1649 lines
No EOL
56 KiB
JSON
1649 lines
No EOL
56 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2018-08-05",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Off-the-shelf RATs Targeting Pakistan",
|
|
"publish_timestamp": "1533485813",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1533485808",
|
|
"uuid": "5b671098-3024-42db-b972-42ae02de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:rat=\"Netwire\""
|
|
},
|
|
{
|
|
"colour": "#0026eb",
|
|
"name": "estimative-language:confidence-in-analytic-judgment=\"moderate\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481248",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b671120-d7a8-4a19-acac-479e02de0b81",
|
|
"value": "0x0.ignorelist.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481317",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671165-fb38-48bb-95ce-4ecc02de0b81",
|
|
"value": "027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481318",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671166-8a94-4c41-9759-418c02de0b81",
|
|
"value": "81e518e094d597965f578f6f42c22c363450e8fb8d33c0a9568254ca048c15e6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481318",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671166-3b9c-4460-847c-453302de0b81",
|
|
"value": "096012a5a9cf483fe0bdcd5a1030cc4d85b8e5296609fdc3632f2337a897a394"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481319",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671167-d4cc-4140-9529-412802de0b81",
|
|
"value": "291ca9e4aa9db88635a89cb58f8dbf49e60abddbbcec1c4a611ef4192bfc6d24"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481319",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671167-47cc-468c-84a0-4db902de0b81",
|
|
"value": "2be03e829856ad2ff772ba1f5074d4eafbf3ecab8d97794d1cc6589e043e3a28"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481320",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671168-5b54-430a-b339-4e7302de0b81",
|
|
"value": "2e219fc95d7b44d8b0e748628e559a9ec79a068b90fe162b192daa8cf8d6f3ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481320",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671168-17d4-42da-b68f-452f02de0b81",
|
|
"value": "40e9287ff8828fb0e6baedcff873e8e35520c6227200f1c84b63446f07a59289"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481321",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671169-a128-4fdd-847b-413f02de0b81",
|
|
"value": "48463e268acb50ffbcb27eaff46f757486a985ffc2d10f35ae1b9422660a20d2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481321",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b671169-3998-4ac4-80c0-415102de0b81",
|
|
"value": "4ba13add1aa8ae3fffcb83f9b0990a6cd8b8912fc0e26811d0211f72aaaa7c79"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481322",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b67116a-6acc-48aa-b6b1-4fc202de0b81",
|
|
"value": "82ce7dffef284571ca21eb240869148b7f3583d9cb95ebdc42c77536dccc9060"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481322",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b67116a-8108-42d2-8b83-430a02de0b81",
|
|
"value": "855ad4dcb9c5502d6ef73528704046cacf006770fd4af23259cb33e7577cd205"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481323",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b67116b-98b4-4179-8ca5-48bc02de0b81",
|
|
"value": "f110283c4e459cc20e908267d88edba26e2135bcb7d7335cabbed1a128edeb86"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481323",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b67116b-fef4-446c-ac17-410302de0b81",
|
|
"value": "a70cacc8bfffc4a67171122fc424ed95fc3f89bc592d7489aacc666e5834f571"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481324",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b67116c-e530-4499-a463-462002de0b81",
|
|
"value": "a8fa4c806d97e59db0c42b574558a68942eadfe56286a66d90a8f6248a34cf43"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481428",
|
|
"to_ids": true,
|
|
"type": "yara",
|
|
"uuid": "5b6711d4-8a28-4851-9d08-42a902de0b81",
|
|
"value": "{\r\n\r\n meta:\r\n\r\n description = \"Pakistani Atomic Energy Commission Spearphishing dropped DLL\"\r\n\r\n author = \"Jose M Martin\"\r\n\r\n date = \"2018/07/10\"\r\n\r\n hash = \"027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb\"\r\n\r\n strings:\r\n\r\n $s1 = \"ExploitTagMenuState start\" fullword ascii\r\n\r\n $s2 = \"ExploitTagMenuState end\" fullword ascii\r\n\r\n $s3 = \"DonorThread start\" fullword ascii\r\n\r\n $s4 = \"EscalateThread start\" fullword ascii\r\n\r\n $s5 = \"EscalatePrivilegesOld start\" fullword ascii\r\n\r\n $s6 = \"EscalatePrivilegesWow\" fullword ascii\r\n\r\n condition:\r\n\r\nuint16(0) == 0x5A4D and filesize < 30KB and (any of them)\r\n\r\n}"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481479",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b671207-b040-414e-9ece-44e702de0b81",
|
|
"value": "http://careers.fwo.com.pk/css/microsoftdm.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481480",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b671208-791c-42c5-971f-47d702de0b81",
|
|
"value": "http://careers.fwo.com.pk/css/printer.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481480",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b671208-419c-4af5-8327-4ea302de0b81",
|
|
"value": "http://sandipuniversity.edu.in/list/87_Copy.docx"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481481",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b671209-d958-4ec5-ba1d-4ac902de0b81",
|
|
"value": "http://www.serrurier-secours.be/./China-Pakistan-Internet-Security-LAW_2017.doc"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481481",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b671209-2cb8-4150-841b-4c2d02de0b81",
|
|
"value": "http://www.serrurier-secours.be/./PAF%e2%80%99s%20first%20multinational%20air%20exercise%20ACES%20Meet%202017%20concludes%20in%20Pakistan.doc"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481482",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b67120a-18e0-43fd-ad6a-40c602de0b81",
|
|
"value": "https://www.serrurier-secours.be/./Fazaia_Housing_Scheme_Notice_Inviting_Tenders.doc"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481482",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b67120a-9410-441b-8044-420d02de0b81",
|
|
"value": "https://www.serrurier-secours.be/./Hajj%20Policy%20and%20Plan%202017.doc"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481483",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b67120b-9798-46ce-9573-405e02de0b81",
|
|
"value": "https://www.serrurier-secours.be/./Pakistan%20Air%20Force%20Jet%20Crashes%20During%20Routine%20Operation.doc"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481483",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b67120b-8f84-4e53-8f59-4e3102de0b81",
|
|
"value": "https://www.serrurier-secours.be/./Sales%20-%20Tax%20&"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481629",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b67129d-2b54-4e4c-8041-4fd002de0b81",
|
|
"value": "https://twitter.com/securitydoggo/status/926144466674647041"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481629",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b67129d-7880-4d91-8327-4aea02de0b81",
|
|
"value": "https://twitter.com/avman1995/status/905694140788219904"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481629",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b67129d-313c-471d-ae49-4d3302de0b81",
|
|
"value": "https://twitter.com/ImPureMotion/status/906216798986670080"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-2788-47c0-a58f-4e3102de0b81",
|
|
"value": "ETPRO TROJAN NetWireRAT Keep-Alive"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-2528-4489-89bb-4b2c02de0b81",
|
|
"value": "ETPRO TROJAN NetWire Variant"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-c314-44aa-90d1-4d3502de0b81",
|
|
"value": "ETPRO TROJAN Netwire RAT Check-in"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-654c-4ae2-9301-429b02de0b81",
|
|
"value": "ETPRO TROJAN Fareit/Pony Downloader CnC response"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-197c-477c-9b95-4fb602de0b81",
|
|
"value": "ETPRO TROJAN Fareit/Pony Variant CnC Beacon"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-cc80-4b5b-8f2a-4c1e02de0b81",
|
|
"value": "ETPRO TROJAN MSIL/Revenge-RAT CnC Checkin"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-9a78-41bb-8d9d-479402de0b81",
|
|
"value": "ET POLICY PE EXE or DLL Windows file download HTTP"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481676",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b6712cc-4bec-43bd-9015-477a02de0b81",
|
|
"value": "ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481728",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b671300-43f4-46cf-809f-4be202de0b81",
|
|
"value": "https://www.alienvault.com/blogs/labs-research/off-the-shelf-rats-targeting-pakistan"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533481768",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b671328-93d8-4cbf-bdf5-421702de0b81",
|
|
"value": "We\u00e2\u20ac\u2122ve identified a number of spear phishing campaigns with Pakistani themed documents, likely targeting the region. These spear phishing emails use a mix of different openly available malware and document exploits for delivery. These are served from the compromised domains www.serrurier-secours[.]be and careers.fwo.com[.]pk (a part of the Pakistani army). There are some clear trends in the themes of the decoy documents the attackers chose to include with file names such as:"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481819",
|
|
"uuid": "9cce2fcc-4464-411e-9110-154917ff6bc5",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9cce2fcc-4464-411e-9110-154917ff6bc5",
|
|
"referenced_uuid": "31bb0167-40ca-41eb-a417-9f8b3576ce5f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-4208-494c-8240-446a02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481816",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ba47ae23-dcc2-4b82-99f9-333f24487092",
|
|
"value": "6f454d39f02bc3e75e904a0f2f5edb89"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481817",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3909a490-1dc4-4e13-ba5d-e15bbd8c8ea8",
|
|
"value": "d83c7410c9140710f60d35af4402964c0e697a9f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481817",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9f2db3e2-1f5d-49ae-93f5-dd2028a805e9",
|
|
"value": "48463e268acb50ffbcb27eaff46f757486a985ffc2d10f35ae1b9422660a20d2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481818",
|
|
"uuid": "31bb0167-40ca-41eb-a417-9f8b3576ce5f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481818",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "de23891a-63aa-4cb2-9717-1091ccfe2487",
|
|
"value": "2018-08-04T06:29:14"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481818",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d04ad598-b232-4961-a8dc-acee2c12dd7c",
|
|
"value": "https://www.virustotal.com/file/48463e268acb50ffbcb27eaff46f757486a985ffc2d10f35ae1b9422660a20d2/analysis/1533364154/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481819",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f52f931b-98f0-424b-a03c-79a8f59f6c0d",
|
|
"value": "52/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481822",
|
|
"uuid": "cc9b6626-45ea-4ead-acf8-d36c1c177a66",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "cc9b6626-45ea-4ead-acf8-d36c1c177a66",
|
|
"referenced_uuid": "7408bb22-5f1b-47d2-acd9-a01582835166",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-951c-49ed-af35-441002de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481819",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "28072c71-22f4-4f71-9fe2-5ffa42cb6737",
|
|
"value": "0edd591ba9fc1c8a4d133eae5e1414b0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481819",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f5d53f95-73cb-4146-8679-09bb75846cb3",
|
|
"value": "5f251e6bd7faf337880555c9410bf885964951ca"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481820",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "34372dad-b3b2-4095-884f-2f77d884b1e4",
|
|
"value": "2e219fc95d7b44d8b0e748628e559a9ec79a068b90fe162b192daa8cf8d6f3ee"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481820",
|
|
"uuid": "7408bb22-5f1b-47d2-acd9-a01582835166",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481820",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1aa628eb-2631-4ecb-9479-f6b65299442e",
|
|
"value": "2018-08-04T06:29:17"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481821",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "83882a76-f7d1-4121-9111-95c274bcee7c",
|
|
"value": "https://www.virustotal.com/file/2e219fc95d7b44d8b0e748628e559a9ec79a068b90fe162b192daa8cf8d6f3ee/analysis/1533364157/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481821",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c365f82b-6c73-4d8a-b1cc-60426b19528b",
|
|
"value": "35/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481824",
|
|
"uuid": "67cc0e21-fb7b-43cc-90f4-271daa7a9568",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "67cc0e21-fb7b-43cc-90f4-271daa7a9568",
|
|
"referenced_uuid": "19a292d2-047b-4dac-afae-09753f498dde",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-8428-4c0a-b1d1-47b302de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481821",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "aaf68041-40c1-49af-98c4-7bd7bc26017d",
|
|
"value": "58e3de0352abeacb25e65657e6cb3d1a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481822",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "0fe7f251-5146-4ed7-b1c3-e85baa1b4e58",
|
|
"value": "c8c547e8565fafdd7f76974d2533e2282a1bf52a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481822",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "71544759-c076-4416-8640-3f71c76caaca",
|
|
"value": "a8fa4c806d97e59db0c42b574558a68942eadfe56286a66d90a8f6248a34cf43"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481823",
|
|
"uuid": "19a292d2-047b-4dac-afae-09753f498dde",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481823",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "de27edf7-b783-4c0c-ab07-6f7bffcde04d",
|
|
"value": "2018-08-04T06:29:07"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481823",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "93659a93-29cf-4527-a290-d7dadf220d5a",
|
|
"value": "https://www.virustotal.com/file/a8fa4c806d97e59db0c42b574558a68942eadfe56286a66d90a8f6248a34cf43/analysis/1533364147/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481824",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b4dfd2be-b2f9-4ef1-9fec-2bfebd534efc",
|
|
"value": "34/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481827",
|
|
"uuid": "aaee8c31-e7f3-48c2-9110-f3d1c262d886",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "aaee8c31-e7f3-48c2-9110-f3d1c262d886",
|
|
"referenced_uuid": "571a9d80-2124-46f6-bce7-f3db505b4eb1",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-f7d8-4fb6-a9ab-4cb602de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481824",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f2cea717-0f66-4dad-842d-1bb2e283320b",
|
|
"value": "5ea2ac12ff2ea7672a1b1d088a9056ef"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481824",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5fb26d8d-1cf3-4520-9611-ff105a56f718",
|
|
"value": "b023d97223473b425623408191d09500b3c59cdf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481825",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "00f0bd68-7ca3-4d45-a1cd-457ece607c04",
|
|
"value": "291ca9e4aa9db88635a89cb58f8dbf49e60abddbbcec1c4a611ef4192bfc6d24"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481825",
|
|
"uuid": "571a9d80-2124-46f6-bce7-f3db505b4eb1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481825",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9e719b2b-675a-4313-9669-ed3de6620236",
|
|
"value": "2018-08-04T06:29:20"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481826",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c2d9e2cb-213a-41f4-8597-71e4c699c719",
|
|
"value": "https://www.virustotal.com/file/291ca9e4aa9db88635a89cb58f8dbf49e60abddbbcec1c4a611ef4192bfc6d24/analysis/1533364160/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481826",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1734cf52-3313-4f1c-a4b5-dfe242a8e92e",
|
|
"value": "48/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481829",
|
|
"uuid": "339b2d38-8ed0-4de6-8139-d52bb2e6d46e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "339b2d38-8ed0-4de6-8139-d52bb2e6d46e",
|
|
"referenced_uuid": "c701290b-dea4-4ac3-8912-6dc78e89c279",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-ed10-4012-b2b5-4c0502de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481827",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8b7b5263-c5b7-4e65-8167-360308f3e13c",
|
|
"value": "6f3beaca4f864a15ac5eb70391a5e9e3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481827",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3bde1c6e-ab79-426d-be13-ccf314264cd1",
|
|
"value": "0b449c49ab8f06f4334a08fa1803b4e727101ed6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481827",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "858b57a9-36b3-4276-af8b-7f9a8ac261a6",
|
|
"value": "81e518e094d597965f578f6f42c22c363450e8fb8d33c0a9568254ca048c15e6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481828",
|
|
"uuid": "c701290b-dea4-4ac3-8912-6dc78e89c279",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481828",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "83c238ab-019c-4cc8-9548-f2ac0c1974a5",
|
|
"value": "2018-08-03T19:30:55"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481828",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599de03a-9c7b-4ab6-a5db-f8fa990c537d",
|
|
"value": "https://www.virustotal.com/file/81e518e094d597965f578f6f42c22c363450e8fb8d33c0a9568254ca048c15e6/analysis/1533324655/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481829",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "dddfc72c-8ac2-4892-ac99-581b66265fa7",
|
|
"value": "20/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481832",
|
|
"uuid": "1f18b9c7-fd52-4946-aa17-6d866bbe492a",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1f18b9c7-fd52-4946-aa17-6d866bbe492a",
|
|
"referenced_uuid": "05308a13-616d-4518-96e6-6a879c797d45",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-6794-4cc7-a6e3-428f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481829",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "05d7c61c-bea5-4a86-9050-107f389d4055",
|
|
"value": "987cda2d7593cb61f1432d7955eb2cfd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481829",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b09ae208-ee2b-4e7f-bc94-2969045ef8b2",
|
|
"value": "54191c5052111bd7a8cfa06f4333c4dd99eeb366"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481830",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8c4a477f-f29f-4835-b7c9-e2a9450467aa",
|
|
"value": "40e9287ff8828fb0e6baedcff873e8e35520c6227200f1c84b63446f07a59289"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481830",
|
|
"uuid": "05308a13-616d-4518-96e6-6a879c797d45",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481830",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "967d117a-9ac8-4151-9a93-2a53b81aa8f4",
|
|
"value": "2018-08-04T06:29:16"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481831",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "fc6e0948-906d-425a-9129-d0c7596a0f4b",
|
|
"value": "https://www.virustotal.com/file/40e9287ff8828fb0e6baedcff873e8e35520c6227200f1c84b63446f07a59289/analysis/1533364156/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481831",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6a0d257b-92a9-4225-aef4-e79dda7818e2",
|
|
"value": "30/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481834",
|
|
"uuid": "fa7ddde5-5384-4723-bb39-00e95638691d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "fa7ddde5-5384-4723-bb39-00e95638691d",
|
|
"referenced_uuid": "aebfb468-c063-40be-94e1-63716a123348",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-87dc-4780-979d-427a02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481831",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5e3f6c01-5d22-497b-a292-f136264ef4ed",
|
|
"value": "8975f12194624aaffb37a4e9f615b790"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481832",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2e155ac3-20c3-487b-9dc5-bec82a6040d0",
|
|
"value": "fa6c44ddae42a281752822ad8b868af248fff66f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481832",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1e9df838-f6e2-4ccf-9d17-31856c7a0b6a",
|
|
"value": "2be03e829856ad2ff772ba1f5074d4eafbf3ecab8d97794d1cc6589e043e3a28"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481833",
|
|
"uuid": "aebfb468-c063-40be-94e1-63716a123348",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481833",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "85bb26b6-1b5a-42f6-bbae-734217d9ac10",
|
|
"value": "2018-08-03T19:32:41"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481833",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "928f79fa-b21f-4384-8679-57691c448800",
|
|
"value": "https://www.virustotal.com/file/2be03e829856ad2ff772ba1f5074d4eafbf3ecab8d97794d1cc6589e043e3a28/analysis/1533324761/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481834",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "bcbccb66-35e0-4874-b080-abd254de9bc8",
|
|
"value": "25/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481837",
|
|
"uuid": "e73e6cf3-61ba-4b28-b57e-b0e126141bf1",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e73e6cf3-61ba-4b28-b57e-b0e126141bf1",
|
|
"referenced_uuid": "6c2d9377-1c97-42c0-97a0-9f9e4878f812",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-8aa0-4954-8c85-4a6502de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481834",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "450ae037-5e6e-4773-9519-5f335c9e8346",
|
|
"value": "cf63638a2cfce962e228a06413dba33f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481834",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "835b49f2-2956-411c-b8ae-d33ab369ef5e",
|
|
"value": "c344bcbee4c2ba94597c9a04c7b4aaa25e5e9a68"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "0c3bbb5b-0386-45d5-b89f-841625df714e",
|
|
"value": "82ce7dffef284571ca21eb240869148b7f3583d9cb95ebdc42c77536dccc9060"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481835",
|
|
"uuid": "6c2d9377-1c97-42c0-97a0-9f9e4878f812",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481835",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "426b267a-29bc-4703-b719-4017b405d634",
|
|
"value": "2018-08-04T06:29:11"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481836",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "cb864217-7090-4af8-b5a3-53bfc5b57a39",
|
|
"value": "https://www.virustotal.com/file/82ce7dffef284571ca21eb240869148b7f3583d9cb95ebdc42c77536dccc9060/analysis/1533364151/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481836",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ae31f9e-ba26-4224-b486-cc2e2ea01c5e",
|
|
"value": "34/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481839",
|
|
"uuid": "2cb966ab-da1e-48a0-a09a-2b9a1f142a33",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "2cb966ab-da1e-48a0-a09a-2b9a1f142a33",
|
|
"referenced_uuid": "ce0481e6-1fdc-4a29-be69-4d032f657aa2",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-7434-4bcb-8c11-4fe502de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481836",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "db2dc80f-1354-400a-8502-ac495c97a3a4",
|
|
"value": "8d536b85d05b8220e0e01f787db9a90c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481837",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "834ee130-58ca-485d-86e3-8bc78045657d",
|
|
"value": "481d88db215bf9ed480e2749409987987a451605"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481837",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "08ff3155-67a0-4e45-8610-c9c7a0d424f0",
|
|
"value": "a70cacc8bfffc4a67171122fc424ed95fc3f89bc592d7489aacc666e5834f571"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481837",
|
|
"uuid": "ce0481e6-1fdc-4a29-be69-4d032f657aa2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481837",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "09ee5d35-4432-458c-8c5b-bdc7b7af027b",
|
|
"value": "2018-08-04T06:29:08"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481838",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b95c2d5b-8896-4564-ac0a-f2b4fe4487e9",
|
|
"value": "https://www.virustotal.com/file/a70cacc8bfffc4a67171122fc424ed95fc3f89bc592d7489aacc666e5834f571/analysis/1533364148/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481838",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8d38ee24-68ca-4979-a8b4-ed7738da6ae0",
|
|
"value": "50/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481841",
|
|
"uuid": "b3a2372f-d21e-4ccb-a23b-ffc763c1c41e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b3a2372f-d21e-4ccb-a23b-ffc763c1c41e",
|
|
"referenced_uuid": "2c9ddf5d-caf3-44b3-aa26-a48dcf1158d1",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-37fc-4c50-ab8a-46c802de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481839",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "64c5318b-4aa4-433e-9385-5a2d399af84d",
|
|
"value": "44551844584d5f4371d945afccf26a81"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481839",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "375a9306-e3d3-4f56-bd09-fbc5fa1ab514",
|
|
"value": "7f631934c3a1bf28d539964b99e92749e84c3e60"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481839",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8ce20413-a0ce-47ba-b607-5f34cbe3efd5",
|
|
"value": "027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481840",
|
|
"uuid": "2c9ddf5d-caf3-44b3-aa26-a48dcf1158d1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481840",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3750271b-5952-480a-83c9-a831e3837643",
|
|
"value": "2018-08-04T06:31:51"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481841",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a4e4caec-63dc-47f9-8bfe-eca7f0202865",
|
|
"value": "https://www.virustotal.com/file/027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb/analysis/1533364311/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481841",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "35a6ed8e-b2a5-4d35-ab9c-84f93d4e0e96",
|
|
"value": "26/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1533481844",
|
|
"uuid": "b7f9bf64-db5e-49ed-9103-bde68b528cc3",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b7f9bf64-db5e-49ed-9103-bde68b528cc3",
|
|
"referenced_uuid": "0dd1d615-e935-4eec-b381-6883de074d83",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1533481844",
|
|
"uuid": "5b671374-80a0-44ff-93e7-4ef602de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1533481841",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0983d788-47f3-49c6-a0af-48260ce88f0b",
|
|
"value": "856d79a39ca67e61ec9a34e103b0e4ce"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1533481842",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "57877cbf-a125-44e2-8e1c-1620f9655c74",
|
|
"value": "b0c82d9ddc1b51cfb84797d593b38e3cc638b642"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1533481842",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d4b6b995-ee5e-4e84-8d82-b3680c08c9aa",
|
|
"value": "096012a5a9cf483fe0bdcd5a1030cc4d85b8e5296609fdc3632f2337a897a394"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1533481843",
|
|
"uuid": "0dd1d615-e935-4eec-b381-6883de074d83",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1533481843",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "53ec942e-db04-4a13-8365-c385fe833985",
|
|
"value": "2018-08-03T19:31:47"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1533481843",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "98802cca-95aa-468e-b297-ca964e469db8",
|
|
"value": "https://www.virustotal.com/file/096012a5a9cf483fe0bdcd5a1030cc4d85b8e5296609fdc3632f2337a897a394/analysis/1533324707/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1533481844",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c7c47210-68e7-4530-9dc5-626620300989",
|
|
"value": "26/60"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |