3346 lines
No EOL
122 KiB
JSON
3346 lines
No EOL
122 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2023-11-22",
|
|
"extends_uuid": "",
|
|
"info": "CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits",
|
|
"publish_timestamp": "1700667863",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1700667785",
|
|
"uuid": "df7b7020-9f17-4a3c-9824-1baa4ff67cb1",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": "0",
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:clear",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667326",
|
|
"to_ids": false,
|
|
"type": "vulnerability",
|
|
"uuid": "a1b4fac8-86bc-4a56-a517-f620409aa985",
|
|
"value": "CVE-2023-46604"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667504",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "ec341f4e-0f70-4569-8ac5-e35465572726",
|
|
"value": "http://185.122.204.197/acb.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667504",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "dec37bd8-3293-45dd-b087-73cc2018fb6d",
|
|
"value": "http://194.38.22.53/curl-aarch64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667504",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5dc9a60b-5b71-43fa-8859-e927cd7e813f",
|
|
"value": "http://194.38.22.53/curl-amd64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667504",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "c126e50d-8d22-4201-aeb2-ceb6c4438db8",
|
|
"value": "http://194.38.22.53/kinsing"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667504",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "6f58a684-e56b-431b-8a90-f00d03cc2837",
|
|
"value": "http://194.38.22.53/kinsing_aarch64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667504",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "28f55810-c61e-42d0-8565-cc7d2e7eb57c",
|
|
"value": "http://194.38.22.53/libsystem.so"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667583",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "858d2d46-7d03-4e4e-9a57-f8a16abed89b",
|
|
"value": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667583",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6d1389be-2a8d-4cb4-824e-cc66f8f38063",
|
|
"value": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667583",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "dec7c981-9fbf-4d43-b9d9-72f46c90800d",
|
|
"value": "787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667583",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b696aff7-fc3b-4f51-9928-a5cda3032840",
|
|
"value": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1700667583",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e9401439-1ca4-4cac-a561-73c2380cec27",
|
|
"value": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "7",
|
|
"timestamp": "1700667408",
|
|
"uuid": "8ccbf5d4-d4bb-4ddb-9055-ffde04cc2d79",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1700667408",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "0d46d9e1-6d0f-43b4-a436-239828c9f1b4",
|
|
"value": "https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1700667408",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7d5d7567-2a91-4c7c-98fe-bb4ccc725e98",
|
|
"value": "We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. When exploited, this vulnerability leads to remote code execution (RCE), which Kinsing uses to download and install malware. The vulnerability itself is due to OpenWire commands failing to validate throwable class type, leading to RCE."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "type",
|
|
"timestamp": "1700667408",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8ffe0cc3-7092-4bdc-98b8-cc64673e20e0",
|
|
"value": "Blog"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "CVE-2023-46604: Enriched via the cve_advanced module",
|
|
"deleted": false,
|
|
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
|
|
"meta-category": "vulnerability",
|
|
"name": "vulnerability",
|
|
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
|
|
"template_version": "8",
|
|
"timestamp": "1700667428",
|
|
"uuid": "1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"referenced_uuid": "a1b4fac8-86bc-4a56-a517-f620409aa985",
|
|
"relationship_type": "related-to",
|
|
"timestamp": "1700667429",
|
|
"uuid": "99cef72f-4d27-4765-9193-0e96300541f0"
|
|
},
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"referenced_uuid": "4cac5b96-ce45-4fe8-b212-83d5620151ae",
|
|
"relationship_type": "weakened-by",
|
|
"timestamp": "1700667429",
|
|
"uuid": "66a387ef-1589-4de1-b0b3-ee9e59dc0973"
|
|
},
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1423e354-7fb3-453f-8465-45dc2e660d79",
|
|
"referenced_uuid": "e9270a16-4ea3-465f-869c-6b667dde3350",
|
|
"relationship_type": "targeted-by",
|
|
"timestamp": "1700667429",
|
|
"uuid": "ff9374d5-1ce4-47aa-9160-d06eea12d299"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "id",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "vulnerability",
|
|
"uuid": "ed6125c4-f8d6-4f1c-ac2d-8b4c051a6865",
|
|
"value": "CVE-2023-46604"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "909f18d8-af19-4416-999b-76917d7f9234",
|
|
"value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "modified",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c1a36471-0536-4286-bb9e-f9095b87113f",
|
|
"value": "2023-11-20T22:15:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "cvss-score",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "float",
|
|
"uuid": "e1c6e680-cbd9-4a98-adb2-53bed69ffb22",
|
|
"value": "9.8"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "cvss-string",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "fe4d18e6-83a9-4dda-b694-c52f31d7ac5f",
|
|
"value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "published",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "09fc6f4d-54c4-460f-b1ff-6ceb2ced38c0",
|
|
"value": "2023-10-27T15:15:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5077c263-72b7-453b-80a6-6267eabdd253",
|
|
"value": "Published"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "1eae093e-7db2-49eb-b148-416d97856c1e",
|
|
"value": "cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "89133a25-22fc-4535-b671-46b60be1a536",
|
|
"value": "cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "f72dd146-1775-495b-bf06-45adcb10f3e5",
|
|
"value": "cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "b9e545b5-66bd-4556-963f-c57e579d12b9",
|
|
"value": "cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "63906bfc-7c03-499b-9576-5c1a73e1e2cd",
|
|
"value": "cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "b322318f-ae8b-4b27-b15e-a0bbc0ddb44e",
|
|
"value": "cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "72cfca14-419a-491d-b52a-c07213d1588e",
|
|
"value": "cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "6cb21568-2093-42a5-af57-f11093069711",
|
|
"value": "cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "c1c51379-cc42-4830-850a-f081366bae72",
|
|
"value": "cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "7df44cb7-e3b0-445c-b9dd-ca1ae04da9ae",
|
|
"value": "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "e0a0ae7f-8c5b-4311-a56d-a343f45bd599",
|
|
"value": "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "e4bfa49d-f7de-4208-9065-186e933f7c13",
|
|
"value": "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "9d04dac0-4150-4be7-952d-16a411814404",
|
|
"value": "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "47d667fb-226f-4814-bd5c-abe37c4bc4ba",
|
|
"value": "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "69db6f30-a14e-4bba-9290-735d0aa7ac00",
|
|
"value": "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "46bfa4cc-76a8-4def-bf66-be78728e0636",
|
|
"value": "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "91a2d8d2-6ed9-4f83-a216-5500a951841b",
|
|
"value": "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "8d8fed5e-9bb6-4b23-bc88-332428b2cea2",
|
|
"value": "cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "83991c54-fb02-4c8b-81d7-aea5b3604f46",
|
|
"value": "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "5d061623-27b5-4ae0-ade1-dd5acb4bc91e",
|
|
"value": "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "4b1537c8-173c-46f1-86e6-fcacf052bca1",
|
|
"value": "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "8a5dfb95-41b8-41fd-bf77-916c50f8bd49",
|
|
"value": "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "81ed4429-6cbf-4cd0-8848-ca1cd250ea6b",
|
|
"value": "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "0ee7713b-2b99-404a-9e25-9032075f9aad",
|
|
"value": "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "62a52454-46ca-4b42-9c53-b3cbe0e38a46",
|
|
"value": "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "2a2c8eb2-b942-490a-bd6f-a51462087c21",
|
|
"value": "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "546190e6-da91-44ee-83ce-5f1a8617cb4c",
|
|
"value": "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "b6e9555f-8c57-4835-ac23-7dd6674c02bb",
|
|
"value": "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "7f96f4ec-9efe-4edb-b940-015e84a7a94f",
|
|
"value": "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "fd7bba1f-ff35-4f2e-bb55-f1a44a739255",
|
|
"value": "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "ee82d93a-274f-49a5-9f68-f74a29999452",
|
|
"value": "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "deb776e7-821e-42e2-9a05-c5d39dab4197",
|
|
"value": "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "d4acfae2-0bff-40c6-80e2-bd47f76b56bc",
|
|
"value": "cpe:2.3:a:apache:activemq:5.11.3:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "bbf1795b-d6b9-4f3b-98df-7f1711dac2b6",
|
|
"value": "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "8b5496cc-a677-41ad-9599-5d8bf9ad18ab",
|
|
"value": "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "98c8a505-2c8b-4d6c-8dc7-f0c7793f0cb3",
|
|
"value": "cpe:2.3:a:apache:activemq:5.12.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "6c70616c-d3f8-4d4e-8674-22fdf065826a",
|
|
"value": "cpe:2.3:a:apache:activemq:5.12.3:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "43b00644-6b97-4c2c-a1e8-aa504fbeeb11",
|
|
"value": "cpe:2.3:a:apache:activemq:5.13.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "04faab7b-0e53-468d-902f-bd0c8f150e18",
|
|
"value": "cpe:2.3:a:apache:activemq:5.13.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "d424a662-4c15-4a1e-b865-e0820376fd92",
|
|
"value": "cpe:2.3:a:apache:activemq:5.13.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "698abba6-478d-45f4-baa5-7c8fada87a19",
|
|
"value": "cpe:2.3:a:apache:activemq:5.13.3:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "2466c337-3fb4-4c9b-8a07-8d34c1ff6a96",
|
|
"value": "cpe:2.3:a:apache:activemq:5.13.4:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "72596fff-941b-4967-b717-d9dc5de0d80d",
|
|
"value": "cpe:2.3:a:apache:activemq:5.13.5:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "55acd54d-d64b-456f-b344-d3af3ef69570",
|
|
"value": "cpe:2.3:a:apache:activemq:5.14.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "98a55f1e-4d10-4ca8-896d-46209aa124ca",
|
|
"value": "cpe:2.3:a:apache:activemq:5.14.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "dabc7f9d-ae5b-4d5c-8d2d-eec8f91094e1",
|
|
"value": "cpe:2.3:a:apache:activemq:5.14.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "cc6ba850-9805-4ecd-9876-16b36460a9f4",
|
|
"value": "cpe:2.3:a:apache:activemq:5.14.3:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "65a9dff1-333d-4492-862c-8c29b3c5b94c",
|
|
"value": "cpe:2.3:a:apache:activemq:5.14.4:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "abe51eb8-e515-494e-a5ec-9bbed7e1d4b2",
|
|
"value": "cpe:2.3:a:apache:activemq:5.14.5:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "6483255f-ba4f-4601-ae99-2f0976591fd9",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "a391ee1e-60e6-4149-93d3-5ded73a50cd6",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "363c577a-1bae-4c4c-a65e-adf82fb7f50e",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "b2c05ede-ee38-4191-a3c7-158764861941",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.3:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "eeec7682-18f4-46bd-8ad0-624e3055dc75",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.4:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "f89472f9-b663-4381-bc56-6ecdb0cb9d98",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.5:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "e5c15b34-810f-46b5-b828-f7f66572c2f8",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.6:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "ab9b9f69-d3af-459b-b411-4eee50e3bf82",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.7:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "5f8ee5a5-229e-4e09-8f89-d49f85414960",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.8:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "b84333bb-bb64-43c0-be8e-853e78dee4c7",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "a38f6a4a-d51c-4153-998b-70f9f0bc4af3",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.10:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "8cfceffc-ab6e-4a2c-83f1-9e6ac2d2a04f",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.11:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "e8806f71-449e-43d9-b257-3b36004e064c",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "a89fffa9-89d3-4bce-bdbc-39fdfe4a991f",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.13:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "d6312b0a-a932-4ee0-8d27-7c9e34fc457f",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.14:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "7b93f6ca-21f5-4f50-86a1-380d66d01ea6",
|
|
"value": "cpe:2.3:a:apache:activemq:5.15.15:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667428",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "14a90fdd-dc57-479d-8f21-f9f8d0f37d1b",
|
|
"value": "cpe:2.3:a:apache:activemq:5.18.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "3bf97e96-3cce-44b2-b159-abaaefad420d",
|
|
"value": "cpe:2.3:a:apache:activemq:5.17.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "8b85f140-4244-44af-9fcf-7eca4d2bb550",
|
|
"value": "cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "de4a5f61-c3e2-4273-8a9f-0ba73096aa11",
|
|
"value": "cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "d19cd59a-cecc-4c33-a094-b14c521cce7d",
|
|
"value": "cpe:2.3:a:apache:activemq:5.16.2:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "4d09973d-d5be-4dd1-9a1b-c5f5f49ef0b3",
|
|
"value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "591707f3-1573-4f4a-9d38-0fcbf7c5e033",
|
|
"value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.18.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "925c1db0-fd5c-43c2-916a-e35dac492db8",
|
|
"value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.17.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vulnerable-configuration",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "cpe",
|
|
"uuid": "d52cc398-2fb7-4e40-a049-00a53330c698",
|
|
"value": "cpe:2.3:a:apache:activemq_legacy_openwire_module:5.16.0:*:*:*:*:*:*:*"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "references",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a4106cf5-1f23-41d8-bb93-80146dffed98",
|
|
"value": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "references",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "79c49297-a968-479a-bb6c-f37374579132",
|
|
"value": "https://security.netapp.com/advisory/ntap-20231110-0010/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "references",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c99d8453-8ef6-4b10-b94d-0a9c556ac8b4",
|
|
"value": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "references",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7415ea5e-9fc0-4974-a182-4df3c1f66943",
|
|
"value": "http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "references",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e790729d-9309-4089-8e10-0eed7dab1f89",
|
|
"value": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "CVE-2023-46604: Enriched via the cve_advanced module",
|
|
"deleted": false,
|
|
"description": "Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.",
|
|
"meta-category": "vulnerability",
|
|
"name": "weakness",
|
|
"template_uuid": "b8713fc0-d7a2-4b27-a182-38ed47966802",
|
|
"template_version": "1",
|
|
"timestamp": "1700667429",
|
|
"uuid": "4cac5b96-ce45-4fe8-b212-83d5620151ae",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "id",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "weakness",
|
|
"uuid": "6c3bd37c-e18e-44ff-b58b-b171df7d18e1",
|
|
"value": "CWE-502"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7162c223-adc9-4ee3-9c2d-efcec35a38b8",
|
|
"value": "Deserialization of Untrusted Data"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "status",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e2ea23bd-4fdf-496d-b15f-4ce3c116e3bf",
|
|
"value": "Draft"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "weakness-abs",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "eac6bb21-5d71-4acb-8ce0-5aba5df658a9",
|
|
"value": "Base"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "CVE-2023-46604: Enriched via the cve_advanced module",
|
|
"deleted": false,
|
|
"description": "Attack pattern describing a common attack pattern enumeration and classification.",
|
|
"meta-category": "vulnerability",
|
|
"name": "attack-pattern",
|
|
"template_uuid": "35928348-56be-4d7f-9752-a80927936351",
|
|
"template_version": "1",
|
|
"timestamp": "1700667429",
|
|
"uuid": "e9270a16-4ea3-465f-869c-6b667dde3350",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "id",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2804f932-36ab-4589-a6cc-d11b0943de06",
|
|
"value": "586"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f5eea24a-c698-4b4f-9843-e713a72e2313",
|
|
"value": "Object Injection"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "fa4308e3-8ace-4e8e-8033-8505270c7e8f",
|
|
"value": "An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "prerequisites",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8ac13fdd-69fa-469c-a91b-b5c6a054d4e2",
|
|
"value": "The target application must unserialize data before validation."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "solutions",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a139f08d-d7ea-4c69-9586-e135798730e3",
|
|
"value": "Implementation: Validate object before deserialization process Design: Limit which types can be deserialized. Implementation: Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. Use an allowlist of acceptable classes. Implementation: Keep session state on the server, when possible."
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "related-weakness",
|
|
"timestamp": "1700667429",
|
|
"to_ids": false,
|
|
"type": "weakness",
|
|
"uuid": "210f1e6d-0447-432a-8508-ff9cf641f3be",
|
|
"value": "CWE-502"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Enriched via the url_import module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667558",
|
|
"uuid": "69b6801f-70f2-4f6f-88f4-6246d90a02f1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "f265812c-43a0-4b41-8326-7c6a2e678fd2",
|
|
"value": "http://185.122.204.197/acb.sh"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "resource_path",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b1b449ad-fcdf-499d-a136-d0c9e793bd4e",
|
|
"value": "/acb.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "host",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "13e5b972-3380-4851-b8a7-ab880040f1fd",
|
|
"value": "185.122.204.197"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain_without_tld",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1c197aa2-3ac1-4667-877b-10783318f8ee",
|
|
"value": "185.122.204.197"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "32d2cd21-d747-4736-99f6-373486dc082a",
|
|
"value": "185.122.204.197"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Enriched via the url_import module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667558",
|
|
"uuid": "d2aa05c5-9d0b-4b73-8784-f2772dab848b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "d23b9046-aeac-46b4-b033-1e968446b57b",
|
|
"value": "http://194.38.22.53/curl-aarch64"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "resource_path",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "99695322-1921-4083-a130-9c1dbc221747",
|
|
"value": "/curl-aarch64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "host",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "7a041f7c-8a3c-4310-9db2-75ca58d95789",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain_without_tld",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "3711cf95-12ce-4905-a09f-dd3db2152281",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "30d63bd6-c25a-4f77-ac18-be4c58763673",
|
|
"value": "194.38.22.53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Enriched via the url_import module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667558",
|
|
"uuid": "bff55684-ad68-46cc-9919-2b6bc1f3b179",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5e163710-eedb-42a1-8769-e5223b6938aa",
|
|
"value": "http://194.38.22.53/curl-amd64"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "resource_path",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8526914b-d0c6-4634-824d-84c558961015",
|
|
"value": "/curl-amd64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "host",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "109de076-9e6e-4efb-a0c9-b805a0435546",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain_without_tld",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "12c2f54b-c7c3-4f01-80b2-67768a84b9d4",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "d97241b5-a6e0-42e0-82aa-5ba822e7fa3a",
|
|
"value": "194.38.22.53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Enriched via the url_import module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667558",
|
|
"uuid": "301c5825-7094-4eff-840a-be6d8c8e8195",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "8ec51b19-e37a-4266-a377-62a62d720f8d",
|
|
"value": "http://194.38.22.53/kinsing"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "resource_path",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ec1ad836-5aeb-4761-8337-858d40fcc03a",
|
|
"value": "/kinsing"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "host",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "3018f778-078f-43a9-a0e7-37e0bbbd8202",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain_without_tld",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5473c4fc-7d8a-43f7-9a78-3ee2ce3970d9",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b594c76-ab8a-41cc-8b2c-b333529774fe",
|
|
"value": "194.38.22.53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Enriched via the url_import module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667558",
|
|
"uuid": "e66b0982-04a9-4ead-909b-499b49c8faf2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "87af1d09-3454-40aa-8c22-bb7d2e0ea6c6",
|
|
"value": "http://194.38.22.53/kinsing_aarch64"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "resource_path",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2e90f897-563c-4b25-bff1-c0437c653107",
|
|
"value": "/kinsing_aarch64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "host",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "26007038-fb97-46ed-b76e-f31e5ed33c74",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain_without_tld",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "280f9e3c-e2ae-4be3-addf-e9250375e3a5",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "dfab016c-ad6a-47e3-b89d-8b0ef9ac2609",
|
|
"value": "194.38.22.53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Enriched via the url_import module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667558",
|
|
"uuid": "4675bbfa-2304-4cc2-ba9c-1a3cebd3c7cf",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "2bfdff18-0ada-4b19-8d8a-e3719722d7c6",
|
|
"value": "http://194.38.22.53/libsystem.so"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "resource_path",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9fde180e-f3fd-4498-a19e-b41beb2b9060",
|
|
"value": "/libsystem.so"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "host",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "138e1908-e644-4bc0-b14b-738f75e1ac24",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain_without_tld",
|
|
"timestamp": "1700667558",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9c73bf38-7f1d-40b4-9d3f-f5c042ba297d",
|
|
"value": "194.38.22.53"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667558",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "c5941b10-1b54-4cd6-b574-2e2b96dad1f1",
|
|
"value": "194.38.22.53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667633",
|
|
"uuid": "72f8dfd0-2ab6-4839-956d-813372d4cbce",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "cf428eb0-b056-4355-bc6b-c8f505ae083e",
|
|
"value": "https://www.virustotal.com/gui/file/c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "22b554c6-f8c7-4367-8291-a310c4aedecf",
|
|
"value": "41/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667633",
|
|
"uuid": "fec59623-a7d8-43bb-90ca-d1f8d2469bf0",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ea0091d8-b24f-47a6-96c6-234afe75f14a",
|
|
"value": "https://www.virustotal.com/gui/url/218336a92c3856330bc926adf336fb4537742f85eee39a56660903acd4699729"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d0aa461c-743c-487e-a88a-72f49f03609e",
|
|
"value": "14/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667633",
|
|
"uuid": "2b12de36-4f9c-4ecd-8138-9a2ea40adb88",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "da5e0938-c07c-4d97-9c76-27bb253759a0",
|
|
"value": "https://www.virustotal.com/gui/url/a2a84fe32f387d17f7df1058ed594dd4658537c335667c73c15ffc78fddac256"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7206f043-4bba-46a9-a450-7d4530f763fb",
|
|
"value": "7/89"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667633",
|
|
"uuid": "c8e5e229-75f0-494f-bfa0-0de1b929bed9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "fcd4271f-3fda-400c-9972-91920354a3c9",
|
|
"value": "http://194.38.21.25/libsystem.so"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667633",
|
|
"uuid": "c84d52b3-fdfb-4164-82c8-04fc9e76dc69",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e5b1a692-c883-4f46-bfd5-5525167d9dbf",
|
|
"value": "https://www.virustotal.com/gui/url/e4b7d05cadf1319d2f915d74ca9644e512182f6b8a470b9882b3a65e08cb9cba"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "74331e0a-3c35-4754-a1e0-2916c12dbd06",
|
|
"value": "3/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667633",
|
|
"uuid": "23a79772-d43c-4c33-ba7d-0fec21a26bae",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "4c85e825-7f37-42f2-8a2f-267af5e293f4",
|
|
"value": "http://45.15.158.124/libsystem.so"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667633",
|
|
"uuid": "5dacd5e9-1cd3-40a5-95fd-3f76919bcaf3",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "19ceae8f-95fa-40ae-ae0c-bc7353025544",
|
|
"value": "https://www.virustotal.com/gui/url/df1e6c6270e8f4aaefab50c87ae9db569a24a082e98bfd0eb521b7339978a891"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "501737a6-d6af-4cc7-bcec-901605704c59",
|
|
"value": "7/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667633",
|
|
"uuid": "298b2c78-9d01-4046-a51a-6829f33b58fa",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "2247daac-cc77-42d2-a57c-0ee34bbe7da3",
|
|
"value": "http://194.87.252.159/libsystem.so"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667633",
|
|
"uuid": "17054e47-ae49-4803-8640-54bfd422581a",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "151edbae-1dbc-4e98-addb-873ef925d4ae",
|
|
"value": "https://www.virustotal.com/gui/url/ee9cf5f02f58fa2d1149485e3024eab2849c5d8a3c8e8530895100b2cde4907d"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667633",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f28c0fb3-7b6e-48b1-939c-85cdb774dcd2",
|
|
"value": "11/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667633",
|
|
"uuid": "f7612330-d2f6-40bd-bc97-103283c02684",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "35a902c0-05c5-4769-a7cb-b924fae6048d",
|
|
"value": "http://194.38.20.196/libsystem.so"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1700667633",
|
|
"uuid": "a617657e-c7b8-441c-a432-b92a4f534a41",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "635fe922-97ee-4d85-a10e-723006594f41",
|
|
"value": "ccef46c7edf9131ccffc47bd69eb743b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "285f5cdb-5856-4044-bcb2-885eba57bbaa",
|
|
"value": "38c56b5e1489092b80c9908f04379e5a16876f01"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7a583f83-52d2-412a-a176-e9e77dec4df0",
|
|
"value": "c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "tlsh",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "tlsh",
|
|
"uuid": "c7a855f9-8ccb-461e-9dfe-50190bcf80ab",
|
|
"value": "t19ec2c637b9d2cab5c0c0e238a5d79276f1f5b0f14b22931ba294457e3e927c81f4ea45"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vhash",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "vhash",
|
|
"uuid": "24b19e0b-122c-49d4-8c92-dc00267e78ed",
|
|
"value": "fe6bc79726e96c10105967299ddec168"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1700667633",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "bc94a808-b1d8-472b-abae-d73e193252b6",
|
|
"value": "384:GkV8prsuhCY63B9dBRi9JsdgUa/Q1NXJZ6Cb1b:ZaLOVT6E"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667683",
|
|
"uuid": "acfc0207-defe-445e-bf6a-57cd212030ad",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6dd7e193-5c2e-4cba-ba8b-dbc0b44cf8f0",
|
|
"value": "https://www.virustotal.com/gui/file/c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b84ffbd9-a6c7-4659-ac23-840c2fa2e511",
|
|
"value": "31/62"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667683",
|
|
"uuid": "2b18b23b-0776-4e5e-864f-d7d2449bf58c",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f7bde291-3d01-4439-b277-4bc1234ab40f",
|
|
"value": "https://www.virustotal.com/gui/url/1cba372316495cfc9a3e356c5bd6bc117ab9e88fdb8af13b3722ec57495b4e2f"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "bf64c7f6-ca76-416b-ae89-149b857ac215",
|
|
"value": "12/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667683",
|
|
"uuid": "fcab0f20-fdad-4882-852f-c5a5b07a621c",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "84a6bf72-8f4e-420a-8227-903180e36b01",
|
|
"value": "https://www.virustotal.com/gui/url/165df3d9737567242c4b0b130e9408ea7727bdebde81273b819a52836aac40ed"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "036a271b-7ea8-4970-8e4d-c65c843e1c13",
|
|
"value": "8/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667683",
|
|
"uuid": "2604d1c8-cc20-4373-8fd3-cb579dce9928",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "b369a78f-e770-4044-9249-1a29d1da5a03",
|
|
"value": "http://194.38.21.25/kinsing_aarch64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667683",
|
|
"uuid": "29cdd1eb-9702-4cdd-9d6f-5b21f1604cf3",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "dbf5b8f6-8f84-45a0-ab59-d4ffcba224c6",
|
|
"value": "https://www.virustotal.com/gui/url/8c6fdf6a7619b40cb998d37e0d1693d30346aee37390b8f309b35fb98bfd3a61"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d59c6003-5a64-40e7-bc75-4f567e0a9311",
|
|
"value": "12/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667683",
|
|
"uuid": "79b0dd04-14b2-4c8e-a036-1753c83e8f24",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "3681cc4a-64a5-4054-b4d8-b522f5a75f3f",
|
|
"value": "http://45.15.158.124/kinsing_aarch64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667683",
|
|
"uuid": "3a3e95e0-1ab6-47cd-a79c-504eb4c7761c",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4d468458-94bc-43e7-9f0d-2b8f4e1f840f",
|
|
"value": "https://www.virustotal.com/gui/url/7115f7b310d2ce8d953266e87ee37d7db0a23e0bf1b943cd7bb0194c19501cb0"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667683",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e97bae4d-8455-4b91-8458-9b86a06b36df",
|
|
"value": "7/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667683",
|
|
"uuid": "4c1102ac-a885-43e6-9c60-319bb644882a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "c201e107-b762-4ee1-a792-bf8c575eee34",
|
|
"value": "http://194.87.252.159/kinsing_aarch64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1700667683",
|
|
"uuid": "4b29d4c4-a8ff-4a88-89d9-2344abf2bf86",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2bc70ba9-dc30-4ff6-8430-22d431910838",
|
|
"value": "da753ebcfe793614129fc11890acedbc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "af02869b-4e2c-45f7-9302-e0b326085e82",
|
|
"value": "ee458e526125d60cc1a387b4163376be8e9bc689"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "292aeebc-f9ef-46ca-b67a-160ff5048266",
|
|
"value": "c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "tlsh",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "tlsh",
|
|
"uuid": "4c023c34-53a0-40fc-a2de-f92c46f9c606",
|
|
"value": "t178564b02bc5db563e9cc7630777683d9323e7588cba14233aa64ee7d99f13688e17121"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "vhash",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "vhash",
|
|
"uuid": "4eac958a-bf3f-4b40-9bf9-f9923a899ee3",
|
|
"value": "036051e39318996e6fe6578e87fd9a87"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1700667683",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "73d8d4c7-3de0-4858-87fa-7b0501e3153c",
|
|
"value": "98304:Slds3UPXBQSH14vZh7pIDhG9By8uCGUGan5UPiK/AF7XlzcKGYH0ye8nanVFflpu:ZUDIaLbI+ED2iJ"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667718",
|
|
"uuid": "89a35674-1ce6-43d7-a4e9-773e76105ef7",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667718",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f1177b7d-c6c5-4d66-a0ba-83ed7b0ae30d",
|
|
"value": "https://www.virustotal.com/gui/file/0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667718",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "881df600-7d23-4463-9893-4eb59c19d56e",
|
|
"value": "24/50"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667718",
|
|
"uuid": "221e43e7-847d-40ed-b92f-c8a002202a76",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667718",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "14541f18-115a-437e-90c9-9d6670aa5628",
|
|
"value": "https://www.virustotal.com/gui/url/944e32ccbd91d3d350477bbb8acb2130702923a74477e8aecdd2215986b32eb5"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667718",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "52fdccb2-dc53-46bf-802f-de64ccd43f9a",
|
|
"value": "12/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667718",
|
|
"uuid": "b266c2bf-23d9-4621-aa7a-18b3972919c0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667718",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "211b3c7c-20dd-446b-acd4-d00d9db2d7dd",
|
|
"value": "http://194.38.22.53/acb.sh"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667718",
|
|
"uuid": "49cf6520-3033-4c17-931e-eda0e9dc70df",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667718",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "754fa744-eb03-4501-844a-621fa92d4dc3",
|
|
"value": "https://www.virustotal.com/gui/domain/gateway.fe.apple-dns.net"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667718",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7dd61383-db96-4cf4-91f7-cd87d4768dde",
|
|
"value": "0/88"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1700667719",
|
|
"uuid": "e2a40f1c-a4b5-41f4-9f7b-38199747ef9b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667719",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "2251b2b8-c300-4d2e-8f7f-9633a3847ce3",
|
|
"value": "gateway.fe.apple-dns.net"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667719",
|
|
"uuid": "7182965a-7d9c-4164-8bf3-af0e5c0b0c46",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "87b362e2-656d-4835-a100-3d496d1721bd",
|
|
"value": "https://www.virustotal.com/gui/domain/mask-api.fe.apple-dns.net"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ed99efcb-5c24-40d6-a188-54ba2b3b5372",
|
|
"value": "0/88"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1700667719",
|
|
"uuid": "a2e218c6-e7f0-4b43-9a96-39f3e0223e18",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1700667719",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "37d9079c-cb7b-4da1-800f-169c57306269",
|
|
"value": "mask-api.fe.apple-dns.net"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667719",
|
|
"uuid": "9ff8bb23-38df-4b86-a7a9-bf539e82b91c",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "86c55c15-b936-4228-a1ff-ae5f995216d5",
|
|
"value": "https://www.virustotal.com/gui/ip_address/169.254.169.254"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cff1e16a-ce6f-4cd0-8186-9ef9023f8a02",
|
|
"value": "0/88"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1700667719",
|
|
"uuid": "d6d98d86-01e3-408e-963f-d4d367eb0c13",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1700667719",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "311e549f-59a9-4b06-94d1-79ce8e987aa3",
|
|
"value": "169.254.169.254"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667719",
|
|
"uuid": "11de74c8-163e-4e3e-88ea-035a16ebf143",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ae0033ca-f6a1-45ae-a48e-e9a1215ed2cb",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.248.193.19"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1fe250a3-77c7-485e-8d19-f85ea93d8011",
|
|
"value": "0/88"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1700667719",
|
|
"uuid": "7e13183f-96ba-4d22-b098-faf834459016",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1700667719",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "86ba253e-c6d7-4e97-81b4-2bbd3986ce7a",
|
|
"value": "17.248.193.19"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667719",
|
|
"uuid": "4b6e8088-4ac7-4290-883f-1560b2413c52",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "844332ac-eae7-45d7-b2a7-a1b3a35e55b2",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.248.195.64"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7d3af4f8-3ac6-4e48-9dba-c1c85380cf83",
|
|
"value": "0/88"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1700667719",
|
|
"uuid": "e0d99c98-a0d5-4ffa-a247-ad989f5ee852",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1700667719",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "c229bf24-a015-4cdf-811d-3416bc6dd210",
|
|
"value": "17.248.195.64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667719",
|
|
"uuid": "c307be58-48b4-43d0-84b1-9836ebbcb67f",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "05fefb9f-4ddd-483a-88a6-311de2883ac9",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.248.195.71"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d996fc7a-f5d8-4ec7-bdbf-3c9639148548",
|
|
"value": "0/88"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1700667719",
|
|
"uuid": "e73cb509-a734-46bf-bbc2-4c7ad7dbcd9b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1700667719",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "d272d7ed-7f73-4ae3-9b8b-0f5488ee1c59",
|
|
"value": "17.248.195.71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667719",
|
|
"uuid": "cdfff20b-2054-4226-ac1d-15eda55808a6",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5101fcca-0ad0-429a-8689-73c10d582c18",
|
|
"value": "https://www.virustotal.com/gui/ip_address/17.253.83.197"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667719",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a25c2f26-cfae-4cca-b854-d2f55f5a0bc3",
|
|
"value": "0/88"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "0cc60a0c480e4d898fa77ab501bbd2afaf3f5fb89a2917a31e7f5fdaa6c3879c: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1700667719",
|
|
"uuid": "3b1d461d-66eb-45db-90ca-58088373ebf9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1700667719",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "9f4ab3a6-872f-41af-9263-3974b2cd5968",
|
|
"value": "17.253.83.197"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667738",
|
|
"uuid": "21c1f5d0-926e-4360-9877-2ce09997226d",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667738",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "865d779e-8b05-4c42-9fab-ad1607b924ff",
|
|
"value": "https://www.virustotal.com/gui/file/d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667738",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f56b0ed5-3e30-4188-aeb4-3f2eaa95d850",
|
|
"value": "5/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "4",
|
|
"timestamp": "1700667738",
|
|
"uuid": "16a55ce1-986f-4c5e-adbe-03a5ac50282e",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1700667738",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a9f3c732-00cd-4600-8012-f3f002887607",
|
|
"value": "https://www.virustotal.com/gui/url/228d9bf9973bcf53926cbea6c31af08a221b5fe44716306abfc6c3d48c0fedcb"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1700667738",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e809b8fa-16c4-468e-9559-f4b92ae807b4",
|
|
"value": "13/90"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
|
"meta-category": "network",
|
|
"name": "url",
|
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
|
"template_version": "9",
|
|
"timestamp": "1700667738",
|
|
"uuid": "fb2149de-3034-4eb9-a3c4-2876e5aa1b69",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1700667738",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "63a69472-9a9b-4c18-a462-fbd97e2fe2a3",
|
|
"value": "http://194.38.22.53/acb.xml"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9: Enriched via the virustotal module",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1700667738",
|
|
"uuid": "20430c3e-2aa4-4cf3-889e-6a75c4478738",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1700667738",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "b0e61860-5a43-4d28-9521-8727c6c99881",
|
|
"value": "0b882c863de5c302015c1a1cb8616bcd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1700667738",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d44c4df-f935-4eea-8cad-135aa9fdebb6",
|
|
"value": "b841db7fc24e59e60a9d7e158e3ef50236b605b4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1700667739",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4ed5f457-dd9d-4d0d-87b5-ff875077144f",
|
|
"value": "d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "tlsh",
|
|
"timestamp": "1700667739",
|
|
"to_ids": true,
|
|
"type": "tlsh",
|
|
"uuid": "04e3f94b-884b-4988-920d-686c20faa096",
|
|
"value": "t1b7f08b4ce2bccea109ddc692fab490184ad1a04b91f0a7d5f28d05357f00e4d2b6320d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1700667739",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "5432b331-9389-4ac1-a506-4723f8985332",
|
|
"value": "12:TMHdxXzY8id/73AC7ikxGWi2jLak9FFLWJLZ7UkWJ0nv:2dxXzY8kj/8Wi2jtQJLNUnJA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |