1570 lines
No EOL
56 KiB
JSON
1570 lines
No EOL
56 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2021-02-20",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - IronNetInjector: Turla\u2019s New Malware Loading Tool",
|
|
"publish_timestamp": "1613840000",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1613811965",
|
|
"uuid": "1edd5ee1-7c91-4233-840a-6c419d6afc62",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613811034",
|
|
"to_ids": true,
|
|
"type": "pdb",
|
|
"uuid": "191d97b2-d7ea-49cb-a19a-2f560bc94b3b",
|
|
"value": "%USERPROFILE%\\source\\repos\\c4\\agent\\build\\_tools\\agent\\_dll\\_to\\_Python\\_loader\\NetInjector\\NetInjector\\obj\\Release\\NetInjector.pdb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d9c8070f-ea2b-47e8-ae78-30a1f85a788c",
|
|
"value": "a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f4642726-7d3a-4f77-ac23-59c220678eb0",
|
|
"value": "63d7695dabefb97aa30cbe522647c95395b44321e1a3b08b8028e4000d1be15e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7218aec5-416f-438e-936a-1ba1f92ab346",
|
|
"value": "b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "25def1c1-4edf-46dd-b831-d21ae46b1a48",
|
|
"value": "3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3e136590-6d34-418c-9896-78defc1c3f1c",
|
|
"value": "a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8c99b060-e98f-4903-a660-9b179da4f06b",
|
|
"value": "c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "103f647f-76fc-4698-8193-2c29df55f26e",
|
|
"value": "c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "00f2f454-0978-43f9-9dd8-55d407f1c190",
|
|
"value": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "8389a593-98d2-4ae2-ae3a-3efbe519672a",
|
|
"value": "ba17af72a9d90822eed447b8526fb68963f0cde78df07c16902dc5a0c44536c4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c803c285-7b5e-41a2-8039-4cf867cc0cd3",
|
|
"value": "8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "eeeffb3a-b92e-43d8-a954-60e99fd478d4",
|
|
"value": "18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "490b1de9-53aa-4776-81fb-3ddd8f226dbf",
|
|
"value": "a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "61288f48-9193-4986-942d-8186dc5832c3",
|
|
"value": "c430ebab4bf827303bc4ad95d40eecc7988bdc17cc139c8f88466bc536755d4e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c01c2b14-2df0-48be-a8b9-151d1eb6cabb",
|
|
"value": "b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ee49fa56-c0d1-4cf6-bd09-2a7c41e82812",
|
|
"value": "b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613811114",
|
|
"to_ids": true,
|
|
"type": "pdb",
|
|
"uuid": "1af7dfc6-d905-4932-aa29-6e8b580c1419",
|
|
"value": "F:\\Dev\\NetInjector\\bin\\Release\\NetBootstrapper\\_Win32.pdb"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1613811020",
|
|
"to_ids": true,
|
|
"type": "pdb",
|
|
"uuid": "f77b67e3-040f-43c6-b27f-7b3adb17acbc",
|
|
"value": "F:\\Dev\\NetInjector\\bin\\Release\\NetBootstrapper\\_x64.pdb"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "2",
|
|
"timestamp": "1613810873",
|
|
"uuid": "b380f86c-fab0-4725-9f44-75c0066c3443",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1613810873",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4f7c4a75-b3d0-4141-a0d5-1ab8216f1ff7",
|
|
"value": "https://unit42.paloaltonetworks.com/ironnetinjector/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1613810873",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5e9d4958-9976-4f9d-a7e6-25b1268356d3",
|
|
"value": "In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use \u2013 including threat actors. This not only saves the bad guys development time, but also makes it much easier for them to find new ideas to prevent detection of their malware.\r\n\r\nUnit 42 researchers have found several malicious IronPython scripts whose purpose is to load and run Turla\u2019s malware tools on a victim\u2019s system. The use of IronPython for malicious purposes isn\u2019t new, but the way Turla uses it is new. The overall method is known as Bring Your Own Interpreter (BYOI). It describes the use of an interpreter, not present on a system by default, to run malicious code of an interpreted programming or scripting language.\r\n\r\nThe first malicious IronPython scripts of the tool we describe here were discovered last year by a security researcher from FireEye. At the beginning of this year, another security researcher from Dragos pointed out some new scripts of the same threat actor uploaded to VirusTotal from two different submitters. We found that one of the submitters also uploaded two other samples, which are most likely embedded payloads of one of the IronPython scripts. These samples helped us to understand how this tool works, what malware it loads and which threat actor uses it.\r\n\r\nWhile the IronPython scripts are only the first part of the tool, the main task of loading malware is done by an embedded process injector. We dubbed this toolchain IronNetInjector, the blend of IronPython and the injector\u2019s internal project name NetInjector. In this blog, we describe the IronPython scripts and how they\u2019re used to load one or more payloads with the help of an injector.\r\n\r\nPalo Alto Networks customers are protected from this threat through WildFire and Cortex XDR. AutoFocus customers can investigate this activity with the tag \u201cIronNetInjector\u201d."
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811963",
|
|
"uuid": "b98e2b87-92d7-423a-ab0c-c2b959ed1531",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "b98e2b87-92d7-423a-ab0c-c2b959ed1531",
|
|
"referenced_uuid": "c344702e-a806-4c8f-b775-73df55233630",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "09806fa8-53a9-464d-857b-73dd70ebe3a5"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "113fce15-61f2-49fa-bfbb-26aaa77a2aad",
|
|
"value": "0674e34d0b01e1c71e4666da1f3b589f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "40c270cc-ff02-47d6-8bff-b1657cc680eb",
|
|
"value": "0133512142805b89b5a86dfa67a82aaedbbab69c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3bef1341-4c92-441a-8817-1dc4d148e8eb",
|
|
"value": "b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "c344702e-a806-4c8f-b775-73df55233630",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "953df01c-4d2e-450a-afd9-d31ece971d4f",
|
|
"value": "2021-02-19T19:36:11+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "bbfdefe0-60e7-4bfc-a6fa-8491930fd0f8",
|
|
"value": "https://www.virustotal.com/gui/file/b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040/detection/f-b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040-1613763371"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c6daa0ea-94a8-4656-88a2-9385e163db80",
|
|
"value": "7/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "bb6d2897-d966-484f-a16e-ef0d4883382c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "bb6d2897-d966-484f-a16e-ef0d4883382c",
|
|
"referenced_uuid": "0999e1c5-edb5-4951-bb60-8439a93b7d1f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "905906a9-8e41-4f0a-9585-db1c1a31ef05"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8fc9329d-1f61-4609-abe1-a240a5d0919c",
|
|
"value": "48f52e0c7aa72c2ccc5f5fcbd8e1290b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "dfffdfed-59f9-4cf2-95b6-14183d075222",
|
|
"value": "347f31769431ad70147e68fbb6bfa1e17fe283e9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "58c2aa6f-202a-4909-9511-3b7f8a18bcd4",
|
|
"value": "b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "0999e1c5-edb5-4951-bb60-8439a93b7d1f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a72d5d15-a703-44ee-85a8-3944ca8c30ee",
|
|
"value": "2021-02-19T18:04:13+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d35f9f97-e4fd-47fb-bb91-0b848af5ed4c",
|
|
"value": "https://www.virustotal.com/gui/file/b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d/detection/f-b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d-1613757853"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2d866758-093e-4856-bf2a-e758ce033f7c",
|
|
"value": "26/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1",
|
|
"referenced_uuid": "b267c9dd-a93a-485d-8669-f183f000e830",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "daf3264d-27a3-4182-b6e3-f3cd4d90da1c"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2015a9a1-f8c1-4dfd-9aa4-64e72c7e9878",
|
|
"value": "f376bc51b1220e5fc520ce60762ac6ce"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ea85804d-5418-4724-86d9-c439b75f8745",
|
|
"value": "3e65b2df40001253ad8d9a3430a597c7b028bae9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1244faf6-1cb0-4adc-af30-b3bdbbfbb84a",
|
|
"value": "a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "b267c9dd-a93a-485d-8669-f183f000e830",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "27d7b061-8f1c-45c8-a1e3-0664f11916e7",
|
|
"value": "2021-02-20T03:39:41+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3370b374-bfa9-433e-b062-6c64666954d1",
|
|
"value": "https://www.virustotal.com/gui/file/a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061/detection/f-a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061-1613792381"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "ac3a1514-866c-4895-8133-d003a148510f",
|
|
"value": "48/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "fd84b821-3908-4308-82c5-3e80414485c0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "fd84b821-3908-4308-82c5-3e80414485c0",
|
|
"referenced_uuid": "8952247a-923b-45d0-aeb2-e205c1471a97",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "0d3bc751-2b79-4cde-9e02-f0a9d1d836c1"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8ea94f5f-2ad3-4088-b588-a71f6325b7da",
|
|
"value": "9446059710c1869fc8aa9f0ef75d82f4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e23a718e-a396-4b99-a011-908f38fcb11d",
|
|
"value": "a91612cadaccc19d101710b0ae77151a7a1b043b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "209aab73-4653-4c6e-bfae-63426de9ba8d",
|
|
"value": "8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "8952247a-923b-45d0-aeb2-e205c1471a97",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a81ae9f3-97d4-4ace-8e64-c8e7e7370af4",
|
|
"value": "2021-02-19T18:04:19+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "30a8de8e-8eb2-4ace-855d-e74fcb54608d",
|
|
"value": "https://www.virustotal.com/gui/file/8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72/detection/f-8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72-1613757859"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f099139a-13f7-46ba-918e-0492e4ca4340",
|
|
"value": "22/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "ed5dc5f9-19a2-4c52-b860-6e397828864c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "ed5dc5f9-19a2-4c52-b860-6e397828864c",
|
|
"referenced_uuid": "0628a0ba-1c51-4611-973f-127abfcbd35d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "17472a77-bafd-4f5e-82ef-9f401e0bcff2"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "70a52887-9a96-451a-8682-984cf6468f65",
|
|
"value": "7fcd8d3fde761de1d894dcf87827dde3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "23672d95-c2a4-476e-9e7d-44a0e882e09e",
|
|
"value": "f2284d4777d2b5d2faf33844084b94c9552d5294"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b94364d4-c6e1-4444-842a-6edfdef13d0b",
|
|
"value": "a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "0628a0ba-1c51-4611-973f-127abfcbd35d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "67b46cdc-27d2-4d07-9be9-e932cbbcde01",
|
|
"value": "2021-02-20T03:38:42+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "0091c69d-d04c-4879-aa0c-44616bf64e5a",
|
|
"value": "https://www.virustotal.com/gui/file/a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56/detection/f-a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56-1613792322"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "803cccf0-f675-4664-80b4-f907076d9238",
|
|
"value": "47/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e",
|
|
"referenced_uuid": "ad644c7f-4026-413d-b7fd-c7d9b092715c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "b4b90211-ad2a-420b-918a-73bd06085094"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8a55c305-c59c-421c-8695-6edb137982f3",
|
|
"value": "1777b81f3f87648b2344ea480bbcba65"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "098e3b1a-00c4-41d0-b6a4-1ad4d05057f8",
|
|
"value": "ae76df8def138b6d4c82984f7172ed5bba737e1b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c1037107-2a6c-4c29-8880-89fdb18538fa",
|
|
"value": "c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "ad644c7f-4026-413d-b7fd-c7d9b092715c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "8b32b042-1ddb-443b-a4a7-0679753f79d1",
|
|
"value": "2021-02-20T09:03:32+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ee58a958-335f-43e6-a69e-cd4a46551abc",
|
|
"value": "https://www.virustotal.com/gui/file/c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9/detection/f-c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9-1613811812"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1ca876a3-9ff0-4392-84df-11ee11f2c491",
|
|
"value": "3/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "9429ddde-5558-4980-b168-6adae4f881ee",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9429ddde-5558-4980-b168-6adae4f881ee",
|
|
"referenced_uuid": "75ee7887-867a-44c9-99fa-c69874e6c3d2",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "8f864090-0997-4822-9827-4fa3418b9445"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9ee8e1c3-5d9a-4697-9b15-97f93a69263b",
|
|
"value": "eff5881b4bf83386e26c451ff7c34a90"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4be7aca8-1982-472f-b5c2-f778eff9b207",
|
|
"value": "d7a18413d8c2b2525a0c90aaa392bdaef377e2ec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4efeefd3-d530-49be-a6d7-70a6414fc5e2",
|
|
"value": "18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "75ee7887-867a-44c9-99fa-c69874e6c3d2",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "69cb8722-3339-4367-9f5f-19af913184b0",
|
|
"value": "2021-02-19T18:13:50+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b864d0d7-71ef-4c0c-97a2-96d45559960f",
|
|
"value": "https://www.virustotal.com/gui/file/18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746/detection/f-18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746-1613758430"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2e321a84-f066-4515-bc1e-ce0ddd84e98f",
|
|
"value": "43/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75",
|
|
"referenced_uuid": "d6e00d51-3e6b-4568-9cec-dd77c1c0de47",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "fd8106da-0f36-4818-8c3f-32a48d2cac1d"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "7f3babc3-9f0b-4041-9317-c5110ec1553a",
|
|
"value": "0ebe822e8c7ebb803ae5b6b74601c36f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "35b5a373-675f-48cf-acf3-ba15def8922c",
|
|
"value": "86681c0c9b171f1afef5b06104abe8abcf0c992e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "98231e9e-8ba2-4b84-8960-ace7615cdb63",
|
|
"value": "3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "d6e00d51-3e6b-4568-9cec-dd77c1c0de47",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fb9530c3-4758-49cb-a9e9-55a039df9dd8",
|
|
"value": "2021-02-19T18:02:33+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a5e137aa-eb61-4524-9b88-4113cbe136bb",
|
|
"value": "https://www.virustotal.com/gui/file/3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6/detection/f-3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6-1613757753"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "324b299c-0c8c-4430-97b2-9fc02b095f97",
|
|
"value": "30/60"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "cd640421-1b74-4819-80e6-1c92cf4344e4",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "cd640421-1b74-4819-80e6-1c92cf4344e4",
|
|
"referenced_uuid": "521e7905-f504-432c-ad34-54b87b7896b3",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "4d60404e-514f-43b7-b55c-ce3d0b35c0d8"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2acf5157-a4b7-4d73-a8ac-b7b30e3c723d",
|
|
"value": "d672139849f9855bfb703fcaec020a2f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "25ffd605-b39e-4230-9bc4-eea7711a34f7",
|
|
"value": "7e138c1337a29868fddfa99f52dfe1de38e46c9e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "72717563-3369-40b9-a04c-fa61773d3cfe",
|
|
"value": "c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "521e7905-f504-432c-ad34-54b87b7896b3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "78473fdb-7413-479d-89f9-eaf44270cad9",
|
|
"value": "2021-02-19T19:37:27+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e92bfb2d-804e-46e9-a1db-bea4af8058b4",
|
|
"value": "https://www.virustotal.com/gui/file/c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad/detection/f-c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad-1613763447"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "3809e013-1036-475c-b671-47e8a0b84008",
|
|
"value": "4/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "0c0447cb-deb3-4606-b74e-5d016a305472",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0c0447cb-deb3-4606-b74e-5d016a305472",
|
|
"referenced_uuid": "d03967cc-5531-4f85-9fd7-c89057ee0c22",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "64663b63-0c63-4aa3-af31-badc2acc92b7"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "a856cfa0-c225-4225-94be-405cf2cd4f6f",
|
|
"value": "b11d85844af9fa84bf84ff746557f0b5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3ba7094a-54fe-4376-9909-de8888a82a39",
|
|
"value": "44efacb89badadb486839165aba4d1ecdf3f047e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "0c942d0f-54f0-4bed-8bea-1d82cf6f21ae",
|
|
"value": "b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "d03967cc-5531-4f85-9fd7-c89057ee0c22",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5d7a76b9-f6f8-4e46-95ed-0b198b71976f",
|
|
"value": "2021-02-19T18:04:36+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c1e70c66-59bc-4f40-a8cf-4564237a915d",
|
|
"value": "https://www.virustotal.com/gui/file/b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3/detection/f-b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3-1613757876"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "102ea680-2071-42f6-a95e-52d9a87163b0",
|
|
"value": "22/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811964",
|
|
"uuid": "0ad792f3-1b7b-4510-a584-a113276453bc",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0ad792f3-1b7b-4510-a584-a113276453bc",
|
|
"referenced_uuid": "98cec741-7605-4ec0-8d35-7a8fa6037977",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "9dae3dcf-b5f8-4bc5-94d1-33862198bb9e"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "fce44e72-82c0-4707-bf3c-dc000ac26bad",
|
|
"value": "e46da9ab2096ebb33279a808f5a7ee77"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56bab591-b146-4fc0-bf53-f8aca7fcda9b",
|
|
"value": "ad81f2f00f25cd0e45151d42d63c46db3ae39bed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "579dfbfe-4194-439b-ab69-555dfbaef643",
|
|
"value": "a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811964",
|
|
"uuid": "98cec741-7605-4ec0-8d35-7a8fa6037977",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ca73ed83-05f6-4bad-be26-36e0433048df",
|
|
"value": "2021-02-20T09:04:22+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a4a46491-8771-4a52-8bd6-9bbc4477ae82",
|
|
"value": "https://www.virustotal.com/gui/file/a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc/detection/f-a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc-1613811862"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9158f2ab-9d6c-48a9-b1d3-37e76f1d6c67",
|
|
"value": "40/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "22",
|
|
"timestamp": "1613811965",
|
|
"uuid": "76c0248c-4198-4bea-b5d0-d33e7d28a020",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "76c0248c-4198-4bea-b5d0-d33e7d28a020",
|
|
"referenced_uuid": "ee307c62-c260-4da8-9d74-ceff7b11ea45",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1613811965",
|
|
"uuid": "677bd01b-6520-46a1-8756-4dbbcac28dc8"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0d76897f-f845-4111-b7c0-e3ef91f1b365",
|
|
"value": "98ce8c41188fcc1a92d0a23569c3765c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9de52289-4101-4d81-a4f7-3ecc22536b14",
|
|
"value": "2920d5e6c579fce772e5506caf03af65579088bd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1613810910",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "c82f7295-3a96-4c4a-965a-75a342037240",
|
|
"value": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "3",
|
|
"timestamp": "1613811965",
|
|
"uuid": "ee307c62-c260-4da8-9d74-ceff7b11ea45",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "85f958ed-446d-454f-8b88-4e47a82c063f",
|
|
"value": "2021-02-19T18:04:28+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f10b6f7e-a1ec-4fb5-8f03-16c6e00c9bf9",
|
|
"value": "https://www.virustotal.com/gui/file/82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93/detection/f-82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93-1613757868"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1613810910",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1c366e4f-fd00-453f-9f3b-c6cf51c09e3e",
|
|
"value": "18/59"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |