mirror of https://github.com/MISP/PyMISP
4600 lines
143 KiB
JSON
4600 lines
143 KiB
JSON
{
|
||
"Attribute": [
|
||
{
|
||
"Tag": [
|
||
{
|
||
"colour": "#00223b",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "101",
|
||
"name": "osint:source-type=\"blog-post\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#007cd6",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "618",
|
||
"name": "osint:certainty=\"93\"",
|
||
"user_id": "0"
|
||
}
|
||
],
|
||
"category": "External analysis",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188757",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893921",
|
||
"to_ids": false,
|
||
"type": "link",
|
||
"uuid": "5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
||
"value": "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
|
||
},
|
||
{
|
||
"Tag": [
|
||
{
|
||
"colour": "#00223b",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "101",
|
||
"name": "osint:source-type=\"blog-post\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#007cd6",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "618",
|
||
"name": "osint:certainty=\"93\"",
|
||
"user_id": "0"
|
||
}
|
||
],
|
||
"category": "External analysis",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188758",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893921",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3c2fee-7c8c-438a-8f7f-465402de0b81",
|
||
"value": "The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET’s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit’s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group’s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "Xagent Samples",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188759",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893957",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
|
||
"value": "movieultimate.com"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "Xagent Samples",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188760",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893957",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
|
||
"value": "meteost.com"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "Xagent Samples",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188761",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893957",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
||
"value": "faststoragefiles.org"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "Xagent Samples",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188762",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893957",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
|
||
"value": "nethostnet.com"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "Xagent Samples",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188763",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893957",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
|
||
"value": "fsportal.net"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "Xagent Samples",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188764",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893957",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
|
||
"value": "fastdataexchange.org"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "Xagent Samples",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188765",
|
||
"object_id": "0",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513893957",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
|
||
"value": "newfilmts.com"
|
||
}
|
||
],
|
||
"Galaxy": [
|
||
{
|
||
"GalaxyCluster": [
|
||
{
|
||
"authors": [
|
||
"Alexandre Dulaunoy",
|
||
"Florian Roth",
|
||
"Thomas Schreck",
|
||
"Timo Steffens",
|
||
"Various"
|
||
],
|
||
"default": false,
|
||
"description": "The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.",
|
||
"distribution": "0",
|
||
"galaxy_id": "366",
|
||
"id": "45563",
|
||
"meta": {
|
||
"country": [
|
||
"RU"
|
||
],
|
||
"refs": [
|
||
"https://en.wikipedia.org/wiki/Sofacy_Group",
|
||
"https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf",
|
||
"http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf",
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/wp-mandiant-matryoshka-mining.pdf",
|
||
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
|
||
"http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/"
|
||
],
|
||
"synonyms": [
|
||
"APT 28",
|
||
"APT28",
|
||
"Pawn Storm",
|
||
"Fancy Bear",
|
||
"Sednit",
|
||
"TsarTeam",
|
||
"TG-4127",
|
||
"Group-4127",
|
||
"STRONTIUM",
|
||
"TAG_0700",
|
||
"Swallowtail",
|
||
"IRON TWILIGHT",
|
||
"Group 74"
|
||
]
|
||
},
|
||
"source": "MISP Project",
|
||
"tag_id": "1100",
|
||
"tag_name": "misp-galaxy:threat-actor=\"Sofacy\"",
|
||
"type": "threat-actor",
|
||
"uuid": "7cdff317-a673-4474-84ec-4f1754947823",
|
||
"value": "Sofacy",
|
||
"version": "30"
|
||
}
|
||
],
|
||
"description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
|
||
"icon": "user-secret",
|
||
"id": "366",
|
||
"name": "Threat Actor",
|
||
"type": "threat-actor",
|
||
"uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3",
|
||
"version": "2"
|
||
},
|
||
{
|
||
"GalaxyCluster": [
|
||
{
|
||
"authors": [
|
||
"Kafeine",
|
||
"Will Metcalf",
|
||
"KahuSecurity"
|
||
],
|
||
"default": false,
|
||
"description": "Sednit EK is the exploit kit used by APT28",
|
||
"distribution": "0",
|
||
"galaxy_id": "370",
|
||
"id": "38813",
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/",
|
||
"http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
|
||
],
|
||
"status": [
|
||
"Active"
|
||
]
|
||
},
|
||
"source": "MISP Project",
|
||
"tag_id": "3007",
|
||
"tag_name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
|
||
"type": "exploit-kit",
|
||
"uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
|
||
"value": "Sednit EK",
|
||
"version": "5"
|
||
},
|
||
{
|
||
"authors": [
|
||
"Kafeine",
|
||
"Will Metcalf",
|
||
"KahuSecurity"
|
||
],
|
||
"default": false,
|
||
"description": "DealersChoice is a Flash Player Exploit platform triggered by RTF",
|
||
"distribution": "0",
|
||
"galaxy_id": "370",
|
||
"id": "38805",
|
||
"meta": {
|
||
"refs": [
|
||
"http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/",
|
||
"http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/"
|
||
],
|
||
"status": [
|
||
"Active"
|
||
],
|
||
"synonyms": [
|
||
"Sednit RTF EK"
|
||
]
|
||
},
|
||
"source": "MISP Project",
|
||
"tag_id": "3015",
|
||
"tag_name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
|
||
"type": "exploit-kit",
|
||
"uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
|
||
"value": "DealersChoice",
|
||
"version": "5"
|
||
}
|
||
],
|
||
"description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
|
||
"icon": "internet-explorer",
|
||
"id": "370",
|
||
"name": "Exploit-Kit",
|
||
"type": "exploit-kit",
|
||
"uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01",
|
||
"version": "3"
|
||
},
|
||
{
|
||
"GalaxyCluster": [
|
||
{
|
||
"authors": [
|
||
"Alexandre Dulaunoy",
|
||
"Florian Roth",
|
||
"Timo Steffens",
|
||
"Christophe Vandeplas"
|
||
],
|
||
"default": false,
|
||
"description": "backdoor",
|
||
"distribution": "0",
|
||
"galaxy_id": "367",
|
||
"id": "46592",
|
||
"meta": {
|
||
"refs": [
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Sednit",
|
||
"Seduploader",
|
||
"JHUHUGIT",
|
||
"Sofacy"
|
||
],
|
||
"type": [
|
||
"Backdoor"
|
||
]
|
||
},
|
||
"source": "MISP Project",
|
||
"tag_id": "2215",
|
||
"tag_name": "misp-galaxy:tool=\"GAMEFISH\"",
|
||
"type": "tool",
|
||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||
"value": "GAMEFISH",
|
||
"version": "45"
|
||
},
|
||
{
|
||
"authors": [
|
||
"Alexandre Dulaunoy",
|
||
"Florian Roth",
|
||
"Timo Steffens",
|
||
"Christophe Vandeplas"
|
||
],
|
||
"default": false,
|
||
"description": "",
|
||
"distribution": "0",
|
||
"galaxy_id": "367",
|
||
"id": "46670",
|
||
"meta": {
|
||
"synonyms": [
|
||
"XTunnel"
|
||
]
|
||
},
|
||
"source": "MISP Project",
|
||
"tag_id": "1012",
|
||
"tag_name": "misp-galaxy:tool=\"X-Tunnel\"",
|
||
"type": "tool",
|
||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||
"value": "X-Tunnel",
|
||
"version": "45"
|
||
},
|
||
{
|
||
"authors": [
|
||
"Alexandre Dulaunoy",
|
||
"Florian Roth",
|
||
"Timo Steffens",
|
||
"Christophe Vandeplas"
|
||
],
|
||
"default": false,
|
||
"description": "backdoor used by apt28\n\nSedreco serves as a spying backdoor; its functionalities can be extended with dynamically loaded plugins. It is made up of two distinct components: a dropper and the persistent payload installed by this dropper. We have not seen this component since April 2016.",
|
||
"distribution": "0",
|
||
"galaxy_id": "367",
|
||
"id": "46591",
|
||
"meta": {
|
||
"possible_issues": [
|
||
"Report tells that is could be Xagent alias (Java Rat)"
|
||
],
|
||
"refs": [
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Sedreco",
|
||
"AZZY",
|
||
"ADVSTORESHELL",
|
||
"NETUI"
|
||
],
|
||
"type": [
|
||
"Backdoor"
|
||
]
|
||
},
|
||
"source": "MISP Project",
|
||
"tag_id": "3011",
|
||
"tag_name": "misp-galaxy:tool=\"EVILTOSS\"",
|
||
"type": "tool",
|
||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||
"value": "EVILTOSS",
|
||
"version": "45"
|
||
},
|
||
{
|
||
"authors": [
|
||
"Alexandre Dulaunoy",
|
||
"Florian Roth",
|
||
"Timo Steffens",
|
||
"Christophe Vandeplas"
|
||
],
|
||
"default": false,
|
||
"description": "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.\n\nXagent is a modular backdoor with spying functionalities such as keystroke logging and file exfiltration. Xagent is the group’s flagship backdoor and heavily used in their operations. Early versions for Linux and Windows were seen years ago, then in 2015 an iOS version came out. One year later, an Android version was discovered and finally, in the beginning of 2017, an Xagent sample for OS X was described.",
|
||
"distribution": "0",
|
||
"galaxy_id": "367",
|
||
"id": "46669",
|
||
"meta": {
|
||
"refs": [
|
||
"http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/",
|
||
"https://app.box.com/s/l7n781ig6n8wlf1aff5hgwbh4qoi5jqq",
|
||
"https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
|
||
],
|
||
"synonyms": [
|
||
"XAgent"
|
||
],
|
||
"type": [
|
||
"Backdoor"
|
||
]
|
||
},
|
||
"source": "MISP Project",
|
||
"tag_id": "1011",
|
||
"tag_name": "misp-galaxy:tool=\"X-Agent\"",
|
||
"type": "tool",
|
||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||
"value": "X-Agent",
|
||
"version": "45"
|
||
}
|
||
],
|
||
"description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
||
"icon": "optin-monster",
|
||
"id": "367",
|
||
"name": "Tool",
|
||
"type": "tool",
|
||
"uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b",
|
||
"version": "2"
|
||
},
|
||
{
|
||
"GalaxyCluster": [
|
||
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"default": false,
|
||
"description": "JHUHUGIT is malware used by APT28. It is based on Carberp source code and serves as reconnaissance malware.[[Citation: Kaspersky Sofacy]][[Citation: F-Secure Sofacy 2015]][[Citation: ESET Sednit Part 1]][[Citation: FireEye APT28 January 2017]]\n\nAliases: JHUHUGIT, Seduploader, JKEYSKW, Sednit, GAMEFISH",
|
||
"distribution": "0",
|
||
"galaxy_id": "365",
|
||
"id": "41618",
|
||
"meta": {
|
||
"refs": [
|
||
"https://attack.mitre.org/wiki/Software/S0044",
|
||
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf",
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
|
||
"https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/",
|
||
"https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
|
||
],
|
||
"synonyms": [
|
||
"JHUHUGIT",
|
||
"Seduploader",
|
||
"JKEYSKW",
|
||
"Sednit",
|
||
"GAMEFISH"
|
||
],
|
||
"uuid": [
|
||
"8ae43c46-57ef-47d5-a77a-eebb35628db2"
|
||
]
|
||
},
|
||
"source": "https://github.com/mitre/cti",
|
||
"tag_id": "3008",
|
||
"tag_name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"value": "JHUHUGIT",
|
||
"version": "4"
|
||
},
|
||
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"default": false,
|
||
"description": "XTunnel a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.[[Citation: Crowdstrike DNC June 2016]][[Citation: Invincea XTunnel]][[Citation: ESET Sednit Part 2]]\n\nAliases: XTunnel, X-Tunnel, XAPS",
|
||
"distribution": "0",
|
||
"galaxy_id": "365",
|
||
"id": "41543",
|
||
"meta": {
|
||
"refs": [
|
||
"https://attack.mitre.org/wiki/Software/S0117",
|
||
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
|
||
"https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/",
|
||
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
|
||
],
|
||
"synonyms": [
|
||
"XTunnel",
|
||
"X-Tunnel",
|
||
"XAPS"
|
||
],
|
||
"uuid": [
|
||
"7343e208-7cab-45f2-a47b-41ba5e2f0fab"
|
||
]
|
||
},
|
||
"source": "https://github.com/mitre/cti",
|
||
"tag_id": "3009",
|
||
"tag_name": "misp-galaxy:mitre-malware=\"XTunnel\"",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"value": "XTunnel",
|
||
"version": "4"
|
||
},
|
||
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"default": false,
|
||
"description": "ADVSTORESHELL is a spying backdoor that has been used by APT28 from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase.[[Citation: Kaspersky Sofacy]][[Citation: ESET Sednit Part 2]]\n\nAliases: ADVSTORESHELL, NETUI, EVILTOSS, AZZY, Sedreco",
|
||
"distribution": "0",
|
||
"galaxy_id": "365",
|
||
"id": "41582",
|
||
"meta": {
|
||
"refs": [
|
||
"https://attack.mitre.org/wiki/Software/S0045",
|
||
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
|
||
"https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
|
||
],
|
||
"synonyms": [
|
||
"ADVSTORESHELL",
|
||
"NETUI",
|
||
"EVILTOSS",
|
||
"AZZY",
|
||
"Sedreco"
|
||
],
|
||
"uuid": [
|
||
"fb575479-14ef-41e9-bfab-0b7cf10bec73"
|
||
]
|
||
},
|
||
"source": "https://github.com/mitre/cti",
|
||
"tag_id": "3010",
|
||
"tag_name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"value": "ADVSTORESHELL",
|
||
"version": "4"
|
||
},
|
||
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"default": false,
|
||
"description": "USBStealer is malware that has used by APT28 since at least 2005 to extract information from air-gapped networks. It does not have the capability to communicate over the Internet and has been used in conjunction with ADVSTORESHELL.[[Citation: ESET Sednit USBStealer 2014]][[Citation: Kaspersky Sofacy]]\n\nAliases: USBStealer, USB Stealer, Win32/USBStealer",
|
||
"distribution": "0",
|
||
"galaxy_id": "365",
|
||
"id": "41549",
|
||
"meta": {
|
||
"refs": [
|
||
"https://attack.mitre.org/wiki/Software/S0136",
|
||
"http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/",
|
||
"https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
|
||
],
|
||
"synonyms": [
|
||
"USBStealer",
|
||
"USB Stealer",
|
||
"Win32/USBStealer"
|
||
],
|
||
"uuid": [
|
||
"af2ad3b7-ab6a-4807-91fd-51bcaff9acbb"
|
||
]
|
||
},
|
||
"source": "https://github.com/mitre/cti",
|
||
"tag_id": "3012",
|
||
"tag_name": "misp-galaxy:mitre-malware=\"USBStealer\"",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"value": "USBStealer",
|
||
"version": "4"
|
||
},
|
||
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"default": false,
|
||
"description": "is a trojan that has been used by APT28 on OS X and appears to be a port of their standard CHOPSTICK or XAgent trojan.[[Citation: XAgentOSX]]",
|
||
"distribution": "0",
|
||
"galaxy_id": "365",
|
||
"id": "41551",
|
||
"meta": {
|
||
"refs": [
|
||
"https://attack.mitre.org/wiki/Software/S0161",
|
||
"https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/"
|
||
],
|
||
"uuid": [
|
||
"5930509b-7793-4db9-bdfc-4edda7709d0d"
|
||
]
|
||
},
|
||
"source": "https://github.com/mitre/cti",
|
||
"tag_id": "3013",
|
||
"tag_name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"value": "XAgentOSX",
|
||
"version": "4"
|
||
},
|
||
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"default": false,
|
||
"description": "CHOPSTICK is malware family of modular backdoors used by APT28. It has been used from at least November 2012 to August 2016 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases.[[Citation: FireEye APT28]][[Citation: ESET Sednit Part 2]][[Citation: FireEye APT28 January 2017]]\n\nAliases: CHOPSTICK, SPLM, Xagent, X-Agent, webhp",
|
||
"distribution": "0",
|
||
"galaxy_id": "365",
|
||
"id": "41559",
|
||
"meta": {
|
||
"refs": [
|
||
"https://attack.mitre.org/wiki/Software/S0023",
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
|
||
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
|
||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf"
|
||
],
|
||
"synonyms": [
|
||
"CHOPSTICK",
|
||
"SPLM",
|
||
"Xagent",
|
||
"X-Agent",
|
||
"webhp"
|
||
],
|
||
"uuid": [
|
||
"ccd61dfc-b03f-4689-8c18-7c97eab08472"
|
||
]
|
||
},
|
||
"source": "https://github.com/mitre/cti",
|
||
"tag_id": "3014",
|
||
"tag_name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"value": "CHOPSTICK",
|
||
"version": "4"
|
||
},
|
||
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"default": false,
|
||
"description": "Downdelph is a first-stage downloader written in Delphi that has been used by APT28 in rare instances between 2013 and 2015.[[Citation: ESET Sednit Part 3]]\n\nAliases: Downdelph, Delphacy",
|
||
"distribution": "0",
|
||
"galaxy_id": "365",
|
||
"id": "41504",
|
||
"meta": {
|
||
"refs": [
|
||
"https://attack.mitre.org/wiki/Software/S0134",
|
||
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Downdelph",
|
||
"Delphacy"
|
||
],
|
||
"uuid": [
|
||
"08d20cd2-f084-45ee-8558-fa6ef5a18519"
|
||
]
|
||
},
|
||
"source": "https://github.com/mitre/cti",
|
||
"tag_id": "3016",
|
||
"tag_name": "misp-galaxy:mitre-malware=\"Downdelph\"",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"value": "Downdelph",
|
||
"version": "4"
|
||
}
|
||
],
|
||
"description": "Name of ATT&CK software",
|
||
"icon": "optin-monster",
|
||
"id": "365",
|
||
"name": "Malware",
|
||
"type": "mitre-malware",
|
||
"uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
|
||
"version": "4"
|
||
}
|
||
],
|
||
"Object": [
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188944",
|
||
"object_id": "1555",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936310",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd5b6-2850-435f-bd0d-4c62950d210f",
|
||
"value": "Bulletin.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188945",
|
||
"object_id": "1555",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936310",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd5b6-78a8-4e47-8333-4c62950d210f",
|
||
"value": "68064fc152e23d56e541714af52651cb4ba81aaf"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188946",
|
||
"object_id": "1555",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936310",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd5b6-23d8-43ba-8518-4c62950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.AX",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1555",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936310",
|
||
"uuid": "5a3cd5b6-9568-4342-b2ab-4c62950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188947",
|
||
"object_id": "1556",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936388",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd604-748c-4fc0-88bf-c170950d210f",
|
||
"value": "f3805382ae2e23ff1147301d131a06e00e4ff75f"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188948",
|
||
"object_id": "1556",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936388",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd604-6668-4469-a1c0-c170950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.CVE-2016-4117.A",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1556",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936388",
|
||
"uuid": "5a3cd604-e11c-4de5-bbbf-c170950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188949",
|
||
"object_id": "1557",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936531",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd693-dc40-445d-a4d7-4ae0950d210f",
|
||
"value": "OC_PSO_2017.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188950",
|
||
"object_id": "1557",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936531",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd693-8ffc-4d95-b522-4e84950d210f",
|
||
"value": "512bdfe937314ac3f195c462c395feeb36932971"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188951",
|
||
"object_id": "1557",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936531",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd693-a8f0-4aea-a834-4097950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.NUB",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1557",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936531",
|
||
"uuid": "5a3cd693-fd9c-4fcf-b69a-439c950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188952",
|
||
"object_id": "1558",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936578",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd6c2-d31c-40cc-bcc1-4458950d210f",
|
||
"value": "NASAMS.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188953",
|
||
"object_id": "1558",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936578",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd6c2-6a54-4b4c-8748-4c84950d210f",
|
||
"value": "30b3e8c0f3f3cf200daa21c267ffab3cad64e68b"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188954",
|
||
"object_id": "1558",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936578",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd6c2-1c68-45de-8325-464a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.NTR",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1558",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936578",
|
||
"uuid": "5a3cd6c2-d290-4787-910f-4e6d950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188955",
|
||
"object_id": "1559",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936718",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd74e-584c-45b9-8557-486d950d210f",
|
||
"value": "Programm_Details.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188956",
|
||
"object_id": "1559",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936718",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd74e-f334-4e6b-b37f-462f950d210f",
|
||
"value": "4173b29a251cd9c1cab135f67cb60acab4ace0c5"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188957",
|
||
"object_id": "1559",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936718",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd74e-5900-4fbf-85c6-4c81950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.NTO",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1559",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936718",
|
||
"uuid": "5a3cd74e-1504-40ff-9a28-4501950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188958",
|
||
"object_id": "1560",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936757",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd775-e8f4-465a-aca2-4c5a950d210f",
|
||
"value": "Operation_in_Mosul.rtf"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188959",
|
||
"object_id": "1560",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936757",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd775-1190-4db7-961a-4c5a950d210f",
|
||
"value": "12a37cfdd3f3671074dd5b0f354269cec028fb52"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188960",
|
||
"object_id": "1560",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936757",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd775-fa5c-4453-bcb0-4c5a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.NTR",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1560",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936757",
|
||
"uuid": "5a3cd775-e4cc-44bb-89b6-4c5a950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188961",
|
||
"object_id": "1561",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936943",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd82f-b918-4520-ba8b-5165950d210f",
|
||
"value": "ARM-NATO_ENGLISH_30_NOV_2016.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188962",
|
||
"object_id": "1561",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936943",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd82f-cae4-4209-9338-5165950d210f",
|
||
"value": "15201766bd964b7c405aeb11db81457220c31e46"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188963",
|
||
"object_id": "1561",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936943",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd82f-d91c-43af-8262-5165950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "SWF/Agent.L",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1561",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936943",
|
||
"uuid": "5a3cd82f-2788-4561-bbeb-5165950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188964",
|
||
"object_id": "1562",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936967",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd847-0aa0-4b5c-aa30-5165950d210f",
|
||
"value": "Olympic-Agenda-2020-20-20-Recommendations.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188965",
|
||
"object_id": "1562",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936967",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd847-593c-4985-8756-5165950d210f",
|
||
"value": "8078e411fbe33864dfd8f87ad5105cc1fd26d62e"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188966",
|
||
"object_id": "1562",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936967",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd847-1324-4fad-af60-5165950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.BL",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1562",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936967",
|
||
"uuid": "5a3cd847-b5a0-42f7-ac4b-5165950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188967",
|
||
"object_id": "1563",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936993",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd861-9350-40c1-ac29-4771950d210f",
|
||
"value": "Merry_Christmas!.docx"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188968",
|
||
"object_id": "1563",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936993",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd861-18ac-4cf0-b96f-4986950d210f",
|
||
"value": "33447383379ca99083442b852589111296f0c603"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188969",
|
||
"object_id": "1563",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513936993",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd861-cfbc-4096-baae-40e2950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.NUG",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1563",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513936993",
|
||
"uuid": "5a3cd861-65c0-4b69-9429-4f37950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188970",
|
||
"object_id": "1564",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937021",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd87d-fa9c-41aa-897f-49a5950d210f",
|
||
"value": "Trump’s_Attack_on_Syria_English.docx"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188971",
|
||
"object_id": "1564",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937021",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd87d-c630-4487-8336-4615950d210f",
|
||
"value": "d5235d136cfcadbef431eea7253d80bde414db9d"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188972",
|
||
"object_id": "1564",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937021",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd87d-8c98-4660-9026-44de950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.NWZ",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1564",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937021",
|
||
"uuid": "5a3cd87d-f514-4071-a5f7-4ec2950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188973",
|
||
"object_id": "1565",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937047",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd897-4cc0-48b0-bb2c-461f950d210f",
|
||
"value": "Hotel_Reservation_Form.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188974",
|
||
"object_id": "1565",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937047",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd897-fa64-466c-9421-49c5950d210f",
|
||
"value": "f293a2bfb728060c54efeeb03c5323893b5c80df"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188975",
|
||
"object_id": "1565",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937047",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd897-f020-44cf-8dfc-4225950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BN",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1565",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937046",
|
||
"uuid": "5a3cd896-f6cc-4e52-bcb2-442c950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188976",
|
||
"object_id": "1566",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937070",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd8ae-7194-48fd-810e-4c5a950d210f",
|
||
"value": "SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188977",
|
||
"object_id": "1566",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937071",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd8af-f39c-443c-bcf1-4c5a950d210f",
|
||
"value": "bb10ed5d59672fbc6178e35d0feac0562513e9f0"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188978",
|
||
"object_id": "1566",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937071",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd8af-b3ec-478a-b585-4c5a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BN",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1566",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937070",
|
||
"uuid": "5a3cd8ae-54d0-46bb-adbb-4c5a950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188979",
|
||
"object_id": "1567",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937083",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd8bb-74d8-4d19-ae08-4043950d210f",
|
||
"value": "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188980",
|
||
"object_id": "1567",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937083",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd8bb-77bc-4cc4-887f-429d950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1567",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937083",
|
||
"uuid": "5a3cd8bb-a704-4f1d-a235-444e950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188981",
|
||
"object_id": "1568",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937097",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd8c9-4d2c-4145-a637-4f13950d210f",
|
||
"value": "169c8f3e3d22e192c108bc95164d362ce5437465"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188982",
|
||
"object_id": "1568",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937097",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd8c9-7ff0-42f7-ae80-4eb6950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1568",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937097",
|
||
"uuid": "5a3cd8c9-6568-406a-853c-4862950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188983",
|
||
"object_id": "1569",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937116",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd8dc-48c0-4ea0-a67d-4734950d210f",
|
||
"value": "cc7607015cd7a1a4452acd3d87adabdd7e005bd7"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188984",
|
||
"object_id": "1569",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937116",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd8dc-9ed8-4a4d-9ceb-4daa950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BN",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1569",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937115",
|
||
"uuid": "5a3cd8db-2838-4466-a986-4afb950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188985",
|
||
"object_id": "1570",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937147",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd8fb-1efc-4059-ae7a-42f5950d210f",
|
||
"value": "Caucasian_Eagle_ENG.docx"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188986",
|
||
"object_id": "1570",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937147",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd8fb-9cec-4a30-8b2f-4441950d210f",
|
||
"value": "5d2c7d87995cc5b8184baba2c7a1900a48b2f42d"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188987",
|
||
"object_id": "1570",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937147",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd8fb-e52c-489b-8da5-43d1950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "Win32/Exploit.Agent.NTM",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1570",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937147",
|
||
"uuid": "5a3cd8fb-cd14-4b00-9710-430c950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188988",
|
||
"object_id": "1571",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937166",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd90e-5eb4-4069-b160-5276950d210f",
|
||
"value": "World War3.docx"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188989",
|
||
"object_id": "1571",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937166",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd90e-6d2c-4ffc-a699-5276950d210f",
|
||
"value": "7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188990",
|
||
"object_id": "1571",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937166",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd90e-28e8-410e-8033-5276950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "SWF/Exploit.CVE-2017-11292.A",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1571",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937166",
|
||
"uuid": "5a3cd90e-538c-4b7e-95dc-5276950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188991",
|
||
"object_id": "1572",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937191",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd927-e810-4d22-a0e4-4057950d210f",
|
||
"value": "SaberGuardian2017.docx"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188992",
|
||
"object_id": "1572",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937191",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd927-f284-43b9-83d1-473b950d210f",
|
||
"value": "68c2809560c7623d2307d8797691abf3eafe319a"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188993",
|
||
"object_id": "1572",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937191",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd927-b844-49f2-a1a9-4c85950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "VBA/DDE.E",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1572",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937191",
|
||
"uuid": "5a3cd927-e410-489c-abfc-4b63950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188994",
|
||
"object_id": "1573",
|
||
"object_relation": "filename",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937212",
|
||
"to_ids": true,
|
||
"type": "filename",
|
||
"uuid": "5a3cd93c-2438-4dda-823e-463d950d210f",
|
||
"value": "IsisAttackInNewYork.docx"
|
||
},
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188995",
|
||
"object_id": "1573",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937212",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cd93c-1ef0-4d81-9476-4655950d210f",
|
||
"value": "1c6c700ceebfbe799e115582665105caa03c5c9e"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188996",
|
||
"object_id": "1573",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937212",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cd93c-949c-40ac-9094-4a4a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"comment": "VBA/DDE.L",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1573",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937212",
|
||
"uuid": "5a3cd93c-716c-4918-a00f-4671950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188997",
|
||
"object_id": "1574",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937559",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cda97-7e58-4642-aaf5-c5ed950d210f",
|
||
"value": "6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188998",
|
||
"object_id": "1574",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937559",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cda97-6020-423d-9d23-c5ed950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
|
||
"value": "movieultimate.com"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "159",
|
||
"object_id": "1574",
|
||
"object_uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f",
|
||
"referenced_id": "1188759",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513937826",
|
||
"uuid": "5a3cdba2-2fdc-4f9a-a4eb-4dae950d210f"
|
||
}
|
||
],
|
||
"comment": "Win64/Sednit.Z",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1574",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513937826",
|
||
"uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1188999",
|
||
"object_id": "1575",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937864",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdbc8-0aac-4d8a-8c1f-4c5a950d210f",
|
||
"value": "e19f753e514f6adec8f81bcdefb9117979e69627"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189000",
|
||
"object_id": "1575",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937864",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdbc8-e204-4606-b9ea-4c5a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
|
||
"value": "meteost.com"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "160",
|
||
"object_id": "1575",
|
||
"object_uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
|
||
"referenced_id": "1188760",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938091",
|
||
"uuid": "5a3cdcab-8200-4c65-868e-42a9950d210f"
|
||
}
|
||
],
|
||
"comment": "Win64/Sednit.Z",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1575",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938091",
|
||
"uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189001",
|
||
"object_id": "1576",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937910",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdbf6-eca0-4c09-9bd0-4c59950d210f",
|
||
"value": "961468ddd3d0fa25beb8210c81ba620f9170ed30"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189002",
|
||
"object_id": "1576",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937910",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdbf6-acd8-4a36-a028-4c59950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
||
"value": "faststoragefiles.org"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "164",
|
||
"object_id": "1576",
|
||
"object_uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f",
|
||
"referenced_id": "1188761",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938210",
|
||
"uuid": "5a3cdd22-b7d8-4754-a108-4742950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BO",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1576",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938210",
|
||
"uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189003",
|
||
"object_id": "1577",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937929",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdc09-b428-4c0b-9969-c5ed950d210f",
|
||
"value": "a0719b50265505c8432616c0a4e14ed206981e95"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189004",
|
||
"object_id": "1577",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937929",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdc09-05d8-4356-ba52-c5ed950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
|
||
"value": "nethostnet.com"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "162",
|
||
"object_id": "1577",
|
||
"object_uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
|
||
"referenced_id": "1188762",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938169",
|
||
"uuid": "5a3cdcf9-d5a4-4c8e-a201-45b1950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BO",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1577",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938169",
|
||
"uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189005",
|
||
"object_id": "1578",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937953",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdc21-a170-4637-b139-4812950d210f",
|
||
"value": "2cf6436b99d11d9d1e0c488af518e35162ecbc9c"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189006",
|
||
"object_id": "1578",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937953",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdc21-3274-4800-9e91-41e2950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
||
"value": "faststoragefiles.org"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "165",
|
||
"object_id": "1578",
|
||
"object_uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f",
|
||
"referenced_id": "1188761",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938226",
|
||
"uuid": "5a3cdd32-3044-4895-8f18-4d06950d210f"
|
||
}
|
||
],
|
||
"comment": "Win64/Sednit.Y",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1578",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938226",
|
||
"uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189007",
|
||
"object_id": "1579",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937975",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdc37-cee0-43d0-9e20-4db6950d210f",
|
||
"value": "fec29b4f4dccc59770c65c128dfe4564d7c13d33"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189008",
|
||
"object_id": "1579",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937976",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdc38-ac24-44be-a1ed-4935950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
|
||
"value": "fsportal.net"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "163",
|
||
"object_id": "1579",
|
||
"object_uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f",
|
||
"referenced_id": "1188763",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938189",
|
||
"uuid": "5a3cdd0d-d990-42ba-830d-5156950d210f"
|
||
}
|
||
],
|
||
"comment": "Win64/Sednit.Y",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1579",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938190",
|
||
"uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189009",
|
||
"object_id": "1580",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937992",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdc48-c74c-4b6e-8202-5156950d210f",
|
||
"value": "57d7f3d31c491f8aef4665ca4dd905c3c8a98795"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189010",
|
||
"object_id": "1580",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513937992",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdc48-55dc-420e-9b5d-5156950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
|
||
"value": "fastdataexchange.org"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "161",
|
||
"object_id": "1580",
|
||
"object_uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f",
|
||
"referenced_id": "1188764",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938129",
|
||
"uuid": "5a3cdcd1-c6cc-43d8-a2f4-4681950d210f"
|
||
}
|
||
],
|
||
"comment": "Win64/Sednit.Z",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1580",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938129",
|
||
"uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189011",
|
||
"object_id": "1581",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513938011",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdc5b-54a8-4e60-bc67-4c5a950d210f",
|
||
"value": "a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189012",
|
||
"object_id": "1581",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513938011",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdc5b-b390-4183-aec7-4c5a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
|
||
"value": "newfilmts.com"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "168",
|
||
"object_id": "1581",
|
||
"object_uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f",
|
||
"referenced_id": "1188765",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938280",
|
||
"uuid": "5a3cdd68-7968-40d1-a0a9-5156950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BO",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1581",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938280",
|
||
"uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189013",
|
||
"object_id": "1582",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513938034",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3cdc72-ba30-4ecd-9d21-4654950d210f",
|
||
"value": "1958e722afd0dba266576922abc98aa505cf5f9a"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189014",
|
||
"object_id": "1582",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513938034",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3cdc72-0804-42c4-acfa-4ac5950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Attribute": {
|
||
"category": "Network activity",
|
||
"distribution": "5",
|
||
"sharing_group_id": "0",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
|
||
"value": "newfilmts.com"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "167",
|
||
"object_id": "1582",
|
||
"object_uuid": "5a3cdc72-1538-4c66-af46-427b950d210f",
|
||
"referenced_id": "1188765",
|
||
"referenced_type": "0",
|
||
"referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513938264",
|
||
"uuid": "5a3cdd58-9800-4bae-837c-4f20950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BO",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1582",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513938264",
|
||
"uuid": "5a3cdc72-1538-4c66-af46-427b950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189015",
|
||
"object_id": "1583",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939882",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce3aa-e104-481e-a7f4-4bc1950d210f",
|
||
"value": "9f6bed7d7f4728490117cbc85819c2e6c494251b"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189016",
|
||
"object_id": "1583",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939882",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce3aa-74fc-48c7-af40-4c6a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "173",
|
||
"object_id": "1583",
|
||
"object_uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
|
||
"referenced_id": "1592",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513947459",
|
||
"uuid": "5a3d0143-c300-4118-8afe-4a2d950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.AX",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1583",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948642",
|
||
"uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189017",
|
||
"object_id": "1584",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939907",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce3c3-6d9c-48f4-93db-4a61950d210f",
|
||
"value": "4bc722a9b0492a50bd86a1341f02c74c0d773db7"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189018",
|
||
"object_id": "1584",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939907",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce3c3-c38c-4e30-a904-4c8f950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "188",
|
||
"object_id": "1584",
|
||
"object_uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f",
|
||
"referenced_id": "1603",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948518",
|
||
"uuid": "5a3d0566-34fc-4a62-b2a5-4f91950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BS",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1584",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948535",
|
||
"uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189019",
|
||
"object_id": "1585",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939924",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce3d4-9168-4e23-8b64-485a950d210f",
|
||
"value": "ab354807e687993fbeb1b325eb6e4ab38d428a1e"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189020",
|
||
"object_id": "1585",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939924",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce3d4-27e0-4366-943f-4b9a950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "189",
|
||
"object_id": "1585",
|
||
"object_uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f",
|
||
"referenced_id": "1602",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948528",
|
||
"uuid": "5a3d0570-a86c-4264-a43a-4125950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BS",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1585",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948597",
|
||
"uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189021",
|
||
"object_id": "1586",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939946",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce3ea-8dbc-4cf4-997f-448b950d210f",
|
||
"value": "9c47ca3883196b3a84d67676a804ff50e22b0a9f"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189022",
|
||
"object_id": "1586",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939946",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce3ea-e714-444e-ad9b-40b0950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "190",
|
||
"object_id": "1586",
|
||
"object_uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f",
|
||
"referenced_id": "1601",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948614",
|
||
"uuid": "5a3d05c6-0618-4520-9549-48a0950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BR",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1586",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948626",
|
||
"uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189023",
|
||
"object_id": "1587",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939972",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce404-7bfc-4316-bd32-55ea950d210f",
|
||
"value": "8a68f26d01372114f660e32ac4c9117e5d0577f1"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189024",
|
||
"object_id": "1587",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939972",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce404-7224-4525-922a-55ea950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "182",
|
||
"object_id": "1587",
|
||
"object_uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f",
|
||
"referenced_id": "1600",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce680-90d4-478d-95db-48a6950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948044",
|
||
"uuid": "5a3d038c-1cc8-4d9c-87ab-c5ed950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BN",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1587",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948073",
|
||
"uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189025",
|
||
"object_id": "1588",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939991",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce417-62a4-4d46-9a87-55ea950d210f",
|
||
"value": "476fc1d31722ac26b46154cbf0c631d60268b28a"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189026",
|
||
"object_id": "1588",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513939991",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce417-43f0-494d-ac2e-55ea950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "187",
|
||
"object_id": "1588",
|
||
"object_uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f",
|
||
"referenced_id": "1599",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948483",
|
||
"uuid": "5a3d0543-8f74-4086-aafc-418a950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BN",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1588",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948498",
|
||
"uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189027",
|
||
"object_id": "1589",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940012",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce42c-836c-49e7-a9f3-4a5f950d210f",
|
||
"value": "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189028",
|
||
"object_id": "1589",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940012",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce42c-4c88-4940-94b8-4084950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "183",
|
||
"object_id": "1589",
|
||
"object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
||
"referenced_id": "1594",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce60a-6db8-4212-b194-4339950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948106",
|
||
"uuid": "5a3d03ca-2398-4060-b13c-404a950d210f"
|
||
},
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "184",
|
||
"object_id": "1589",
|
||
"object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
||
"referenced_id": "1595",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948117",
|
||
"uuid": "5a3d03d5-6d8c-4dfb-b193-4002950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BN",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1589",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948128",
|
||
"uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189029",
|
||
"object_id": "1590",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940027",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce43b-6738-4a14-a318-4d65950d210f",
|
||
"value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189030",
|
||
"object_id": "1590",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940027",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce43b-3a10-4d78-9ee2-485c950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "186",
|
||
"object_id": "1590",
|
||
"object_uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f",
|
||
"referenced_id": "1593",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513948320",
|
||
"uuid": "5a3d04a0-9d28-47c3-a12c-465b950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BG",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1590",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513948339",
|
||
"uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Payload delivery",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189031",
|
||
"object_id": "1591",
|
||
"object_relation": "sha1",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940042",
|
||
"to_ids": true,
|
||
"type": "sha1",
|
||
"uuid": "5a3ce44a-2ea4-4526-8bbc-c328950d210f",
|
||
"value": "6e167da3c5d887fa2e58da848a2245d11b6c5ad6"
|
||
},
|
||
{
|
||
"category": "Other",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": true,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189032",
|
||
"object_id": "1591",
|
||
"object_relation": "state",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940042",
|
||
"to_ids": false,
|
||
"type": "text",
|
||
"uuid": "5a3ce44a-5118-4142-97f0-c328950d210f",
|
||
"value": "Malicious"
|
||
}
|
||
],
|
||
"ObjectReference": [
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "170",
|
||
"object_id": "1591",
|
||
"object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
||
"referenced_id": "1597",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513940734",
|
||
"uuid": "5a3ce6fe-b0c4-44df-a609-419a950d210f"
|
||
},
|
||
{
|
||
"Object": {
|
||
"distribution": "5",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
|
||
},
|
||
"comment": "",
|
||
"deleted": false,
|
||
"event_id": "9747",
|
||
"id": "171",
|
||
"object_id": "1591",
|
||
"object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
||
"referenced_id": "1598",
|
||
"referenced_type": "1",
|
||
"referenced_uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f",
|
||
"relationship_type": "communicates-with",
|
||
"timestamp": "1513940753",
|
||
"uuid": "5a3ce711-a0dc-4dbe-b59e-495a950d210f"
|
||
}
|
||
],
|
||
"comment": "Win32/Sednit.BG",
|
||
"deleted": false,
|
||
"description": "File object describing a file with meta-information",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1591",
|
||
"meta-category": "file",
|
||
"name": "file",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
"template_version": "8",
|
||
"timestamp": "1513940753",
|
||
"uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189033",
|
||
"object_id": "1592",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940362",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce58a-fcd8-48d5-8b4a-4fd9950d210f",
|
||
"value": "87.236.211.182"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189034",
|
||
"object_id": "1592",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940362",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce58a-6e14-48ea-9746-48f2950d210f",
|
||
"value": "servicecdp.com"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1592",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940362",
|
||
"uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189035",
|
||
"object_id": "1593",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940472",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce5f8-99b4-41a2-915a-4bf8950d210f",
|
||
"value": "95.215.45.43"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189036",
|
||
"object_id": "1593",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940472",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce5f8-62c8-4f04-89c2-4aeb950d210f",
|
||
"value": "wmdmediacodecs.com"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1593",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940472",
|
||
"uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189037",
|
||
"object_id": "1594",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940490",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce60a-cc50-4553-bfff-4ea9950d210f",
|
||
"value": "89.45.67.144"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189038",
|
||
"object_id": "1594",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940491",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce60b-e648-4667-8432-4ba8950d210f",
|
||
"value": "mvband.net"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1594",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940490",
|
||
"uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189039",
|
||
"object_id": "1595",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940506",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce61a-4458-4c36-866e-44e9950d210f",
|
||
"value": "89.33.246.117"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189040",
|
||
"object_id": "1595",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940506",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce61a-f820-4a43-b3d9-47e5950d210f",
|
||
"value": "mvtband.net"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1595",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940506",
|
||
"uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189041",
|
||
"object_id": "1596",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940542",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce63e-66d4-483f-bae6-44f6950d210f",
|
||
"value": "87.236.211.182"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189042",
|
||
"object_id": "1596",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940542",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce63e-0d88-405b-82a9-43b5950d210f",
|
||
"value": "servicecdp.com"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1596",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940542",
|
||
"uuid": "5a3ce63e-0240-46f5-b9ed-4759950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189043",
|
||
"object_id": "1597",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940558",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce64e-d7a8-4817-a132-4c72950d210f",
|
||
"value": "185.156.173.70"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189044",
|
||
"object_id": "1597",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940558",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce64e-243c-4931-b733-403c950d210f",
|
||
"value": "runvercheck.com"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1597",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940558",
|
||
"uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189045",
|
||
"object_id": "1598",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940572",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce65c-bf78-4b78-bafd-4cf6950d210f",
|
||
"value": "191.101.31.96"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189046",
|
||
"object_id": "1598",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940572",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce65c-8140-4146-a927-45e4950d210f",
|
||
"value": "remsupport.org"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1598",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940572",
|
||
"uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189047",
|
||
"object_id": "1599",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940591",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce66f-150c-43ec-a3ff-4aa5950d210f",
|
||
"value": "89.187.150.44"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189048",
|
||
"object_id": "1599",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940591",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce66f-466c-478e-8064-4b42950d210f",
|
||
"value": "viters.org"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1599",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940590",
|
||
"uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189049",
|
||
"object_id": "1600",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940608",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce680-7b04-466d-b187-4301950d210f",
|
||
"value": "146.185.253.132"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189050",
|
||
"object_id": "1600",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940608",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce680-12f4-4001-9f86-4aa4950d210f",
|
||
"value": "myinvestgroup.com"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1600",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940608",
|
||
"uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189051",
|
||
"object_id": "1601",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940621",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce68d-0108-4557-8921-4377950d210f",
|
||
"value": "86.106.131.141"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189052",
|
||
"object_id": "1601",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940622",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce68e-54d0-4c67-8c4c-4dea950d210f",
|
||
"value": "space-delivery.com"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1601",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940621",
|
||
"uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189054",
|
||
"object_id": "1602",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940642",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce6a2-4a38-4b90-8d74-4f10950d210f",
|
||
"value": "89.34.111.160"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189055",
|
||
"object_id": "1602",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940642",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce6a2-ffa4-4afb-89ab-42a6950d210f",
|
||
"value": "satellitedeluxpanorama.com"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1602",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940641",
|
||
"uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
|
||
},
|
||
{
|
||
"Attribute": [
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189056",
|
||
"object_id": "1603",
|
||
"object_relation": "ip",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940654",
|
||
"to_ids": true,
|
||
"type": "ip-dst",
|
||
"uuid": "5a3ce6ae-601c-44b8-8eec-4a5f950d210f",
|
||
"value": "185.216.35.26"
|
||
},
|
||
{
|
||
"category": "Network activity",
|
||
"comment": "",
|
||
"deleted": false,
|
||
"disable_correlation": false,
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1189057",
|
||
"object_id": "1603",
|
||
"object_relation": "domain",
|
||
"sharing_group_id": "0",
|
||
"timestamp": "1513940654",
|
||
"to_ids": true,
|
||
"type": "domain",
|
||
"uuid": "5a3ce6ae-3b00-420a-82fd-45fb950d210f",
|
||
"value": "webviewres.net"
|
||
}
|
||
],
|
||
"comment": "",
|
||
"deleted": false,
|
||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
"distribution": "5",
|
||
"event_id": "9747",
|
||
"id": "1603",
|
||
"meta-category": "network",
|
||
"name": "domain-ip",
|
||
"sharing_group_id": "0",
|
||
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
"template_version": "5",
|
||
"timestamp": "1513940654",
|
||
"uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
|
||
}
|
||
],
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"RelatedEvent": [
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2017-12-14",
|
||
"distribution": "3",
|
||
"id": "9616",
|
||
"info": "OSINT - Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure",
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"published": false,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1513674510",
|
||
"uuid": "5a329d19-03e0-4eaa-8b4d-4310950d210f"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2017-12-07",
|
||
"distribution": "3",
|
||
"id": "9552",
|
||
"info": "OSINT - Master Channel: The Boleto Mestre Campaign Targets Brazil",
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"published": false,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1512657975",
|
||
"uuid": "5a2943a3-c574-44bb-8e68-45de950d210f"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"analysis": "0",
|
||
"date": "2017-11-27",
|
||
"distribution": "3",
|
||
"id": "9513",
|
||
"info": "OSINT - Tizi: Detecting and blocking socially engineered spyware on Android",
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"published": true,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1512356440",
|
||
"uuid": "5a23a972-e6a0-4a05-b505-4e8f02de0b81"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2017-11-07",
|
||
"distribution": "3",
|
||
"id": "9309",
|
||
"info": "OSINT - Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack",
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"published": true,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1511385862",
|
||
"uuid": "5a021bc2-8e0c-4ac5-b048-cc3e02de0b81"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "291",
|
||
"name": "NCSC-NL",
|
||
"uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
|
||
},
|
||
"Orgc": {
|
||
"id": "291",
|
||
"name": "NCSC-NL",
|
||
"uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2017-10-23",
|
||
"distribution": "3",
|
||
"id": "9208",
|
||
"info": "Talos: \"Cyber Conflict\" Decoy Document Used In Real Cyber Conflict",
|
||
"org_id": "291",
|
||
"orgc_id": "291",
|
||
"published": true,
|
||
"threat_level_id": "2",
|
||
"timestamp": "1510088616",
|
||
"uuid": "59ed9c81-6484-47a9-aab4-191d0a950b0c"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2017-08-11",
|
||
"distribution": "3",
|
||
"id": "8798",
|
||
"info": "OSINT - APT28 Targets Hospitality Sector, Presents Threat to Travelers",
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"published": true,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1502460096",
|
||
"uuid": "598db7fd-47a8-45f8-9414-408b02de0b81"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "231",
|
||
"name": "kingfisherops.com",
|
||
"uuid": "566ff5f4-7020-4089-9003-4374950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "204",
|
||
"name": "CERT-BUND",
|
||
"uuid": "56a64d7a-63dc-4471-bce9-4accc25ed029"
|
||
},
|
||
"analysis": "0",
|
||
"date": "2017-07-25",
|
||
"distribution": "3",
|
||
"id": "8750",
|
||
"info": "European Defence Agency lure drops mssuppa.dat",
|
||
"org_id": "231",
|
||
"orgc_id": "204",
|
||
"published": true,
|
||
"threat_level_id": "2",
|
||
"timestamp": "1500967989",
|
||
"uuid": "5976f294-a844-44fe-a4f0-6c67c25ed029"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "277",
|
||
"name": "inthreat.com",
|
||
"uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
|
||
},
|
||
"Orgc": {
|
||
"id": "277",
|
||
"name": "inthreat.com",
|
||
"uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2017-05-11",
|
||
"distribution": "3",
|
||
"id": "7820",
|
||
"info": "APT28-Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy",
|
||
"org_id": "277",
|
||
"orgc_id": "277",
|
||
"published": true,
|
||
"threat_level_id": "2",
|
||
"timestamp": "1494824291",
|
||
"uuid": "59147a22-3100-4779-9377-360395ca48b7"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2017-05-09",
|
||
"distribution": "3",
|
||
"id": "7801",
|
||
"info": "OSINT - EPS Processing Zero-Days Exploited by Multiple Threat Actors",
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"published": true,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1494354378",
|
||
"uuid": "59120865-27e0-4e6d-9b74-4a9f950d210f"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "2",
|
||
"name": "CIRCL",
|
||
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
},
|
||
"analysis": "0",
|
||
"date": "2016-12-29",
|
||
"distribution": "3",
|
||
"id": "5667",
|
||
"info": "OSINT - GRIZZLY STEPPE – Russian Malicious Cyber Activity",
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"published": true,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1494853878",
|
||
"uuid": "58658c15-54ac-43c3-9beb-414502de0b81"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "277",
|
||
"name": "inthreat.com",
|
||
"uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
|
||
},
|
||
"Orgc": {
|
||
"id": "277",
|
||
"name": "inthreat.com",
|
||
"uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-12-20",
|
||
"distribution": "1",
|
||
"id": "5616",
|
||
"info": "APT28-The Sofacy Group's DealersChoice Attacks Continue",
|
||
"org_id": "277",
|
||
"orgc_id": "277",
|
||
"published": true,
|
||
"threat_level_id": "2",
|
||
"timestamp": "1494829249",
|
||
"uuid": "58594faf-e98c-4c03-a58c-43cf95ca48b7"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "291",
|
||
"name": "NCSC-NL",
|
||
"uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
|
||
},
|
||
"Orgc": {
|
||
"id": "291",
|
||
"name": "NCSC-NL",
|
||
"uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
|
||
},
|
||
"analysis": "1",
|
||
"date": "2016-11-09",
|
||
"distribution": "3",
|
||
"id": "5348",
|
||
"info": "[APT-28/Sofacy]Pawn Storm Ramps Up [European Government] Spear-phishing Before Zero-Days Get Patched",
|
||
"org_id": "291",
|
||
"orgc_id": "291",
|
||
"published": true,
|
||
"threat_level_id": "1",
|
||
"timestamp": "1481709638",
|
||
"uuid": "582341ff-0830-4b32-aaba-08640a950b0c"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "74",
|
||
"name": "PwC.lu",
|
||
"uuid": "55f6ea61-4f74-40b6-a6df-4ff9950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "325",
|
||
"name": "CUDESO",
|
||
"uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-11-09",
|
||
"distribution": "3",
|
||
"id": "5641",
|
||
"info": "Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched",
|
||
"org_id": "74",
|
||
"orgc_id": "325",
|
||
"published": true,
|
||
"threat_level_id": "2",
|
||
"timestamp": "1478712711",
|
||
"uuid": "58235d0e-34d4-41c1-9a2e-04dcc0a8ab16"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "335",
|
||
"name": "Orange CERT-CC",
|
||
"uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "335",
|
||
"name": "Orange CERT-CC",
|
||
"uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
|
||
},
|
||
"analysis": "0",
|
||
"date": "2016-10-18",
|
||
"distribution": "0",
|
||
"id": "5163",
|
||
"info": "Orange-CERT-CC Test #01",
|
||
"org_id": "335",
|
||
"orgc_id": "335",
|
||
"published": false,
|
||
"threat_level_id": "3",
|
||
"timestamp": "1476782422",
|
||
"uuid": "5805e8a5-611c-498b-839b-bd57950d210f"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "278",
|
||
"name": "TDC.dk",
|
||
"uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "278",
|
||
"name": "TDC.dk",
|
||
"uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-10-17",
|
||
"distribution": "3",
|
||
"id": "5165",
|
||
"info": "OSINT: ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform",
|
||
"org_id": "278",
|
||
"orgc_id": "278",
|
||
"published": true,
|
||
"threat_level_id": "1",
|
||
"timestamp": "1476789563",
|
||
"uuid": "580602f6-f8b8-4ac3-9813-7bf7bce2ab96"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "412",
|
||
"name": "TS",
|
||
"uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
|
||
},
|
||
"Orgc": {
|
||
"id": "412",
|
||
"name": "TS",
|
||
"uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-08-19",
|
||
"distribution": "1",
|
||
"id": "4710",
|
||
"info": "bullettin.doc sample, linked to APT28 campaign",
|
||
"org_id": "412",
|
||
"orgc_id": "412",
|
||
"published": true,
|
||
"threat_level_id": "1",
|
||
"timestamp": "1476776982",
|
||
"uuid": "57b7248f-283c-442e-8e02-2d0f5b86d7e5"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "277",
|
||
"name": "inthreat.com",
|
||
"uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
|
||
},
|
||
"Orgc": {
|
||
"id": "277",
|
||
"name": "inthreat.com",
|
||
"uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-06-20",
|
||
"distribution": "3",
|
||
"id": "4172",
|
||
"info": "APT28 and APT29 - Inside the DNC Breaches",
|
||
"org_id": "277",
|
||
"orgc_id": "277",
|
||
"published": true,
|
||
"threat_level_id": "2",
|
||
"timestamp": "1494829231",
|
||
"uuid": "5767c102-c170-4124-ae3d-7bef95ca48b7"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "347",
|
||
"name": "incibe.es",
|
||
"uuid": "5720623c-129c-4989-ae9d-4a11950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "665",
|
||
"name": "INCIBE",
|
||
"uuid": "56fa4fe4-f528-4480-8332-1ba3c0a80a8c"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-06-16",
|
||
"distribution": "3",
|
||
"id": "6131",
|
||
"info": "New Sofacy (APT28) attacks against a US Government Agency",
|
||
"org_id": "347",
|
||
"orgc_id": "665",
|
||
"published": true,
|
||
"threat_level_id": "1",
|
||
"timestamp": "1488792538",
|
||
"uuid": "5762a86a-e314-4e4e-ba5a-51c5c0a80a8e"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "26",
|
||
"name": "CthulhuSPRL.be",
|
||
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "26",
|
||
"name": "CthulhuSPRL.be",
|
||
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-06-15",
|
||
"distribution": "3",
|
||
"id": "3987",
|
||
"info": "OSINT New Sofacy Attacks Against US Government Agency by Palo Alto Unit 42",
|
||
"org_id": "26",
|
||
"orgc_id": "26",
|
||
"published": true,
|
||
"threat_level_id": "1",
|
||
"timestamp": "1466000907",
|
||
"uuid": "57613790-f6b4-4895-943f-4467950d210f"
|
||
}
|
||
},
|
||
{
|
||
"Event": {
|
||
"Org": {
|
||
"id": "278",
|
||
"name": "TDC.dk",
|
||
"uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
|
||
},
|
||
"Orgc": {
|
||
"id": "325",
|
||
"name": "CUDESO",
|
||
"uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
|
||
},
|
||
"analysis": "2",
|
||
"date": "2016-06-14",
|
||
"distribution": "3",
|
||
"id": "4183",
|
||
"info": "New Sofacy Attacks Against US Government Agency",
|
||
"org_id": "278",
|
||
"orgc_id": "325",
|
||
"published": true,
|
||
"threat_level_id": "2",
|
||
"timestamp": "1467289109",
|
||
"uuid": "57607369-2490-444a-9034-049fc0a8ab16"
|
||
}
|
||
}
|
||
],
|
||
"Tag": [
|
||
{
|
||
"colour": "#00d622",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "2",
|
||
"name": "tlp:white",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#ef0081",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "2986",
|
||
"name": "workflow:state=\"incomplete\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#810046",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "2979",
|
||
"name": "workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#91004e",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "2980",
|
||
"name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#12e000",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "1100",
|
||
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3007",
|
||
"name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "2215",
|
||
"name": "misp-galaxy:tool=\"GAMEFISH\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3008",
|
||
"name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0c9900",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "1012",
|
||
"name": "misp-galaxy:tool=\"X-Tunnel\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3009",
|
||
"name": "misp-galaxy:mitre-malware=\"XTunnel\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3010",
|
||
"name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3011",
|
||
"name": "misp-galaxy:tool=\"EVILTOSS\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3012",
|
||
"name": "misp-galaxy:mitre-malware=\"USBStealer\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0c9800",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "1011",
|
||
"name": "misp-galaxy:tool=\"X-Agent\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3013",
|
||
"name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3014",
|
||
"name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3015",
|
||
"name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
|
||
"user_id": "0"
|
||
},
|
||
{
|
||
"colour": "#0088cc",
|
||
"exportable": true,
|
||
"hide_tag": false,
|
||
"id": "3016",
|
||
"name": "misp-galaxy:mitre-malware=\"Downdelph\"",
|
||
"user_id": "0"
|
||
}
|
||
],
|
||
"analysis": "0",
|
||
"attribute_count": "122",
|
||
"date": "2017-12-21",
|
||
"disable_correlation": false,
|
||
"distribution": "3",
|
||
"event_creator_email": "alexandre.dulaunoy@circl.lu",
|
||
"id": "9747",
|
||
"info": "OSINT - Sednit update: How Fancy Bear Spent the Year",
|
||
"locked": false,
|
||
"org_id": "2",
|
||
"orgc_id": "2",
|
||
"proposal_email_lock": false,
|
||
"publish_timestamp": "0",
|
||
"published": false,
|
||
"sharing_group_id": "0",
|
||
"threat_level_id": "3",
|
||
"timestamp": "1513948642",
|
||
"uuid": "5a3c2fcd-8328-42bb-a95e-4f4402de0b81"
|
||
}
|