475 lines
No EOL
23 KiB
JSON
475 lines
No EOL
23 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2020-02-06",
|
|
"extends_uuid": "",
|
|
"info": "Warzone RAT",
|
|
"publish_timestamp": "1580982742",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1580982704",
|
|
"uuid": "5e3be06f-d0a8-4ed9-abe9-46be950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": "0",
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"local": "0",
|
|
"name": "osint:certainty=\"50\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1580982383",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "fbf11cfc-a457-eaf8-3dfb-6abe2df5f666",
|
|
"value": "263433966d28f1e6e5f6ae389ca3694495dd8fcc08758ea113dddc45fe6b3741"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5513bd0d-2b40-401e-9367-bb4d3e39e502",
|
|
"value": "warzonedns.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "205c7727-2319-4f00-af2a-997357604a0c",
|
|
"value": "warzone.pw"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ecf2c227-969a-c8b9-6a3c-b4c3b1db748a",
|
|
"value": "531d967b9204291e70e3aab161a5b7f1001339311ece4f2eed8e52e91559c755"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "e7173efd-93b2-475b-8abc-60f140bcf25c",
|
|
"value": "warzone.io"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ca82ea25-3ba9-63c8-f056-984aa585384a",
|
|
"value": "a03764da06bbf52678d65500fa266609d45b972709b3213a8f83f52347524cf2"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Object describing the original file used to import data in MISP.",
|
|
"meta-category": "file",
|
|
"name": "original-imported-file",
|
|
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
|
|
"template_version": "2",
|
|
"timestamp": "1580982385",
|
|
"uuid": "5e3be071-1350-430b-9f34-4bbe950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"data": "eyJzcGVjX3ZlcnNpb24iOiIyLjAiLCJ0eXBlIjoiYnVuZGxlIiwib2JqZWN0cyI6W3siaWQiOiJpbmRpY2F0b3ItLWNhODJlYTI1LTNiYTktNjNjOC1mMDU2LTk4NGFhNTg1Mzg0YSIsInR5cGUiOiJpbmRpY2F0b3IiLCJjcmVhdGVkIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDFaIiwibW9kaWZpZWQiOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MVoiLCJsYWJlbHMiOlsieGZlLW1hbHdhcmUtcmlzay1oaWdoIl0sIm5hbWUiOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCBhMDM3NjRkYTA2YmJmNTI2NzhkNjU1MDBmYTI2NjYwOWQ0NWI5NzI3MDliMzIxM2E4ZjgzZjUyMzQ3NTI0Y2YyIiwiZGVzY3JpcHRpb24iOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCBhMDM3NjRkYTA2YmJmNTI2NzhkNjU1MDBmYTI2NjYwOWQ0NWI5NzI3MDliMzIxM2E4ZjgzZjUyMzQ3NTI0Y2YyIiwicGF0dGVybiI6IlsgZmlsZTpoYXNoZXMuJ1NIQS0yNTYnID0gJ2EwMzc2NGRhMDZiYmY1MjY3OGQ2NTUwMGZhMjY2NjA5ZDQ1Yjk3MjcwOWIzMjEzYThmODNmNTIzNDc1MjRjZjInIF0iLCJ2YWxpZF9mcm9tIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDFaIn0seyJpZCI6ImluZGljYXRvci0tZWNmMmMyMjctOTY5YS1jOGI5LTZhM2MtYjRjM2IxZGI3NDhhIiwidHlwZSI6ImluZGljYXRvciIsImNyZWF0ZWQiOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MloiLCJtb2RpZmllZCI6IjIwMjAtMDItMDZUMDk6NDU6NTguMjQyWiIsImxhYmVscyI6WyJ4ZmUtbWFsd2FyZS1yaXNrLWhpZ2giXSwibmFtZSI6IkZpbGUgaGFzaCBpbmRpY2F0b3IgZm9yIHNoYTI1NiBoYXNoIDUzMWQ5NjdiOTIwNDI5MWU3MGUzYWFiMTYxYTViN2YxMDAxMzM5MzExZWNlNGYyZWVkOGU1MmU5MTU1OWM3NTUiLCJkZXNjcmlwdGlvbiI6IkZpbGUgaGFzaCBpbmRpY2F0b3IgZm9yIHNoYTI1NiBoYXNoIDUzMWQ5NjdiOTIwNDI5MWU3MGUzYWFiMTYxYTViN2YxMDAxMzM5MzExZWNlNGYyZWVkOGU1MmU5MTU1OWM3NTUiLCJwYXR0ZXJuIjoiWyBmaWxlOmhhc2hlcy4nU0hBLTI1NicgPSAnNTMxZDk2N2I5MjA0MjkxZTcwZTNhYWIxNjFhNWI3ZjEwMDEzMzkzMTFlY2U0ZjJlZWQ4ZTUyZTkxNTU5Yzc1NScgXSIsInZhbGlkX2Zyb20iOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MloifSx7ImlkIjoiaW5kaWNhdG9yLS1lNzE3M2VmZC05M2IyLTQ3NWItOGFiYy02MGYxNDBiY2YyNWMiLCJ0eXBlIjoiaW5kaWNhdG9yIiwiY3JlYXRlZCI6IjIwMjAtMDItMDRUMjA6MTM6NDkuNTU0WiIsIm1vZGlmaWVkIjoiMjAyMC0wMi0wNFQyMDoxMzo0OS41NTRaIiwibGFiZWxzIjpbImJlbmlnbiIsInhmZS10aHJlYXQtc2NvcmUtdW5kZWZpbmVkIl0sIm5hbWUiOiJVUkwgUmVwb3J0IGZvciB3YXJ6b25lLmlvIiwiZGVzY3JpcHRpb24iOiIiLCJwYXR0ZXJuIjoiWyB1cmw6dmFsdWUgPSAnd2Fyem9uZS5pbycgXSIsInZhbGlkX2Zyb20iOiIyMDIwLTAyLTA0VDIwOjEzOjQ5LjU1NFoifSx7ImlkIjoiaW5kaWNhdG9yLS0yMDVjNzcyNy0yMzE5LTRmMDAtYWYyYS05OTczNTc2MDRhMGMiLCJ0eXBlIjoiaW5kaWNhdG9yIiwiY3JlYXRlZCI6IjIwMjAtMDItMDRUMjA6MTM6NDkuMzM0WiIsIm1vZGlmaWVkIjoiMjAyMC0wMi0wNFQyMDoxMzo0OS4zMzRaIiwibGFiZWxzIjpbImJlbmlnbiIsInhmZS10aHJlYXQtc2NvcmUtMSJdLCJuYW1lIjoiVVJMIFJlcG9ydCBmb3Igd2Fyem9uZS5wdyIsImRlc2NyaXB0aW9uIjoiQ2F0ZWdvcnk6IEdlbmVyYWwgQnVzaW5lc3NcbiAgICAgIERlc2NyaXB0aW9uOiBUaGlzIGNhdGVnb3J5IGluY2x1ZGVzIFdlYiBzaXRlcyBvZiBpbmR1c3RyeSwgYnVzaW5lc3MsIGVjb25vbXkgYW5kIHN1cHBseSBvZiBzZXJ2aWNlcy4iLCJwYXR0ZXJuIjoiWyB1cmw6dmFsdWUgPSAnd2Fyem9uZS5wdycgXSIsInZhbGlkX2Zyb20iOiIyMDIwLTAyLTA0VDIwOjEzOjQ5LjMzNFoifSx7ImlkIjoiaW5kaWNhdG9yLS01NTEzYmQwZC0yYjQwLTQwMWUtOTM2Ny1iYjRkM2UzOWU1MDIiLCJ0eXBlIjoiaW5kaWNhdG9yIiwiY3JlYXRlZCI6IjIwMjAtMDItMDRUMjA6MTM6NDkuMjU4WiIsIm1vZGlmaWVkIjoiMjAyMC0wMi0wNFQyMDoxMzo0OS4yNThaIiwibGFiZWxzIjpbImJlbmlnbiIsInhmZS10aHJlYXQtc2NvcmUtMSJdLCJuYW1lIjoiVVJMIFJlcG9ydCBmb3Igd2Fyem9uZWRucy5jb20iLCJkZXNjcmlwdGlvbiI6IkNhdGVnb3J5OiBHZW5lcmFsIEJ1c2luZXNzXG4gICAgICBEZXNjcmlwdGlvbjogVGhpcyBjYXRlZ29yeSBpbmNsdWRlcyBXZWIgc2l0ZXMgb2YgaW5kdXN0cnksIGJ1c2luZXNzLCBlY29ub215IGFuZCBzdXBwbHkgb2Ygc2VydmljZXMuIiwicGF0dGVybiI6IlsgdXJsOnZhbHVlID0gJ3dhcnpvbmVkbnMuY29tJyBdIiwidmFsaWRfZnJvbSI6IjIwMjAtMDItMDRUMjA6MTM6NDkuMjU4WiJ9LHsiaWQiOiJpbmRpY2F0b3ItLWZiZjExY2ZjLWE0NTctZWFmOC0zZGZiLTZhYmUyZGY1ZjY2NiIsInR5cGUiOiJpbmRpY2F0b3IiLCJjcmVhdGVkIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDJaIiwibW9kaWZpZWQiOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MloiLCJsYWJlbHMiOlsieGZlLW1hbHdhcmUtcmlzay1oaWdoIl0sIm5hbWUiOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCAyNjM0MzM5NjZkMjhmMWU2ZTVmNmFlMzg5Y2EzNjk0NDk1ZGQ4ZmNjMDg3NThlYTExM2RkZGM0NWZlNmIzNzQxIiwiZGVzY3JpcHRpb24iOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCAyNjM0MzM5NjZkMjhmMWU2ZTVmNmFlMzg5Y2EzNjk0NDk1ZGQ4ZmNjMDg3NThlYTExM2RkZGM0NWZlNmIzNzQxIiwicGF0dGVybiI6IlsgZmlsZTpoYXNoZXMuJ1NIQS0yNTYnID0gJzI2MzQzMzk2NmQyOGYxZTZlNWY2YWUzODljYTM2OTQ0OTVkZDhmY2MwODc1OGVhMTEzZGRkYzQ1ZmU2YjM3NDEnIF0iLCJ2YWxpZF9mcm9tIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDJaIn1dLCJjdXN0b21fb2JqZWN0cyI6W3sidHlwZSI6IngteGZlLWNvbGxlY3Rpb24iLCJpZCI6IngteGZlLWNvbGxlY3Rpb24tLTQ0YjMxYjE2LThjYjUtMzI2Mi1jMWIwLThmMWIwNmUwYTFmOSIsImNvbGxlY3Rpb25UaXRsZSI6IldhcnpvbmUgUkFUIiwiY29sbGVjdGlvbldpa2lDb250ZW50IjoiU3VtbWFyeVxuV2Fyem9uZSBpcyBhIFJBVCBzb2xkIHB1YmxpY2x5IGFzIHBhcnQgb2YgYSBNYWx3YXJlLWFzLWEtU2VydmljZSAoTWFhUykgZnJhbWV3b3JrIGJ5IGl0cyBhdXRob3JzLiBDaGVjayBQb2ludCBoYXMgcHVibGlzaGVkIGFuIGFuYWx5c2lzIG9mIHRoZSBXYXJ6b25lIFJBVCBhbmQgaXRzIGJ1aWxkZXIuIFxuVGhyZWF0IFR5cGVcbk1hbHdhcmUsIFJBVFxuT3ZlcnZpZXdcbkluIHRoZWlyIGJsb2cgcG9zdCBvbiB0aGUgV2Fyem9uZSBSQVQsIENoZWNrIFBvaW50IHJlc2VhcmNoZXJzIGRpc2N1c3MgdGhlIHNhbGUgb2YgdGhlIG1hbHdhcmUsIGl0cyBvcGVyYXRpb24gb24gYW4gaW5mZWN0ZWQgbWFjaGluZSwgYW5kIHRoZSBidWlsZGVyL21hbmFnZXIgdXNlZCBieSBwdXJjaGFzZXJzIG9mIHRoZSBSQVQuIFRoZSBXYXJ6b25lIFJBVCBpcyBhZHZlcnRpc2VkIG9uIGl0cyBvd24gd2Vic2l0ZSBhbmQgc29sZCB1c2luZyBhIHN1YnNjcmlwdGlvbiBtb2RlbCB3aGVyZSB0aGUgbW9zdCBleHBlbnNpdmUgc3Vic2NyaXB0aW9ucyBwcm92aWRlIGxvbmdlciB0aW1lIHBlcmlvZHMgYWRkaXRpb25hbCBmZWF0dXJlcywgc3VjaCBhcyBwcmVtaXVtIERETlMsIGN1c3RvbWVyIHN1cHBvcnQsIGFuZCByb290a2l0cy4gVGhlIGF1dGhvcnMgYWxzbyBzZWxsIGNyeXB0b3JzIGFuZCBleHBsb2l0IGJ1aWxkZXJzIHRvIGJlIHVzZWQgaW4gY29uanVuY3Rpb24gd2l0aCB0aGUgUkFUIGZvciBhbiBhZGRpdGlvbmFsIGNvc3QuIEFzIG9wcG9zZWQgdG8gbWFueSBzaW1pbGFyIE1hbHdhcmUtYXMtYS1TZXJ2aWNlIChNYWFTKSBSQVRzLCB3aGljaCBhcmUgd3JpdHRlbiBpbiAuTkVULCB0aGUgV2Fyem9uZSBSQVQgaXMgd3JpdHRlbiBpbiBDKysgYW5kIHRodXMgY29tcGF0aWJsZSB3aXRoIGFsbCBXaW5kb3dzIHJlbGVhc2VzLiBUaGUgcmVzZWFyY2hlcnMgaW5jbHVkZSBhIGRlZXAgZGl2ZSBpbnRvIHRoZSBVQUMgYnlwYXNzIG1ldGhvZHMgdXNlZCBieSB0aGUgUkFULCB3aGljaCBkaWZmZXIgZGVwZW5kaW5nIG9uIHdoZXRoZXIgV2luZG93cyAxMCBvciBhbiBvbGRlciB2ZXJzaW9uIGlzIHJ1bm5pbmcgb24gdGhlIHN5c3RlbS4gQWZ0ZXIgcHJpdmlsZWdlcyBhcmUgZXNjYWxhdGVkIHZpYSB0aGUgVUFDIGJ5cGFzcyB0ZWNobmlxdWVzLCBwZXJzaXN0ZW5jZSBpcyBlc3RhYmxpc2hlZCB1c2luZyBSZWdpc3RyeSBSdW4ga2V5cy4gQ29tbXVuaWNhdGlvbiB3aXRoIGl0cyBDMiBpcyB0aGVuIGluaXRpYXRlZCBvdmVyIFRDUCBwb3J0IDUyMDAuIFRoZSBwYXlsb2FkIGlzIFJDNC1lbmNyeXB0ZWQgaW4gbW9zdCB2ZXJzaW9ucyBvZiB0aGUgV2Fyem9uZSBSQVQuIEFmdGVyIHNlbmRpbmcgdmFyaW91cyBzeXN0ZW0gaW5mb3JtYXRpb24gYmFjayB0byB0aGUgQzIgc2VydmVyLCBzdWNoIGFzIFBDIG5hbWUsIFJBTSBhbmQgQ1BVIHN0YXRzLCBhbmQgdGhlIE9TIHZlcnNpb24sIHRoZSBtYWx3YXJlIHdhaXRzIHRvIHJlY2VpdmUgY29tbWFuZHMuIEF2YWlsYWJsZSBjb21tYW5kcyBpbmNsdWRlIHRob3NlIGFzc29jaWF0ZWQgd2l0aCByZW1vdGUgc2hlbGwsIFJEUCwgb3IgVk5DIGFjY2VzcywgdGFzayBtYW5hZ2VtZW50LCBmaWxlIG9wZXJhdGlvbnMsIGtleWxvZ2dpbmcsIGFuZCBtb3JlLiBJZiBhcHBsaWNhYmxlLCB0aGUgb2J0YWluZWQgZGF0YSBpcyByZXR1cm5lZCB0byB0aGUgQzIgc2VydmVyLiBUaGUgcmVzZWFyY2hlcnMgYWxzbyBhbmFseXplZCBhIHNhbXBsZSBvZiB0aGUgYWRtaW5pc3RyYXRpb24gcGFuZWwgYW5kIGJ1aWxkZXIgdXNlZCBieSBwdXJjaGFzZXJzIG9mIHRoZSBSQVQuIEZyb20gdGhpcyBwYW5lbCwgdGhlIGJ1eWVyIGNhbiBlYXNpbHkgcGVyZm9ybSBhY3Rpb25zIGFnYWluc3QgYW55IHN1Y2Nlc3NmdWwgaW5mZWN0ZWQgaG9zdHMuIEZvciBtb3JlIGluZm9ybWF0aW9uLCBzZWUgdGhlIENoZWNrIFBvaW50IGFydGljbGUgaW4gdGhlIFJlZmVyZW5jZSBzZWN0aW9uLlxuSW5kaWNhdG9ycyBvZiBDb21wcm9taXNlXG5TSEEyNTZcbiA1MzFkOTY3YjkyMDQyOTFlNzBlM2FhYjE2MWE1YjdmMTAwMTMzOTMxMWVjZTRmMmVlZDhlNTJlOTE1NTljNzU1IFxuIGEwMzc2NGRhMDZiYmY1MjY3OGQ2NTUwMGZhMjY2NjA5ZDQ1Yjk3MjcwOWIzMjEzYThmODNmNTIzNDc1MjRjZjIgXG4gMjYzNDMzOTY2ZDI4ZjFlNmU1ZjZhZTM4OWNhMzY5NDQ5NWRkOGZjYzA4NzU4ZWExMTNkZGRjNDVmZTZiMzc0MSBcbkRvbWFpbnNcbiB3YXJ6b25lZG5zLmNvbSBcbiB3YXJ6b25lLnB3IFxuIHdhcnpvbmUuaW8gXG5SZWNvbW1lbmRhdGlvbnNcbkVuc3VyZSBhbnRpLXZpcnVzIHNvZnR3YXJlIGFuZCBhc3NvY2lhdGVkIGZpbGVzIGFyZSB1cCB0byBkYXRlLlxuU2VhcmNoIGZvciBleGlzdGluZyBzaWducyBvZiB0aGUgaW5kaWNhdGVkIElPQ3MgaW4geW91ciBlbnZpcm9ubWVudC5cbkJsb2NrIGFsbCBVUkwgYW5kIElQIGJhc2VkIElvQ3MgYXQgdGhlIGZpcmV3YWxsLCBJRFMsIHdlYiBnYXRld2F5cywgcm91dGVycyBvciBvdGhlciBwZXJpbWV0ZXItYmFzZWQgZGV2aWNlcy5cbktlZXAgYXBwbGljYXRpb25zIGFuZCBvcGVyYXRpbmcgc3lzdGVtcyBydW5uaW5nIGF0IHRoZSBjdXJyZW50IHJlbGVhc2VkIHBhdGNoIGxldmVsLlxuQWx3YXlzIGJlIHN1c3BpY2lvdXMgb2YgdW5zb2xpY2l0ZWQgZW1haWxzLlxuUmVmZXJlbmNlXG5odHRwczovL3Jlc2VhcmNoLmNoZWNrcG9pbnQuY29tLzIwMjAvd2Fyem9uZS1iZWhpbmQtdGhlLWVuZW15LWxpbmVzLyAiLCJjb2xsZWN0aW9uSWQiOiI0NGIzMWIxNjhjYjUzMjYyYzFiMDhmMWIwNmUwYTFmOSIsIm93bmVyIjoiMjAyMC0wMi0wNVQxNDo0MjoxNy44ODZaIiwidGFncyI6W10sInRscCI6IiIsImNyZWF0ZWQiOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI2OFoiLCJtb2RpZmllZCI6IjIwMjAtMDItMDZUMDk6NDU6NTguMjY4WiJ9XSwiaWQiOiJidW5kbGUtLWEwNTgxYWU5LTBmMDQtNGMzNy05YTgwLTE0Mjc2OWZhNWZjNiJ9",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "imported-sample",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "attachment",
|
|
"uuid": "5e3be071-ddbc-4cb6-a049-420e950d210f",
|
|
"value": "xfe-collection_44b31b168cb53262c1b08f1b06e0a1f9.json"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "format",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5e3be071-4b10-40f0-b3e8-40f3950d210f",
|
|
"value": "STIX 2.0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1580982641",
|
|
"uuid": "c53a3956-bd1c-48f9-817e-1805443e5903",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c53a3956-bd1c-48f9-817e-1805443e5903",
|
|
"referenced_uuid": "f9adf39d-f254-432d-a3c9-2229170df07f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1580982704",
|
|
"uuid": "5e3be1b0-b040-483d-8529-43f0950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1580982383",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5772c733-6236-4fd7-8b46-f182892589f0",
|
|
"value": "16ba8719479baaaf2649690a13eb1e8e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1580982383",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "8c1276e6-d4c6-45a1-aa55-2d61231d36d2",
|
|
"value": "92caa2eb703d011755ead3ab9073b319a077d1a7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1580982383",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "82632824-6f55-43c3-b3d5-0b1a1acc3608",
|
|
"value": "263433966d28f1e6e5f6ae389ca3694495dd8fcc08758ea113dddc45fe6b3741"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1580982679",
|
|
"uuid": "f9adf39d-f254-432d-a3c9-2229170df07f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1580982383",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "61927374-e7d4-4bdc-ba0a-4537421dac4f",
|
|
"value": "2020-02-06T08:45:24"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1580982383",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "70aec802-ee6a-470e-9815-7144ef416d99",
|
|
"value": "https://www.virustotal.com/file/263433966d28f1e6e5f6ae389ca3694495dd8fcc08758ea113dddc45fe6b3741/analysis/1580978724/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1580982383",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "991907ba-f62a-4939-9d6d-288dbff24416",
|
|
"value": "59/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1580982691",
|
|
"uuid": "33a3d10b-1db8-4ccb-9182-8afa3091d7b5",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "33a3d10b-1db8-4ccb-9182-8afa3091d7b5",
|
|
"referenced_uuid": "9b5e1555-70e4-4ab9-9d15-9c275c4c246f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1580982705",
|
|
"uuid": "5e3be1b1-e69c-481d-a4c7-4070950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5ef7e733-ece0-4b7d-aeea-9a7b63830bef",
|
|
"value": "08e869b11b70f084263bf01e730b1650"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "edf73d5d-1108-473c-ab3c-a962c7c88aaa",
|
|
"value": "bbf009d679c218d9856cb9c0b14f38b43f5b75c0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f00bfaf5-03f9-4e76-97cc-b853e39e31e3",
|
|
"value": "a03764da06bbf52678d65500fa266609d45b972709b3213a8f83f52347524cf2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1580982703",
|
|
"uuid": "9b5e1555-70e4-4ab9-9d15-9c275c4c246f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "33192d6a-2439-4ce0-a3ef-1cae0a9fa721",
|
|
"value": "2019-07-07T19:20:05"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b7e155b1-560f-47e5-ba88-fdd01594e224",
|
|
"value": "https://www.virustotal.com/file/a03764da06bbf52678d65500fa266609d45b972709b3213a8f83f52347524cf2/analysis/1562527205/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6f67e866-aaa0-4cbe-bd20-ae533def40ac",
|
|
"value": "56/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1580982704",
|
|
"uuid": "0756ce6a-a014-4acb-bad4-7ad09bffa51b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0756ce6a-a014-4acb-bad4-7ad09bffa51b",
|
|
"referenced_uuid": "acc5dfc6-cf65-45fa-a6a9-fb4330cc31f4",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1580982705",
|
|
"uuid": "5e3be1b1-c690-41ea-b892-41e7950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "76755270-9398-4d01-acdf-f93172b9f71e",
|
|
"value": "d93bc04fd77f7762aaadffc707c5d3ae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f76639d6-9d44-40e5-bf7a-6f044d40ce13",
|
|
"value": "a1bc0cbd855222231cd06682444dbafd3553ee13"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1580982385",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "49ac0fd3-195c-4e75-abc8-166b629d51cc",
|
|
"value": "531d967b9204291e70e3aab161a5b7f1001339311ece4f2eed8e52e91559c755"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1580982704",
|
|
"uuid": "acc5dfc6-cf65-45fa-a6a9-fb4330cc31f4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3be90cad-ccff-414e-ace1-cd894f097b97",
|
|
"value": "2020-02-06T08:25:33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ea078951-7b95-4c1d-9b46-4726caee60e1",
|
|
"value": "https://www.virustotal.com/file/531d967b9204291e70e3aab161a5b7f1001339311ece4f2eed8e52e91559c755/analysis/1580977533/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1580982385",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "90a6caef-8a54-41f3-8359-8b6715df251a",
|
|
"value": "58/69"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |