misp-circl-feed/feeds/circl/misp/5caefb63-cb90-4a86-abc2-4fcc950d210f.json

{
  "Event": {
    "analysis": "0",
    "date": "2019-04-11",
    "extends_uuid": "",
    "info": "OSINT - OSINT Reporting Regarding DPRK and TA505 Overlap",
    "publish_timestamp": "1554973063",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1554972881",
    "uuid": "5caefb63-cb90-4a86-abc2-4fcc950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#0071c3",
        "local": false,
        "name": "osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      },
      {
        "colour": "#0087e8",
        "local": false,
        "name": "osint:certainty=\"50\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:threat-actor=\"TA505\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971520",
        "to_ids": false,
        "type": "link",
        "uuid": "5caefb80-627c-44aa-958d-4941950d210f",
        "value": "https://norfolkinfosec.com/osint-reporting-on-dprk-and-ta505-overlap/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971550",
        "to_ids": false,
        "type": "text",
        "uuid": "5caefb9e-4ff4-4279-8eb1-4f34950d210f",
        "value": "Yesterday, at SAS2019, BAE Systems presented findings related to DPRK SWIFT heist activity that took place in 2018. As part of this research (a leaked video of the presentation is available online), BAE included two key points not previously disclosed in the public domain:\r\n\r\n\u00e2\u20ac\u201c The existence of a PowerShell backdoor attributable to DPRK, which the researchers dubbed PowerBrace\r\n\u00e2\u20ac\u201c A possible overlap between TA505 intrusions and DPRK intrusions, suggesting a possible hand-off between the two groups.\r\n\r\nThis blog will leave a full analysis of those two points and the supporting context to the people that found them, as it\u00e2\u20ac\u2122s theirs to share; however, data that may support such conclusions have been available in open source for quite some time.\r\n\r\nIn early January, VNCert issued an alert regarding attacks targeting financial institutions, containing a mix of DPRK IOCs (including a keylogger referred to as PSLogger previously analyzed by this blog), TA505 IOCs (previously published by 360 TIC), and a handful of PowerShell scripts that are generally identical aside from a handful of configuration changes. Furthermore, the aforementioned keylogger was first uploaded by a submitter (fabd7a52) in Pakistan in December 2018. That same submitter acted as the first uploader for one of the PowerShell samples identified below (b88d4d72fdabfc040ac7fb768bf72dcd), further corroborating a possible link.\r\n\r\nGiven the multi-sourced reporting overlaps and the additional Pakistan findings mentioned above, this blog assesses that the PowerShell scripts in question likely belong to the same family of DPRK-attributable malware reported by BAE systems."
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-536c-4f65-8313-47ff950d210f",
        "value": "5b7244c47104f169b0840440cdede788"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-5358-4bd8-a44b-45a2950d210f",
        "value": "cc29adb5b78300b0f17e566ad461b2c7"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-5960-4325-8f02-47de950d210f",
        "value": "e00499e21f9dcf77fc990400b8b3c2b5"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-61e4-4911-b7e1-46a5950d210f",
        "value": "53f7be945d5755bb628deecb71cdcbf2"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-c4c8-47f0-852d-4163950d210f",
        "value": "9c35e9aa9255aa2214d704668b039ef6"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-b920-4108-818b-4bb7950d210f",
        "value": "2e0d13266b45024153396f002e882f15"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-4cd8-4961-8370-4f9a950d210f",
        "value": "26f09267d0ec0d339e70561a610fb1fd"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-3c5c-4319-b485-47ff950d210f",
        "value": "09e4f724e73fccc1f659b8a46bfa7184"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-03a4-41ba-a412-4114950d210f",
        "value": "b12325a1e6379b213d35def383da2986"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-00f8-4b12-b9ce-4afb950d210f",
        "value": "8a41520c89dce75a345ab20ee352fef0"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-d480-4029-a1e2-4fa7950d210f",
        "value": "7c651d115109fd8f35fddfc44fd24518"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-7860-4a21-8938-4862950d210f",
        "value": "b88d4d72fdabfc040ac7fb768bf72dcd"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971691",
        "to_ids": true,
        "type": "md5",
        "uuid": "5caefc2b-4c4c-4c03-8cca-4c91950d210f",
        "value": "3be75036010f1f2102b6ce09a9299bca"
      },
      {
        "category": "Network activity",
        "comment": "C&C",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1554971734",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5caefc56-19c4-499d-b0ab-447b950d210f",
        "value": "192.95.14.128"
      }
    ],
    "Object": [
      {
        "comment": "PowerShell Backdoor",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "16",
        "timestamp": "1554971888",
        "uuid": "5caefc9c-d268-486d-882b-4d9b950d210f",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "5caefc9c-d268-486d-882b-4d9b950d210f",
            "referenced_uuid": "5caefc56-19c4-499d-b0ab-447b950d210f",
            "relationship_type": "connects-to",
            "timestamp": "1554971887",
            "uuid": "5caefcef-78b8-4ec4-a27e-4bd3950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "filename",
            "timestamp": "1554971804",
            "to_ids": true,
            "type": "filename",
            "uuid": "5caefc9c-b354-4d9a-9415-4304950d210f",
            "value": "ICAS.ps1"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971804",
            "to_ids": true,
            "type": "md5",
            "uuid": "5caefc9c-97a0-48fa-bdb7-403c950d210f",
            "value": "b12325a1e6379b213d35def383da2986"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1554971804",
            "to_ids": false,
            "type": "text",
            "uuid": "5caefc9c-5c60-4989-bd87-4d30950d210f",
            "value": "Malicious"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
        "meta-category": "misc",
        "name": "script",
        "template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
        "template_version": "2",
        "timestamp": "1554972545",
        "uuid": "5caeff81-12e0-4a18-bfa2-406b950d210f",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "script",
            "timestamp": "1554972545",
            "to_ids": false,
            "type": "text",
            "uuid": "5caeff81-5fac-4c75-9599-4c5c950d210f",
            "value": "import base64\r\nimport re\r\n\r\nc = open(\"c:\\\\users\\\\[username]\\\\desktop\\\\[filename]\").readlines()\r\n\r\nline_list = []\r\n\r\nfor line in c:\r\n    #print(line)\r\n    try:\r\n        enc = re.search(\"(?<=\\$\\(\\[Text.Encoding\\]::Unicode.GetString\\(\\[Convert\\]::FromBase64String\\().*?(?=\\))\",line).group()\r\n\t\tprint(line)\r\n\t\tprint(enc)\r\n\t\td = ('\"' + base64.b64decode(enc) + '\"')\r\n\t\te = (re.sub(\"\\$\\(\\[Text.Encoding\\]::Unicode.GetString\\(\\[Convert\\]::FromBase64String\\(.*?\\)\\)\\)\",d,line))\r\n\t\tf = re.sub(\"\\0\",\"\",e)\r\n\t\tline_list.append(f)\r\n        \r\n    except:\r\n        line_list.append(line)\r\n\r\n\r\nwith open(\"c:\\\\users\\\\[username]\\\\desktop\\\\laz_decoded.ps1\",\"wt\") as t:\r\n    for unit in line_list:\r\n        t.write(unit)"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "language",
            "timestamp": "1554972545",
            "to_ids": false,
            "type": "text",
            "uuid": "5caeff81-ebc8-44c0-a1a5-4c95950d210f",
            "value": "Python"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "comment",
            "timestamp": "1554972545",
            "to_ids": false,
            "type": "text",
            "uuid": "5caeff81-901c-4033-975f-404d950d210f",
            "value": "Support for decrypting"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1554972545",
            "to_ids": false,
            "type": "text",
            "uuid": "5caeff81-08f0-4464-8219-479b950d210f",
            "value": "Trusted"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972878",
        "uuid": "0f82f247-68d7-432b-9207-6a651e249789",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "0f82f247-68d7-432b-9207-6a651e249789",
            "referenced_uuid": "f09e7ee6-1c63-4b54-8640-c296e0f51a48",
            "relationship_type": "analysed-with",
            "timestamp": "1554972881",
            "uuid": "5caf00d1-ae60-4ef4-8e25-4d92950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "13144d56-c562-415e-8318-3854414982e2",
            "value": "b12325a1e6379b213d35def383da2986"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "0d727ffd-7828-446a-863e-7938f84f5859",
            "value": "c48ff39e5efc6ca60c31200344c47b5de3b3605d"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "e2747611-4b4f-4d1b-943c-bf3861730ae8",
            "value": "6ed6ac7b499f7fa613949c412b4245dd21c684192afd3de5614575c37cf35e1f"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972878",
        "uuid": "f09e7ee6-1c63-4b54-8640-c296e0f51a48",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "03826117-eb1a-42e4-bd88-75ffe1331ae3",
            "value": "2019-03-02T21:11:05"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "f472bf32-b7a3-4727-978c-4b0cc5a28951",
            "value": "https://www.virustotal.com/file/6ed6ac7b499f7fa613949c412b4245dd21c684192afd3de5614575c37cf35e1f/analysis/1551561065/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "3d6944b2-214f-44b3-915c-b7f214edec33",
            "value": "18/53"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972878",
        "uuid": "ae0407a4-1c88-4dbe-8217-038a7f410235",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "ae0407a4-1c88-4dbe-8217-038a7f410235",
            "referenced_uuid": "b02e8fad-5c20-428f-ae2f-97dc1a84a1b6",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-b6b4-49f3-adbb-468b950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "480f9ada-e7f5-48ee-99c3-ab1645aaa601",
            "value": "b88d4d72fdabfc040ac7fb768bf72dcd"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "1ea0995a-8e8f-4643-ab3e-8049db693750",
            "value": "3f1735ddba2fffa2814319079bcf8d8c4431147e"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "c99dcf99-a865-4a12-b2e5-9b097346dee0",
            "value": "52eb8f654d33f1d5c34b5bae0d83360158d8eccc32ddcbb555d7b1b7c943842c"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972878",
        "uuid": "b02e8fad-5c20-428f-ae2f-97dc1a84a1b6",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "67a5a105-747a-495f-88e5-fe4154efefa2",
            "value": "2019-03-13T11:40:15"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "eff5c459-06ee-4f01-8fd4-67fb402a01db",
            "value": "https://www.virustotal.com/file/52eb8f654d33f1d5c34b5bae0d83360158d8eccc32ddcbb555d7b1b7c943842c/analysis/1552477215/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "ac1bb17b-a429-4ea9-bc8f-e79587181035",
            "value": "15/57"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972878",
        "uuid": "2826ff14-cad5-43cd-b6cd-6820a2d11785",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "2826ff14-cad5-43cd-b6cd-6820a2d11785",
            "referenced_uuid": "30b8618d-3d37-49c8-b5ce-d9b0b60bd069",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-a058-4167-acf9-4476950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "11f02c86-74e2-430a-baf1-97fdf349a31d",
            "value": "53f7be945d5755bb628deecb71cdcbf2"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "e32cc2b5-4ad3-45c3-918d-9bd5fe90a874",
            "value": "dc560698ced8b4dffd7b35c7dcb82822a2d3c134"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "41c83a9d-65ab-4508-8396-c19c35bee6c4",
            "value": "a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972879",
        "uuid": "30b8618d-3d37-49c8-b5ce-d9b0b60bd069",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "95a8bf34-e34f-4726-a1bc-3f38cec9bf23",
            "value": "2019-03-28T10:36:15"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "bb5bf427-258a-4898-8f5c-f55f512674e6",
            "value": "https://www.virustotal.com/file/a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a/analysis/1553769375/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "94da223c-c4ac-4bb8-aaba-9997177c2e30",
            "value": "36/60"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972879",
        "uuid": "ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
            "referenced_uuid": "d97fb25c-3f24-4bab-acb7-2cb440918538",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-ec3c-4742-b2a2-4e0c950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "19b463f4-608f-4a77-b1aa-99e636b4e0a0",
            "value": "5b7244c47104f169b0840440cdede788"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "b7ebd77c-e5e6-45dd-9265-bb0a52b50bff",
            "value": "0415eda9cbd038a8aed69cc35641338b65bb89f6"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "82db44f7-9f6a-4167-8825-ce976b2d0763",
            "value": "4939fcb4ef14b21219c55c9de93f607915cc8b36399b47ef5edd8fa6e693ce08"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972879",
        "uuid": "d97fb25c-3f24-4bab-acb7-2cb440918538",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "6b1e308e-d573-402f-a5a1-3a2c524a89cf",
            "value": "2019-04-09T05:38:29"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "beef1671-1aa1-4056-b511-24f26bb631b7",
            "value": "https://www.virustotal.com/file/4939fcb4ef14b21219c55c9de93f607915cc8b36399b47ef5edd8fa6e693ce08/analysis/1554788309/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "639f2415-b7fa-45bc-9eca-013da84ad048",
            "value": "44/67"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972879",
        "uuid": "526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
            "referenced_uuid": "122483b1-248c-4166-84bf-bf59cf4a598f",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-693c-4981-b0e1-4109950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "72824f75-8f3f-4776-b6e4-ac5b1ac37aa3",
            "value": "e00499e21f9dcf77fc990400b8b3c2b5"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "4a5f6821-9587-42dd-bbb0-2e0153747a59",
            "value": "04b5be447def79e43d4329611c0e0800d784820a"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "a632d8e8-23ef-4c03-b036-a50c719f2871",
            "value": "c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972879",
        "uuid": "122483b1-248c-4166-84bf-bf59cf4a598f",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "a2f2a35a-38f1-4baf-9f1c-911bbf33b34a",
            "value": "2019-03-29T01:50:32"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "96a16ff6-d8d9-4090-90f0-cf846ec2a861",
            "value": "https://www.virustotal.com/file/c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4/analysis/1553824232/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "ce5bebb0-870f-45aa-89a8-a140adf6d741",
            "value": "43/66"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972879",
        "uuid": "ab826329-510d-44a0-9899-82e9d734561e",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "ab826329-510d-44a0-9899-82e9d734561e",
            "referenced_uuid": "c98a3166-c9c2-4b97-b669-d844f7a15b50",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-0cc4-4016-bcda-42cb950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "3e945616-7fe4-4a53-85f7-ae8851101c9c",
            "value": "2e0d13266b45024153396f002e882f15"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "338c8efa-eccb-4588-a5c6-0a4d74ad3d53",
            "value": "f4b9f05f9c774b65c9581aa06a2fac1eca94704d"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "c5fcbd7a-78a3-44b5-8345-2887a15794f0",
            "value": "54e35e0b763d45d3974fc5d01c446a6a1cc123fb7bb09646064ea008137adffe"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972879",
        "uuid": "c98a3166-c9c2-4b97-b669-d844f7a15b50",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "6cf19386-ae30-42f3-acc1-9e09454bb2a2",
            "value": "2019-03-01T01:42:59"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "2b0f36cb-0e63-4bbc-b115-3cd04d4b509b",
            "value": "https://www.virustotal.com/file/54e35e0b763d45d3974fc5d01c446a6a1cc123fb7bb09646064ea008137adffe/analysis/1551404579/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "846d62d1-661f-4760-8119-c80945b1b121",
            "value": "22/52"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972879",
        "uuid": "8edf4809-f353-4a04-b77e-3e84960327b5",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "8edf4809-f353-4a04-b77e-3e84960327b5",
            "referenced_uuid": "b33073cd-b85f-46a3-929c-d7893547e63d",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-d79c-45c0-8855-4ad9950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "b597559b-05e6-457f-bebe-9b9722a47b08",
            "value": "8a41520c89dce75a345ab20ee352fef0"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "042fbef5-e555-4faf-994c-a8116d52e1eb",
            "value": "3ad86e1776018eb3743be06996d7a63963673a57"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "383e68c4-5c84-4808-8010-80ecc37d0bdb",
            "value": "8a0e6c50a6483f2f01a458cd0cb4e485605778c42c9708b07b820968132efb76"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972879",
        "uuid": "b33073cd-b85f-46a3-929c-d7893547e63d",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "ad30c3eb-63ff-4472-9be6-9e94096a9fcc",
            "value": "2019-02-15T04:42:30"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "81d19681-e6df-4292-8879-f08548f83b3c",
            "value": "https://www.virustotal.com/file/8a0e6c50a6483f2f01a458cd0cb4e485605778c42c9708b07b820968132efb76/analysis/1550205750/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "1cea6915-795d-467a-a6d1-a5e13b4cc244",
            "value": "12/56"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972879",
        "uuid": "a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
            "referenced_uuid": "c2aaa9d9-db45-4eab-9ca8-e285a677dc05",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-eba4-4335-9501-401f950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "dc6c3bb5-809b-4239-a29e-adcf28d3eff7",
            "value": "9c35e9aa9255aa2214d704668b039ef6"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "55e831f1-fee6-4d0f-a71c-261cf480f514",
            "value": "9b47b600e25f6f552acd6228d08e1bac0861c082"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "952126b0-6208-4b95-9fe2-47424adc5a51",
            "value": "752ab2023ef74bd2974e18e81dbb9f969c347e2104c045ae8f6f778a77f6199f"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972879",
        "uuid": "c2aaa9d9-db45-4eab-9ca8-e285a677dc05",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "df2b4a00-71b9-444d-b078-56c85e283350",
            "value": "2019-02-21T00:44:10"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "e85ec22e-ec4f-46df-b1f8-e42dbeecc797",
            "value": "https://www.virustotal.com/file/752ab2023ef74bd2974e18e81dbb9f969c347e2104c045ae8f6f778a77f6199f/analysis/1550709850/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "f7b1e661-152d-42a5-ab45-e3faa856230c",
            "value": "26/57"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972880",
        "uuid": "0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
            "referenced_uuid": "8f375dd5-8169-46db-9da5-c71686b424b1",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-8888-4870-8b59-4cba950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "3e6c88db-fefd-46d7-aedb-d8906655c8fe",
            "value": "cc29adb5b78300b0f17e566ad461b2c7"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "d6c6f051-5924-4b7c-aa0c-22a99e2814e3",
            "value": "67d2d7af7d04565b252eeea28d58fcfb61d4aa4c"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "e95ea6e4-3559-4762-9f04-3613552d19f6",
            "value": "db3d9a3f3e44818853e7273cae5dc9b0921c38ceb8b554a980251826e985e37f"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972880",
        "uuid": "8f375dd5-8169-46db-9da5-c71686b424b1",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "c1abf0e9-f39e-409e-b0a2-45182ec40e87",
            "value": "2019-02-21T00:30:03"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "48454521-3db4-43eb-b51d-101cb51ba7ca",
            "value": "https://www.virustotal.com/file/db3d9a3f3e44818853e7273cae5dc9b0921c38ceb8b554a980251826e985e37f/analysis/1550709003/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "81aaf368-3c2d-410f-bdff-5f4b8e51f80c",
            "value": "34/59"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972880",
        "uuid": "ade3118a-0418-44f4-9967-524ba203ee24",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "ade3118a-0418-44f4-9967-524ba203ee24",
            "referenced_uuid": "b70df9f5-45ab-4369-a434-263514e9a1a5",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-83dc-4865-8ee7-48f4950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "4236faf6-590d-4dcc-b786-44fc58f83b82",
            "value": "3be75036010f1f2102b6ce09a9299bca"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "7497ee58-8fcb-478d-a8e3-8c2642ba2892",
            "value": "c47c00040779225593d23fb105892f544e4f7966"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "4fb82170-f0b8-468f-bfb1-fdfa7c5ff846",
            "value": "fd7c2afabbfc3b20ec73d5719eba04195c59b4a70b2de266995438032e1e80ef"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972881",
        "uuid": "b70df9f5-45ab-4369-a434-263514e9a1a5",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "2b3f2295-7e97-4d86-bc07-0bc9c3a979ce",
            "value": "2019-02-19T05:20:12"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "0b19c5be-e1e2-470f-8821-a2ec8f5ce62e",
            "value": "https://www.virustotal.com/file/fd7c2afabbfc3b20ec73d5719eba04195c59b4a70b2de266995438032e1e80ef/analysis/1550553612/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "35466d48-f6cf-4f90-a1f3-7c9a024e55aa",
            "value": "12/56"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972881",
        "uuid": "e23b9b62-4226-4fd2-be50-d37fb7b643ea",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "e23b9b62-4226-4fd2-be50-d37fb7b643ea",
            "referenced_uuid": "43bfebb6-83a2-48c1-8872-47102ef582aa",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-0a90-44f9-8223-4101950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "8083e212-33a3-42ea-8307-1104ba37ff07",
            "value": "26f09267d0ec0d339e70561a610fb1fd"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "8ad0ac1e-aa26-4949-9e24-3d838c630f31",
            "value": "8d0d5f1bfd5f1d13eb2c44d9dc31a91d80ee69db"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "81016a48-9b3e-4da6-a675-f0e492a4426b",
            "value": "6f807662e04b5cfb85bc892e27a29994ddcf78e7c3311581753761fede3d5bd1"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972881",
        "uuid": "43bfebb6-83a2-48c1-8872-47102ef582aa",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "372f3141-dc25-4241-8cef-b1f6afb29b74",
            "value": "2019-02-28T01:32:54"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "e50ac75b-0881-4ca9-b651-74bafd3239b9",
            "value": "https://www.virustotal.com/file/6f807662e04b5cfb85bc892e27a29994ddcf78e7c3311581753761fede3d5bd1/analysis/1551317574/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "95ea6470-32f9-4e41-a39b-00419bf6eab4",
            "value": "23/54"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972881",
        "uuid": "27704985-ae7f-4621-bfdb-e6b92e3eabff",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "27704985-ae7f-4621-bfdb-e6b92e3eabff",
            "referenced_uuid": "5475eb79-4664-4ee7-967d-5c8c1d19b715",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-eed0-499a-a68b-42bf950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "d82ef4b7-e51d-41d7-8519-2047447f4fe8",
            "value": "7c651d115109fd8f35fddfc44fd24518"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "adb52a25-bf6d-4aa2-a7ca-e1fa3a6a71c4",
            "value": "a62b7b3b43127e213090590cae18f3432e2f7f57"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "8332589d-d328-462f-8c77-dd3d31205e94",
            "value": "56102f70df2e481a91d3be1e33facd7e220e2b685405ddf873f3ab079e99873e"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972881",
        "uuid": "5475eb79-4664-4ee7-967d-5c8c1d19b715",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "f4accdef-6776-4be1-883e-1adab8684282",
            "value": "2019-03-13T11:41:37"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "2b892246-97bc-478e-99ca-ed590ab43938",
            "value": "https://www.virustotal.com/file/56102f70df2e481a91d3be1e33facd7e220e2b685405ddf873f3ab079e99873e/analysis/1552477297/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "ea38c96f-7044-4892-8dd9-fdfa1a997299",
            "value": "13/56"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "15",
        "timestamp": "1554972881",
        "uuid": "847b7779-1090-43be-9436-9c851a0777d5",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "847b7779-1090-43be-9436-9c851a0777d5",
            "referenced_uuid": "e5f252bc-b462-4792-9999-ea950b1f633b",
            "relationship_type": "analysed-with",
            "timestamp": "1554972882",
            "uuid": "5caf00d2-a6a8-4fd5-918b-486c950d210f"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "md5",
            "uuid": "dd5e5e53-540a-4bd7-90ab-73d67839ce3c",
            "value": "09e4f724e73fccc1f659b8a46bfa7184"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha1",
            "uuid": "94f16eeb-ec6b-4f08-bdcd-db5545e57aa0",
            "value": "2c98ee7d46006dadff275a3bea49b9a56c0f301d"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1554971691",
            "to_ids": true,
            "type": "sha256",
            "uuid": "a628da5d-9ea4-4205-b999-5462cc9431e6",
            "value": "28a53479fd83579057f9784c14a006d36ea3ed8625bd640cfc64ddb07b58d169"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1554972881",
        "uuid": "e5f252bc-b462-4792-9999-ea950b1f633b",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "datetime",
            "uuid": "873fed9e-a063-41a9-b665-fc3484492996",
            "value": "2019-04-08T01:22:20"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "link",
            "uuid": "e71667f0-1874-45fc-8cc7-ad24c09dd7d9",
            "value": "https://www.virustotal.com/file/28a53479fd83579057f9784c14a006d36ea3ed8625bd640cfc64ddb07b58d169/analysis/1554686540/"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1554971691",
            "to_ids": false,
            "type": "text",
            "uuid": "c0e860c3-1179-49e1-97d7-df48dfbac249",
            "value": "24/59"
          }
        ]
      }
    ]
  }
}