccd3f5f6df",
"value": "2019-01-22T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384035",
"uuid": "a846ef5e-c63a-4068-984b-8cdc38ef617b",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384035",
"to_ids": true,
"type": "ip-dst",
"uuid": "7e8fdaf4-efdd-4a7f-b9dd-8a3125b5dd81",
"value": "188.165.119.138"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384035",
"to_ids": false,
"type": "datetime",
"uuid": "8d2ddecc-9120-44e9-bdc3-e692e51f7bc3",
"value": "2018-10-08T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384035",
"to_ids": false,
"type": "datetime",
"uuid": "d618d17a-f95d-4826-b99b-31eb46051891",
"value": "2018-11-19T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384036",
"uuid": "1b6633ee-60c0-48fb-8b49-6fcc7d411309",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384036",
"to_ids": true,
"type": "ip-dst",
"uuid": "33ec373d-51b6-4613-b640-7f6c8c690d48",
"value": "193.70.71.112"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384037",
"to_ids": false,
"type": "datetime",
"uuid": "13085793-c0a5-4aa2-8169-549ab1e16d44",
"value": "2019-03-07T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384037",
"to_ids": false,
"type": "datetime",
"uuid": "9fb50416-4ad0-494b-8b15-b9b29d21d500",
"value": "2019-03-17T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384037",
"uuid": "c3feb2d0-0ebe-47e6-b0da-ad419ea6aee7",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384037",
"to_ids": true,
"type": "ip-dst",
"uuid": "b5cba2c3-a666-4310-b87e-b4f72185bdf8",
"value": "195.154.41.72"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384037",
"to_ids": false,
"type": "datetime",
"uuid": "625f33ae-bcd2-4c50-bf9c-100509774ff1",
"value": "2019-01-13T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384037",
"to_ids": false,
"type": "datetime",
"uuid": "de5cc7ac-06cb-4af3-8bff-843db303d59c",
"value": "2019-01-20T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384037",
"uuid": "e0c182b5-2961-461b-bc17-36cc4ff11dc5",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384037",
"to_ids": true,
"type": "ip-dst",
"uuid": "c28668c7-b7f6-4b7b-8740-6acbb6fbbe00",
"value": "213.32.113.159"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384037",
"to_ids": false,
"type": "datetime",
"uuid": "d0b1af5f-fd30-4cc2-b805-b42b1b6d5005",
"value": "2019-06-30T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384037",
"to_ids": false,
"type": "datetime",
"uuid": "19e0ef4f-9069-46d7-b8ff-350150b0f86d",
"value": "2019-09-16T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "7",
"timestamp": "1575384038",
"uuid": "fd1343f2-286e-4036-b9a8-1adff8eb2479",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1575384038",
"to_ids": true,
"type": "ip-dst",
"uuid": "66c94b5a-646a-42ea-b710-c7ee7aed53d6",
"value": "216.244.93.137"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-seen",
"timestamp": "1575384038",
"to_ids": false,
"type": "datetime",
"uuid": "d50162e0-988b-490b-99f0-f14f9a1e3487",
"value": "2018-12-10T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1575384038",
"to_ids": false,
"type": "datetime",
"uuid": "676883e3-d9c4-47f1-97a1-a2eb63e78e62",
"value": "2018-12-21T00:00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384285",
"uuid": "e9693797-9115-4631-972d-7a8e0e3a1e9e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575384285",
"to_ids": true,
"type": "filename",
"uuid": "fff6f6c5-596d-4486-bebf-cf9b18bf7017",
"value": "MsdUpdate.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384291",
"to_ids": true,
"type": "sha256",
"uuid": "263322c7-646d-4a7f-9dfb-1d6f590635ca",
"value": "e954ff741baebb173ba45fbcfdea7499d00d8cfa2933b69f6cc0970b294f9ffd"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384291",
"uuid": "82666f1d-b22b-436e-979d-5d75e303e141",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575384291",
"to_ids": true,
"type": "filename",
"uuid": "a838a207-fea3-4f4c-9602-4e163f9df78a",
"value": "MsdUpdate.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384291",
"to_ids": true,
"type": "sha256",
"uuid": "a80176aa-6020-4cfc-807e-28bbef18d8c4",
"value": "b58a2ef01af65d32ca4ba555bd72931dc68728e6d96d8808afca029b4c75d31e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384291",
"uuid": "5ac505ff-4ea6-4dbd-8dd8-75a55c32741e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575384292",
"to_ids": true,
"type": "filename",
"uuid": "6250d5cd-efe1-46f0-ac3a-494203ea1dd7",
"value": "MsdUpdate.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384292",
"to_ids": true,
"type": "sha256",
"uuid": "be41826f-0a04-48e5-9e1f-928b98568414",
"value": "a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384292",
"uuid": "71915c2b-eb82-44d7-90d4-566307cca0a5",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575384292",
"to_ids": true,
"type": "filename",
"uuid": "15bcb98d-43ab-4f3e-8e5b-4ef5d5cf7c2b",
"value": "MsdUpdate.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384292",
"to_ids": true,
"type": "sha256",
"uuid": "6a0fd476-12ed-4ab8-a0f3-7d405186873d",
"value": "c303454efb21c0bf0df6fb6c2a14e401efeb57c1c574f63cdae74ef74a3b01f2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384293",
"uuid": "96669752-aadb-43b9-8c29-7ccec173980d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575384293",
"to_ids": true,
"type": "filename",
"uuid": "bfc17797-b941-4352-8260-f2ef0384a86a",
"value": "MsdUpdate.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384293",
"to_ids": true,
"type": "sha256",
"uuid": "f96a6943-1b79-4bc3-a585-b69a9fb82b90",
"value": "75e6bafc4fa496b418df0208f12e688b16e7afdb94a7b30e3eca532717beb9ba"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384294",
"uuid": "ad36a520-c695-43b7-8ad2-a7de2481e6da",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575384294",
"to_ids": true,
"type": "filename",
"uuid": "a4b882af-d0bf-4b2f-ba28-f5ee73df4510",
"value": "MsdUpdate.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384295",
"to_ids": true,
"type": "sha256",
"uuid": "fbfb454d-5705-4a25-8130-5c4a45404c55",
"value": "8fb6cbf6f6b6a897bf0ee1217dbf738bce7a3000507b89ea30049fd670018b46"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384295",
"uuid": "62f6f45e-a6b4-4dd4-9d7f-3ffb6a7c194d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575384295",
"to_ids": true,
"type": "filename",
"uuid": "31ed3a7e-afff-4efb-ad69-3b6d8d305923",
"value": "DysonPart.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384296",
"to_ids": true,
"type": "sha256",
"uuid": "7197cdc9-6f50-4079-843e-586648f50c28",
"value": "ba9d76cca6b5c7308961cfe3739dc1328f3dad9a824417fad73b842b043daa1a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575384296",
"uuid": "9cf77da3-bde0-4a41-874f-60c45953b1e0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575384296",
"to_ids": true,
"type": "sha256",
"uuid": "80ae4483-76ad-435b-84de-a779eb71e75d",
"value": "07e1baf1d0207a139bcf39c60354666496e4331381d36eef9359120b1d8497f1"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink