1366 lines
No EOL
47 KiB
JSON
1366 lines
No EOL
47 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-05-09",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras",
|
|
"publish_timestamp": "1538680515",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1538680509",
|
|
"uuid": "5bb61071-d0ac-4b8a-8bba-4dc8950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#22681c",
|
|
"name": "malware_classification:malware-category=\"Botnet\""
|
|
},
|
|
{
|
|
"colour": "#22681c",
|
|
"name": "\tmalware_classification:malware-category=\"Botnet\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:botnet=\"Persirai\""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538658669",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5bb610da-7840-4316-b213-4905950d210f",
|
|
"value": "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538659027",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5bb612ca-8a64-47a5-a459-485e950d210f",
|
|
"value": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai\u00e2\u20ac\u201dan open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras\u00e2\u20ac\u201das well as the Hajime botnet.\r\n\r\nWe detected approximately 120,000 IP cameras that are vulnerable to ELF_PERSIRAI.A via Shodan. Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C server",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660153",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5bb61739-32dc-44d3-bcf5-4c6d950d210f",
|
|
"value": "load.gtpnet.ir"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C server",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660154",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5bb6173a-5bc8-4746-a7fd-425f950d210f",
|
|
"value": "ntp.gtpnet.ir"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C server",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660159",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5bb6173f-60ec-47c3-b5da-4bd0950d210f",
|
|
"value": "185.62.189.232"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C server",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660160",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5bb61740-c0f8-4087-9811-4f8b950d210f",
|
|
"value": "95.85.38.103"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a03-6aa4-4b22-9f78-4283950d210f",
|
|
"value": "d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660868",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a04-0544-461d-9635-46d1950d210f",
|
|
"value": "f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660868",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a04-a6d4-4105-aae4-43c6950d210f",
|
|
"value": "af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660869",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a05-85f4-4a0e-92c5-4370950d210f",
|
|
"value": "aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660869",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a05-8904-4c4f-8a5a-4942950d210f",
|
|
"value": "4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660873",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a09-8e34-41ee-a78d-4e7e950d210f",
|
|
"value": "44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660876",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a0c-14e8-4a85-ba0d-4311950d210f",
|
|
"value": "a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660877",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a0d-1720-4ec2-a1f0-4b6a950d210f",
|
|
"value": "7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660877",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a0d-0208-4bc2-959a-42e2950d210f",
|
|
"value": "4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660878",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a0e-500c-4155-825b-452b950d210f",
|
|
"value": "264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660878",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a0e-dd6c-4fa2-b250-42c4950d210f",
|
|
"value": "ff5db7bdb4de17a77bd4a552f50f0e5488281cedc934fc3707833f90484ef66c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660879",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a0f-b75c-4b10-b14b-4d3d950d210f",
|
|
"value": "ec2c39f1dfb75e7b33daceaeda4dbadb8efd9015a9b7e41d595bb28d2cd0180f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660879",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a0f-06f0-4fb1-82eb-4ab6950d210f",
|
|
"value": "f736948bb4575c10a3175f0078a2b5d36cce1aa4cd635307d03c826e305a7489"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660880",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a10-ab00-4133-8296-4a96950d210f",
|
|
"value": "e0b5c9f874f260c840766eb23c1f69828545d7820f959c8601c41c024044f02c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Hash detected as ELF_PERSIRAI.A:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1538660880",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5bb61a10-469c-473e-ba93-459b950d210f",
|
|
"value": "35317971e346e5b2a8401b2e66b9e62e371ce9532f816cb313216c3647973c32"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680318",
|
|
"uuid": "f309283e-f9b3-4936-9534-ef6866f23c40",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f309283e-f9b3-4936-9534-ef6866f23c40",
|
|
"referenced_uuid": "c32be2ac-252d-404e-a391-de2bec4acaf7",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680347",
|
|
"uuid": "5bb6661b-9cdc-4ffe-a798-454602de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680315",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "24b52a67-d588-4d4f-acc6-531cc4b9e2f3",
|
|
"value": "2f6e964b3f63b13831314c28185bb51a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680315",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "03ef9eff-ea8a-4dba-92ea-ea7658ad001d",
|
|
"value": "a63417b889491466c912dfbb6d2a34ad27f2bcfe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680316",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "40ff1cf2-3498-4c1a-a0ef-3278217d10c8",
|
|
"value": "7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680316",
|
|
"uuid": "c32be2ac-252d-404e-a391-de2bec4acaf7",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680316",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7815ca32-703b-430e-a06f-dfb802b2617c",
|
|
"value": "2018-10-04T00:29:01"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680317",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b872dfe2-e6a4-46be-93cb-d2d39c54e961",
|
|
"value": "https://www.virustotal.com/file/7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0/analysis/1538612941/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680317",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b977ae27-2ed8-42ea-af35-31fa7d975feb",
|
|
"value": "27/57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680320",
|
|
"uuid": "12ef2bb3-f2ac-4266-b693-27631eae3930",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "12ef2bb3-f2ac-4266-b693-27631eae3930",
|
|
"referenced_uuid": "9d4269eb-edc5-4513-9cdc-fedcf13523d5",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680347",
|
|
"uuid": "5bb6661b-76bc-4361-abf0-432602de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680317",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "33282f75-099d-48b4-ae83-f7c5540f0d88",
|
|
"value": "428111c22627e1d4ee87705251704422"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680318",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "cc39a8ec-e498-47b9-9552-7961e7a39a7c",
|
|
"value": "ccc90bd76af9d4b538aa88715027dd062f7c946d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680318",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4e2e9831-6f05-40a8-af03-0eb900d88168",
|
|
"value": "264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680319",
|
|
"uuid": "9d4269eb-edc5-4513-9cdc-fedcf13523d5",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680319",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "836c2dac-1246-4175-a7ac-ad7a3246570e",
|
|
"value": "2018-10-04T00:35:09"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680319",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "34afc7f8-f731-4458-bea0-0a620d0b2948",
|
|
"value": "https://www.virustotal.com/file/264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc/analysis/1538613309/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680320",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "42f732a2-5783-4fe1-bf28-a299f63a6f65",
|
|
"value": "30/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680323",
|
|
"uuid": "f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f2c1f63f-9a45-43a5-b5f0-aa338180c6a0",
|
|
"referenced_uuid": "f27c2edf-b64f-4038-a3a9-d326a05177bd",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680347",
|
|
"uuid": "5bb6661b-2fa0-4d10-8d8b-461402de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680320",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "90e70da4-695a-45d8-beba-5a744c3c8f43",
|
|
"value": "9584b6aec418a2af4efac24867a8c7ec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680320",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e38ba7bd-f315-440f-873d-62d3bf4d8e31",
|
|
"value": "22a8faf351768596500dbe6e27c05ad55744da1d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680321",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2b2cf022-706f-4082-89a4-0482e9989d61",
|
|
"value": "af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680321",
|
|
"uuid": "f27c2edf-b64f-4038-a3a9-d326a05177bd",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680321",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "28299833-823a-4fae-9d26-936806282829",
|
|
"value": "2018-08-28T00:22:07"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680322",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a8b600ec-a940-4775-8d5a-da5e6fb40637",
|
|
"value": "https://www.virustotal.com/file/af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb/analysis/1535415727/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680322",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6ab72e91-286a-4e59-aed6-7ba109b77661",
|
|
"value": "31/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680325",
|
|
"uuid": "9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9c0321a0-cf1b-4f6b-b67a-69d45877e2d9",
|
|
"referenced_uuid": "1883c73d-680a-4623-9b78-42cfeb491f5b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680347",
|
|
"uuid": "5bb6661b-fb6c-484f-9d6f-453802de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680322",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2bbd9a12-d0ba-4cdc-9f04-a740655d4fdd",
|
|
"value": "5ebeff1f005804bb8afef91095aac1d9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680323",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "54d8241a-dafa-41f0-a3b5-f9458d39ebc2",
|
|
"value": "c92e07faaad26b4ac98f9cc0c5a24e60dcb25b8a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680323",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b016facb-e211-486f-aa12-dfee52ccc67d",
|
|
"value": "4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680324",
|
|
"uuid": "1883c73d-680a-4623-9b78-42cfeb491f5b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680324",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "8f277ab7-05c6-46f8-909c-f3381f65afbc",
|
|
"value": "2018-10-04T00:40:15"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680327",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "656ad417-eede-4da8-b924-d1ac777d5cbe",
|
|
"value": "https://www.virustotal.com/file/4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b/analysis/1538613615/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680328",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6b003f1f-e035-40ad-8331-3e79a4f9ed2e",
|
|
"value": "30/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680331",
|
|
"uuid": "36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "36dd4a13-9d43-48b4-b035-a1dd57e1daa8",
|
|
"referenced_uuid": "077ee3b9-3db4-4025-957b-3944d40c17d7",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680348",
|
|
"uuid": "5bb6661c-f1c4-4077-8955-4c4b02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680328",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "608de87a-577c-45ba-9efc-633bfba9804e",
|
|
"value": "f620fb57352e6f393477a65101a4612e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680329",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2b1110b2-34e6-4efa-ad16-8ddffc43ccdf",
|
|
"value": "93515d7442d0240272b8d813b300219c53e88dfd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680329",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e8d8bd28-4c6b-4f2f-94a8-91469cc7bff2",
|
|
"value": "a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680330",
|
|
"uuid": "077ee3b9-3db4-4025-957b-3944d40c17d7",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680330",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3feaaa6c-1944-4d54-b928-151e02b9ba75",
|
|
"value": "2018-08-19T23:46:42"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680333",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4456021c-dde7-45e4-bb39-a42c628b0d31",
|
|
"value": "https://www.virustotal.com/file/a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92/analysis/1534722402/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680334",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e23bb428-95e6-414a-a60f-e666d298495e",
|
|
"value": "27/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680337",
|
|
"uuid": "c0fc4a1e-cd67-415a-b8b9-3b8624427435",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c0fc4a1e-cd67-415a-b8b9-3b8624427435",
|
|
"referenced_uuid": "d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680348",
|
|
"uuid": "5bb6661c-54f8-4679-a815-47b902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680334",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9ff1aa13-17c4-4fea-9fde-e0a7ea8d4705",
|
|
"value": "912681f6be51afa8c5ab36e691b88e74"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680334",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ded05480-3857-4ced-9d85-0ab4339eb47a",
|
|
"value": "227d1aa69da8250ddbf8898863799e59bdfeb516"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680335",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9417d718-1a7e-4b30-ad2a-45d97bf24356",
|
|
"value": "f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680335",
|
|
"uuid": "d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680335",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9da3df4d-2a97-4c0f-b9a8-4ee1e3bf41fa",
|
|
"value": "2018-08-28T00:21:20"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680336",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "791bd56a-7de3-419e-9984-b3b8f1126ec6",
|
|
"value": "https://www.virustotal.com/file/f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a/analysis/1535415680/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680336",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "620bf26e-ce72-408a-a9fb-29c061e257be",
|
|
"value": "30/59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680339",
|
|
"uuid": "7d2c9249-f40e-495c-8f96-64b18ab129e0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7d2c9249-f40e-495c-8f96-64b18ab129e0",
|
|
"referenced_uuid": "41d50336-ea44-4a0b-8e2a-4d5daee47a96",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680348",
|
|
"uuid": "5bb6661c-ced4-4bd5-9664-4d1302de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680336",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c926ea2c-261d-4ef5-8257-022da8dd3f46",
|
|
"value": "7e1c3834c38984c34b6fd4c741ae3a21"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680337",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "353bad47-ebcb-4db4-815b-f8fdb0be4b50",
|
|
"value": "02b850450fcbcdd6b13f03b2121f124543480d62"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680337",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "83d952e9-99fa-45c8-99be-6194f4833034",
|
|
"value": "d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680338",
|
|
"uuid": "41d50336-ea44-4a0b-8e2a-4d5daee47a96",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680338",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "50679951-11f3-4163-bca3-c1a71fc25d9f",
|
|
"value": "2018-10-04T00:51:35"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680338",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "6a957d87-5bf5-4e47-9901-533d3be74a57",
|
|
"value": "https://www.virustotal.com/file/d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45/analysis/1538614295/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680339",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b95271c3-bd73-4a19-ac07-58509fbe8fc6",
|
|
"value": "27/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680342",
|
|
"uuid": "5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5e99dc31-7b8e-4fc0-b6d2-76c97386fddb",
|
|
"referenced_uuid": "3d0cb0cc-5992-44bd-908d-608dfa518175",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680348",
|
|
"uuid": "5bb6661c-00d0-4b29-aeaa-47f902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680339",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "40667cb7-b99a-4184-9a36-bdcaf1368400",
|
|
"value": "b2b129d84723d0ba2f803a546c8b19ae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680339",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "de0721c4-14d6-4c3c-8b0c-74a414f55360",
|
|
"value": "7a0485e52aa09f63d41e471fd736584c06c3dab6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680340",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6f071f79-d240-4035-953b-3170c06b89c1",
|
|
"value": "44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680340",
|
|
"uuid": "3d0cb0cc-5992-44bd-908d-608dfa518175",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680340",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a6d21e1e-4762-45a8-8397-1e40b79d6f0a",
|
|
"value": "2018-09-18T19:47:01"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680341",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "25405b32-6b81-42dc-a247-ebc03f770730",
|
|
"value": "https://www.virustotal.com/file/44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778/analysis/1537300021/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680341",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "85bba342-833d-452d-ae52-93ca69be210c",
|
|
"value": "28/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680344",
|
|
"uuid": "ed841816-818e-4245-b6dd-f2309f700681",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "ed841816-818e-4245-b6dd-f2309f700681",
|
|
"referenced_uuid": "249cc05d-c4f2-49e8-a6a1-7fb0437d810d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680348",
|
|
"uuid": "5bb6661c-e168-41ba-9dad-49e902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680341",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "06167403-7850-4f72-beef-9c58f7efa820",
|
|
"value": "cfb80e0b1e3927ebc1069b8fdc468072"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680342",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "04f39242-2c21-4b18-af64-c5e8a21b9635",
|
|
"value": "64bd5ba88d7e7104dc1a5586171e83825815362d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680342",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "20c1c44e-003c-4093-b594-6ded9eeca681",
|
|
"value": "4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680344",
|
|
"uuid": "249cc05d-c4f2-49e8-a6a1-7fb0437d810d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680344",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "960ff2ae-bf7a-49c3-ab42-4134855d21d9",
|
|
"value": "2018-10-01T16:00:37"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680344",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "146485a6-71f5-41d8-800b-4ac4f679f33b",
|
|
"value": "https://www.virustotal.com/file/4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a/analysis/1538409637/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680345",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b5bc8306-34a2-4eb6-9dd5-893115f7c124",
|
|
"value": "30/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1538680348",
|
|
"uuid": "e379a5ec-5b7a-48c0-ad91-c00272e066c8",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e379a5ec-5b7a-48c0-ad91-c00272e066c8",
|
|
"referenced_uuid": "bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1538680348",
|
|
"uuid": "5bb6661c-4778-45ae-a8a3-460102de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1538680345",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "68d4af39-d36f-4203-adca-0e8aaf59a19e",
|
|
"value": "10d899e46e0df86ba6e6a4754de331d9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1538680345",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5ac792b2-96eb-41ce-a68b-57c2f740e5b5",
|
|
"value": "29aabf21557507699503251e8e19ff77ee61f1bc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1538680346",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2c2142c5-23e4-42b8-92e1-7427af655547",
|
|
"value": "aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1538680346",
|
|
"uuid": "bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1538680346",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "0911b7f8-578a-470b-a17b-1d302ea16696",
|
|
"value": "2018-10-04T00:21:25"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1538680347",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b3cc844b-5bf3-4cb8-b122-eee753b95a86",
|
|
"value": "https://www.virustotal.com/file/aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61/analysis/1538612485/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1538680347",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "dd676758-854f-4bee-b4b2-4942e2c6efc7",
|
|
"value": "28/58"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |