adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a54ad87-3328-4dde-aa9f-4a7e950d210f.json

1086 lines
No EOL
37 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-09-25",
"extends_uuid": "",
"info": "OSINT - MICROCIN MALWARE",
"publish_timestamp": "1518770781",
"published": true,
"threat_level_id": "3",
"timestamp": "1515726024",
"uuid": "5a54ad87-3328-4dde-aa9f-4a7e950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3b7500",
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#002b4a",
"local": "0",
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:threat-actor=\"Microcin\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515677438",
"to_ids": false,
"type": "link",
"uuid": "5a54adfd-02a8-4e79-96fa-4b61950d210f",
"value": "https://cdn.securelist.com/files/2017/09/Microcin_Technical_4PDF_eng_final_s.pdf",
"Tag": [
{
"colour": "#002b4a",
"local": "0",
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515677438",
"to_ids": false,
"type": "link",
"uuid": "5a54adfd-28c4-4050-9631-435a950d210f",
"value": "https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636/",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658586",
"to_ids": true,
"type": "md5",
"uuid": "5a571d5a-4528-4ebb-a311-099a950d210f",
"value": "371bae0fc70563c7fa1ec0e3a0f037f4"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658586",
"to_ids": true,
"type": "md5",
"uuid": "5a571d5a-b69c-4bc7-bbf3-099a950d210f",
"value": "f4deeb3db67bae6cc224802fbad1f3f6"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658586",
"to_ids": true,
"type": "md5",
"uuid": "5a571d5a-dc2c-4cba-bb59-099a950d210f",
"value": "3f288e450a375a26bd9c4de7f2bcfd66"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658586",
"to_ids": true,
"type": "md5",
"uuid": "5a571d5a-a0b8-4492-a896-099a950d210f",
"value": "7bcf447a93fd37d068ec27dd04c301cb"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658586",
"to_ids": true,
"type": "md5",
"uuid": "5a571d5a-3368-4bfd-85fa-099a950d210f",
"value": "873105f03ae425101ea206dcd6bc539f"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658586",
"to_ids": true,
"type": "md5",
"uuid": "5a571d5a-e770-443e-8d1f-099a950d210f",
"value": "ab6544e1eba3af3f5236d99b755c701c"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658586",
"to_ids": true,
"type": "md5",
"uuid": "5a571d5a-bea0-4630-807a-099a950d210f",
"value": "6e006124678ffc18458d1322de6232a7"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658669",
"to_ids": true,
"type": "md5",
"uuid": "5a571dad-c290-481e-8188-4a23950d210f",
"value": "056f811ef41c213b037008300b0daf0d"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-3804-47b1-91da-47a3950d210f",
"value": "3ebcacb207b33bd5376d00b24cb3386c"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-f3f8-4ca1-8b83-4ed4950d210f",
"value": "4644ce606ab4b62622e4a9e6a80d792d"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-a8a4-4182-8080-4027950d210f",
"value": "4ba4346984a380e22afaccff78688a54"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-1cdc-4b24-9c68-4592950d210f",
"value": "60cb9e553884085700e359e5367d5fb4"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-a4c0-45e4-a33c-4d5c950d210f",
"value": "7771e1738fc2e4de210ac06a5e62c534"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-ea7c-447f-b125-44de950d210f",
"value": "7a290a29ea0d84e4475e021fa87ec466"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-8030-4e44-81b5-4c26950d210f",
"value": "7d8ee0e91cd88bb36d84d52d1d796dea"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-b950-4557-b466-4823950d210f",
"value": "a54966098b2281e4b75b747dbb52f431"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-9e10-47b9-a693-438a950d210f",
"value": "a5c7b7a26fa0f15cbf7bdd3db597fbe6"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-3e74-4e95-97eb-4cff950d210f",
"value": "dc6c8bae242c43dad76970329270155e"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-ded8-40c0-b51d-4ef1950d210f",
"value": "335cb36cc21c47b849d370a892d759b8"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515658670",
"to_ids": true,
"type": "md5",
"uuid": "5a571dae-1d70-440c-b888-4466950d210f",
"value": "948fecf6a044b79de79dc69e09d9979b"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515677438",
"to_ids": false,
"type": "comment",
"uuid": "5a571dce-ed9c-439a-bb6f-0ee0950d210f",
"value": "We\u00e2\u20ac\u2122re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago \u00e2\u20ac\u201c we named it \u00e2\u20ac\u02dcMicrocin\u00e2\u20ac\u2122 after microini, one of the malicious components used in it.\r\n\r\nWe detected a suspicious RTF file. The document contained an exploit to the previously known and patched vulnerability CVE-2015-1641; however, its code had been modified considerably. Remarkably, the malicious document was delivered via websites that targeted a very narrow audience, so we suspected early on that we were dealing with a targeted attack. The threat actors took aim at users visiting forums with discussions on the state-subsidized housing that Russian military personnel and their families are entitled to.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1515657347",
"uuid": "5a571880-d098-4276-b23e-439a950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5a571880-d098-4276-b23e-439a950d210f",
"referenced_uuid": "816abaaf-b4ea-468d-927d-b81c1ebe62b7",
"relationship_type": "analysed-with",
"timestamp": "1518770780",
"uuid": "5a5766fe-6424-4bb1-8bc3-467c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1515657345",
"to_ids": true,
"type": "filename",
"uuid": "5a571881-0108-4beb-b7f9-4ff7950d210f",
"value": "\u00d0\u0161\u00d0\u00b0\u00d0\u00ba\u00d0\u0178\u00d1\u20ac\u00d0\u00b8\u00d0\u00bd\u00d0\u00b8\u00d0\u00bc\u00d0\u00b0\u00d1\u201a\u00d1\u0152\u00d0\u0161\u00d0\u00b2\u00d0\u00b0\u00d1\u20ac\u00d1\u201a\u00d0\u00b8\u00d1\u20ac\u00d1\u0192-1.rtf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515657345",
"to_ids": true,
"type": "md5",
"uuid": "5a571881-f5fc-4da7-910c-4d12950d210f",
"value": "a50b6ec77276cf235eaf2d14665bdb5c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1515657345",
"to_ids": false,
"type": "text",
"uuid": "5a571881-e0ec-45f1-91d5-4133950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1515670249",
"uuid": "0dae0b43-76e3-49a2-b984-c7cbd3ca6e02",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0dae0b43-76e3-49a2-b984-c7cbd3ca6e02",
"referenced_uuid": "200574ab-5db2-4aef-a3a9-db2d4870285b",
"relationship_type": "analysed-with",
"timestamp": "1518770780",
"uuid": "5a574ae7-6a88-4e5e-ad13-485702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1515670246",
"to_ids": true,
"type": "sha1",
"uuid": "5a574ae6-7a18-4a3f-bde1-4fdc02de0b81",
"value": "bd10265d0be8839ed7dc0fb576fb8901c347729b"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515670246",
"to_ids": true,
"type": "md5",
"uuid": "5a574ae6-3b64-4705-a075-423d02de0b81",
"value": "873105f03ae425101ea206dcd6bc539f"
},
{
"category": "Payload delivery",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1515670246",
"to_ids": true,
"type": "sha256",
"uuid": "5a574ae6-6018-490a-b7c9-413002de0b81",
"value": "c950c3fa513a487acfe2f1809e8e25e39d407fdf51553f272af81d2368cbeb0c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515670246",
"uuid": "200574ab-5db2-4aef-a3a9-db2d4870285b",
"Attribute": [
{
"category": "External analysis",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515670246",
"to_ids": false,
"type": "link",
"uuid": "5a574ae6-cde4-4bb3-9721-4f2602de0b81",
"value": "https://www.virustotal.com/file/c950c3fa513a487acfe2f1809e8e25e39d407fdf51553f272af81d2368cbeb0c/analysis/1513681658/"
},
{
"category": "Other",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515670246",
"to_ids": false,
"type": "text",
"uuid": "5a574ae6-aea0-4b56-ab17-407602de0b81",
"value": "30/60"
},
{
"category": "Other",
"comment": "malicious documents",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515670246",
"to_ids": false,
"type": "datetime",
"uuid": "5a574ae6-b690-4d21-b83f-43b202de0b81",
"value": "2017-12-19T11:07:38"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1515670249",
"uuid": "872eb001-bd68-4082-a707-f69e00ab1cfe",
"ObjectReference": [
{
"comment": "",
"object_uuid": "872eb001-bd68-4082-a707-f69e00ab1cfe",
"referenced_uuid": "f06f8919-d425-414c-94d9-6461c49c81b1",
"relationship_type": "analysed-with",
"timestamp": "1518770780",
"uuid": "5a574ae7-2d10-4587-822c-46dd02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1515670246",
"to_ids": true,
"type": "sha1",
"uuid": "5a574ae6-9eac-4f8e-b0d8-4b1c02de0b81",
"value": "150b8350ec483781d8d7a0643e6462c7a6e4d2a0"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515670246",
"to_ids": true,
"type": "md5",
"uuid": "5a574ae6-6410-43ea-93c0-4e3602de0b81",
"value": "335cb36cc21c47b849d370a892d759b8"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1515670246",
"to_ids": true,
"type": "sha256",
"uuid": "5a574ae6-62a0-43de-b1e0-451e02de0b81",
"value": "cbd43e70dc55e94140099722d7b91b07a3997722d4a539ecc4015f37ea14a26e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515670246",
"uuid": "f06f8919-d425-414c-94d9-6461c49c81b1",
"Attribute": [
{
"category": "External analysis",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515670246",
"to_ids": false,
"type": "link",
"uuid": "5a574ae6-dacc-491e-9acf-4d9002de0b81",
"value": "https://www.virustotal.com/file/cbd43e70dc55e94140099722d7b91b07a3997722d4a539ecc4015f37ea14a26e/analysis/1510610117/"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515670246",
"to_ids": false,
"type": "text",
"uuid": "5a574ae6-3560-46cb-8a05-401e02de0b81",
"value": "50/68"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515670246",
"to_ids": false,
"type": "datetime",
"uuid": "5a574ae6-7a5c-42bf-88e8-481302de0b81",
"value": "2017-11-13T21:55:17"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1515670249",
"uuid": "2c34de1e-5ccd-4750-b921-dbc1e57b4cb3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2c34de1e-5ccd-4750-b921-dbc1e57b4cb3",
"referenced_uuid": "c688bc3b-d1af-443c-8363-d44c27a98060",
"relationship_type": "analysed-with",
"timestamp": "1518770781",
"uuid": "5a574ae7-57c4-4641-a4e6-438c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1515670246",
"to_ids": true,
"type": "sha1",
"uuid": "5a574ae6-2438-4fd6-b983-4bb402de0b81",
"value": "a0f68ae3f0263b5443b133b07701174947fa6105"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515670246",
"to_ids": true,
"type": "md5",
"uuid": "5a574ae6-fa68-44e6-bd14-429e02de0b81",
"value": "7d8ee0e91cd88bb36d84d52d1d796dea"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1515670246",
"to_ids": true,
"type": "sha256",
"uuid": "5a574ae6-20d0-4671-84a0-4b8c02de0b81",
"value": "8a7d04229722539f2480270851184d75b26c375a77b468d8cbad6dbdb0c99271"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515670246",
"uuid": "c688bc3b-d1af-443c-8363-d44c27a98060",
"Attribute": [
{
"category": "External analysis",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515670246",
"to_ids": false,
"type": "link",
"uuid": "5a574ae6-ec14-4891-8080-4da102de0b81",
"value": "https://www.virustotal.com/file/8a7d04229722539f2480270851184d75b26c375a77b468d8cbad6dbdb0c99271/analysis/1514186505/"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515670246",
"to_ids": false,
"type": "text",
"uuid": "5a574ae6-0d04-4491-906c-48d402de0b81",
"value": "46/67"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515670246",
"to_ids": false,
"type": "datetime",
"uuid": "5a574ae6-831c-4274-8dc7-424702de0b81",
"value": "2017-12-25T07:21:45"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1515670249",
"uuid": "7613cc8b-ce21-4638-9ef6-3497d9415329",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7613cc8b-ce21-4638-9ef6-3497d9415329",
"referenced_uuid": "67d648f6-ac84-40ae-9edf-90144cd3b7d3",
"relationship_type": "analysed-with",
"timestamp": "1518770781",
"uuid": "5a574ae7-9750-4ff5-b6dd-4b7302de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1515670246",
"to_ids": true,
"type": "sha1",
"uuid": "5a574ae7-110c-4c37-9b14-48e402de0b81",
"value": "938c879b547ca71a332308f6d9c87252b9addc59"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515670247",
"to_ids": true,
"type": "md5",
"uuid": "5a574ae7-0bf4-4900-8aa6-4ede02de0b81",
"value": "a50b6ec77276cf235eaf2d14665bdb5c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1515670247",
"to_ids": true,
"type": "sha256",
"uuid": "5a574ae7-7290-4d80-b0e0-469402de0b81",
"value": "66f0cbc0aa7e96bf937d5fb72374be454d1d6a6c85860df9d8ee8a26adc2a75e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515670247",
"uuid": "67d648f6-ac84-40ae-9edf-90144cd3b7d3",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515670247",
"to_ids": false,
"type": "link",
"uuid": "5a574ae7-62ec-42c6-8cfe-4d4302de0b81",
"value": "https://www.virustotal.com/file/66f0cbc0aa7e96bf937d5fb72374be454d1d6a6c85860df9d8ee8a26adc2a75e/analysis/1513683573/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515670247",
"to_ids": false,
"type": "text",
"uuid": "5a574ae7-8120-474c-a223-45b502de0b81",
"value": "30/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515670247",
"to_ids": false,
"type": "datetime",
"uuid": "5a574ae7-ba08-4b5a-abb8-47ad02de0b81",
"value": "2017-12-19T11:39:33"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1515670250",
"uuid": "9c677e93-f664-4a47-a479-c7807c12d2aa",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9c677e93-f664-4a47-a479-c7807c12d2aa",
"referenced_uuid": "f12656a4-afc0-4caf-b4d0-00701f6754bc",
"relationship_type": "analysed-with",
"timestamp": "1518770781",
"uuid": "5a574ae7-e658-478d-98ed-440802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1515670247",
"to_ids": true,
"type": "sha1",
"uuid": "5a574ae7-c3e8-4cba-96d4-485a02de0b81",
"value": "f7b8ef6431039ae12d4e7b1b997c1cc56e062611"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515670247",
"to_ids": true,
"type": "md5",
"uuid": "5a574ae7-4960-4af9-bf4e-4a4f02de0b81",
"value": "948fecf6a044b79de79dc69e09d9979b"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1515670247",
"to_ids": true,
"type": "sha256",
"uuid": "5a574ae7-1aa0-4a6f-8538-446f02de0b81",
"value": "871ab24fd6ae15783dd9df5010d794b6121c4316b11f30a55f23ba37eef4b87a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515670247",
"uuid": "f12656a4-afc0-4caf-b4d0-00701f6754bc",
"Attribute": [
{
"category": "External analysis",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515670247",
"to_ids": false,
"type": "link",
"uuid": "5a574ae7-7408-4685-9c0e-472202de0b81",
"value": "https://www.virustotal.com/file/871ab24fd6ae15783dd9df5010d794b6121c4316b11f30a55f23ba37eef4b87a/analysis/1510036080/"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515670247",
"to_ids": false,
"type": "text",
"uuid": "5a574ae7-5c38-403b-8e2e-477902de0b81",
"value": "48/67"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515670247",
"to_ids": false,
"type": "datetime",
"uuid": "5a574ae7-f7b0-4743-a008-42ac02de0b81",
"value": "2017-11-07T06:28:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1515670250",
"uuid": "f669bde1-8c02-4eca-953c-eba3dffcaf5a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f669bde1-8c02-4eca-953c-eba3dffcaf5a",
"referenced_uuid": "1ffb93b4-6850-494f-82bd-0b0b9a00c94d",
"relationship_type": "analysed-with",
"timestamp": "1518770781",
"uuid": "5a574ae7-233c-442f-8acf-4e3f02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1515670247",
"to_ids": true,
"type": "sha1",
"uuid": "5a574ae7-956c-4cbe-960f-47df02de0b81",
"value": "c4dfcaac739910a4c1c7171ed9902b2c7bb36b0b"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515670247",
"to_ids": true,
"type": "md5",
"uuid": "5a574ae7-9f30-41b3-9bb2-4f8f02de0b81",
"value": "3ebcacb207b33bd5376d00b24cb3386c"
},
{
"category": "Payload delivery",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1515670247",
"to_ids": true,
"type": "sha256",
"uuid": "5a574ae7-a850-470f-84f6-45d902de0b81",
"value": "9dd9bb13c2698159eb78a0ecb4e8692fd96ca4ecb50eef194fa7479cb65efb7c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515670247",
"uuid": "1ffb93b4-6850-494f-82bd-0b0b9a00c94d",
"Attribute": [
{
"category": "External analysis",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515670247",
"to_ids": false,
"type": "link",
"uuid": "5a574ae7-0008-4f5f-b89f-4b9002de0b81",
"value": "https://www.virustotal.com/file/9dd9bb13c2698159eb78a0ecb4e8692fd96ca4ecb50eef194fa7479cb65efb7c/analysis/1511174150/"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515670247",
"to_ids": false,
"type": "text",
"uuid": "5a574ae7-0bc0-4893-8517-4ff402de0b81",
"value": "37/67"
},
{
"category": "Other",
"comment": "backdoors",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515670247",
"to_ids": false,
"type": "datetime",
"uuid": "5a574ae7-4020-4d97-abe2-456c02de0b81",
"value": "2017-11-20T10:35:50"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515677438",
"uuid": "816abaaf-b4ea-468d-927d-b81c1ebe62b7",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515677438",
"to_ids": false,
"type": "link",
"uuid": "5a5766fe-7e0c-4c7c-802d-424102de0b81",
"value": "https://www.virustotal.com/file/66f0cbc0aa7e96bf937d5fb72374be454d1d6a6c85860df9d8ee8a26adc2a75e/analysis/1513683573/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515677438",
"to_ids": false,
"type": "text",
"uuid": "5a5766fe-e0b8-4fb4-9625-438a02de0b81",
"value": "30/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515677438",
"to_ids": false,
"type": "datetime",
"uuid": "5a5766fe-2d04-45ff-a0b6-431302de0b81",
"value": "2017-12-19T11:39:33"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink