2018-01-05 19:17:25 +01:00
{
2019-08-02 18:01:08 +02:00
"Attribute" : [
{
"Tag" : [
{
"colour" : "#00223b" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "101" ,
"name" : "osint:source-type=\"blog-post\"" ,
"user_id" : "0"
} ,
{
"colour" : "#007cd6" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "618" ,
"name" : "osint:certainty=\"93\"" ,
"user_id" : "0"
}
] ,
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188757" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893921" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a3c2fda-78f4-44b7-8366-46da02de0b81" ,
"value" : "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
} ,
{
"Tag" : [
{
"colour" : "#00223b" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "101" ,
"name" : "osint:source-type=\"blog-post\"" ,
"user_id" : "0"
} ,
{
"colour" : "#007cd6" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "618" ,
"name" : "osint:certainty=\"93\"" ,
"user_id" : "0"
}
] ,
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188758" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893921" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3c2fee-7c8c-438a-8f7f-465402de0b81" ,
"value" : "The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET’ s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit’ s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group’ s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
} ,
{
"category" : "Network activity" ,
"comment" : "Xagent Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188759" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893957" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3c3045-ab0c-4d38-8efe-459002de0b81" ,
"value" : "movieultimate.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Xagent Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188760" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893957" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3c3045-61dc-495c-ae8a-471e02de0b81" ,
"value" : "meteost.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Xagent Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188761" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893957" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3c3045-e354-4978-a6b4-49ad02de0b81" ,
"value" : "faststoragefiles.org"
} ,
{
"category" : "Network activity" ,
"comment" : "Xagent Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188762" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893957" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3c3045-968c-4572-9f64-491502de0b81" ,
"value" : "nethostnet.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Xagent Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188763" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893957" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3c3045-eb44-433f-a13a-44b902de0b81" ,
"value" : "fsportal.net"
} ,
{
"category" : "Network activity" ,
"comment" : "Xagent Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188764" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893957" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3c3045-6a88-479d-b799-4d3d02de0b81" ,
"value" : "fastdataexchange.org"
} ,
{
"category" : "Network activity" ,
"comment" : "Xagent Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188765" ,
"object_id" : "0" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513893957" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3c3045-7480-4831-a5c4-48c802de0b81" ,
"value" : "newfilmts.com"
}
] ,
"Galaxy" : [
{
"GalaxyCluster" : [
{
"authors" : [
"Alexandre Dulaunoy" ,
"Florian Roth" ,
"Thomas Schreck" ,
"Timo Steffens" ,
"Various"
] ,
"description" : "The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat." ,
"galaxy_id" : "366" ,
"id" : "45563" ,
"meta" : {
"country" : [
"RU"
] ,
"refs" : [
"https://en.wikipedia.org/wiki/Sofacy_Group" ,
"https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf" ,
"http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf" ,
"https://www2.fireeye.com/rs/848-DID-242/images/wp-mandiant-matryoshka-mining.pdf" ,
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/" ,
"http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/"
] ,
"synonyms" : [
"APT 28" ,
"APT28" ,
"Pawn Storm" ,
"Fancy Bear" ,
"Sednit" ,
"TsarTeam" ,
"TG-4127" ,
"Group-4127" ,
"STRONTIUM" ,
"TAG_0700" ,
"Swallowtail" ,
"IRON TWILIGHT" ,
"Group 74"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "MISP Project" ,
"tag_id" : "1100" ,
"tag_name" : "misp-galaxy:threat-actor=\"Sofacy\"" ,
"type" : "threat-actor" ,
"uuid" : "7cdff317-a673-4474-84ec-4f1754947823" ,
"value" : "Sofacy" ,
"version" : "30"
}
] ,
"description" : "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour." ,
"icon" : "user-secret" ,
"id" : "366" ,
"name" : "Threat Actor" ,
"type" : "threat-actor" ,
"uuid" : "698774c7-8022-42c4-917f-8d6e4f06ada3" ,
"version" : "2"
} ,
{
"GalaxyCluster" : [
{
"authors" : [
"Kafeine" ,
"Will Metcalf" ,
"KahuSecurity"
] ,
"description" : "Sednit EK is the exploit kit used by APT28" ,
"galaxy_id" : "370" ,
"id" : "38813" ,
"meta" : {
"refs" : [
"http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/" ,
"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
] ,
"status" : [
"Active"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "MISP Project" ,
"tag_id" : "3007" ,
"tag_name" : "misp-galaxy:exploit-kit=\"Sednit EK\"" ,
"type" : "exploit-kit" ,
"uuid" : "454f4e78-bd7c-11e6-a4a6-cec0c932ce01" ,
"value" : "Sednit EK" ,
"version" : "5"
} ,
{
"authors" : [
"Kafeine" ,
"Will Metcalf" ,
"KahuSecurity"
] ,
"description" : "DealersChoice is a Flash Player Exploit platform triggered by RTF" ,
"galaxy_id" : "370" ,
"id" : "38805" ,
"meta" : {
"refs" : [
"http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/" ,
"http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"status" : [
"Active"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"synonyms" : [
"Sednit RTF EK"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "MISP Project" ,
"tag_id" : "3015" ,
"tag_name" : "misp-galaxy:exploit-kit=\"DealersChoice\"" ,
"type" : "exploit-kit" ,
"uuid" : "454f4e78-bd7c-11e6-a4a6-cec0c932ce01" ,
"value" : "DealersChoice" ,
"version" : "5"
}
] ,
"description" : "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years" ,
"icon" : "internet-explorer" ,
"id" : "370" ,
"name" : "Exploit-Kit" ,
"type" : "exploit-kit" ,
"uuid" : "6ab240ec-bd79-11e6-a4a6-cec0c932ce01" ,
"version" : "3"
} ,
{
"GalaxyCluster" : [
{
"authors" : [
"Alexandre Dulaunoy" ,
"Florian Roth" ,
"Timo Steffens" ,
"Christophe Vandeplas"
] ,
"description" : "backdoor" ,
"galaxy_id" : "367" ,
"id" : "46592" ,
"meta" : {
"refs" : [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"synonyms" : [
"Sednit" ,
"Seduploader" ,
"JHUHUGIT" ,
"Sofacy"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"type" : [
"Backdoor"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "MISP Project" ,
"tag_id" : "2215" ,
"tag_name" : "misp-galaxy:tool=\"GAMEFISH\"" ,
"type" : "tool" ,
"uuid" : "0d821b68-9d82-4c6d-86a6-1071a9e0f79f" ,
"value" : "GAMEFISH" ,
"version" : "45"
} ,
{
"authors" : [
"Alexandre Dulaunoy" ,
"Florian Roth" ,
"Timo Steffens" ,
"Christophe Vandeplas"
] ,
"description" : "" ,
"galaxy_id" : "367" ,
"id" : "46670" ,
"meta" : {
"synonyms" : [
"XTunnel"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "MISP Project" ,
"tag_id" : "1012" ,
"tag_name" : "misp-galaxy:tool=\"X-Tunnel\"" ,
"type" : "tool" ,
"uuid" : "0d821b68-9d82-4c6d-86a6-1071a9e0f79f" ,
"value" : "X-Tunnel" ,
"version" : "45"
} ,
{
"authors" : [
"Alexandre Dulaunoy" ,
"Florian Roth" ,
"Timo Steffens" ,
"Christophe Vandeplas"
] ,
"description" : "backdoor used by apt28\n\nSedreco serves as a spying backdoor; its functionalities can be extended with dynamically loaded plugins. It is made up of two distinct components: a dropper and the persistent payload installed by this dropper. We have not seen this component since April 2016." ,
"galaxy_id" : "367" ,
"id" : "46591" ,
"meta" : {
"possible_issues" : [
"Report tells that is could be Xagent alias (Java Rat)"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"refs" : [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"synonyms" : [
"Sedreco" ,
"AZZY" ,
"ADVSTORESHELL" ,
"NETUI"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"type" : [
"Backdoor"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "MISP Project" ,
"tag_id" : "3011" ,
"tag_name" : "misp-galaxy:tool=\"EVILTOSS\"" ,
"type" : "tool" ,
"uuid" : "0d821b68-9d82-4c6d-86a6-1071a9e0f79f" ,
"value" : "EVILTOSS" ,
"version" : "45"
} ,
{
"authors" : [
"Alexandre Dulaunoy" ,
"Florian Roth" ,
"Timo Steffens" ,
"Christophe Vandeplas"
] ,
"description" : "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.\n\nXagent is a modular backdoor with spying functionalities such as keystroke logging and file exfiltration. Xagent is the group’ s flagship backdoor and heavily used in their operations. Early versions for Linux and Windows were seen years ago, then in 2015 an iOS version came out. One year later, an Android version was discovered and finally, in the beginning of 2017, an Xagent sample for OS X was described." ,
"galaxy_id" : "367" ,
"id" : "46669" ,
"meta" : {
"refs" : [
"http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/" ,
"https://app.box.com/s/l7n781ig6n8wlf1aff5hgwbh4qoi5jqq" ,
"https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"synonyms" : [
"XAgent"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"type" : [
"Backdoor"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "MISP Project" ,
"tag_id" : "1011" ,
"tag_name" : "misp-galaxy:tool=\"X-Agent\"" ,
"type" : "tool" ,
"uuid" : "0d821b68-9d82-4c6d-86a6-1071a9e0f79f" ,
"value" : "X-Agent" ,
"version" : "45"
}
] ,
"description" : "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries." ,
"icon" : "optin-monster" ,
"id" : "367" ,
"name" : "Tool" ,
"type" : "tool" ,
"uuid" : "9b8037f7-bc8f-4de1-a797-37266619bc0b" ,
"version" : "2"
} ,
{
"GalaxyCluster" : [
{
"authors" : [
"MITRE"
] ,
"description" : "JHUHUGIT is malware used by APT28. It is based on Carberp source code and serves as reconnaissance malware.[[Citation: Kaspersky Sofacy]][[Citation: F-Secure Sofacy 2015]][[Citation: ESET Sednit Part 1]][[Citation: FireEye APT28 January 2017]]\n\nAliases: JHUHUGIT, Seduploader, JKEYSKW, Sednit, GAMEFISH" ,
"galaxy_id" : "365" ,
"id" : "41618" ,
"meta" : {
"refs" : [
"https://attack.mitre.org/wiki/Software/S0044" ,
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf" ,
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ,
"https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/" ,
"https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"synonyms" : [
"JHUHUGIT" ,
"Seduploader" ,
"JKEYSKW" ,
"Sednit" ,
"GAMEFISH"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"uuid" : [
"8ae43c46-57ef-47d5-a77a-eebb35628db2"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "https://github.com/mitre/cti" ,
"tag_id" : "3008" ,
"tag_name" : "misp-galaxy:mitre-malware=\"JHUHUGIT\"" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"value" : "JHUHUGIT" ,
"version" : "4"
} ,
{
"authors" : [
"MITRE"
] ,
"description" : "XTunnel a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.[[Citation: Crowdstrike DNC June 2016]][[Citation: Invincea XTunnel]][[Citation: ESET Sednit Part 2]]\n\nAliases: XTunnel, X-Tunnel, XAPS" ,
"galaxy_id" : "365" ,
"id" : "41543" ,
"meta" : {
"refs" : [
"https://attack.mitre.org/wiki/Software/S0117" ,
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf" ,
"https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/" ,
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"synonyms" : [
"XTunnel" ,
"X-Tunnel" ,
"XAPS"
] ,
"uuid" : [
"7343e208-7cab-45f2-a47b-41ba5e2f0fab"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "https://github.com/mitre/cti" ,
"tag_id" : "3009" ,
"tag_name" : "misp-galaxy:mitre-malware=\"XTunnel\"" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"value" : "XTunnel" ,
"version" : "4"
} ,
{
"authors" : [
"MITRE"
] ,
"description" : "ADVSTORESHELL is a spying backdoor that has been used by APT28 from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase.[[Citation: Kaspersky Sofacy]][[Citation: ESET Sednit Part 2]]\n\nAliases: ADVSTORESHELL, NETUI, EVILTOSS, AZZY, Sedreco" ,
"galaxy_id" : "365" ,
"id" : "41582" ,
"meta" : {
"refs" : [
"https://attack.mitre.org/wiki/Software/S0045" ,
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf" ,
"https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"synonyms" : [
"ADVSTORESHELL" ,
"NETUI" ,
"EVILTOSS" ,
"AZZY" ,
"Sedreco"
2018-01-05 19:17:25 +01:00
] ,
2019-08-02 18:01:08 +02:00
"uuid" : [
"fb575479-14ef-41e9-bfab-0b7cf10bec73"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "https://github.com/mitre/cti" ,
"tag_id" : "3010" ,
"tag_name" : "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"value" : "ADVSTORESHELL" ,
"version" : "4"
} ,
{
"authors" : [
"MITRE"
] ,
"description" : "USBStealer is malware that has used by APT28 since at least 2005 to extract information from air-gapped networks. It does not have the capability to communicate over the Internet and has been used in conjunction with ADVSTORESHELL.[[Citation: ESET Sednit USBStealer 2014]][[Citation: Kaspersky Sofacy]]\n\nAliases: USBStealer, USB Stealer, Win32/USBStealer" ,
"galaxy_id" : "365" ,
"id" : "41549" ,
"meta" : {
"refs" : [
"https://attack.mitre.org/wiki/Software/S0136" ,
"http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/" ,
"https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
] ,
"synonyms" : [
"USBStealer" ,
"USB Stealer" ,
"Win32/USBStealer"
] ,
"uuid" : [
"af2ad3b7-ab6a-4807-91fd-51bcaff9acbb"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "https://github.com/mitre/cti" ,
"tag_id" : "3012" ,
"tag_name" : "misp-galaxy:mitre-malware=\"USBStealer\"" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"value" : "USBStealer" ,
"version" : "4"
} ,
{
"authors" : [
"MITRE"
] ,
"description" : "is a trojan that has been used by APT28 on OS X and appears to be a port of their standard CHOPSTICK or XAgent trojan.[[Citation: XAgentOSX]]" ,
"galaxy_id" : "365" ,
"id" : "41551" ,
"meta" : {
"refs" : [
"https://attack.mitre.org/wiki/Software/S0161" ,
"https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/"
] ,
"uuid" : [
"5930509b-7793-4db9-bdfc-4edda7709d0d"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "https://github.com/mitre/cti" ,
"tag_id" : "3013" ,
"tag_name" : "misp-galaxy:mitre-malware=\"XAgentOSX\"" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"value" : "XAgentOSX" ,
"version" : "4"
} ,
{
"authors" : [
"MITRE"
] ,
"description" : "CHOPSTICK is malware family of modular backdoors used by APT28. It has been used from at least November 2012 to August 2016 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases.[[Citation: FireEye APT28]][[Citation: ESET Sednit Part 2]][[Citation: FireEye APT28 January 2017]]\n\nAliases: CHOPSTICK, SPLM, Xagent, X-Agent, webhp" ,
"galaxy_id" : "365" ,
"id" : "41559" ,
"meta" : {
"refs" : [
"https://attack.mitre.org/wiki/Software/S0023" ,
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ,
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf" ,
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf"
] ,
"synonyms" : [
"CHOPSTICK" ,
"SPLM" ,
"Xagent" ,
"X-Agent" ,
"webhp"
] ,
"uuid" : [
"ccd61dfc-b03f-4689-8c18-7c97eab08472"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "https://github.com/mitre/cti" ,
"tag_id" : "3014" ,
"tag_name" : "misp-galaxy:mitre-malware=\"CHOPSTICK\"" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"value" : "CHOPSTICK" ,
"version" : "4"
} ,
{
"authors" : [
"MITRE"
] ,
"description" : "Downdelph is a first-stage downloader written in Delphi that has been used by APT28 in rare instances between 2013 and 2015.[[Citation: ESET Sednit Part 3]]\n\nAliases: Downdelph, Delphacy" ,
"galaxy_id" : "365" ,
"id" : "41504" ,
"meta" : {
"refs" : [
"https://attack.mitre.org/wiki/Software/S0134" ,
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf"
] ,
"synonyms" : [
"Downdelph" ,
"Delphacy"
] ,
"uuid" : [
"08d20cd2-f084-45ee-8558-fa6ef5a18519"
]
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"source" : "https://github.com/mitre/cti" ,
"tag_id" : "3016" ,
"tag_name" : "misp-galaxy:mitre-malware=\"Downdelph\"" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"value" : "Downdelph" ,
"version" : "4"
}
] ,
"description" : "Name of ATT&CK software" ,
"icon" : "optin-monster" ,
"id" : "365" ,
"name" : "Malware" ,
"type" : "mitre-malware" ,
"uuid" : "d752161c-78f6-11e7-a0ea-bfa79b407ce4" ,
"version" : "4"
}
] ,
"Object" : [
{
"Attribute" : [
{
"Tag" : [
{
"name" : "blah"
}
] ,
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188944" ,
"object_id" : "1555" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd5b6-2850-435f-bd0d-4c62950d210f" ,
"value" : "Bulletin.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188945" ,
"object_id" : "1555" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936310" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd5b6-78a8-4e47-8333-4c62950d210f" ,
"value" : "68064fc152e23d56e541714af52651cb4ba81aaf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188946" ,
"object_id" : "1555" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936310" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd5b6-23d8-43ba-8518-4c62950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Sednit.AX" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1555" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"uuid" : "5a3cd5b6-9568-4342-b2ab-4c62950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188947" ,
"object_id" : "1556" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936388" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd604-748c-4fc0-88bf-c170950d210f" ,
"value" : "f3805382ae2e23ff1147301d131a06e00e4ff75f"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188948" ,
"object_id" : "1556" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936388" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd604-6668-4469-a1c0-c170950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.CVE-2016-4117.A" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1556" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936388" ,
"uuid" : "5a3cd604-e11c-4de5-bbbf-c170950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188949" ,
"object_id" : "1557" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936531" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd693-dc40-445d-a4d7-4ae0950d210f" ,
"value" : "OC_PSO_2017.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188950" ,
"object_id" : "1557" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936531" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd693-8ffc-4d95-b522-4e84950d210f" ,
"value" : "512bdfe937314ac3f195c462c395feeb36932971"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188951" ,
"object_id" : "1557" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936531" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd693-a8f0-4aea-a834-4097950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.NUB" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1557" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936531" ,
"uuid" : "5a3cd693-fd9c-4fcf-b69a-439c950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188952" ,
"object_id" : "1558" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936578" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd6c2-d31c-40cc-bcc1-4458950d210f" ,
"value" : "NASAMS.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188953" ,
"object_id" : "1558" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936578" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd6c2-6a54-4b4c-8748-4c84950d210f" ,
"value" : "30b3e8c0f3f3cf200daa21c267ffab3cad64e68b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188954" ,
"object_id" : "1558" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936578" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd6c2-1c68-45de-8325-464a950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.NTR" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1558" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936578" ,
"uuid" : "5a3cd6c2-d290-4787-910f-4e6d950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188955" ,
"object_id" : "1559" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936718" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd74e-584c-45b9-8557-486d950d210f" ,
"value" : "Programm_Details.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188956" ,
"object_id" : "1559" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936718" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd74e-f334-4e6b-b37f-462f950d210f" ,
"value" : "4173b29a251cd9c1cab135f67cb60acab4ace0c5"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188957" ,
"object_id" : "1559" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936718" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd74e-5900-4fbf-85c6-4c81950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.NTO" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1559" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936718" ,
"uuid" : "5a3cd74e-1504-40ff-9a28-4501950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188958" ,
"object_id" : "1560" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936757" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd775-e8f4-465a-aca2-4c5a950d210f" ,
"value" : "Operation_in_Mosul.rtf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188959" ,
"object_id" : "1560" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936757" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd775-1190-4db7-961a-4c5a950d210f" ,
"value" : "12a37cfdd3f3671074dd5b0f354269cec028fb52"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188960" ,
"object_id" : "1560" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936757" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd775-fa5c-4453-bcb0-4c5a950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.NTR" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1560" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936757" ,
"uuid" : "5a3cd775-e4cc-44bb-89b6-4c5a950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188961" ,
"object_id" : "1561" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936943" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd82f-b918-4520-ba8b-5165950d210f" ,
"value" : "ARM-NATO_ENGLISH_30_NOV_2016.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188962" ,
"object_id" : "1561" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936943" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd82f-cae4-4209-9338-5165950d210f" ,
"value" : "15201766bd964b7c405aeb11db81457220c31e46"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188963" ,
"object_id" : "1561" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936943" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd82f-d91c-43af-8262-5165950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "SWF/Agent.L" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1561" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936943" ,
"uuid" : "5a3cd82f-2788-4561-bbeb-5165950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188964" ,
"object_id" : "1562" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936967" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd847-0aa0-4b5c-aa30-5165950d210f" ,
"value" : "Olympic-Agenda-2020-20-20-Recommendations.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188965" ,
"object_id" : "1562" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936967" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd847-593c-4985-8756-5165950d210f" ,
"value" : "8078e411fbe33864dfd8f87ad5105cc1fd26d62e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188966" ,
"object_id" : "1562" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936967" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd847-1324-4fad-af60-5165950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.BL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1562" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936967" ,
"uuid" : "5a3cd847-b5a0-42f7-ac4b-5165950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188967" ,
"object_id" : "1563" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936993" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd861-9350-40c1-ac29-4771950d210f" ,
"value" : "Merry_Christmas!.docx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188968" ,
"object_id" : "1563" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936993" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd861-18ac-4cf0-b96f-4986950d210f" ,
"value" : "33447383379ca99083442b852589111296f0c603"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188969" ,
"object_id" : "1563" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513936993" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd861-cfbc-4096-baae-40e2950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.NUG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1563" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513936993" ,
"uuid" : "5a3cd861-65c0-4b69-9429-4f37950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188970" ,
"object_id" : "1564" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937021" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd87d-fa9c-41aa-897f-49a5950d210f" ,
"value" : "Trump’ s_Attack_on_Syria_English.docx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188971" ,
"object_id" : "1564" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937021" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd87d-c630-4487-8336-4615950d210f" ,
"value" : "d5235d136cfcadbef431eea7253d80bde414db9d"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188972" ,
"object_id" : "1564" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937021" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd87d-8c98-4660-9026-44de950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.NWZ" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1564" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937021" ,
"uuid" : "5a3cd87d-f514-4071-a5f7-4ec2950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188973" ,
"object_id" : "1565" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937047" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd897-4cc0-48b0-bb2c-461f950d210f" ,
"value" : "Hotel_Reservation_Form.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188974" ,
"object_id" : "1565" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937047" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd897-fa64-466c-9421-49c5950d210f" ,
"value" : "f293a2bfb728060c54efeeb03c5323893b5c80df"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188975" ,
"object_id" : "1565" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937047" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd897-f020-44cf-8dfc-4225950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Sednit.BN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1565" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937046" ,
"uuid" : "5a3cd896-f6cc-4e52-bcb2-442c950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188976" ,
"object_id" : "1566" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937070" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd8ae-7194-48fd-810e-4c5a950d210f" ,
"value" : "SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188977" ,
"object_id" : "1566" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937071" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd8af-f39c-443c-bcf1-4c5a950d210f" ,
"value" : "bb10ed5d59672fbc6178e35d0feac0562513e9f0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188978" ,
"object_id" : "1566" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937071" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd8af-b3ec-478a-b585-4c5a950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Sednit.BN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1566" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937070" ,
"uuid" : "5a3cd8ae-54d0-46bb-adbb-4c5a950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188979" ,
"object_id" : "1567" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937083" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd8bb-74d8-4d19-ae08-4043950d210f" ,
"value" : "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188980" ,
"object_id" : "1567" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937083" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd8bb-77bc-4cc4-887f-429d950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1567" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937083" ,
"uuid" : "5a3cd8bb-a704-4f1d-a235-444e950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188981" ,
"object_id" : "1568" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937097" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd8c9-4d2c-4145-a637-4f13950d210f" ,
"value" : "169c8f3e3d22e192c108bc95164d362ce5437465"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188982" ,
"object_id" : "1568" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937097" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd8c9-7ff0-42f7-ae80-4eb6950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1568" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937097" ,
"uuid" : "5a3cd8c9-6568-406a-853c-4862950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188983" ,
"object_id" : "1569" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937116" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd8dc-48c0-4ea0-a67d-4734950d210f" ,
"value" : "cc7607015cd7a1a4452acd3d87adabdd7e005bd7"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188984" ,
"object_id" : "1569" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937116" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd8dc-9ed8-4a4d-9ceb-4daa950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Sednit.BN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1569" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937115" ,
"uuid" : "5a3cd8db-2838-4466-a986-4afb950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188985" ,
"object_id" : "1570" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937147" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd8fb-1efc-4059-ae7a-42f5950d210f" ,
"value" : "Caucasian_Eagle_ENG.docx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188986" ,
"object_id" : "1570" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937147" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd8fb-9cec-4a30-8b2f-4441950d210f" ,
"value" : "5d2c7d87995cc5b8184baba2c7a1900a48b2f42d"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188987" ,
"object_id" : "1570" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937147" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd8fb-e52c-489b-8da5-43d1950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "Win32/Exploit.Agent.NTM" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1570" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937147" ,
"uuid" : "5a3cd8fb-cd14-4b00-9710-430c950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188988" ,
"object_id" : "1571" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937166" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd90e-5eb4-4069-b160-5276950d210f" ,
"value" : "World War3.docx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188989" ,
"object_id" : "1571" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937166" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd90e-6d2c-4ffc-a699-5276950d210f" ,
"value" : "7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188990" ,
"object_id" : "1571" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937166" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd90e-28e8-410e-8033-5276950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "SWF/Exploit.CVE-2017-11292.A" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1571" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937166" ,
"uuid" : "5a3cd90e-538c-4b7e-95dc-5276950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188991" ,
"object_id" : "1572" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937191" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd927-e810-4d22-a0e4-4057950d210f" ,
"value" : "SaberGuardian2017.docx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188992" ,
"object_id" : "1572" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937191" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd927-f284-43b9-83d1-473b950d210f" ,
"value" : "68c2809560c7623d2307d8797691abf3eafe319a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188993" ,
"object_id" : "1572" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937191" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd927-b844-49f2-a1a9-4c85950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "VBA/DDE.E" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1572" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937191" ,
"uuid" : "5a3cd927-e410-489c-abfc-4b63950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188994" ,
"object_id" : "1573" ,
"object_relation" : "filename" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937212" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a3cd93c-2438-4dda-823e-463d950d210f" ,
"value" : "IsisAttackInNewYork.docx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188995" ,
"object_id" : "1573" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937212" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cd93c-1ef0-4d81-9476-4655950d210f" ,
"value" : "1c6c700ceebfbe799e115582665105caa03c5c9e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188996" ,
"object_id" : "1573" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937212" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cd93c-949c-40ac-9094-4a4a950d210f" ,
"value" : "Malicious"
}
] ,
"comment" : "VBA/DDE.L" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1573" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937212" ,
"uuid" : "5a3cd93c-716c-4918-a00f-4671950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188997" ,
"object_id" : "1574" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937559" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cda97-7e58-4642-aaf5-c5ed950d210f" ,
"value" : "6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188998" ,
"object_id" : "1574" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937559" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cda97-6020-423d-9d23-c5ed950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-ab0c-4d38-8efe-459002de0b81" ,
"value" : "movieultimate.com"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "159" ,
"object_id" : "1574" ,
"object_uuid" : "5a3cda96-85c4-45a1-82ea-c5ed950d210f" ,
"referenced_id" : "1188759" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-ab0c-4d38-8efe-459002de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513937826" ,
"uuid" : "5a3cdba2-2fdc-4f9a-a4eb-4dae950d210f"
}
] ,
"comment" : "Win64/Sednit.Z" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1574" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513937826" ,
"uuid" : "5a3cda96-85c4-45a1-82ea-c5ed950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1188999" ,
"object_id" : "1575" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937864" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdbc8-0aac-4d8a-8c1f-4c5a950d210f" ,
"value" : "e19f753e514f6adec8f81bcdefb9117979e69627"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189000" ,
"object_id" : "1575" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937864" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdbc8-e204-4606-b9ea-4c5a950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-61dc-495c-ae8a-471e02de0b81" ,
"value" : "meteost.com"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "160" ,
"object_id" : "1575" ,
"object_uuid" : "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f" ,
"referenced_id" : "1188760" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-61dc-495c-ae8a-471e02de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938091" ,
"uuid" : "5a3cdcab-8200-4c65-868e-42a9950d210f"
}
] ,
"comment" : "Win64/Sednit.Z" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1575" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938091" ,
"uuid" : "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189001" ,
"object_id" : "1576" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937910" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdbf6-eca0-4c09-9bd0-4c59950d210f" ,
"value" : "961468ddd3d0fa25beb8210c81ba620f9170ed30"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189002" ,
"object_id" : "1576" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937910" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdbf6-acd8-4a36-a028-4c59950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-e354-4978-a6b4-49ad02de0b81" ,
"value" : "faststoragefiles.org"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "164" ,
"object_id" : "1576" ,
"object_uuid" : "5a3cdbf6-f814-491f-9f93-4c59950d210f" ,
"referenced_id" : "1188761" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-e354-4978-a6b4-49ad02de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938210" ,
"uuid" : "5a3cdd22-b7d8-4754-a108-4742950d210f"
}
] ,
"comment" : "Win32/Sednit.BO" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1576" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938210" ,
"uuid" : "5a3cdbf6-f814-491f-9f93-4c59950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189003" ,
"object_id" : "1577" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937929" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdc09-b428-4c0b-9969-c5ed950d210f" ,
"value" : "a0719b50265505c8432616c0a4e14ed206981e95"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189004" ,
"object_id" : "1577" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937929" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdc09-05d8-4356-ba52-c5ed950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-968c-4572-9f64-491502de0b81" ,
"value" : "nethostnet.com"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "162" ,
"object_id" : "1577" ,
"object_uuid" : "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f" ,
"referenced_id" : "1188762" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-968c-4572-9f64-491502de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938169" ,
"uuid" : "5a3cdcf9-d5a4-4c8e-a201-45b1950d210f"
}
] ,
"comment" : "Win32/Sednit.BO" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1577" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938169" ,
"uuid" : "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189005" ,
"object_id" : "1578" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937953" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdc21-a170-4637-b139-4812950d210f" ,
"value" : "2cf6436b99d11d9d1e0c488af518e35162ecbc9c"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189006" ,
"object_id" : "1578" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937953" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdc21-3274-4800-9e91-41e2950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-e354-4978-a6b4-49ad02de0b81" ,
"value" : "faststoragefiles.org"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "165" ,
"object_id" : "1578" ,
"object_uuid" : "5a3cdc21-856c-48bd-a757-4f4b950d210f" ,
"referenced_id" : "1188761" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-e354-4978-a6b4-49ad02de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938226" ,
"uuid" : "5a3cdd32-3044-4895-8f18-4d06950d210f"
}
] ,
"comment" : "Win64/Sednit.Y" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1578" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938226" ,
"uuid" : "5a3cdc21-856c-48bd-a757-4f4b950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189007" ,
"object_id" : "1579" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937975" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdc37-cee0-43d0-9e20-4db6950d210f" ,
"value" : "fec29b4f4dccc59770c65c128dfe4564d7c13d33"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189008" ,
"object_id" : "1579" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937976" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdc38-ac24-44be-a1ed-4935950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-eb44-433f-a13a-44b902de0b81" ,
"value" : "fsportal.net"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "163" ,
"object_id" : "1579" ,
"object_uuid" : "5a3cdc37-89e8-4a2d-823a-4af8950d210f" ,
"referenced_id" : "1188763" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-eb44-433f-a13a-44b902de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938189" ,
"uuid" : "5a3cdd0d-d990-42ba-830d-5156950d210f"
}
] ,
"comment" : "Win64/Sednit.Y" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1579" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938190" ,
"uuid" : "5a3cdc37-89e8-4a2d-823a-4af8950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189009" ,
"object_id" : "1580" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937992" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdc48-c74c-4b6e-8202-5156950d210f" ,
"value" : "57d7f3d31c491f8aef4665ca4dd905c3c8a98795"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189010" ,
"object_id" : "1580" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513937992" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdc48-55dc-420e-9b5d-5156950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-6a88-479d-b799-4d3d02de0b81" ,
"value" : "fastdataexchange.org"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "161" ,
"object_id" : "1580" ,
"object_uuid" : "5a3cdc48-b9a0-4775-a03f-5156950d210f" ,
"referenced_id" : "1188764" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-6a88-479d-b799-4d3d02de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938129" ,
"uuid" : "5a3cdcd1-c6cc-43d8-a2f4-4681950d210f"
}
] ,
"comment" : "Win64/Sednit.Z" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1580" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938129" ,
"uuid" : "5a3cdc48-b9a0-4775-a03f-5156950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189011" ,
"object_id" : "1581" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513938011" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdc5b-54a8-4e60-bc67-4c5a950d210f" ,
"value" : "a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189012" ,
"object_id" : "1581" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513938011" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdc5b-b390-4183-aec7-4c5a950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-7480-4831-a5c4-48c802de0b81" ,
"value" : "newfilmts.com"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "168" ,
"object_id" : "1581" ,
"object_uuid" : "5a3cdc5a-8760-4efa-949a-4c5a950d210f" ,
"referenced_id" : "1188765" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-7480-4831-a5c4-48c802de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938280" ,
"uuid" : "5a3cdd68-7968-40d1-a0a9-5156950d210f"
}
] ,
"comment" : "Win32/Sednit.BO" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1581" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938280" ,
"uuid" : "5a3cdc5a-8760-4efa-949a-4c5a950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189013" ,
"object_id" : "1582" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513938034" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3cdc72-ba30-4ecd-9d21-4654950d210f" ,
"value" : "1958e722afd0dba266576922abc98aa505cf5f9a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189014" ,
"object_id" : "1582" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513938034" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3cdc72-0804-42c4-acfa-4ac5950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Attribute" : {
"category" : "Network activity" ,
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
"sharing_group_id" : "0" ,
"to_ids" : true ,
2019-08-02 18:01:08 +02:00
"type" : "domain" ,
"uuid" : "5a3c3045-7480-4831-a5c4-48c802de0b81" ,
"value" : "newfilmts.com"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "167" ,
"object_id" : "1582" ,
"object_uuid" : "5a3cdc72-1538-4c66-af46-427b950d210f" ,
"referenced_id" : "1188765" ,
"referenced_type" : "0" ,
"referenced_uuid" : "5a3c3045-7480-4831-a5c4-48c802de0b81" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513938264" ,
"uuid" : "5a3cdd58-9800-4bae-837c-4f20950d210f"
}
] ,
"comment" : "Win32/Sednit.BO" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1582" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513938264" ,
"uuid" : "5a3cdc72-1538-4c66-af46-427b950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189015" ,
"object_id" : "1583" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939882" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce3aa-e104-481e-a7f4-4bc1950d210f" ,
"value" : "9f6bed7d7f4728490117cbc85819c2e6c494251b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189016" ,
"object_id" : "1583" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939882" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce3aa-74fc-48c7-af40-4c6a950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "173" ,
"object_id" : "1583" ,
"object_uuid" : "5a3ce3a9-f070-4403-a1f6-4b8c950d210f" ,
"referenced_id" : "1592" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce58a-3198-4cb8-9d51-44e5950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513947459" ,
"uuid" : "5a3d0143-c300-4118-8afe-4a2d950d210f"
}
] ,
2020-03-24 14:34:24 +01:00
"comment" : "Win32/Sednit.AX" ,
2019-08-02 18:01:08 +02:00
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1583" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948642" ,
"uuid" : "5a3ce3a9-f070-4403-a1f6-4b8c950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189017" ,
"object_id" : "1584" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939907" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce3c3-6d9c-48f4-93db-4a61950d210f" ,
"value" : "4bc722a9b0492a50bd86a1341f02c74c0d773db7"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189018" ,
"object_id" : "1584" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939907" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce3c3-c38c-4e30-a904-4c8f950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "188" ,
"object_id" : "1584" ,
"object_uuid" : "5a3ce3c3-34b4-4e1f-b238-4399950d210f" ,
"referenced_id" : "1603" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce6ae-98d8-4270-b88f-47f2950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948518" ,
"uuid" : "5a3d0566-34fc-4a62-b2a5-4f91950d210f"
}
] ,
"comment" : "Win32/Sednit.BS" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1584" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948535" ,
"uuid" : "5a3ce3c3-34b4-4e1f-b238-4399950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189019" ,
"object_id" : "1585" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce3d4-9168-4e23-8b64-485a950d210f" ,
"value" : "ab354807e687993fbeb1b325eb6e4ab38d428a1e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189020" ,
"object_id" : "1585" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939924" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce3d4-27e0-4366-943f-4b9a950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "189" ,
"object_id" : "1585" ,
"object_uuid" : "5a3ce3d4-07bc-4af3-90fc-4798950d210f" ,
"referenced_id" : "1602" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948528" ,
"uuid" : "5a3d0570-a86c-4264-a43a-4125950d210f"
}
] ,
"comment" : "Win32/Sednit.BS" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1585" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948597" ,
"uuid" : "5a3ce3d4-07bc-4af3-90fc-4798950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189021" ,
"object_id" : "1586" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939946" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce3ea-8dbc-4cf4-997f-448b950d210f" ,
"value" : "9c47ca3883196b3a84d67676a804ff50e22b0a9f"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189022" ,
"object_id" : "1586" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939946" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce3ea-e714-444e-ad9b-40b0950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce68d-1940-4ea6-becd-44fe950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "190" ,
"object_id" : "1586" ,
"object_uuid" : "5a3ce3ea-580c-477c-9b73-4e57950d210f" ,
"referenced_id" : "1601" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce68d-1940-4ea6-becd-44fe950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948614" ,
"uuid" : "5a3d05c6-0618-4520-9549-48a0950d210f"
}
] ,
"comment" : "Win32/Sednit.BR" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1586" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948626" ,
"uuid" : "5a3ce3ea-580c-477c-9b73-4e57950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189023" ,
"object_id" : "1587" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939972" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce404-7bfc-4316-bd32-55ea950d210f" ,
"value" : "8a68f26d01372114f660e32ac4c9117e5d0577f1"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189024" ,
"object_id" : "1587" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939972" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce404-7224-4525-922a-55ea950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce680-90d4-478d-95db-48a6950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "182" ,
"object_id" : "1587" ,
"object_uuid" : "5a3ce404-efc0-4f15-864e-55ea950d210f" ,
"referenced_id" : "1600" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce680-90d4-478d-95db-48a6950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948044" ,
"uuid" : "5a3d038c-1cc8-4d9c-87ab-c5ed950d210f"
}
] ,
"comment" : "Win32/Sednit.BN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1587" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948073" ,
"uuid" : "5a3ce404-efc0-4f15-864e-55ea950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189025" ,
"object_id" : "1588" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939991" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce417-62a4-4d46-9a87-55ea950d210f" ,
"value" : "476fc1d31722ac26b46154cbf0c631d60268b28a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189026" ,
"object_id" : "1588" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513939991" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce417-43f0-494d-ac2e-55ea950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce66e-70b4-47e7-b965-46f6950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "187" ,
"object_id" : "1588" ,
"object_uuid" : "5a3ce417-7cd4-4c36-8a73-55ea950d210f" ,
"referenced_id" : "1599" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce66e-70b4-47e7-b965-46f6950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948483" ,
"uuid" : "5a3d0543-8f74-4086-aafc-418a950d210f"
}
] ,
"comment" : "Win32/Sednit.BN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1588" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948498" ,
"uuid" : "5a3ce417-7cd4-4c36-8a73-55ea950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189027" ,
"object_id" : "1589" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940012" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce42c-836c-49e7-a9f3-4a5f950d210f" ,
"value" : "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189028" ,
"object_id" : "1589" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940012" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce42c-4c88-4940-94b8-4084950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce60a-6db8-4212-b194-4339950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "183" ,
"object_id" : "1589" ,
"object_uuid" : "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f" ,
"referenced_id" : "1594" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce60a-6db8-4212-b194-4339950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948106" ,
"uuid" : "5a3d03ca-2398-4060-b13c-404a950d210f"
} ,
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "184" ,
"object_id" : "1589" ,
"object_uuid" : "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f" ,
"referenced_id" : "1595" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948117" ,
"uuid" : "5a3d03d5-6d8c-4dfb-b193-4002950d210f"
}
] ,
"comment" : "Win32/Sednit.BN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1589" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948128" ,
"uuid" : "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189029" ,
"object_id" : "1590" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940027" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce43b-6738-4a14-a318-4d65950d210f" ,
"value" : "e338d49c270baf64363879e5eecb8fa6bdde8ad9"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189030" ,
"object_id" : "1590" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940027" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce43b-3a10-4d78-9ee2-485c950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "186" ,
"object_id" : "1590" ,
"object_uuid" : "5a3ce43a-5478-4f65-95b2-4e1e950d210f" ,
"referenced_id" : "1593" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce5f8-3418-4f7b-ae41-4bca950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513948320" ,
"uuid" : "5a3d04a0-9d28-47c3-a12c-465b950d210f"
}
] ,
"comment" : "Win32/Sednit.BG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1590" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513948339" ,
"uuid" : "5a3ce43a-5478-4f65-95b2-4e1e950d210f"
} ,
{
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189031" ,
"object_id" : "1591" ,
"object_relation" : "sha1" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940042" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a3ce44a-2ea4-4526-8bbc-c328950d210f" ,
"value" : "6e167da3c5d887fa2e58da848a2245d11b6c5ad6"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189032" ,
"object_id" : "1591" ,
"object_relation" : "state" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940042" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3ce44a-5118-4142-97f0-c328950d210f" ,
"value" : "Malicious"
}
] ,
"ObjectReference" : [
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "170" ,
"object_id" : "1591" ,
"object_uuid" : "5a3ce44a-ce70-42b7-80b8-c328950d210f" ,
"referenced_id" : "1597" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce64e-8bf8-4dc6-be49-437f950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513940734" ,
"uuid" : "5a3ce6fe-b0c4-44df-a609-419a950d210f"
} ,
{
"Object" : {
2018-01-05 19:17:25 +01:00
"distribution" : "5" ,
2019-08-02 18:01:08 +02:00
"meta-category" : "network" ,
"name" : "domain-ip" ,
2018-01-05 19:17:25 +01:00
"sharing_group_id" : "0" ,
2019-08-02 18:01:08 +02:00
"uuid" : "5a3ce65c-fc40-4585-817e-4ca3950d210f"
2018-01-05 19:17:25 +01:00
} ,
2019-08-02 18:01:08 +02:00
"comment" : "" ,
"deleted" : false ,
"event_id" : "9747" ,
"id" : "171" ,
"object_id" : "1591" ,
"object_uuid" : "5a3ce44a-ce70-42b7-80b8-c328950d210f" ,
"referenced_id" : "1598" ,
"referenced_type" : "1" ,
"referenced_uuid" : "5a3ce65c-fc40-4585-817e-4ca3950d210f" ,
"relationship_type" : "communicates-with" ,
"timestamp" : "1513940753" ,
"uuid" : "5a3ce711-a0dc-4dbe-b59e-495a950d210f"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "Win32/Sednit.BG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1591" ,
"meta-category" : "file" ,
"name" : "file" ,
"sharing_group_id" : "0" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513940753" ,
"uuid" : "5a3ce44a-ce70-42b7-80b8-c328950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189033" ,
"object_id" : "1592" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940362" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce58a-fcd8-48d5-8b4a-4fd9950d210f" ,
"value" : "87.236.211.182"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189034" ,
"object_id" : "1592" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940362" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce58a-6e14-48ea-9746-48f2950d210f" ,
"value" : "servicecdp.com"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1592" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940362" ,
"uuid" : "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189035" ,
"object_id" : "1593" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940472" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce5f8-99b4-41a2-915a-4bf8950d210f" ,
"value" : "95.215.45.43"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189036" ,
"object_id" : "1593" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940472" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce5f8-62c8-4f04-89c2-4aeb950d210f" ,
"value" : "wmdmediacodecs.com"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1593" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940472" ,
"uuid" : "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189037" ,
"object_id" : "1594" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940490" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce60a-cc50-4553-bfff-4ea9950d210f" ,
"value" : "89.45.67.144"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189038" ,
"object_id" : "1594" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940491" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce60b-e648-4667-8432-4ba8950d210f" ,
"value" : "mvband.net"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1594" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940490" ,
"uuid" : "5a3ce60a-6db8-4212-b194-4339950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189039" ,
"object_id" : "1595" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940506" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce61a-4458-4c36-866e-44e9950d210f" ,
"value" : "89.33.246.117"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189040" ,
"object_id" : "1595" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940506" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce61a-f820-4a43-b3d9-47e5950d210f" ,
"value" : "mvtband.net"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1595" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940506" ,
"uuid" : "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189041" ,
"object_id" : "1596" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940542" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce63e-66d4-483f-bae6-44f6950d210f" ,
"value" : "87.236.211.182"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189042" ,
"object_id" : "1596" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940542" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce63e-0d88-405b-82a9-43b5950d210f" ,
"value" : "servicecdp.com"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1596" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940542" ,
"uuid" : "5a3ce63e-0240-46f5-b9ed-4759950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189043" ,
"object_id" : "1597" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940558" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce64e-d7a8-4817-a132-4c72950d210f" ,
"value" : "185.156.173.70"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189044" ,
"object_id" : "1597" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940558" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce64e-243c-4931-b733-403c950d210f" ,
"value" : "runvercheck.com"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1597" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940558" ,
"uuid" : "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189045" ,
"object_id" : "1598" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940572" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce65c-bf78-4b78-bafd-4cf6950d210f" ,
"value" : "191.101.31.96"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189046" ,
"object_id" : "1598" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940572" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce65c-8140-4146-a927-45e4950d210f" ,
"value" : "remsupport.org"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1598" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940572" ,
"uuid" : "5a3ce65c-fc40-4585-817e-4ca3950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189047" ,
"object_id" : "1599" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940591" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce66f-150c-43ec-a3ff-4aa5950d210f" ,
"value" : "89.187.150.44"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189048" ,
"object_id" : "1599" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940591" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce66f-466c-478e-8064-4b42950d210f" ,
"value" : "viters.org"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1599" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940590" ,
"uuid" : "5a3ce66e-70b4-47e7-b965-46f6950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189049" ,
"object_id" : "1600" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940608" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce680-7b04-466d-b187-4301950d210f" ,
"value" : "146.185.253.132"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189050" ,
"object_id" : "1600" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940608" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce680-12f4-4001-9f86-4aa4950d210f" ,
"value" : "myinvestgroup.com"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1600" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940608" ,
"uuid" : "5a3ce680-90d4-478d-95db-48a6950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189051" ,
"object_id" : "1601" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940621" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce68d-0108-4557-8921-4377950d210f" ,
"value" : "86.106.131.141"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189052" ,
"object_id" : "1601" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940622" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce68e-54d0-4c67-8c4c-4dea950d210f" ,
"value" : "space-delivery.com"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1601" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940621" ,
"uuid" : "5a3ce68d-1940-4ea6-becd-44fe950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189054" ,
"object_id" : "1602" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940642" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce6a2-4a38-4b90-8d74-4f10950d210f" ,
"value" : "89.34.111.160"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189055" ,
"object_id" : "1602" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940642" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce6a2-ffa4-4afb-89ab-42a6950d210f" ,
"value" : "satellitedeluxpanorama.com"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1602" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940641" ,
"uuid" : "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
} ,
{
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189056" ,
"object_id" : "1603" ,
"object_relation" : "ip" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940654" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a3ce6ae-601c-44b8-8eec-4a5f950d210f" ,
"value" : "185.216.35.26"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1189057" ,
"object_id" : "1603" ,
"object_relation" : "domain" ,
"sharing_group_id" : "0" ,
"timestamp" : "1513940654" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a3ce6ae-3b00-420a-82fd-45fb950d210f" ,
"value" : "webviewres.net"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
] ,
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"distribution" : "5" ,
"event_id" : "9747" ,
"id" : "1603" ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"sharing_group_id" : "0" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1513940654" ,
"uuid" : "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
}
] ,
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"RelatedEvent" : [
{
"Event" : {
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"analysis" : "2" ,
"date" : "2017-12-14" ,
"distribution" : "3" ,
"id" : "9616" ,
2019-10-09 16:07:40 +02:00
"info" : "OSINT - Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure" ,
2019-08-02 18:01:08 +02:00
"org_id" : "2" ,
"orgc_id" : "2" ,
"published" : false ,
"threat_level_id" : "3" ,
"timestamp" : "1513674510" ,
"uuid" : "5a329d19-03e0-4eaa-8b4d-4310950d210f"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
} ,
{
"Event" : {
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"analysis" : "2" ,
"date" : "2017-12-07" ,
"distribution" : "3" ,
"id" : "9552" ,
"info" : "OSINT - Master Channel: The Boleto Mestre Campaign Targets Brazil" ,
"org_id" : "2" ,
"orgc_id" : "2" ,
"published" : false ,
"threat_level_id" : "3" ,
"timestamp" : "1512657975" ,
"uuid" : "5a2943a3-c574-44bb-8e68-45de950d210f"
2018-01-05 19:17:25 +01:00
}
2019-08-02 18:01:08 +02:00
} ,
{
"Event" : {
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"analysis" : "0" ,
"date" : "2017-11-27" ,
"distribution" : "3" ,
"id" : "9513" ,
"info" : "OSINT - Tizi: Detecting and blocking socially engineered spyware on Android" ,
"org_id" : "2" ,
"orgc_id" : "2" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1512356440" ,
"uuid" : "5a23a972-e6a0-4a05-b505-4e8f02de0b81"
}
} ,
{
"Event" : {
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"analysis" : "2" ,
"date" : "2017-11-07" ,
"distribution" : "3" ,
"id" : "9309" ,
"info" : "OSINT - Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack" ,
"org_id" : "2" ,
"orgc_id" : "2" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1511385862" ,
"uuid" : "5a021bc2-8e0c-4ac5-b048-cc3e02de0b81"
}
} ,
{
"Event" : {
"Org" : {
"id" : "291" ,
"name" : "NCSC-NL" ,
"uuid" : "5697b0c4-9474-4336-b675-28140a950b0b"
} ,
"Orgc" : {
"id" : "291" ,
"name" : "NCSC-NL" ,
"uuid" : "5697b0c4-9474-4336-b675-28140a950b0b"
} ,
"analysis" : "2" ,
"date" : "2017-10-23" ,
"distribution" : "3" ,
"id" : "9208" ,
2019-10-09 16:07:40 +02:00
"info" : "Talos: \"Cyber Conflict\" Decoy Document Used In Real Cyber Conflict" ,
2019-08-02 18:01:08 +02:00
"org_id" : "291" ,
"orgc_id" : "291" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1510088616" ,
"uuid" : "59ed9c81-6484-47a9-aab4-191d0a950b0c"
}
} ,
{
"Event" : {
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"analysis" : "2" ,
"date" : "2017-08-11" ,
"distribution" : "3" ,
"id" : "8798" ,
"info" : "OSINT - APT28 Targets Hospitality Sector, Presents Threat to Travelers" ,
"org_id" : "2" ,
"orgc_id" : "2" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1502460096" ,
"uuid" : "598db7fd-47a8-45f8-9414-408b02de0b81"
}
} ,
{
"Event" : {
"Org" : {
"id" : "231" ,
"name" : "kingfisherops.com" ,
"uuid" : "566ff5f4-7020-4089-9003-4374950d210f"
} ,
"Orgc" : {
"id" : "204" ,
"name" : "CERT-BUND" ,
"uuid" : "56a64d7a-63dc-4471-bce9-4accc25ed029"
} ,
"analysis" : "0" ,
"date" : "2017-07-25" ,
"distribution" : "3" ,
"id" : "8750" ,
"info" : "European Defence Agency lure drops mssuppa.dat" ,
"org_id" : "231" ,
"orgc_id" : "204" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1500967989" ,
"uuid" : "5976f294-a844-44fe-a4f0-6c67c25ed029"
}
} ,
{
"Event" : {
"Org" : {
"id" : "277" ,
"name" : "inthreat.com" ,
"uuid" : "5697b91d-2090-441f-b153-75e895ca48b7"
} ,
"Orgc" : {
"id" : "277" ,
"name" : "inthreat.com" ,
"uuid" : "5697b91d-2090-441f-b153-75e895ca48b7"
} ,
"analysis" : "2" ,
"date" : "2017-05-11" ,
"distribution" : "3" ,
"id" : "7820" ,
"info" : "APT28-Sednit adds two zero-day exploits using ‘ Trump’ s attack on Syria’ as a decoy" ,
"org_id" : "277" ,
"orgc_id" : "277" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1494824291" ,
"uuid" : "59147a22-3100-4779-9377-360395ca48b7"
}
} ,
{
"Event" : {
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"analysis" : "2" ,
"date" : "2017-05-09" ,
"distribution" : "3" ,
"id" : "7801" ,
"info" : "OSINT - EPS Processing Zero-Days Exploited by Multiple Threat Actors" ,
"org_id" : "2" ,
"orgc_id" : "2" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1494354378" ,
"uuid" : "59120865-27e0-4e6d-9b74-4a9f950d210f"
}
} ,
{
"Event" : {
"Org" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Orgc" : {
"id" : "2" ,
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"analysis" : "0" ,
"date" : "2016-12-29" ,
"distribution" : "3" ,
"id" : "5667" ,
"info" : "OSINT - GRIZZLY STEPPE – Russian Malicious Cyber Activity" ,
"org_id" : "2" ,
"orgc_id" : "2" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1494853878" ,
"uuid" : "58658c15-54ac-43c3-9beb-414502de0b81"
}
} ,
{
"Event" : {
"Org" : {
"id" : "277" ,
"name" : "inthreat.com" ,
"uuid" : "5697b91d-2090-441f-b153-75e895ca48b7"
} ,
"Orgc" : {
"id" : "277" ,
"name" : "inthreat.com" ,
"uuid" : "5697b91d-2090-441f-b153-75e895ca48b7"
} ,
"analysis" : "2" ,
"date" : "2016-12-20" ,
"distribution" : "1" ,
"id" : "5616" ,
"info" : "APT28-The Sofacy Group's DealersChoice Attacks Continue" ,
"org_id" : "277" ,
"orgc_id" : "277" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1494829249" ,
"uuid" : "58594faf-e98c-4c03-a58c-43cf95ca48b7"
}
} ,
{
"Event" : {
"Org" : {
"id" : "291" ,
"name" : "NCSC-NL" ,
"uuid" : "5697b0c4-9474-4336-b675-28140a950b0b"
} ,
"Orgc" : {
"id" : "291" ,
"name" : "NCSC-NL" ,
"uuid" : "5697b0c4-9474-4336-b675-28140a950b0b"
} ,
"analysis" : "1" ,
"date" : "2016-11-09" ,
"distribution" : "3" ,
"id" : "5348" ,
"info" : "[APT-28/Sofacy]Pawn Storm Ramps Up [European Government] Spear-phishing Before Zero-Days Get Patched" ,
"org_id" : "291" ,
"orgc_id" : "291" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1481709638" ,
"uuid" : "582341ff-0830-4b32-aaba-08640a950b0c"
}
} ,
{
"Event" : {
"Org" : {
"id" : "74" ,
"name" : "PwC.lu" ,
"uuid" : "55f6ea61-4f74-40b6-a6df-4ff9950d210f"
} ,
"Orgc" : {
"id" : "325" ,
"name" : "CUDESO" ,
"uuid" : "56c42374-fdb8-4544-a218-41ffc0a8ab16"
} ,
"analysis" : "2" ,
"date" : "2016-11-09" ,
"distribution" : "3" ,
"id" : "5641" ,
"info" : "Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched" ,
"org_id" : "74" ,
"orgc_id" : "325" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1478712711" ,
"uuid" : "58235d0e-34d4-41c1-9a2e-04dcc0a8ab16"
}
} ,
{
"Event" : {
"Org" : {
"id" : "335" ,
"name" : "Orange CERT-CC" ,
"uuid" : "5707ccb5-e330-4e25-a193-41d4950d210f"
} ,
"Orgc" : {
"id" : "335" ,
"name" : "Orange CERT-CC" ,
"uuid" : "5707ccb5-e330-4e25-a193-41d4950d210f"
} ,
"analysis" : "0" ,
"date" : "2016-10-18" ,
"distribution" : "0" ,
"id" : "5163" ,
"info" : "Orange-CERT-CC Test #01" ,
"org_id" : "335" ,
"orgc_id" : "335" ,
"published" : false ,
"threat_level_id" : "3" ,
"timestamp" : "1476782422" ,
"uuid" : "5805e8a5-611c-498b-839b-bd57950d210f"
}
} ,
{
"Event" : {
"Org" : {
"id" : "278" ,
"name" : "TDC.dk" ,
"uuid" : "56a5d575-2ff4-4738-a2ee-59be950d210f"
} ,
"Orgc" : {
"id" : "278" ,
"name" : "TDC.dk" ,
"uuid" : "56a5d575-2ff4-4738-a2ee-59be950d210f"
} ,
"analysis" : "2" ,
"date" : "2016-10-17" ,
"distribution" : "3" ,
"id" : "5165" ,
"info" : "OSINT: ‘ DealersChoice’ is Sofacy’ s Flash Player Exploit Platform" ,
"org_id" : "278" ,
"orgc_id" : "278" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1476789563" ,
"uuid" : "580602f6-f8b8-4ac3-9813-7bf7bce2ab96"
}
} ,
{
"Event" : {
"Org" : {
"id" : "412" ,
"name" : "TS" ,
"uuid" : "57470e61-3384-491d-a56f-1bb75b86d7e5"
} ,
"Orgc" : {
"id" : "412" ,
"name" : "TS" ,
"uuid" : "57470e61-3384-491d-a56f-1bb75b86d7e5"
} ,
"analysis" : "2" ,
"date" : "2016-08-19" ,
"distribution" : "1" ,
"id" : "4710" ,
"info" : "bullettin.doc sample, linked to APT28 campaign" ,
"org_id" : "412" ,
"orgc_id" : "412" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1476776982" ,
"uuid" : "57b7248f-283c-442e-8e02-2d0f5b86d7e5"
}
} ,
{
"Event" : {
"Org" : {
"id" : "277" ,
"name" : "inthreat.com" ,
"uuid" : "5697b91d-2090-441f-b153-75e895ca48b7"
} ,
"Orgc" : {
"id" : "277" ,
"name" : "inthreat.com" ,
"uuid" : "5697b91d-2090-441f-b153-75e895ca48b7"
} ,
"analysis" : "2" ,
"date" : "2016-06-20" ,
"distribution" : "3" ,
"id" : "4172" ,
"info" : "APT28 and APT29 - Inside the DNC Breaches" ,
"org_id" : "277" ,
"orgc_id" : "277" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1494829231" ,
"uuid" : "5767c102-c170-4124-ae3d-7bef95ca48b7"
}
} ,
{
"Event" : {
"Org" : {
"id" : "347" ,
"name" : "incibe.es" ,
"uuid" : "5720623c-129c-4989-ae9d-4a11950d210f"
} ,
"Orgc" : {
"id" : "665" ,
"name" : "INCIBE" ,
"uuid" : "56fa4fe4-f528-4480-8332-1ba3c0a80a8c"
} ,
"analysis" : "2" ,
"date" : "2016-06-16" ,
"distribution" : "3" ,
"id" : "6131" ,
"info" : "New Sofacy (APT28) attacks against a US Government Agency" ,
"org_id" : "347" ,
"orgc_id" : "665" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1488792538" ,
"uuid" : "5762a86a-e314-4e4e-ba5a-51c5c0a80a8e"
}
} ,
{
"Event" : {
"Org" : {
"id" : "26" ,
"name" : "CthulhuSPRL.be" ,
"uuid" : "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
} ,
"Orgc" : {
"id" : "26" ,
"name" : "CthulhuSPRL.be" ,
"uuid" : "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
} ,
"analysis" : "2" ,
"date" : "2016-06-15" ,
"distribution" : "3" ,
"id" : "3987" ,
"info" : "OSINT New Sofacy Attacks Against US Government Agency by Palo Alto Unit 42" ,
"org_id" : "26" ,
"orgc_id" : "26" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1466000907" ,
"uuid" : "57613790-f6b4-4895-943f-4467950d210f"
}
} ,
{
"Event" : {
"Org" : {
"id" : "278" ,
"name" : "TDC.dk" ,
"uuid" : "56a5d575-2ff4-4738-a2ee-59be950d210f"
} ,
"Orgc" : {
"id" : "325" ,
"name" : "CUDESO" ,
"uuid" : "56c42374-fdb8-4544-a218-41ffc0a8ab16"
} ,
"analysis" : "2" ,
"date" : "2016-06-14" ,
"distribution" : "3" ,
"id" : "4183" ,
"info" : "New Sofacy Attacks Against US Government Agency" ,
"org_id" : "278" ,
"orgc_id" : "325" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1467289109" ,
"uuid" : "57607369-2490-444a-9034-049fc0a8ab16"
}
}
] ,
"Tag" : [
{
"colour" : "#00d622" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "2" ,
"name" : "tlp:white" ,
"user_id" : "0"
} ,
{
"colour" : "#ef0081" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "2986" ,
"name" : "workflow:state=\"incomplete\"" ,
"user_id" : "0"
} ,
{
"colour" : "#810046" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "2979" ,
"name" : "workflow:todo=\"create-missing-misp-galaxy-cluster-values\"" ,
"user_id" : "0"
} ,
{
"colour" : "#91004e" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "2980" ,
"name" : "workflow:todo=\"create-missing-misp-galaxy-cluster\"" ,
"user_id" : "0"
} ,
{
"colour" : "#12e000" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "1100" ,
"name" : "misp-galaxy:threat-actor=\"Sofacy\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3007" ,
"name" : "misp-galaxy:exploit-kit=\"Sednit EK\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "2215" ,
"name" : "misp-galaxy:tool=\"GAMEFISH\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3008" ,
"name" : "misp-galaxy:mitre-malware=\"JHUHUGIT\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0c9900" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "1012" ,
"name" : "misp-galaxy:tool=\"X-Tunnel\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3009" ,
"name" : "misp-galaxy:mitre-malware=\"XTunnel\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3010" ,
"name" : "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3011" ,
"name" : "misp-galaxy:tool=\"EVILTOSS\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3012" ,
"name" : "misp-galaxy:mitre-malware=\"USBStealer\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0c9800" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "1011" ,
"name" : "misp-galaxy:tool=\"X-Agent\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3013" ,
"name" : "misp-galaxy:mitre-malware=\"XAgentOSX\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3014" ,
"name" : "misp-galaxy:mitre-malware=\"CHOPSTICK\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3015" ,
"name" : "misp-galaxy:exploit-kit=\"DealersChoice\"" ,
"user_id" : "0"
} ,
{
"colour" : "#0088cc" ,
"exportable" : true ,
"hide_tag" : false ,
"id" : "3016" ,
"name" : "misp-galaxy:mitre-malware=\"Downdelph\"" ,
"user_id" : "0"
}
] ,
"analysis" : "0" ,
"attribute_count" : "122" ,
"date" : "2017-12-21" ,
"disable_correlation" : false ,
"distribution" : "3" ,
"event_creator_email" : "alexandre.dulaunoy@circl.lu" ,
"id" : "9747" ,
"info" : "OSINT - Sednit update: How Fancy Bear Spent the Year" ,
"locked" : false ,
"org_id" : "2" ,
"orgc_id" : "2" ,
"proposal_email_lock" : false ,
"publish_timestamp" : 0 ,
"published" : false ,
"sharing_group_id" : "0" ,
"threat_level_id" : "3" ,
"uuid" : "5a3c2fcd-8328-42bb-a95e-4f4402de0b81"
2018-01-05 19:17:25 +01:00
}