2730 lines
No EOL
91 KiB
JSON
2730 lines
No EOL
91 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2019-01-16",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - LoJax Command and Control Domains Still Active",
|
|
"publish_timestamp": "1547935425",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1547935413",
|
|
"uuid": "5c4073ea-ed74-44e6-8965-d558950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:tool=\"LoJax\""
|
|
},
|
|
{
|
|
"colour": "#305600",
|
|
"name": "malware_classification:malware-category=\"Rootkit\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547732670",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c4086be-64b8-4bd7-9bde-4133950d210f",
|
|
"value": "185.86.148.184"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547732686",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c4086ce-51f8-4166-8b3d-43ac950d210f",
|
|
"value": "93.113.131.103"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547796884",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5c418157-ea48-4d37-ac79-4481950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/lojax-command-and-control-domains-still-active/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547796885",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c418171-9b1c-4e7a-91e3-4601950d210f",
|
|
"value": "Security researchers have uncovered new details about the infrastructure used by LoJax UEFI rootkit used in attacks from APT28. The analysis revealed two command and control (C2) servers were still active in early 2019.\r\n\r\nLoJax rootkit is based on LoJack, a legitimate software that tracks and locates laptop, smartphone, or tablet devices. Its campaigns likely started towards the end of 2016, according to new research.\r\n\r\nBecause it has persistence on the system, LoJack was modified by the threat actors - APT28, also known as Fancy Bear, Sednit, Strontium, and Sofacy, to report to their server.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547797268",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5c418304-bb5c-496b-af6e-4746950d210f",
|
|
"value": "https://asert.arbornetworks.com/lojax-fancy-since-2016/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547736296",
|
|
"uuid": "5c4094e8-764c-4fa5-909a-4263950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547736296",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c4094e8-27ac-4f72-98ea-48f1950d210f",
|
|
"value": "185.181.102.201"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547736298",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c4094ea-d908-4410-9aa5-40e1950d210f",
|
|
"value": "moldstream.md"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547736611",
|
|
"uuid": "5c409623-7d0c-40d6-bbfa-783a950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547736612",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409624-6e8c-4df5-942b-783a950d210f",
|
|
"value": "185.94.191.65"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547736613",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409625-9e44-4b18-bd73-783a950d210f",
|
|
"value": "webstp.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547736681",
|
|
"uuid": "5c409669-d874-4dde-b084-4413950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547736681",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409669-1570-48b8-a875-4307950d210f",
|
|
"value": "162.208.10.66"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547736683",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c40966b-5470-49b2-b13c-4b00950d210f",
|
|
"value": "oiagives.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547736720",
|
|
"uuid": "5c409690-eb24-4ed7-9432-4f30950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547736721",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409691-1f88-4e45-86d3-464e950d210f",
|
|
"value": "86.106.131.54"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547736722",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409692-1bb8-448b-bfd3-4772950d210f",
|
|
"value": "elaxo.org"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547736756",
|
|
"uuid": "5c4096b4-d72c-4d97-bd48-4340950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547736756",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c4096b4-fc74-4b2a-aeb8-4ce0950d210f",
|
|
"value": "185.183.107.40"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547736757",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c4096b5-f23c-4ec1-bfd0-458b950d210f",
|
|
"value": "peacefund.eu"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547736811",
|
|
"uuid": "5c4096eb-f478-4fc6-af0a-4d14950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547736811",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c4096eb-a3ec-4f05-a5b2-4e60950d210f",
|
|
"value": "185.86.151.104"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547736811",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c4096eb-42f4-43a8-94fb-4ab5950d210f",
|
|
"value": "jflynci.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547736830",
|
|
"uuid": "5c4096fe-83e8-44d5-a92f-448e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547736830",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c4096fe-0c4c-440e-8025-4193950d210f",
|
|
"value": "185.86.149.116"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547736831",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c4096ff-7594-4465-8b28-4347950d210f",
|
|
"value": "hp-apps.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547737967",
|
|
"uuid": "5c409b6f-80cc-4575-8014-40c6950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547737968",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409b70-20f0-4f7f-97b7-47d3950d210f",
|
|
"value": "46.21.147.76"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547737969",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409b71-dff8-4882-b8b5-498b950d210f",
|
|
"value": "vsnet.co"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547737994",
|
|
"uuid": "5c409b8a-5a68-4627-aea2-4057950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547737995",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409b8b-4c48-4fb2-9a69-4cef950d210f",
|
|
"value": "85.204.124.77"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547737997",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409b8d-58e0-427f-9c21-488a950d210f",
|
|
"value": "remotepx.net"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738018",
|
|
"uuid": "5c409ba2-faec-4cd9-a7a7-4b9d950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738018",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409ba2-0ff4-47e3-b3ef-4ac1950d210f",
|
|
"value": "54.37.104.106"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738018",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409ba2-c760-4096-bfb9-4cb6950d210f",
|
|
"value": "sysanalyticweb.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738040",
|
|
"uuid": "5c409bb8-5928-456d-878a-4808950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738041",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409bb9-69c0-445d-a40c-43e2950d210f",
|
|
"value": "185.86.151.2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738041",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409bb9-8318-403a-88be-4b73950d210f",
|
|
"value": "unigymboom.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738060",
|
|
"uuid": "5c409bcc-c698-4676-aa91-4a50950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738060",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409bcc-f1fc-4442-8e82-46d6950d210f",
|
|
"value": "94.177.12.150"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738061",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409bcd-3db8-49a3-868e-4c11950d210f",
|
|
"value": "treckanalytics.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738080",
|
|
"uuid": "5c409be0-0444-46ce-9a2f-4421950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738080",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409be0-7998-42c6-9cb6-4b05950d210f",
|
|
"value": "179.43.158.20"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738081",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409be1-a9a4-4cc2-9a5b-41d4950d210f",
|
|
"value": "msfontserver.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738102",
|
|
"uuid": "5c409bf6-d2ac-4b78-ba89-4a9f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738102",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409bf6-dd9c-45e4-a22f-4253950d210f",
|
|
"value": "162.208.10.66"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738103",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409bf7-9bb8-422a-9814-49d6950d210f",
|
|
"value": "oiatribe.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738119",
|
|
"uuid": "5c409c07-4290-4f04-bca2-465c950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738119",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409c07-f5a8-431d-875b-4113950d210f",
|
|
"value": "169.239.128.133"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738120",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409c08-542c-431f-bcf5-46ee950d210f",
|
|
"value": "ntpstatistics.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738136",
|
|
"uuid": "5c409c18-82fc-4c1a-8ced-4a39950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738136",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409c18-67f0-4a42-a418-4c2a950d210f",
|
|
"value": "46.21.147.71"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738137",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409c19-17b0-458a-8b8c-4ad2950d210f",
|
|
"value": "regvirt.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547738151",
|
|
"uuid": "5c409c27-eb6c-434d-9470-4008950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547738151",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c409c27-0b18-42bb-adee-4bad950d210f",
|
|
"value": "169.239.129.121"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547738151",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c409c27-4658-4053-a939-4f05950d210f",
|
|
"value": "visualrates.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547796979",
|
|
"uuid": "5c4181f3-26ac-4683-959c-4963950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547796979",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c4181f3-1458-4eea-bc91-483a950d210f",
|
|
"value": "185.86.151.2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547796980",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c4181f4-1694-44ef-ab4e-4249950d210f",
|
|
"value": "unigymboom.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547797002",
|
|
"uuid": "5c41820a-50ec-4e25-861c-4fca950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547797002",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c41820a-1040-4075-874c-438d950d210f",
|
|
"value": "169.239.128.133"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547797003",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c41820b-d354-4e60-b9fe-436e950d210f",
|
|
"value": "ntpstatistics.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Last Seen: Fall 2018",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547797076",
|
|
"uuid": "5c418254-1fac-4e5f-893a-41f3950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547797076",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c418254-ec4c-4608-99a2-4af4950d210f",
|
|
"value": "185.181.102.201"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547797078",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c418256-f698-4f27-aadc-4e4e950d210f",
|
|
"value": "moldstream.md"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Last Seen: Fall 2018",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547797101",
|
|
"uuid": "5c41826d-9dc4-4ca9-b59d-40bb950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547797101",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c41826d-396c-4dce-8b27-46b7950d210f",
|
|
"value": "46.21.147.76"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547797102",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c41826e-6d48-4825-bd87-4797950d210f",
|
|
"value": "vsnet.co"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Last Seen: Fall 2018",
|
|
"deleted": false,
|
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "6",
|
|
"timestamp": "1547797134",
|
|
"uuid": "5c41828e-a950-4db9-b0f6-4ea6950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1547797134",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5c41828e-6e60-43da-829f-40c4950d210f",
|
|
"value": "169.239.129.121"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1547797135",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c41828f-9038-476a-816d-44b1950d210f",
|
|
"value": "visualrates.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547802397",
|
|
"uuid": "5c41971d-0cb4-4c90-9796-492e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547802398",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41971e-5038-49ef-9cd0-47a1950d210f",
|
|
"value": "89503b7935a05b1d26cb26ce3793a3fb"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547802399",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41971f-81e8-4de4-85cd-4d80950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547802422",
|
|
"uuid": "5c419736-a020-4a84-a00b-26fd950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547802422",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c419736-974c-4498-aff8-26fd950d210f",
|
|
"value": "cffcae5c5551b4b9489fec5d56269d84"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547802423",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c419737-e720-4c86-9d8d-26fd950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547803034",
|
|
"uuid": "5c41999a-f5ac-4de9-9edf-464c950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547803034",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41999a-12c4-4ba5-99fe-4783950d210f",
|
|
"value": "9be30e2c2e185ccb6cdbbf585d368393"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547803035",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41999b-2c08-4c89-a62f-4cc0950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547803353",
|
|
"uuid": "5c419ad9-24f8-4b94-920e-2700950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547803354",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c419ada-6580-42ff-a9de-2700950d210f",
|
|
"value": "bda5f83ee4a6d64d1057f19a2a1ef071"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547803354",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c419ada-cd64-4618-969e-2700950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547803438",
|
|
"uuid": "5c419b2e-9cdc-4f87-8923-02cb950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547803438",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c419b2e-c508-499e-a339-02cb950d210f",
|
|
"value": "f3c6e16f0dd2b0e55a7dad365c3877d4"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547803439",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c419b2f-25c8-4f42-a1b7-02cb950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805261",
|
|
"uuid": "5c41a24d-e8e8-486f-93db-4bfe950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805261",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a24d-4bf4-4e33-bcd3-40a7950d210f",
|
|
"value": "89503b7935a05b1d26cb26ce3793a3fb"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805263",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a24f-3c60-4589-b5bb-442e950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805317",
|
|
"uuid": "5c41a285-adfc-4031-99e5-6eb9950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805317",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a285-3df4-4dae-b603-6eb9950d210f",
|
|
"value": "6eaa1ff5f33df3169c209f98cc5012d0"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805319",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a287-9ae8-4c42-8e9b-6eb9950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805381",
|
|
"uuid": "5c41a2c5-f610-48d8-b15c-27c6950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805381",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a2c5-138c-49a6-99b2-27c6950d210f",
|
|
"value": "cffcae5c5551b4b9489fec5d56269d84"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805382",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a2c6-8490-4655-a5d1-27c6950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805537",
|
|
"uuid": "5c41a361-5930-4a1d-a159-27c6950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805537",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a361-a8d0-4d4b-a6f6-27c6950d210f",
|
|
"value": "f1df1a795eb784f7bfc3ba9a7e3b00ac"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805538",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a362-f5d4-4fae-96b9-27c6950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805829",
|
|
"uuid": "5c41a486-5a90-4519-9fe5-75ce950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805830",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a486-b804-41ed-abe5-75ce950d210f",
|
|
"value": "e5db592704f30d42537b1257e79ff223"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805830",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a486-8070-45f9-a0a4-75ce950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805851",
|
|
"uuid": "5c41a49b-1494-45d9-9d6d-27c6950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805851",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a49b-eab8-4efb-99b0-27c6950d210f",
|
|
"value": "f336379bd4a129f0851a24ccea47b4ec"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805852",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a49c-583c-42df-9e18-27c6950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805882",
|
|
"uuid": "5c41a4ba-6a98-4960-924e-27c6950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805882",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a4ba-b95c-4579-8619-27c6950d210f",
|
|
"value": "9be30e2c2e185ccb6cdbbf585d368393"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805883",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a4bb-0bd8-47a7-92b0-27c6950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805902",
|
|
"uuid": "5c41a4ce-5638-4983-9617-2700950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805902",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a4ce-9cd4-4540-b742-2700950d210f",
|
|
"value": "bda5f83ee4a6d64d1057f19a2a1ef071"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805903",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a4cf-cf58-4c61-bdd6-2700950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805920",
|
|
"uuid": "5c41a4e0-f510-48a0-aacc-448e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805920",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a4e0-3a0c-40fb-a7d8-4f81950d210f",
|
|
"value": "f3c6e16f0dd2b0e55a7dad365c3877d4"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805920",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a4e0-8890-49e6-9b72-43ad950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547805941",
|
|
"uuid": "5c41a4f5-4c84-41ce-b59a-756f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547805941",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a4f5-1950-4707-85e3-756f950d210f",
|
|
"value": "73ea983ec9c39fb820d086acdf439c95"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547805942",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a4f6-1a8c-4cff-b090-756f950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "15",
|
|
"timestamp": "1547806021",
|
|
"uuid": "5c41a545-6a00-406f-8ba8-26ef950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547806021",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5c41a545-d954-46f8-805a-26ef950d210f",
|
|
"value": "9157f70faaedf66688fc11f4abca83e2"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "state",
|
|
"timestamp": "1547806022",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c41a546-5c88-442f-a1b6-26ef950d210f",
|
|
"value": "Malicious"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893349",
|
|
"uuid": "0183a1ab-460b-4b88-a77f-e844353725b1",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0183a1ab-460b-4b88-a77f-e844353725b1",
|
|
"referenced_uuid": "e52fff61-4c9f-4e5b-bef9-f697a478674b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893382",
|
|
"uuid": "5c42fa86-798c-4573-b168-45f502de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893350",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "fa3069bc-3e17-4397-8fb1-0c026dac5d08",
|
|
"value": "e5db592704f30d42537b1257e79ff223"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893350",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "71c4124e-3bce-4dc6-9208-179c30be786d",
|
|
"value": "8e138eecea8e9937a83bffe100d842d6381b6bb1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893351",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "744af389-1787-4714-a5f2-c80fefcadb47",
|
|
"value": "eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893351",
|
|
"uuid": "e52fff61-4c9f-4e5b-bef9-f697a478674b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893351",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a6704321-e290-4989-a308-9e605e3e0a4c",
|
|
"value": "2019-01-18T08:36:32"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893352",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "250629a1-e3ff-40b7-aae8-80414a97eae7",
|
|
"value": "https://www.virustotal.com/file/eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845/analysis/1547800592/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893352",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6adf8b2b-48f5-4b2a-8b1f-61e509c7c596",
|
|
"value": "52/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893352",
|
|
"uuid": "f838d196-f90e-42fd-8f07-0caa8ed78366",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f838d196-f90e-42fd-8f07-0caa8ed78366",
|
|
"referenced_uuid": "8f8eddca-664b-4af0-b628-2baa269d7911",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893383",
|
|
"uuid": "5c42fa87-9944-42b9-82bb-49f002de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893352",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "280afe90-70af-48f4-ae2c-2d5b5d87b39a",
|
|
"value": "f1df1a795eb784f7bfc3ba9a7e3b00ac"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893353",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "955d63c3-1ce3-40a1-a7a1-09f8cd1d8059",
|
|
"value": "1470995de2278ae79646d524e7c311dad29aee17"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893353",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "40c7aae2-2f42-4069-8b8c-dd03dd47412d",
|
|
"value": "e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893354",
|
|
"uuid": "8f8eddca-664b-4af0-b628-2baa269d7911",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893354",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9504e767-143b-4297-8514-a1debd3bbff9",
|
|
"value": "2019-01-18T08:36:31"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893354",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "32b1d16b-45e3-4c5c-8ee1-658e9bd6965e",
|
|
"value": "https://www.virustotal.com/file/e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200/analysis/1547800591/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893355",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "592422d2-0cdf-49a7-90bd-135408d67248",
|
|
"value": "47/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893355",
|
|
"uuid": "221467e7-185f-41ed-b996-bcf9a001244b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "221467e7-185f-41ed-b996-bcf9a001244b",
|
|
"referenced_uuid": "5f175674-cade-4221-9b5d-563c30550687",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893383",
|
|
"uuid": "5c42fa87-7aec-4fb4-9c2c-44d002de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893355",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "80dbd698-1eb1-480d-b7cc-63a2a8b9047c",
|
|
"value": "f336379bd4a129f0851a24ccea47b4ec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893355",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b1af2ee9-c72b-4f9c-ba00-7d349c75c9a6",
|
|
"value": "e923ac79046ffa06f67d3f4c567e84a82dd7ff1b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893356",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3be33cc5-fd56-4ab3-83b5-474822ce1291",
|
|
"value": "a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893356",
|
|
"uuid": "5f175674-cade-4221-9b5d-563c30550687",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893356",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c6f87315-ab4f-48f0-86ef-9b61391d4273",
|
|
"value": "2019-01-18T08:36:32"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893357",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ca93a1c9-c4b9-44eb-bd71-4bc63a45b236",
|
|
"value": "https://www.virustotal.com/file/a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112/analysis/1547800592/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893358",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1d18c466-d3b0-42b8-8de2-ce33a96b6537",
|
|
"value": "52/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893358",
|
|
"uuid": "888dea54-bd23-4759-8388-d3b260a9fcc9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "888dea54-bd23-4759-8388-d3b260a9fcc9",
|
|
"referenced_uuid": "eff9a551-2cf3-4a87-a1a5-1eefe8443ed8",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893383",
|
|
"uuid": "5c42fa87-09bc-410d-a751-47c302de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893358",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "29e4146f-d3bf-4258-89be-0119f0bcd045",
|
|
"value": "f3c6e16f0dd2b0e55a7dad365c3877d4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893358",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "224329e7-58e9-4142-a5fc-a988e32a7404",
|
|
"value": "397d97e278110a48bd2cb11bb5632b99a9100dbd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893359",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a1e85f1d-c826-481c-b5bf-e7ec81ba2051",
|
|
"value": "fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893359",
|
|
"uuid": "eff9a551-2cf3-4a87-a1a5-1eefe8443ed8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893360",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9d437d48-b476-4942-a6e4-9459946936dc",
|
|
"value": "2019-01-18T08:36:28"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893360",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "f203ee74-3433-4e80-859d-718a11b5d4bd",
|
|
"value": "https://www.virustotal.com/file/fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27/analysis/1547800588/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893361",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "00fa7630-9f60-47da-94c6-3d1a367df48d",
|
|
"value": "47/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893361",
|
|
"uuid": "46c70090-aefb-45f3-ae55-1cb02dcf0c80",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "46c70090-aefb-45f3-ae55-1cb02dcf0c80",
|
|
"referenced_uuid": "224f53ae-d99c-4db9-866d-091b185ce68f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893383",
|
|
"uuid": "5c42fa87-98b0-4b92-a3f1-442102de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893361",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "634b5b20-4665-4343-b0d4-f549caa8e1cf",
|
|
"value": "9be30e2c2e185ccb6cdbbf585d368393"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893361",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "83959972-9dc3-4de2-8993-307eb0640860",
|
|
"value": "0860356913ac9e88dbaa8a76a69d9986b8265f81"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893362",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4ecd62d5-30c4-4ae7-ae2b-aab4afa29666",
|
|
"value": "06976912957d4c0c7f5d3a478fc8f3dc2ef1057537bc1548554d6569add2ba3d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893364",
|
|
"uuid": "224f53ae-d99c-4db9-866d-091b185ce68f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893364",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1ffd3174-875e-4f29-857b-46948e494ede",
|
|
"value": "2019-01-18T03:08:09"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893364",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "21a4038c-8022-409b-9cfd-13bd2cdb8331",
|
|
"value": "https://www.virustotal.com/file/06976912957d4c0c7f5d3a478fc8f3dc2ef1057537bc1548554d6569add2ba3d/analysis/1547780889/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893365",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f9f0d052-430c-485c-962d-b4fb8cd592ba",
|
|
"value": "46/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893365",
|
|
"uuid": "422bdf76-7fbd-480d-8a3d-b33a00a3a9a8",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "422bdf76-7fbd-480d-8a3d-b33a00a3a9a8",
|
|
"referenced_uuid": "1d4b1ead-461d-45b0-97b6-9f2db3b56e5b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893383",
|
|
"uuid": "5c42fa87-ad88-4c67-9704-4c8d02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893365",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4090c55a-88b9-41dd-9edf-73f6e2cda6cc",
|
|
"value": "bda5f83ee4a6d64d1057f19a2a1ef071"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893365",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "d404970c-a88b-4e78-bf90-b0ec97e81cae",
|
|
"value": "f90ccf57e75923812c2c1da9f56166b36d1482be"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893366",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "22469824-1d62-4044-a43e-d88c78d1889f",
|
|
"value": "539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893366",
|
|
"uuid": "1d4b1ead-461d-45b0-97b6-9f2db3b56e5b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893366",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "22b4afe9-fcbc-4514-be9d-d03e6240559f",
|
|
"value": "2019-01-18T08:36:27"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893367",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ee16baeb-2063-4ae6-929b-435aa3cc5dcc",
|
|
"value": "https://www.virustotal.com/file/539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77/analysis/1547800587/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893367",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "16209b4b-4483-49f4-a827-787e7152f0b5",
|
|
"value": "52/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893367",
|
|
"uuid": "7670c107-8e0d-401c-97ef-0a252fe1ee01",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7670c107-8e0d-401c-97ef-0a252fe1ee01",
|
|
"referenced_uuid": "b5189a36-b545-4b84-85bd-7fa1fcb7b2f6",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893383",
|
|
"uuid": "5c42fa87-1034-4551-897a-481902de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893367",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "bb9eeca6-b0ca-407f-941b-4a13a7157be6",
|
|
"value": "cffcae5c5551b4b9489fec5d56269d84"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893368",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "8c053ca2-b8e2-4a47-8a00-8bcb7ff1ed61",
|
|
"value": "d578667c9222e7f7835694193576b6554a0bca89"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893368",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "9acdf316-a4dc-4d92-9ef1-b893fe0c08ff",
|
|
"value": "aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893369",
|
|
"uuid": "b5189a36-b545-4b84-85bd-7fa1fcb7b2f6",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893369",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7791139b-3270-4b18-9d5a-55c7a141e9ea",
|
|
"value": "2019-01-18T03:08:10"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893369",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e1199483-4503-4ab5-88e0-1b068dfcb4b9",
|
|
"value": "https://www.virustotal.com/file/aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae/analysis/1547780890/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893370",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8b1777c9-9cec-4425-850f-a064c4cc6b93",
|
|
"value": "49/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893370",
|
|
"uuid": "f16b2940-fed0-4041-8c0e-b9f10c4852f5",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f16b2940-fed0-4041-8c0e-b9f10c4852f5",
|
|
"referenced_uuid": "5b89a33f-92b9-463c-a8ee-a47928a0138a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893383",
|
|
"uuid": "5c42fa87-915c-4dc6-a90e-48e802de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893370",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "6d65ce1a-4245-433b-98a7-ca31c665a3ae",
|
|
"value": "6eaa1ff5f33df3169c209f98cc5012d0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893370",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "a42c479e-fc73-4e83-9227-038a76d47b2b",
|
|
"value": "10d571d66d3ab7b9ddf6a850cb9b8e38b07623c0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893371",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "35b04a6d-14b9-4b01-9ecd-fd0665db129a",
|
|
"value": "27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893371",
|
|
"uuid": "5b89a33f-92b9-463c-a8ee-a47928a0138a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893372",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e8cf1f25-1f71-440f-b3f7-9ebb31ef9e8e",
|
|
"value": "2019-01-18T08:36:30"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893372",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4faa67b5-4107-4e81-84cd-1c2c85331549",
|
|
"value": "https://www.virustotal.com/file/27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9/analysis/1547800590/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893373",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2f5c8b59-15d5-4cfa-85e2-ae5a1f0697ff",
|
|
"value": "51/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893373",
|
|
"uuid": "47f69294-e7fc-43f7-ab84-03cd4378f8ee",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "47f69294-e7fc-43f7-ab84-03cd4378f8ee",
|
|
"referenced_uuid": "c7b36f6d-7074-4856-bed8-1d54355e070f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893384",
|
|
"uuid": "5c42fa88-fbf8-4b57-8f1d-442302de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893373",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9cf9713f-5c5d-4189-9718-beee09708bc8",
|
|
"value": "73ea983ec9c39fb820d086acdf439c95"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893373",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c56a61af-f9da-451c-b44e-546498768bc4",
|
|
"value": "09d2e2c26247a4a908952fee36b56b360561984f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893373",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e004eb49-267a-4cf7-872b-14eb6e3617f1",
|
|
"value": "37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893374",
|
|
"uuid": "c7b36f6d-7074-4856-bed8-1d54355e070f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893374",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "95b5ee4d-049d-4caf-b44b-d789e0ebe197",
|
|
"value": "2019-01-18T08:36:35"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893374",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d9824b54-e08e-4702-a90f-5219b5b9c584",
|
|
"value": "https://www.virustotal.com/file/37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8/analysis/1547800595/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893375",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cdea349b-8070-4ba1-b7e5-0df2b88add75",
|
|
"value": "51/72"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893375",
|
|
"uuid": "0ef6b9ac-e1f1-4137-b43c-e23b80bdc36a",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0ef6b9ac-e1f1-4137-b43c-e23b80bdc36a",
|
|
"referenced_uuid": "fdac57c6-b04e-49a1-a105-aa8b1554ecbe",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893384",
|
|
"uuid": "5c42fa88-c304-43ba-9f63-4b3802de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893375",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3d8fc68c-eae9-442b-9938-a2171cc68cad",
|
|
"value": "9157f70faaedf66688fc11f4abca83e2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c51d04ff-038d-4c9a-bd8e-f33da7ff6d98",
|
|
"value": "b818e7a8cb699cd0fa4afcac50b9b7d82c13fa0a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893376",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b7de3833-6678-41a6-b1ff-d743fcbbd697",
|
|
"value": "a6d83fb30af84c18edf829ae4cc29c8c1bfb5eaaf61f9579d2d79c27bd37db59"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893377",
|
|
"uuid": "fdac57c6-b04e-49a1-a105-aa8b1554ecbe",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893377",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6e3fc311-0b1a-4804-9797-fbcfcb17f369",
|
|
"value": "2019-01-18T03:08:10"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893377",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ad3fd8d1-f35e-45a7-a286-f0ef2f785902",
|
|
"value": "https://www.virustotal.com/file/a6d83fb30af84c18edf829ae4cc29c8c1bfb5eaaf61f9579d2d79c27bd37db59/analysis/1547780890/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893379",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8d2cc288-1115-44cc-92ce-f4703eed8a9a",
|
|
"value": "45/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1547893379",
|
|
"uuid": "3fae5084-db01-4e77-b90f-380ffcc7e226",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "3fae5084-db01-4e77-b90f-380ffcc7e226",
|
|
"referenced_uuid": "f37f274c-d13a-4f4c-a4ad-a17c70eaf778",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1547893384",
|
|
"uuid": "5c42fa88-91e4-4950-b0e2-44f402de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1547893379",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "fa2b1e36-3f12-4f9d-8b83-0a1637870782",
|
|
"value": "89503b7935a05b1d26cb26ce3793a3fb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1547893379",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4ce399b9-fd34-4d88-b124-91f187a52de2",
|
|
"value": "5bc901e9267fa7bb7b14943f5f0299a84a7ef519"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1547893380",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "46d2e789-239c-4cfe-8b78-d43adba5880a",
|
|
"value": "6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1547893381",
|
|
"uuid": "f37f274c-d13a-4f4c-a4ad-a17c70eaf778",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1547893381",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f7f35623-cc54-4d52-818a-bf9b5761f2c2",
|
|
"value": "2019-01-18T03:08:11"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1547893381",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b6c4c28d-1f46-43b2-a18c-f2ce8f84223c",
|
|
"value": "https://www.virustotal.com/file/6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e/analysis/1547780891/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1547893382",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9cc4fe98-6468-439c-9c43-5729ce13e7da",
|
|
"value": "52/72"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |