MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
PyMISP/tests/reportlab_testfiles/image_event.json

2491 lines
297 KiB
JSON
Raw Normal View History

fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
{
"Event": {
"id": "1203",
"orgc_id": "2",
"org_id": "1",
"date": "2019-02-22",
"threat_level_id": "3",
"info": "OSINT - New BabyShark Malware Targets U.S. National Security Think Tanks",
"published": true,
"uuid": "5c706a30-8ad4-4fcc-9e17-4d3d02de0b81",
"attribute_count": "79",
"analysis": "0",
"timestamp": "1551169938",
"distribution": "3",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1551169938",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Attribute": [
{
"id": "239006",
"type": "link",
"category": "External analysis",
"to_ids": false,
"uuid": "5c706a3f-bfc4-43aa-8158-4ba702de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871103",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "https:\/\/unit42.paloaltonetworks.com\/new-babyshark-malware-targets-u-s-national-security-think-tanks\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239007",
"type": "comment",
"category": "External analysis",
"to_ids": false,
"uuid": "5c706a50-24a0-41c5-abcc-4a8c02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871120",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "In February 2019, Palo Alto Networks Unit 42 researchers identified spear phishing emails sent in November 2018 containing new malware that shares infrastructure with playbooks associated with North Korean campaigns. The spear phishing emails were written to appear as though they were sent from a nuclear security expert who currently works as a consultant for in the U.S. The emails were sent using a public email address with the expert\u2019s name and had a subject referencing North Korea\u2019s nuclear issues. The emails had a malicious Excel macro document attached, which when executed led to a new Microsoft Visual Basic (VB) script-based malware family which we are dubbing \u201cBabyShark\u201d.\r\n\r\nBabyShark is a relatively new malware. The earliest sample we found from open source repositories and our internal data sets was seen in November 2018. The malware is launched by executing the first stage HTA from a remote location, thus it can be delivered via different file types including PE files as well as malicious documents. It exfiltrates system information to C2 server, maintains persistence on the system, and waits for further instruction from the operator. Figure 1, below, shows the flow of execution.",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239008",
"type": "url",
"category": "Network activity",
"to_ids": true,
"uuid": "5c706a6a-e8dc-4bdd-b4a6-455002de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871146",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "https:\/\/tdalpacafarm.com\/files\/kr\/contents\/Vkggy0.hta",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239009",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aa9-6d34-4e8e-9eee-4baf02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "7b77112ac7cbb7193bcd891ce48ab2acff35e4f8d523980dff834cb42eaffafa",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239010",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aa9-5228-42ab-9124-429e02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "9d842c9c269345cd3b2a9ce7d338a03ffbf3765661f1ee6d5e178f40d409c3f8",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239011",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aa9-c114-48bf-ad10-414e02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "2b6dc1a826a4d5d5de5a30b458e6ed995a4cfb9cad8114d1197541a86905d60e",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239012",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aa9-633c-4553-a6d5-4f6002de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "66439f0e377bbe8cda3e516e801a86c64688e7c3dde0287b1bfb298a5bdbc2a2",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239013",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aaa-033c-4199-abb5-47d502de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "8ef4bc09a9534910617834457114b9217cac9cb33ae22b37889040cde4cabea6",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239014",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aaa-e2bc-4506-85f2-4af102de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "331d17dbe4ee61d8f2c91d7e4af17fb38102003663872223efaa4a15099554d7",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239015",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aaa-65e8-447c-bc54-46a502de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "1334c087390fb946c894c1863dfc9f0a659f594a3d6307fb48f24c30a23e0fc0",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239016",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aaa-4ca8-4489-bbde-4c2f02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "dc425e93e83fe02da9c76b56f6fd286eace282eaad6d8d497e17b3ec4059020a",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239017",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706aaa-090c-47e7-b8ca-4c8f02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "94a09aff59c0c27d1049509032d5ba05e9285fd522eb20b033b8188e0fee4ff0",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239018",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706ada-4610-4c99-a616-416a02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871258",
"comment": "PE version loader, signed with stolen certificate:",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "6f76a8e16908ba2d576cf0e8cdb70114dcb70e0f7223be10aab3a728dc65c41c",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239019",
"type": "filename",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706b8e-91f8-4722-ac8b-4aff02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871438",
"comment": "Decoy Filename",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "Kendall-AFA 2014 Conference-17Sept14.pdf",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239020",
"type": "filename",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706b8e-f1a4-404c-9a5d-41a902de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871438",
"comment": "Decoy Filename",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "U.S. Nuclear Deterrence.pdf",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239021",
"type": "filename",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706b8e-e198-4d15-a8d6-4f9702de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871438",
"comment": "Decoy Filename",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "\uc81c30\ucc28\ud55c\ubbf8\uc548\ubcf4 \uc548\ub0b4\uc7a5 ENKO.fdp.etadpU.scr (translates to 30th Korea-U.S. National Security Invitation Update)",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239022",
"type": "filename",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c706b8e-f3ec-4eb9-9829-4f3f02de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871438",
"comment": "Decoy Filename",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "Conference Information_2010 IFANS Conference on Global Affairs (1001).pdf",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239023",
"type": "attachment",
"category": "Payload delivery",
"to_ids": false,
"uuid": "5c706dae-90f4-4374-b312-489102de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871982",
"comment": "BabyShark is a relatively new malware. The earliest sample we found from open source repositories and our internal data sets was seen in November 2018. The malware is launched by executing the first stage HTA from a remote location, thus it can be delivered via different file types including PE files as well as malicious documents. It exfiltrates system information to C2 server, maintains persistence on the system, and waits for further instruction from the operator. Figure 1, below, shows the flow of execution.",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "Figure-1-BabyShark-execution-flow.png",
"Galaxy": [],
"data": "iVBORw0KGgoAAAANSUhEUgAABc4AAAOKCAYAAAHVbvP3AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAIdUAACHVAQSctJ0AAP+lSURBVHhe7N0HuBNF+zbwvyi9SZEivVlAFCwgKIIFRVEUC\/aGUhRRwN4Vu4INsIEVRPEVEQUUpKioFEEQaUpHkN6Rjvt993PmyZns2bRzkpxNcv+ua67dmS3ZJJvJk83szP85RBmAJzplBJ7olBF4olNG4IlOGYEnOmUEnuiUEXiiU0bgiU4ZIeSJXr169ZCJIvu\/\/2Md4ich3w28UZ07d3Y6deoUlFDONzEyvEbly5d3ChcubEooP4U90b2gvEKFCjzZI9DXZ+\/evXytfCBXJzpUqlQpI99APOdonre9TsuWLZ0DBw6YXGTYFt8G4YQ7hilTppg5x\/nvv\/+cefPmmVzu6ePNmTNH5gsWLBj2GPwm5JGGehIod6dME83zdi+P5XXCuvXr15d5nKheevbsKdMNGzbIFHbt2iXb4kTXx5swYYJMYd++fWbOcQ4ePCjT\/fv3y1TzvXv3dr7\/\/nvnr7\/+crp06RLYj+5X51NNyCOO9smk4pMOJ5rn0759ezkx3OuWK1dOypAeffRRU5oFJ+ztt98eWI60ceNGszQYlsGAAQNkavvss8\/MXLYdO3bIdNasWTK1T\/SJEyfKNFoNGzY0c8F0f4D5X375RV6Dl156yZT6W8h31X5i4URaD8tTMUWi60S7fijYdvfu3SYXWV4eK1qo5ZPxOMkU8tnoE61SpYrMeyXQaSjubVIphaPLBw4cKNO8qFatmpmjRAn5buobWa9ePadYsWKeCaI5IVIxhWOv9\/nnn0dcX9nb6TbRbkt5E\/JVjvYNSLc3Kprn89Zbb5m5bNju77\/\/NrnQ9BsAP\/h4kidPxBO9RYsWUqt7JeCblfUa6OuAacmSJWXe\/cNx586dQetS8kQ80atWrRp4c9wJdEo5Pfjgg2aOr1N+i3iiR8I3MDRWBv4R9kTHnxGREt9Eb3hdNFH+C3uiR5uI\/I5nKWUEnuiUEXiiU0YIeaLjh2asDjvsMDPnOOPHj3cWL15scuFpnI9t4gH7mzFjhvPqq6+aEsp0nie6\/r2Plm84aXDS23fK6ImJ6erVqwPzJUqUcCZPnizzOGkvueSSwLp33nmnzF944YUyLVq0qJRjXtc59NBDpXmq5tHmeevWrYH1Mf3nn39kmf4pA\/Y+APM1a9Z0XnvtNZnHn15afv7558v8tm3bnOLFi8s82vPAcccdJ1NKP9lnh0VPGtw6B17NSdu0aWPmsunJCDjRL7vsMplH2ZFHHinz7dq1k6lNtylUqJDMjx49WvIrV66UDx3KNNm6du0qUy23WwHWqVNHTnSbrvf0008727dvl3nbuHHjzFze9O\/fP5DIH4LPnAwxaNAgzxM9XkJ9MCn\/8J1IAJ7o\/pOrd2LUqFFmLvn69u1r5uJPbyfLK57o\/hP2nfj333+dPn36yHyDBg2cM844Q+Zxy9jzzz8vt1HpPY3oGQCee+455+yzz3bmz5\/vrF+\/Xsp0CvrmlypVSqbqm2++kel3330n01NPPdXp1auXrH\/ttdcG+pMZOnSoTAEhCITap5v+6MQJ\/fjjjwd+YMf7hMT+NJE\/eL4T5513nkxxor\/77rtyNQQnur55ONHvuOOOHDUglnXr1i3QhFd\/xOqJ\/sMPP8gUN\/F6wQ9VXKLEfq655hrnqquuMktycp9E+IHpxV5P5ytWrCgfntNPP13y8YbH0UT+EPU7sWLFCmfmzJlyfRrXx7ds2RJ0V7nehLtnzx5n3bp1ztq1ayUPS5cuNXOO88Ybb8h05MiRMv3iiy9kCthu7ty5Mo8bfO1r+WPHjpUpruysWbNG5pVe3dB9hmJ\/MO2bJLxupMgLnuj+w3ciAXii+0++vBPx+tHnVzzR\/SfsO4EYHbTfEDeU46TVcANhjS3aO+TRixX+qUT3bW7awxVCJ\/j9999lqvCnEkS6Lo57NAHhVyLZJzlPdv\/wfBf0zdETHTp06JDjzStSpIjz\/vvvO8uWLZO8\/qUOWAcnunsbm7vcaz2v7SKpXbu23AIIus\/p06dL3paobxZ9zNwcOyVG2HcClw7xZmnbF\/wAPeSQQ2QePTrhR+Dy5csljx+f+sZedNFFMv3ggw+cSy+9VC5Lut90fCg++eQTuQKCXq2wHGVDhgwJdMeGMt3Ovb3yKsdVnxo1aphc9jr41gi1n3hL1uNQdPhuUEbgiU4ZIeyJ3qhRIzMXmv4zan9Vh\/ra\/umnn8xcsGi\/5u1r87nFkCIzeb7rdvNSnBh6crhPksGDBwd+0GGZtj9HQpz+8MMP59gGtMx9BcWG3wJNmzYNxO+AP5RCwfqtWrUyOccZM2aMmXOcl19+2cxlrUeZJ+dZaMFJgZMM7bwxtU9abVeiZfYUCe1IcOME\/tLXfzi1\/25N2s0y9lW6dGnn1ltvlfXQ3EDpjRpLliyRE\/3nn3+W8saNG0s56LRt27YyhZNPPlmmuAFDHwP\/0Oq6lFmS+q7r3+4ffvihTImShdUbZQSe6AmCEAktJMkfeKIniPv3A+UvvgsJYp\/gPNnzH9+BGOGkjebEda+Du65i8eKLLzqzZ882udhhyEV32yPbE088IW38Qz2XSHdraWO6VMETPRdwcuCuK9xlFYr7BEIel0ijhfVxRxbaCek4UoAWoujmQ\/OhhmfEcpzMOq\/rv\/POO87mzZtlHo3ytNzNPtFxswzWw0AGgFarw4cPlz58UoX3s6SI0GcNrv1rXzKHH3544ISKNPhWs2bNAuuGgsZt2DduKdT\/DNAaFJ1E6bZ6H60X\/c\/CXl+HSjziiCPkeHXIey840fW\/CNzHi\/V0tLrTTjuNJ3qm0BME01hqarcCBQqEPNkofvgK5xJOTq3p8qJfv37OokWLTI4ShSd6LuDkRtK2+NGe7LqdJrQTinZbyhu+yrmkJ6jeXaXtgqKFdRPV3QblxBM9j3DCIqGDVDuP1Lp1aykD9I+j5UcddZQppWThiZ4L9smMFErlypXNXNY2lH\/46ueCfYKHO4GjWYeSg+9ALuiJrsmLLtM+JSl\/8USnjMATnTICT3TKCDzRKSPwRKeMwBOdMgJPdMoIPNETBG29NSVauI6dKAtP9AQJ9YeSV1koEyZMkCkGI65Vq5Y0573xxhtlOBx0DPXbb7\/J2E0YBgd0v9HuP5PwFUkQPaHtky7aE\/DLL7+UqZ7ouCMIt9BNnTrV+fHHH6UMUI4uNTACIPY9bdo0Z+HChWYp2XiiJ0heTvTcCjUyCfFET5hQJ7pXOSUeX+0E8TqhMY\/hKd3llHh8tRNET2b7hLbL7PJQEKPrAGaPPPJIYBzVOXPmBLq50G6we\/ToIVNAlxZw1113yRR69uwp07vvvlumbr1795ZRudHacsSIEaY0m44Vq+PEphqe6AkSywntptvgRK9UqZJTpkwZOdHRFTf6YsGVF\/w4xXp6ons9jpbZg5KhTGN5+4etvT3m0W\/N6tWrZV6XpXLf8jlfHYoLPUH0JMkN+woK+lFp0qSJDLaAka5xY7Y98IFdoyu9ZQ8nuo7Sp8PXQ5cuXcycE1iOTo\/wGPgwbN26VTpQgo8++kimqYonegLYJ3leT3aKD74DCcKT3F\/4LiQQT3L\/4DtBGYEnOmUEnuhpQruWDpUyHV+BNIETPRSe7DzR0wZP9PB4oqcJPdG9Tmqe6DzR00Yya3TdXzTJL3iiJxDeaB0vKNGSfaKjyYDuE9N\/\/\/038Dh28mK3mdFmCJdeeqlMYfz48TLVZgdoxKbdc2PImtzgiZ5AeKPDjfwWT+4TXU80jE6n8\/Gi+4smeRk1apSZyxofSb322ms5tsM87onVcjRoyw2e6AnkfsMSKZk1Olo26j4jpVDKly8vrTKRAN989evXl3mM66S05SWe39y5c517771X8rHiiZ4Lkd5EZa9jtxpMFD0ur\/Tee++ZtcLDjSGR
"ShadowAttribute": []
},
{
"id": "239024",
"type": "yara",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "5c72ae10-aa9c-4068-853b-4b4602de0b81",
"event_id": "1203",
"distribution": "5",
"timestamp": "1551019536",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"value": "import \"pe\"\r\n\r\nrule MAL_PE_Type_BabyShark_Loader {\r\n meta:\r\n description = \"Detects PE Type babyShark loader mentioned in February 2019 blog post by PaloAltNetworks\"\r\n author = \"Florian Roth\"\r\n reference = \"https:\/\/unit42.paloaltonetworks.com\/new-babyshark-malware-targets-u-s-national-security-think-tanks\/\"\r\n date = \"2019-02-24\"\r\n hash1 = \"6f76a8e16908ba2d576cf0e8cdb70114dcb70e0f7223be10aab3a728dc65c41c\"\r\n strings:\r\n $x1 = \"reg add \\\"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Command Processor\\\" \/v AutoRun \/t REG_SZ \/d \\\"%s\\\" \/f\" fullword ascii\r\n $x2 = \/mshta\\.exe http:\\\/\\\/[a-z0-9\\.\\\/]{5,30}\\.hta\/\r\n\r\n $xc1 = { 57 69 6E 45 78 65 63 00 6B 65 72 6E 65 6C 33 32\r\n 2E 44 4C 4C 00 00 00 00 } \/* WinExec kernel32.DLL *\/\r\n condition:\r\n uint16(0) == 0x5a4d and (\r\n pe.imphash() == \"57b6d88707d9cd1c87169076c24f962e\" or\r\n 1 of them or\r\n for any i in (0 .. pe.number_of_signatures) : (\r\n pe.signatures[i].issuer contains \"thawte SHA256 Code Signing CA\" and\r\n pe.signatures[i].serial == \"0f:ff:e4:32:a5:3f:f0:3b:92:23:f8:8b:e1:b8:3d:9d\"\r\n )\r\n )\r\n}",
"Galaxy": [],
"ShadowAttribute": []
}
],
"ShadowAttribute": [],
"RelatedEvent": [
{
"Event": {
"id": "847",
"date": "2018-09-09",
"threat_level_id": "3",
"info": "OSINT - Multi-exploit IoT\/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall",
"published": true,
"uuid": "5b991442-a9f0-4b5b-bc56-445f950d210f",
"analysis": "2",
"timestamp": "1550654013",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "912",
"date": "2018-08-15",
"threat_level_id": "3",
"info": "OSINT - \u809a\u8111\u866b\u7ec4\u7ec7\uff08APT-C-35\uff09\u79fb\u52a8\u7aef\u653b\u51fb\u6d3b\u52a8\u63ed\u9732",
"published": true,
"uuid": "5b746d63-8c10-46b5-8c1a-49ec02de0b81",
"analysis": "0",
"timestamp": "1550654282",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "562",
"date": "2018-08-05",
"threat_level_id": "3",
"info": "OSINT - Off-the-shelf RATs Targeting Pakistan",
"published": true,
"uuid": "5b671098-3024-42db-b972-42ae02de0b81",
"analysis": "0",
"timestamp": "1550653216",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "365",
"date": "2018-05-15",
"threat_level_id": "3",
"info": "OSINT - RAT Gone Rogue: Meet ARS VBS Loader",
"published": true,
"uuid": "5afaeb66-962c-4cd6-a5c8-419e950d210f",
"analysis": "0",
"timestamp": "1550651981",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "1077",
"date": "2018-05-04",
"threat_level_id": "3",
"info": "OSINT - Who's who in the zoo. Cyberespionage operation targets android users in the Middle East.",
"published": true,
"uuid": "5aec0f0f-7fe0-4e42-8f64-44e5950d210f",
"analysis": "2",
"timestamp": "1550655221",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "774",
"date": "2018-04-17",
"threat_level_id": "3",
"info": "OSINT - Talos\/Cisco Threat Roundup for April 6 - 13",
"published": true,
"uuid": "5ad5bc00-d988-48bb-9293-2135950d210f",
"analysis": "2",
"timestamp": "1550653867",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "598",
"date": "2018-03-15",
"threat_level_id": "3",
"info": "OSINT - Alert (TA18-074A) Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors",
"published": true,
"uuid": "5aaa8a97-0cac-48bd-877a-41b5950d210f",
"analysis": "2",
"timestamp": "1550653433",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "885",
"date": "2018-03-13",
"threat_level_id": "3",
"info": "OSINT - Gozi ISFB Remains Active in 2018, Leverages \"Dark Cloud\" Botnet For Distribution",
"published": false,
"uuid": "5aa7b639-62d8-46e6-be6c-4db8950d210f",
"analysis": "0",
"timestamp": "1550654228",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "217",
"date": "2018-03-09",
"threat_level_id": "3",
"info": "OSINT - Apache SOLR: the new target for cryptominers",
"published": true,
"uuid": "5aa23875-d0dc-49d6-82a6-d309950d210f",
"analysis": "0",
"timestamp": "1550506784",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "483",
"date": "2018-01-25",
"threat_level_id": "3",
"info": "OSINT - Dark Caracal Cyber-espionage at a Global Scale",
"published": true,
"uuid": "5a69ed26-44c8-423c-a8dc-4f7b950d210f",
"analysis": "2",
"timestamp": "1550652819",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
},
{
"Event": {
"id": "865",
"date": "2018-01-16",
"threat_level_id": "3",
"info": "OSINT - Skygofree: Following in the footsteps of HackingTeam",
"published": true,
"uuid": "5b6d858f-6cb0-4a06-b826-57f5950d210f",
"analysis": "2",
"timestamp": "1550654071",
"distribution": "3",
"org_id": "1",
"orgc_id": "2",
"Org": {
"id": "1",
"name": "ORGNAME",
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
}
}
}
],
"Galaxy": [
{
"id": "22",
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
"name": "Attack Pattern",
"type": "mitre-attack-pattern",
"description": "ATT&CK Tactic",
"version": "7",
"icon": "map",
"namespace": "mitre-attack",
"GalaxyCluster": [
{
"id": "2714",
"collection_uuid": "a21a6a79-f9a1-4c87-aed9-ba2d79536881",
"type": "mitre-attack-pattern",
"value": "Stolen Developer Credentials or Signing Keys - T1441",
"tag_name": "misp-galaxy:mitre-attack-pattern=\"Stolen Developer Credentials or Signing Keys - T1441\"",
"description": "An adversary could steal developer account credentials on an app store and\/or signing keys to publish malicious updates to existing Android or iOS apps, or to abuse the developer's identity and reputation to publish new malicious applications. For example, Infoworld describes this technique and suggests mitigations in (Citation: Infoworld-Appstore).\n\nDetection: Developers can regularly scan (or have a third party scan on their behalf) the app stores for presence of unauthorized apps that were submitted using the developer's identity.\n\nPlatforms: Android, iOS",
"galaxy_id": "22",
"source": "https:\/\/github.com\/mitre\/cti",
"authors": [
"MITRE"
],
"version": "8",
"uuid": "",
"tag_id": "704",
"meta": {
"external_id": [
"T1441"
],
"refs": [
"https:\/\/attack.mitre.org\/techniques\/T1441"
]
}
}
]
}
],
"Object": [
{
"id": "10866",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "1db36cab-7b13-4758-b16a-9e9862d0973e",
"timestamp": "1550871228",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4700",
"uuid": "5c706abe-99e0-49bd-b7ee-4d5002de0b81",
"timestamp": "1551169938",
"object_id": "10866",
"event_id": "1203",
"source_uuid": "1db36cab-7b13-4758-b16a-9e9862d0973e",
"referenced_uuid": "aea77d6f-2193-40e9-82c5-59726e0dfd2d",
"referenced_id": "10867",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "aea77d6f-2193-40e9-82c5-59726e0dfd2d",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239025",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6411ce6c-7a8c-4523-848b-3ebb80b47f65",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10866",
"object_relation": "md5",
"value": "404ab5a93767a986b47c9fec33eb8be9",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239026",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a0a8cacd-9d55-4c55-9055-14e08141cc6c",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10866",
"object_relation": "sha1",
"value": "0a631b0072cee1e20854b187276a0ba560d6d4f8",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239027",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "61768832-cc80-4637-a0c4-794253bba246",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10866",
"object_relation": "sha256",
"value": "94a09aff59c0c27d1049509032d5ba05e9285fd522eb20b033b8188e0fee4ff0",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10867",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "aea77d6f-2193-40e9-82c5-59726e0dfd2d",
"timestamp": "1550871228",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239028",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "4eb49e21-42c9-4653-93da-600ca773ffa9",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10867",
"object_relation": "last-submission",
"value": "2019-02-22 20:12:18",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239029",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "0a0bda5b-9761-44e3-a0da-c365c6fbab76",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10867",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/94a09aff59c0c27d1049509032d5ba05e9285fd522eb20b033b8188e0fee4ff0\/analysis\/1550866338\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239030",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "6fa3c325-b92c-41bd-8ab3-283272c6b440",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10867",
"object_relation": "detection-ratio",
"value": "25\/60",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10868",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "3b8f6a45-0b7f-4bea-ad61-0369f01cc306",
"timestamp": "1550871228",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4701",
"uuid": "5c706abe-9e0c-4b24-b6af-436302de0b81",
"timestamp": "1551169938",
"object_id": "10868",
"event_id": "1203",
"source_uuid": "3b8f6a45-0b7f-4bea-ad61-0369f01cc306",
"referenced_uuid": "7ba926a9-161b-4412-99ff-cee104b6a329",
"referenced_id": "10869",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "7ba926a9-161b-4412-99ff-cee104b6a329",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239031",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d45365f9-5d44-41d1-bbf0-4128f2ecabef",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10868",
"object_relation": "md5",
"value": "d40c20a77371309045f5123af76637b2",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239032",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "91bd51d5-5847-4c09-8152-0754aca32ffa",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10868",
"object_relation": "sha1",
"value": "d1207b7b846b80418b459e9d03e1b5afbd3e97a7",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239033",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f46f938e-8d82-4d8a-b996-6343846b798a",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10868",
"object_relation": "sha256",
"value": "66439f0e377bbe8cda3e516e801a86c64688e7c3dde0287b1bfb298a5bdbc2a2",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10869",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "7ba926a9-161b-4412-99ff-cee104b6a329",
"timestamp": "1550871228",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239034",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "6e483df8-fa53-4b98-b6da-100b79de2663",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10869",
"object_relation": "last-submission",
"value": "2019-02-22 20:07:15",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239035",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "ce797b8c-fa71-4267-a4ee-94eb6e873e88",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10869",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/66439f0e377bbe8cda3e516e801a86c64688e7c3dde0287b1bfb298a5bdbc2a2\/analysis\/1550866035\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239036",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "86a138ea-5eba-4594-a3fb-e8af55be9dbe",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10869",
"object_relation": "detection-ratio",
"value": "20\/60",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10870",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "8cc1ffb8-e4b2-4641-a536-ea843ff9bc7a",
"timestamp": "1550871228",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4702",
"uuid": "5c706abe-fc0c-4d62-be6c-425302de0b81",
"timestamp": "1551169938",
"object_id": "10870",
"event_id": "1203",
"source_uuid": "8cc1ffb8-e4b2-4641-a536-ea843ff9bc7a",
"referenced_uuid": "5de67962-66f3-48c8-b33f-734e4b8dc989",
"referenced_id": "10871",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "5de67962-66f3-48c8-b33f-734e4b8dc989",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239037",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "de3bac84-c7e2-48f8-8d32-116274000be5",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10870",
"object_relation": "md5",
"value": "093ecb712d438ab01b3f07718428dcc7",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239038",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "14e391d3-7730-4841-8ede-2deb0f3ad706",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10870",
"object_relation": "sha1",
"value": "89b9b7f2c3eb275eabe78c04a30dc09281a201e6",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239039",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "eb9245ad-132c-4279-a3ad-d7f5aa0131cc",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10870",
"object_relation": "sha256",
"value": "7b77112ac7cbb7193bcd891ce48ab2acff35e4f8d523980dff834cb42eaffafa",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10871",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "5de67962-66f3-48c8-b33f-734e4b8dc989",
"timestamp": "1550871228",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239040",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "0bd77c93-27ad-47e8-bd9d-c38732323fd5",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10871",
"object_relation": "last-submission",
"value": "2019-02-22 20:03:13",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239041",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "155a8b3c-e603-4283-91b2-1a6258b93bf8",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10871",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/7b77112ac7cbb7193bcd891ce48ab2acff35e4f8d523980dff834cb42eaffafa\/analysis\/1550865793\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239042",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "162fe627-abe9-4abb-8095-c39dee340f84",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10871",
"object_relation": "detection-ratio",
"value": "22\/60",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10872",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "89e0ad73-a186-4959-b978-2311ee49e4af",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4703",
"uuid": "5c706abe-7c28-48ab-bce2-4c9702de0b81",
"timestamp": "1551169938",
"object_id": "10872",
"event_id": "1203",
"source_uuid": "89e0ad73-a186-4959-b978-2311ee49e4af",
"referenced_uuid": "99e0b99b-e1cf-4451-8eec-972978c821d8",
"referenced_id": "10873",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "99e0b99b-e1cf-4451-8eec-972978c821d8",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239043",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2ca5845e-286c-458e-a970-568968a3575f",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10872",
"object_relation": "md5",
"value": "711eb1d89764d45f4ff2622143f744c2",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239044",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1ad21473-1980-45ee-a596-fb6890abded1",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10872",
"object_relation": "sha1",
"value": "548b64c0f904733dd5433f6f3878487eeda54fa1",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239045",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e6c1fd36-35fe-49bc-9483-00dff515a29b",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10872",
"object_relation": "sha256",
"value": "1334c087390fb946c894c1863dfc9f0a659f594a3d6307fb48f24c30a23e0fc0",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10873",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "99e0b99b-e1cf-4451-8eec-972978c821d8",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239046",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "f2a9431e-464e-4ae7-a53f-e24685f03b82",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10873",
"object_relation": "last-submission",
"value": "2018-11-27 12:07:50",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239047",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "2ce90e53-a834-4ac6-9db6-6213d7629ccc",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10873",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/1334c087390fb946c894c1863dfc9f0a659f594a3d6307fb48f24c30a23e0fc0\/analysis\/1543320470\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239048",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "99bd1115-adc9-42b0-9500-878f593f001c",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10873",
"object_relation": "detection-ratio",
"value": "22\/60",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10874",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "4dbf697b-11ce-447f-85c6-cd02a2365a7f",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4704",
"uuid": "5c706abe-b378-4ec6-ab67-490f02de0b81",
"timestamp": "1551169938",
"object_id": "10874",
"event_id": "1203",
"source_uuid": "4dbf697b-11ce-447f-85c6-cd02a2365a7f",
"referenced_uuid": "1d288045-6e66-43a6-94b7-600044369fa7",
"referenced_id": "10875",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "1d288045-6e66-43a6-94b7-600044369fa7",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239049",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b9b1470d-a8f1-4aab-aec6-9c20f8452879",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10874",
"object_relation": "md5",
"value": "6b116d471a787eb520869ed5c6965fa8",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239050",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2bea0406-889e-4e2a-9ea3-da2cc2e443fc",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10874",
"object_relation": "sha1",
"value": "ec4bd72fcb440f47912d06c75a9d56ad86953f70",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239051",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6c390d2d-82a8-4fbd-b8c6-cd1f11ca8d0e",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10874",
"object_relation": "sha256",
"value": "dc425e93e83fe02da9c76b56f6fd286eace282eaad6d8d497e17b3ec4059020a",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10875",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "1d288045-6e66-43a6-94b7-600044369fa7",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239052",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "2ca3b301-e08c-4cfa-b005-90ff52d13af0",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10875",
"object_relation": "last-submission",
"value": "2019-02-22 20:11:49",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239053",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "1082dea9-353d-4932-a02c-3f87fe6c059a",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10875",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/dc425e93e83fe02da9c76b56f6fd286eace282eaad6d8d497e17b3ec4059020a\/analysis\/1550866309\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239054",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "9675abe7-0743-435a-881d-bfd772c55225",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10875",
"object_relation": "detection-ratio",
"value": "22\/58",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10876",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "6860e975-938c-413d-b144-74cde72c25dc",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4705",
"uuid": "5c706abe-be44-449d-8118-46c202de0b81",
"timestamp": "1551169938",
"object_id": "10876",
"event_id": "1203",
"source_uuid": "6860e975-938c-413d-b144-74cde72c25dc",
"referenced_uuid": "ee3df33a-a5df-4f0a-887d-9fe0aba2d90a",
"referenced_id": "10877",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "ee3df33a-a5df-4f0a-887d-9fe0aba2d90a",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239055",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9d066d52-7b45-425f-96d7-15be7fc74c74",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10876",
"object_relation": "md5",
"value": "1f1f44a01d5784028302d6ad5e7133aa",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239056",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f3258f42-f31d-4a7c-9113-c4dc96dacf9c",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10876",
"object_relation": "sha1",
"value": "cb1125d5a57a529bf88bf590c0cb675f37261839",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239057",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6d73772d-9487-4f05-8917-0040d6f1d3af",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10876",
"object_relation": "sha256",
"value": "2b6dc1a826a4d5d5de5a30b458e6ed995a4cfb9cad8114d1197541a86905d60e",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10877",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "ee3df33a-a5df-4f0a-887d-9fe0aba2d90a",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239058",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "03562590-3096-4587-b05d-11a6e257b5d9",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10877",
"object_relation": "last-submission",
"value": "2019-02-22 20:04:58",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239059",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "bf0ca902-1a55-4640-a8d9-41f0e0f7a29d",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10877",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/2b6dc1a826a4d5d5de5a30b458e6ed995a4cfb9cad8114d1197541a86905d60e\/analysis\/1550865898\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239060",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "68ed8acc-bb3c-4654-b65b-c25b8a3c37cd",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10877",
"object_relation": "detection-ratio",
"value": "21\/55",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10878",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "df5dd372-ecd6-4595-ab34-45bff1decb63",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4706",
"uuid": "5c706abe-a1b8-45fc-bd1a-45d702de0b81",
"timestamp": "1551169938",
"object_id": "10878",
"event_id": "1203",
"source_uuid": "df5dd372-ecd6-4595-ab34-45bff1decb63",
"referenced_uuid": "f2146c3b-d6f7-471c-bb4a-2b831e2849f6",
"referenced_id": "10879",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "f2146c3b-d6f7-471c-bb4a-2b831e2849f6",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239061",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "dfc28b74-63f1-48d0-b637-eeb604df4e7a",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10878",
"object_relation": "md5",
"value": "76e71cf45e99d03a92c8271998a1caee",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239062",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1eaec0ad-a007-4b29-89da-15b34bc69c18",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10878",
"object_relation": "sha1",
"value": "818bfc1fdb8126b58835e77f13afa9435e883919",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239063",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7a651cf8-2950-41c8-b2c5-80ea25c87d99",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10878",
"object_relation": "sha256",
"value": "331d17dbe4ee61d8f2c91d7e4af17fb38102003663872223efaa4a15099554d7",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10879",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "f2146c3b-d6f7-471c-bb4a-2b831e2849f6",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239064",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "b1e2fbea-a39d-41ce-a748-bc257b01aa2b",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10879",
"object_relation": "last-submission",
"value": "2019-02-22 20:10:06",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239065",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "9c2da65e-0e42-454e-9b9f-0daafbb29344",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10879",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/331d17dbe4ee61d8f2c91d7e4af17fb38102003663872223efaa4a15099554d7\/analysis\/1550866206\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239066",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "3e79140e-f74f-4b0b-8e17-496f1058e477",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871210",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10879",
"object_relation": "detection-ratio",
"value": "9\/61",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10880",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "3061d73f-2f4f-4c6e-8478-3d5d1e74c1bc",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4707",
"uuid": "5c706abe-1b10-4475-8d35-4f1202de0b81",
"timestamp": "1551169938",
"object_id": "10880",
"event_id": "1203",
"source_uuid": "3061d73f-2f4f-4c6e-8478-3d5d1e74c1bc",
"referenced_uuid": "a6c1afed-624f-4d81-b96a-4ff02a693e66",
"referenced_id": "10881",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "a6c1afed-624f-4d81-b96a-4ff02a693e66",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239067",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "63d6a412-efd3-4c8e-94a3-8a1e15d4dc16",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10880",
"object_relation": "md5",
"value": "1a6f9190e7c53cd4e9ca4532547131af",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239068",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8f650e7b-4a3b-4cd9-af6a-192825d323f9",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10880",
"object_relation": "sha1",
"value": "88708e9562a8c4ee4601b3990a664bc63b378753",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239069",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "389e4069-cbbf-47a4-87ae-a03ae00575df",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10880",
"object_relation": "sha256",
"value": "9d842c9c269345cd3b2a9ce7d338a03ffbf3765661f1ee6d5e178f40d409c3f8",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10881",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "a6c1afed-624f-4d81-b96a-4ff02a693e66",
"timestamp": "1550871229",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239070",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "741b8b1f-d387-4dff-9809-a2a5cc0e76f8",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10881",
"object_relation": "last-submission",
"value": "2019-02-22 20:03:34",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239071",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "b55b0030-557e-4368-9429-5e431a631b7e",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10881",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/9d842c9c269345cd3b2a9ce7d338a03ffbf3765661f1ee6d5e178f40d409c3f8\/analysis\/1550865814\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239072",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "0f619020-6f30-4b40-a3c0-9f13b13fc9b3",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10881",
"object_relation": "detection-ratio",
"value": "22\/60",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10882",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "fd57be37-61cc-4452-85b5-518d55586335",
"timestamp": "1550871230",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4708",
"uuid": "5c706abe-c730-41b2-b328-4bb202de0b81",
"timestamp": "1551169938",
"object_id": "10882",
"event_id": "1203",
"source_uuid": "fd57be37-61cc-4452-85b5-518d55586335",
"referenced_uuid": "e59804a1-c4d9-4228-93bb-1a1f626c25ef",
"referenced_id": "10883",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "e59804a1-c4d9-4228-93bb-1a1f626c25ef",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239073",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3015da1a-86da-45d2-8a84-9a1ed0ff02a3",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10882",
"object_relation": "md5",
"value": "056b178bbeea109d705439aa4e203d09",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239074",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5b3dd29a-6054-4832-9173-9f6f8d8b7e67",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10882",
"object_relation": "sha1",
"value": "5ae5ca0daccfa21706e157a19bdb67e48cbfe137",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239075",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a7c9b4a7-ec51-4f6d-82f3-95946ff53992",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10882",
"object_relation": "sha256",
"value": "8ef4bc09a9534910617834457114b9217cac9cb33ae22b37889040cde4cabea6",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10883",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "e59804a1-c4d9-4228-93bb-1a1f626c25ef",
"timestamp": "1550871230",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239076",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "d2f63c18-56a3-44a8-83b8-bf9bbfe22b05",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10883",
"object_relation": "last-submission",
"value": "2019-02-22 20:08:55",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239077",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "c077dd9c-a1a5-4941-94a7-b69610709486",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10883",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/8ef4bc09a9534910617834457114b9217cac9cb33ae22b37889040cde4cabea6\/analysis\/1550866135\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239078",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "c248a416-67d8-4f60-ab77-8d537265a29a",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871209",
"comment": "Malicious Documents",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10883",
"object_relation": "detection-ratio",
"value": "23\/60",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10884",
"name": "file",
"meta-category": "file",
"description": "File object describing a file with meta-information",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
fix: Bump Test files because of new template version
2019-04-24 15:55:47 +02:00
"template_version": "17",
fix: [exportpdf] Refactoring, nicer code
2019-02-26 14:28:31 +01:00
"event_id": "1203",
"uuid": "56b391e4-f005-4caa-ae12-a90db6664ebd",
"timestamp": "1550871270",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [
{
"id": "4709",
"uuid": "5c706ae7-2e68-4e97-a879-463902de0b81",
"timestamp": "1551169938",
"object_id": "10884",
"event_id": "1203",
"source_uuid": "56b391e4-f005-4caa-ae12-a90db6664ebd",
"referenced_uuid": "fd828b7c-f7c6-41d6-8b1e-3c19b0c98b2d",
"referenced_id": "10885",
"referenced_type": "1",
"relationship_type": "analysed-with",
"comment": "",
"deleted": false,
"Object": {
"distribution": "5",
"sharing_group_id": "0",
"uuid": "fd828b7c-f7c6-41d6-8b1e-3c19b0c98b2d",
"name": "virustotal-report",
"meta-category": "misc"
}
}
],
"Attribute": [
{
"id": "239079",
"type": "md5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9d7f165e-8028-41ba-bade-a9d6f2d94721",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871258",
"comment": "PE version loader, signed with stolen certificate:",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10884",
"object_relation": "md5",
"value": "9f76d2f73020064374efe67dc28fa006",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239080",
"type": "sha1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c8464fee-b069-490b-9f90-18bbcb7fa57c",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871258",
"comment": "PE version loader, signed with stolen certificate:",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10884",
"object_relation": "sha1",
"value": "d96c04952ba0cb61b64bc7f08d7257913d8b7968",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239081",
"type": "sha256",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bb21148d-46b8-4238-bb70-ed8322362dd5",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871258",
"comment": "PE version loader, signed with stolen certificate:",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10884",
"object_relation": "sha256",
"value": "6f76a8e16908ba2d576cf0e8cdb70114dcb70e0f7223be10aab3a728dc65c41c",
"Galaxy": [],
"ShadowAttribute": []
}
]
},
{
"id": "10885",
"name": "virustotal-report",
"meta-category": "misc",
"description": "VirusTotal report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"event_id": "1203",
"uuid": "fd828b7c-f7c6-41d6-8b1e-3c19b0c98b2d",
"timestamp": "1550871270",
"distribution": "5",
"sharing_group_id": "0",
"comment": "",
"deleted": false,
"ObjectReference": [],
"Attribute": [
{
"id": "239082",
"type": "datetime",
"category": "Other",
"to_ids": false,
"uuid": "17038529-b686-4618-946f-6ac94dddf423",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871258",
"comment": "PE version loader, signed with stolen certificate:",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10885",
"object_relation": "last-submission",
"value": "2019-02-22 20:15:46",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239083",
"type": "link",
"category": "Payload delivery",
"to_ids": false,
"uuid": "45431bd9-aea9-46b1-a9e3-ed17d1fcf05f",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871258",
"comment": "PE version loader, signed with stolen certificate:",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10885",
"object_relation": "permalink",
"value": "https:\/\/www.virustotal.com\/file\/6f76a8e16908ba2d576cf0e8cdb70114dcb70e0f7223be10aab3a728dc65c41c\/analysis\/1550866546\/",
"Galaxy": [],
"ShadowAttribute": []
},
{
"id": "239084",
"type": "text",
"category": "Payload delivery",
"to_ids": false,
"uuid": "f4343cea-ba6d-4c9b-99e8-d7a157be74f3",
"event_id": "1203",
"distribution": "5",
"timestamp": "1550871258",
"comment": "PE version loader, signed with stolen certificate:",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "10885",
"object_relation": "detection-ratio",
"value": "15\/68",
"Galaxy": [],
"ShadowAttribute": []
}
]
}
],
"Tag": [
{
"id": "7",
"name": "type:OSINT",
"colour": "#004646",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
},
{
"id": "39",
"name": "osint:lifetime=\"perpetual\"",
"colour": "#0071c3",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
},
{
"id": "4",
"name": "tlp:white",
"colour": "#ffffff",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
},
{
"id": "704",
"name": "misp-galaxy:mitre-attack-pattern=\"Stolen Developer Credentials or Signing Keys - T1441\"",
"colour": "#0088cc",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
},
{
"id": "705",
"name": "misp-galaxy:tool=\"BabyShark\"",
"colour": "#0088cc",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
},
{
"id": "706",
"name": "misp-galaxy:threat-actor=\"STOLEN PENCIL\"",
"colour": "#0088cc",
"exportable": true,
"user_id": "0",
"hide_tag": false,
"numerical_value": null
}
]
}
fix: Bump tests relatively to the file template
2019-02-28 08:30:19 +01:00
}