adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/2ebc21a4-5635-4a7d-9553-ec5f58be0ee6.json

1574 lines
No EOL
56 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2021-02-02",
"extends_uuid": "",
"info": "OSINT - Kobalos \u2013 A complex Linux threat to high performance computing infrastructure",
"publish_timestamp": "1612271515",
"published": true,
"threat_level_id": "2",
"timestamp": "1612271360",
"uuid": "2ebc21a4-5635-4a7d-9553-ec5f58be0ee6",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0029ff",
"local": false,
"name": "estimative-language:confidence-in-analytic-judgment=\"high\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Compromise Client Software Binary - T1554\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Traffic Signaling - T1205\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Clear Command History - T1070.003\"",
"relationship_type": ""
},
{
"colour": "#075900",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1612270940",
"to_ids": false,
"type": "link",
"uuid": "07103d07-aa9a-4694-a89c-5cd4fc94221e",
"value": "https://github.com/eset/malware-ioc/blob/master/kobalos/README.adoc"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1612270940",
"to_ids": false,
"type": "link",
"uuid": "fd42b022-1d71-4dda-ab1f-3f9e4a49e663",
"value": "https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/"
}
],
"Object": [
{
"comment": "Static RC4 key for strings",
"deleted": false,
"description": "Cryptographic materials such as public or/and private keys.",
"meta-category": "misc",
"name": "crypto-material",
"template_uuid": "50677f82-ec9c-4484-bb29-2519cfe56823",
"template_version": "4",
"timestamp": "1612264069",
"uuid": "f35188ee-2150-4d49-940a-16d588cf7562",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1612264069",
"to_ids": false,
"type": "text",
"uuid": "02240c3f-3379-48bc-ac66-849be8ab76ba",
"value": "RC4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "generic-symmetric-key",
"timestamp": "1612264069",
"to_ids": false,
"type": "text",
"uuid": "809ba87e-5329-498a-86ae-66755abaf2e9",
"value": "AE0E05090F3AC2B50B1BC6E91D2FE3CE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Cryptographic materials such as public or/and private keys.",
"meta-category": "misc",
"name": "crypto-material",
"template_uuid": "50677f82-ec9c-4484-bb29-2519cfe56823",
"template_version": "4",
"timestamp": "1612264120",
"uuid": "026c0bbe-8e18-47ff-9069-0ce387459a39",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1612264120",
"to_ids": false,
"type": "text",
"uuid": "2b4462a4-6d51-4f69-8e02-6308c444d046",
"value": "RSA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "public",
"timestamp": "1612264120",
"to_ids": false,
"type": "text",
"uuid": "6030c4fb-79de-4652-9e2c-cda3a0dca7b4",
"value": "-----BEGIN PUBLIC KEY-----\r\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOUgD8sEF1kZ04QxCd60HrB+TxWnLQED\r\nwzb0sZ8vMMD6xnUAJspdYzSVDnRnKYjTOM43qtLNcJOwVj6cuC1uHHMCAwEAAQ==\r\n-----END PUBLIC KEY-----"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "8",
"timestamp": "1612264189",
"uuid": "bbc90dca-7637-45a0-a897-e5832580635e",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "dst-port",
"timestamp": "1612264189",
"to_ids": false,
"type": "port",
"uuid": "ac78a8d1-7959-4e1a-afe7-c5377ec2d910",
"value": "7070"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1612264189",
"to_ids": true,
"type": "ip-dst",
"uuid": "589f015c-b37e-4805-8013-efdbeecfb674",
"value": "151.80.57.191"
}
]
},
{
"comment": "Stand-alone binary - (Debian OS) - Connects to 151.80.57.191:7070",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612271360",
"uuid": "59711fce-1669-416e-a863-282972f05a30",
"ObjectReference": [
{
"comment": "",
"object_uuid": "59711fce-1669-416e-a863-282972f05a30",
"referenced_uuid": "bbc90dca-7637-45a0-a897-e5832580635e",
"relationship_type": "connects-to",
"timestamp": "0",
"uuid": "6972ee6e-bf81-40a5-a9a6-45be40822316"
},
{
"comment": "",
"object_uuid": "59711fce-1669-416e-a863-282972f05a30",
"referenced_uuid": "8dc33498-4ead-4457-a3eb-e85032df1405",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "319d27ad-10b6-41e1-88cb-bfdcff1c7a9c"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264260",
"to_ids": true,
"type": "sha1",
"uuid": "ac438820-dd21-4ded-9b6b-9e2145662909",
"value": "479f470e83f9a5b66363fba5547fdfcf727949da"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612264260",
"to_ids": false,
"type": "text",
"uuid": "88d8ba60-7239-4e81-8468-43a8ffc0bace",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1612264326",
"uuid": "ce16efd3-b989-4fdb-9cad-3cb622be8c92",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ce16efd3-b989-4fdb-9cad-3cb622be8c92",
"referenced_uuid": "96edf472-61bf-4f3c-81ce-932eb0329136",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "bcf9e10f-2041-4272-b427-75401bf19292"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1612264260",
"to_ids": true,
"type": "md5",
"uuid": "c95ac79d-003d-42bb-99ff-721de8559311",
"value": "2c693d26ba9df26edf77557c1a709528"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264260",
"to_ids": true,
"type": "sha1",
"uuid": "7038e90a-2215-4c03-8968-e729b3ea20f6",
"value": "479f470e83f9a5b66363fba5547fdfcf727949da"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1612264260",
"to_ids": true,
"type": "sha256",
"uuid": "158ce435-33e0-4cb1-8075-87317f881ebe",
"value": "73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1612264327",
"uuid": "96edf472-61bf-4f3c-81ce-932eb0329136",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1612264260",
"to_ids": false,
"type": "datetime",
"uuid": "35baa849-71a0-4406-a3b8-7135a4442667",
"value": "2021-02-01T18:56:46+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1612264260",
"to_ids": false,
"type": "link",
"uuid": "b451437f-a3ad-4026-a74f-ed19ae19bce1",
"value": "https://www.virustotal.com/gui/file/73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58/detection/f-73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58-1612205806"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1612264260",
"to_ids": false,
"type": "text",
"uuid": "1b93b043-b92b-489d-8372-2c0df9f680f2",
"value": "3/62"
}
]
},
{
"comment": "RHEL\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612264495",
"uuid": "143c7525-68f6-4367-97a8-4540bdffa019",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264495",
"to_ids": true,
"type": "sha1",
"uuid": "ca725ed0-c3b0-4f09-b649-9f0deceff39b",
"value": "fbf0a76ced2939d1f7ec5f9ea58c5a294207f7fe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612264495",
"to_ids": false,
"type": "text",
"uuid": "40f79229-1545-4386-8f64-a354ef866343",
"value": "Malicious"
}
]
},
{
"comment": "FreeBSD\r\n\t\r\n\r\nsshd Wait for connection from source port 55201",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612264674",
"uuid": "422f962e-0a08-4bf4-9d95-406422b35bcb",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264674",
"to_ids": true,
"type": "sha1",
"uuid": "3eff334e-42b3-48a8-9758-e8a38a8f5df3",
"value": "affa12cc94578d63a8b178ae19f6601d5c8bb224"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612264674",
"to_ids": false,
"type": "text",
"uuid": "5f438f47-7226-41ae-b6a1-531e126dbc62",
"value": "Malicious"
}
]
},
{
"comment": "Ubuntu\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612264719",
"uuid": "56810ac9-e525-446d-b903-62fa770ae06a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264719",
"to_ids": true,
"type": "sha1",
"uuid": "a8da1d3f-7dac-4065-889e-3515fb558fb7",
"value": "325f24e8f5d56db43d6914d9234c08c888cdae50"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612264719",
"to_ids": false,
"type": "text",
"uuid": "053a8068-9163-44fb-950e-9c8529e56eaa",
"value": "Malicious"
}
]
},
{
"comment": "Arch Linux\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612264794",
"uuid": "394bf3c8-c3a2-412d-828c-d5e2b0c6811f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264794",
"to_ids": true,
"type": "sha1",
"uuid": "d8724364-de63-4f75-bf63-b48231f47c5b",
"value": "a4050a8171b0fa3ae9031e0f8b7272facf04a3aa"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612264794",
"to_ids": false,
"type": "text",
"uuid": "45e64eff-806e-4c32-b723-9fa8f369ebdc",
"value": "Malicious"
}
]
},
{
"comment": "SSH credential stealer ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270166",
"uuid": "0fa4cd2e-4304-4657-99ad-962f7eb548f0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0fa4cd2e-4304-4657-99ad-962f7eb548f0",
"referenced_uuid": "5564a28d-f2a5-41da-9339-6b72f64c6832",
"relationship_type": "writes",
"timestamp": "0",
"uuid": "748109ba-e84c-4bdb-b892-bebd0629790c"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264902",
"to_ids": true,
"type": "sha1",
"uuid": "7345c7bf-a35a-4fb4-8611-ae93541f7252",
"value": "6616de799b5105ee2eb83bbe25c7f4433420dff7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612264902",
"to_ids": false,
"type": "text",
"uuid": "d7a74f7c-b2f8-4400-af49-95dfaf0b8370",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612264961",
"uuid": "5564a28d-f2a5-41da-9339-6b72f64c6832",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1612264961",
"to_ids": false,
"type": "text",
"uuid": "ce3d187a-ca3b-4be6-9cc4-74a7169a1868",
"value": "/var/run/nscd/ns.pid"
}
]
},
{
"comment": "SSH credential stealer ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270308",
"uuid": "683e6644-bb2e-4ae9-b1e4-139453b8402e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "683e6644-bb2e-4ae9-b1e4-139453b8402e",
"referenced_uuid": "f10e10ba-0d66-4505-a4d5-1689c9f5e25b",
"relationship_type": "writes",
"timestamp": "0",
"uuid": "5fdb3648-156b-4265-8855-53a48db8d083"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612270230",
"to_ids": true,
"type": "sha1",
"uuid": "2c496ed2-3897-407a-b7de-0ed0b08e8498",
"value": "e094dd02cc954b6104791925e0d1880782b046cf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612270230",
"to_ids": false,
"type": "text",
"uuid": "820875f5-17eb-448b-ba0b-febd73fe5439",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270284",
"uuid": "f10e10ba-0d66-4505-a4d5-1689c9f5e25b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1612270284",
"to_ids": false,
"type": "text",
"uuid": "bf6ee019-dcf4-465b-9897-6c9752b717d3",
"value": "/var/run/udev/ud.pid"
}
]
},
{
"comment": "SSH credential stealer FreeBSD",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270584",
"uuid": "84bd6b39-8189-4eee-8fef-6d9ee06306a1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "84bd6b39-8189-4eee-8fef-6d9ee06306a1",
"referenced_uuid": "b2a8b157-a04f-484f-8d88-549ede5b0068",
"relationship_type": "writes",
"timestamp": "0",
"uuid": "c571733c-fb99-426c-9286-3dd10e61f993"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612270522",
"to_ids": true,
"type": "sha1",
"uuid": "30022af0-b795-408e-b924-ea4a398f4388",
"value": "1dd0edc5744d63a731db8c3b42efbd09d91fed78"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612270522",
"to_ids": false,
"type": "text",
"uuid": "1028ec44-3121-458b-88e0-6f59f9275f14",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270548",
"uuid": "b2a8b157-a04f-484f-8d88-549ede5b0068",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1612270548",
"to_ids": false,
"type": "text",
"uuid": "364d8668-bf3b-4cf1-8841-e38c9a1c8b15",
"value": "/var/run/udevd.pid"
}
]
},
{
"comment": "SSH credential stealer ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270670",
"uuid": "68ac0130-82b6-4709-ae98-cee6fe7fb4ed",
"ObjectReference": [
{
"comment": "",
"object_uuid": "68ac0130-82b6-4709-ae98-cee6fe7fb4ed",
"referenced_uuid": "5564a28d-f2a5-41da-9339-6b72f64c6832",
"relationship_type": "writes",
"timestamp": "0",
"uuid": "823842d1-1bdd-4fee-a7cc-2671913bf14e"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612270625",
"to_ids": true,
"type": "sha1",
"uuid": "35514c50-5c1c-45de-a8e7-c7280c69309f",
"value": "c1f530d3c189b9a74dbe02cfeb29f38be8ca41ba"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612270625",
"to_ids": false,
"type": "text",
"uuid": "48a06ca8-6612-4f47-aafc-6e44ddb60bdf",
"value": "Malicious"
}
]
},
{
"comment": "SSH credential stealer ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270756",
"uuid": "d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6",
"referenced_uuid": "fe1474ac-d0a1-4792-8936-e25686ad6662",
"relationship_type": "writes",
"timestamp": "0",
"uuid": "3227ee22-c912-43ed-b386-6225e2e46d3e"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612270708",
"to_ids": true,
"type": "sha1",
"uuid": "85b35daa-5d4b-40ac-b81d-105ecfb840ae",
"value": "659cbdf9288137937bb71146b6f722ffcda1c5fe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1612270708",
"to_ids": false,
"type": "text",
"uuid": "a31e8450-6a45-416a-8417-c3c9717b5c5e",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1612270731",
"uuid": "fe1474ac-d0a1-4792-8936-e25686ad6662",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1612270731",
"to_ids": false,
"type": "text",
"uuid": "2940c1e1-451c-40a0-ab8b-bf02d05bec56",
"value": "/var/run/sshd/sshd.pid"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "5",
"timestamp": "1612270820",
"uuid": "1e04dc6e-de14-441d-a7f6-09a5d54f0667",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "context",
"timestamp": "1612270820",
"to_ids": false,
"type": "text",
"uuid": "b387cbff-3ae2-45a7-a819-0fc5e52080aa",
"value": "all"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1612270820",
"to_ids": true,
"type": "yara",
"uuid": "8988bfd4-f07e-43bd-a321-45dcc1976487",
"value": "rule kobalos\r\n{\r\n meta:\r\n description = \"Kobalos malware\"\r\n author = \"Marc-Etienne M.L\u00e9veill\u00e9\"\r\n date = \"2020-11-02\"\r\n reference = \"http://www.welivesecurity.com\"\r\n source = \"https://github.com/eset/malware-ioc/\"\r\n license = \"BSD 2-Clause\"\r\n version = \"1\"\r\n\r\n strings:\r\n $encrypted_strings_sizes = {\r\n 05 00 00 00 09 00 00 00 04 00 00 00 06 00 00 00\r\n 08 00 00 00 08 00 00 00 02 00 00 00 02 00 00 00\r\n 01 00 00 00 01 00 00 00 05 00 00 00 07 00 00 00\r\n 05 00 00 00 05 00 00 00 05 00 00 00 0A 00 00 00\r\n }\r\n $password_md5_digest = { 3ADD48192654BD558A4A4CED9C255C4C }\r\n $rsa_512_mod_header = { 10 11 02 00 09 02 00 }\r\n $strings_rc4_key = { AE0E05090F3AC2B50B1BC6E91D2FE3CE }\r\n\r\n condition:\r\n any of them\r\n}"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "5",
"timestamp": "1612270855",
"uuid": "137efbb9-75cd-46e9-8dba-7d8e36a983b5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "context",
"timestamp": "1612270855",
"to_ids": false,
"type": "text",
"uuid": "9120f836-5e86-4d3b-a938-69ed9ef651f7",
"value": "all"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1612270855",
"to_ids": true,
"type": "yara",
"uuid": "0be3f87d-26d0-4ef9-909f-9ab3a25afa66",
"value": "rule kobalos_ssh_credential_stealer {\r\n meta:\r\n description = \"Kobalos SSH credential stealer seen in OpenSSH client\"\r\n author = \"Marc-Etienne M.L\u00e9veill\u00e9\"\r\n date = \"2020-11-02\"\r\n reference = \"http://www.welivesecurity.com\"\r\n source = \"https://github.com/eset/malware-ioc/\"\r\n license = \"BSD 2-Clause\"\r\n version = \"1\"\r\n\r\n strings:\r\n $ = \"user: %.128s host: %.128s port %05d user: %.128s password: %.128s\"\r\n\r\n condition:\r\n any of them\r\n}"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "1",
"timestamp": "1612271004",
"uuid": "6743c14d-5278-41a1-a8d2-678f94f59d6d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6743c14d-5278-41a1-a8d2-678f94f59d6d",
"referenced_uuid": "07103d07-aa9a-4694-a89c-5cd4fc94221e",
"relationship_type": "references",
"timestamp": "0",
"uuid": "85fc72c2-abeb-441f-95b2-877a267dd0fd"
},
{
"comment": "",
"object_uuid": "6743c14d-5278-41a1-a8d2-678f94f59d6d",
"referenced_uuid": "fd42b022-1d71-4dda-ab1f-3f9e4a49e663",
"relationship_type": "references",
"timestamp": "0",
"uuid": "277a00eb-305d-424c-88b8-2f83cfd3fa05"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1612270903",
"to_ids": false,
"type": "text",
"uuid": "de941abb-8360-41fd-88b8-14ab18906b30",
"value": "ESET researchers have analyzed malware that has been targeting high performance computing (HPC) clusters, among other high-profile targets. We reverse engineered this small, yet complex, malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a Kobalos is a small, mischievous creature. Today we publish a paper titled \u201cA wild Kobalos appears: Tricksy Linux malware goes after HPCs\u201d describing the inner working of this threat."
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1612271360",
"uuid": "cd4a56fb-10a5-46f9-868e-2d2d9cee93c5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cd4a56fb-10a5-46f9-868e-2d2d9cee93c5",
"referenced_uuid": "5d93ad07-c377-43cc-b9e4-1b0ab3d0da83",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "e68934b5-f0d6-47ae-ac55-69cdb57f4ae5"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1612270230",
"to_ids": true,
"type": "md5",
"uuid": "95954106-f4c2-4cfe-9a86-fc3596552d0b",
"value": "4e52980f06f211668df959175d6c3d58"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612270230",
"to_ids": true,
"type": "sha1",
"uuid": "2fa17f05-66af-4f1e-b900-b0a0d98037a0",
"value": "e094dd02cc954b6104791925e0d1880782b046cf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1612270230",
"to_ids": true,
"type": "sha256",
"uuid": "7a91ab89-751e-4bdb-b8f0-8b0568ee0c5c",
"value": "75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1612271360",
"uuid": "5d93ad07-c377-43cc-b9e4-1b0ab3d0da83",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1612270230",
"to_ids": false,
"type": "datetime",
"uuid": "8135e42c-4a36-47da-b8ad-595dcda6a2e6",
"value": "2020-03-04T18:41:56+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1612270230",
"to_ids": false,
"type": "link",
"uuid": "e5a8ebcf-af6e-444f-adc6-f8465fae0676",
"value": "https://www.virustotal.com/gui/file/75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45/detection/f-75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45-1583347316"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1612270230",
"to_ids": false,
"type": "text",
"uuid": "4ff0afc9-cac1-44be-b730-67fe00f15bef",
"value": "0/61"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1612271360",
"uuid": "bb8fc68e-77a6-4115-abf5-3fc14c1039dd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bb8fc68e-77a6-4115-abf5-3fc14c1039dd",
"referenced_uuid": "a9cacc5a-a03f-463a-95a1-854718064bb3",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "47b5c1f4-03dd-469c-a884-e41c041f7204"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1612264902",
"to_ids": true,
"type": "md5",
"uuid": "8905f270-73b6-4fca-8140-3bea736b87bd",
"value": "87837cc81c346e2a38ab1fe5e4826af2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264902",
"to_ids": true,
"type": "sha1",
"uuid": "e3e51533-2b89-4b9c-9a64-10ccb879413d",
"value": "6616de799b5105ee2eb83bbe25c7f4433420dff7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1612264902",
"to_ids": true,
"type": "sha256",
"uuid": "4333b278-117e-43cd-b118-a21e6810c228",
"value": "6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1612271360",
"uuid": "a9cacc5a-a03f-463a-95a1-854718064bb3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1612264902",
"to_ids": false,
"type": "datetime",
"uuid": "a1c31bf0-5438-4d5b-b6df-f13319a1cc84",
"value": "2021-02-02T11:56:14+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1612264902",
"to_ids": false,
"type": "link",
"uuid": "6299cd4c-b13d-42a4-94b3-6254cfd7fd59",
"value": "https://www.virustotal.com/gui/file/6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a/detection/f-6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a-1612266974"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1612264902",
"to_ids": false,
"type": "text",
"uuid": "2eeeaca5-5c72-4ea2-8c76-591780ddab71",
"value": "1/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1612271360",
"uuid": "8dc33498-4ead-4457-a3eb-e85032df1405",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1612264260",
"to_ids": false,
"type": "datetime",
"uuid": "40f30083-4b87-42ab-b515-9f8e07055145",
"value": "2021-02-01T18:56:46+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1612264260",
"to_ids": false,
"type": "link",
"uuid": "fc710595-3fb3-4fcf-87b0-daa1a5f69423",
"value": "https://www.virustotal.com/gui/file/73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58/detection/f-73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58-1612205806"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1612264260",
"to_ids": false,
"type": "text",
"uuid": "bf6548e5-2428-455c-929d-3a342ec0f4bf",
"value": "3/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1612271360",
"uuid": "b4f748c5-41f0-4a59-bf7a-069086896c94",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b4f748c5-41f0-4a59-bf7a-069086896c94",
"referenced_uuid": "5b93ec98-7b27-4038-b9ca-6c8ae8ae44da",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "3d69a098-ca8e-4eef-b1f9-0c080d34402f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1612264495",
"to_ids": true,
"type": "md5",
"uuid": "62a62db8-ae79-4fb0-a24b-419623c48675",
"value": "7538d0ec96869fd53d7c613a108846c0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264495",
"to_ids": true,
"type": "sha1",
"uuid": "b3681a92-1a2b-47c0-9a94-242964bfd9bf",
"value": "fbf0a76ced2939d1f7ec5f9ea58c5a294207f7fe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1612264495",
"to_ids": true,
"type": "sha256",
"uuid": "d3f091f2-b7e5-4c8a-a109-e52b294c67ae",
"value": "d51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1612271360",
"uuid": "5b93ec98-7b27-4038-b9ca-6c8ae8ae44da",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1612264495",
"to_ids": false,
"type": "datetime",
"uuid": "7f072142-4e7c-490a-9f1d-7c5c3f563499",
"value": "2021-02-02T08:05:42+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1612264495",
"to_ids": false,
"type": "link",
"uuid": "88f8d78d-9e9e-4931-a826-85529a90ccfa",
"value": "https://www.virustotal.com/gui/file/d51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983/detection/f-d51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983-1612253142"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1612264495",
"to_ids": false,
"type": "text",
"uuid": "d11eb3b0-2889-45d8-8f90-f7021df6568c",
"value": "1/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1612271360",
"uuid": "577cde70-7de9-4776-975b-9c0100ceae5e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "577cde70-7de9-4776-975b-9c0100ceae5e",
"referenced_uuid": "977fbf1c-4163-45ce-a014-4f58536d3703",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "88b2a9b7-db1c-48c5-bc07-35cb97547fbe"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1612264674",
"to_ids": true,
"type": "md5",
"uuid": "23e91738-92a1-4252-8a73-3dc11d14d2b2",
"value": "f54ba4ac2eeb5c12a513872acabecbc6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612264674",
"to_ids": true,
"type": "sha1",
"uuid": "c368a8a5-ba1c-4505-bab2-fabe48d27965",
"value": "affa12cc94578d63a8b178ae19f6601d5c8bb224"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1612264674",
"to_ids": true,
"type": "sha256",
"uuid": "8df1d19a-7970-47f4-bc4b-36787e9061fc",
"value": "9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1612271360",
"uuid": "977fbf1c-4163-45ce-a014-4f58536d3703",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1612264674",
"to_ids": false,
"type": "datetime",
"uuid": "cae3f6bb-2b69-48eb-9099-658fc16919d7",
"value": "2021-02-01T18:58:25+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1612264674",
"to_ids": false,
"type": "link",
"uuid": "4bf2aad3-5dc1-4a81-8c15-4f74538f9c8e",
"value": "https://www.virustotal.com/gui/file/9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74/detection/f-9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74-1612205905"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1612264674",
"to_ids": false,
"type": "text",
"uuid": "66364ddf-d38e-4d5a-8082-ba0682f6eb3b",
"value": "1/61"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1612271360",
"uuid": "9a711583-6ce7-4265-aba8-7350383961b6",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9a711583-6ce7-4265-aba8-7350383961b6",
"referenced_uuid": "3f558b7a-d342-4090-92a2-82e2210b68e7",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "a79e2df6-06bf-4b86-b118-e91ca4531c76"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1612270522",
"to_ids": true,
"type": "md5",
"uuid": "f0efb098-b8e3-4021-8198-6e951bbbbb6e",
"value": "bc49dd3da0b2cb1425a466a3d2f0ed41"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1612270522",
"to_ids": true,
"type": "sha1",
"uuid": "83b6a170-d5d4-4586-b9c2-266dd79208ab",
"value": "1dd0edc5744d63a731db8c3b42efbd09d91fed78"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1612270522",
"to_ids": true,
"type": "sha256",
"uuid": "e9fafed3-2600-4ce5-bdcb-6b13c569147d",
"value": "13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1612271360",
"uuid": "3f558b7a-d342-4090-92a2-82e2210b68e7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1612270522",
"to_ids": false,
"type": "datetime",
"uuid": "2b6ecaa2-bbe1-4903-b28b-8672896fb4d5",
"value": "2020-03-09T08:44:44+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1612270522",
"to_ids": false,
"type": "link",
"uuid": "99713b59-7b94-4c9f-9223-84190b6f00d3",
"value": "https://www.virustotal.com/gui/file/13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a/detection/f-13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a-1583743484"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1612270522",
"to_ids": false,
"type": "text",
"uuid": "227fe71f-0426-4338-b83e-890fc2a5e5ef",
"value": "0/59"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink