pymisp 2.5.4__py3-none-any.whl → 2.5.7__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (158) hide show
  1. CHANGELOG.txt +5380 -0
  2. examples/__init__.py +0 -0
  3. examples/add_attributes_from_csv.py +74 -0
  4. examples/add_email_object.py +29 -0
  5. examples/add_fail2ban_object.py +86 -0
  6. examples/add_feed.py +25 -0
  7. examples/add_file_object.py +47 -0
  8. examples/add_filetype_object_from_csv.py +53 -0
  9. examples/add_generic_object.py +26 -0
  10. examples/add_github_user.py +65 -0
  11. examples/add_gitlab_user.py +56 -0
  12. examples/add_named_attribute.py +25 -0
  13. examples/add_organisations.py +57 -0
  14. examples/add_ssh_authorized_keys.py +29 -0
  15. examples/add_user.py +22 -0
  16. examples/add_vehicle_object.py +22 -0
  17. examples/addtag2.py +45 -0
  18. examples/asciidoc_generator.py +114 -0
  19. examples/cache_all.py +10 -0
  20. examples/copyTagsFromAttributesToEvent.py +68 -0
  21. examples/copy_list.py +93 -0
  22. examples/create_events.py +26 -0
  23. examples/cytomic_orion.py +549 -0
  24. examples/del.py +22 -0
  25. examples/delete_user.py +16 -0
  26. examples/edit_organisation.py +20 -0
  27. examples/edit_user.py +20 -0
  28. examples/falsepositive_disabletoids.py +136 -0
  29. examples/fetch_events_feed.py +15 -0
  30. examples/fetch_warninglist_hits.py +38 -0
  31. examples/freetext.py +22 -0
  32. examples/generate_file_objects.py +78 -0
  33. examples/generate_meta_feed.py +15 -0
  34. examples/get.py +37 -0
  35. examples/get_csv.py +37 -0
  36. examples/get_network_activity.py +187 -0
  37. examples/last.py +48 -0
  38. examples/load_csv.py +94 -0
  39. examples/lookup.py +28 -0
  40. examples/misp2cef.py +71 -0
  41. examples/misp2clamav.py +52 -0
  42. examples/openioc_to_misp.py +27 -0
  43. examples/proofpoint_tap.py +203 -0
  44. examples/proofpoint_vap.py +65 -0
  45. examples/search.py +48 -0
  46. examples/search_attributes_yara.py +40 -0
  47. examples/search_sighting.py +42 -0
  48. examples/server_sync_check_conn.py +32 -0
  49. examples/sharing_groups.py +15 -0
  50. examples/show_sightings.py +168 -0
  51. examples/stats_report.py +405 -0
  52. examples/sync_sighting.py +171 -0
  53. examples/tags.py +25 -0
  54. examples/test_sign.py +19 -0
  55. examples/trustar_misp.py +59 -0
  56. examples/up.py +21 -0
  57. examples/upload.py +60 -0
  58. examples/users_list.py +15 -0
  59. examples/vmray_automation.py +281 -0
  60. examples/vt_to_misp.py +182 -0
  61. examples/warninglists.py +22 -0
  62. examples/yara.py +38 -0
  63. examples/yara_dump.py +98 -0
  64. pymisp/api.py +33 -5
  65. pymisp/data/misp-objects/objects/instagram-account/definition.json +66 -0
  66. pymisp/data/misp-objects/objects/lnk/definition.json +13 -1
  67. pymisp/data/misp-objects/objects/rmm/definition.json +88 -0
  68. pymisp/data/misp-objects/objects/target-system/definition.json +2 -2
  69. pymisp/data/misp-objects/schema_objects.json +1 -1
  70. pymisp/mispevent.py +8 -0
  71. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/METADATA +23 -28
  72. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/RECORD +140 -27
  73. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/WHEEL +1 -1
  74. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +1 -0
  75. tests/__init__.py +0 -0
  76. tests/csv_testfiles/invalid_fieldnames.csv +11 -0
  77. tests/csv_testfiles/valid_fieldnames.csv +4 -0
  78. tests/email_testfiles/mail_1.eml.zip +0 -0
  79. tests/email_testfiles/mail_1.msg +0 -0
  80. tests/email_testfiles/mail_1_bom.eml +858 -0
  81. tests/email_testfiles/mail_1_headers_only.eml +28 -0
  82. tests/email_testfiles/mail_2.eml +32 -0
  83. tests/email_testfiles/mail_3.eml +170 -0
  84. tests/email_testfiles/mail_3.msg +0 -0
  85. tests/email_testfiles/mail_4.msg +0 -0
  86. tests/email_testfiles/mail_5.msg +0 -0
  87. tests/email_testfiles/mail_multiple_to.eml +15 -0
  88. tests/email_testfiles/source +1 -0
  89. tests/git-vuln-finder-quagga.json +1493 -0
  90. tests/misp_event.json +76 -0
  91. tests/mispevent_testfiles/attribute.json +21 -0
  92. tests/mispevent_testfiles/attribute_del.json +23 -0
  93. tests/mispevent_testfiles/def_param.json +53 -0
  94. tests/mispevent_testfiles/event.json +8 -0
  95. tests/mispevent_testfiles/event_obj_attr_tag.json +57 -0
  96. tests/mispevent_testfiles/event_obj_def_param.json +62 -0
  97. tests/mispevent_testfiles/event_obj_tag.json +29 -0
  98. tests/mispevent_testfiles/event_tags.json +18 -0
  99. tests/mispevent_testfiles/existing_event.json +4599 -0
  100. tests/mispevent_testfiles/existing_event_edited.json +4601 -0
  101. tests/mispevent_testfiles/galaxy.json +25 -0
  102. tests/mispevent_testfiles/malware.json +19 -0
  103. tests/mispevent_testfiles/malware_exist.json +163 -0
  104. tests/mispevent_testfiles/misp_custom_obj.json +38 -0
  105. tests/mispevent_testfiles/overwrite_file/definition.json +457 -0
  106. tests/mispevent_testfiles/proposals.json +35 -0
  107. tests/mispevent_testfiles/shadow.json +148 -0
  108. tests/mispevent_testfiles/sighting.json +5 -0
  109. tests/mispevent_testfiles/simple.json +2 -0
  110. tests/mispevent_testfiles/test_object_template/definition.json +29 -0
  111. tests/new_misp_event.json +34 -0
  112. tests/reportlab_testfiles/HTML_event.json +1 -0
  113. tests/reportlab_testfiles/galaxy_1.json +1250 -0
  114. tests/reportlab_testfiles/image_event.json +2490 -0
  115. tests/reportlab_testfiles/japanese_test.json +156 -0
  116. tests/reportlab_testfiles/japanese_test_heavy.json +318 -0
  117. tests/reportlab_testfiles/long_event.json +3730 -0
  118. tests/reportlab_testfiles/mainly_objects_1.json +1092 -0
  119. tests/reportlab_testfiles/mainly_objects_2.json +977 -0
  120. tests/reportlab_testfiles/sighting_1.json +305 -0
  121. tests/reportlab_testfiles/sighting_2.json +221 -0
  122. tests/reportlab_testfiles/to_delete1.json +804 -0
  123. tests/reportlab_testfiles/to_delete2.json +1 -0
  124. tests/reportlab_testfiles/to_delete3.json +1 -0
  125. tests/reportlab_testfiles/very_long_event.json +1006 -0
  126. tests/reportlab_testoutputs/to_delete1.json.pdf +391 -0
  127. tests/reportlab_testoutputs/to_delete2.json.pdf +506 -0
  128. tests/reportlab_testoutputs/to_delete3.json.pdf +277 -0
  129. tests/search_index_result.json +69 -0
  130. tests/sharing_groups.json +98 -0
  131. tests/stix1.xml-utf8 +110 -0
  132. tests/stix2.json +1 -0
  133. tests/test_analyst_data.py +123 -0
  134. tests/test_emailobject.py +157 -0
  135. tests/test_fileobject.py +20 -0
  136. tests/test_mispevent.py +473 -0
  137. tests/test_reportlab.py +431 -0
  138. tests/testlive_comprehensive.py +3734 -0
  139. tests/testlive_sync.py +474 -0
  140. pymisp/data/misp-objects/.git +0 -1
  141. pymisp/data/misp-objects/.gitchangelog.rc +0 -289
  142. pymisp/data/misp-objects/.github/workflows/codeql.yml +0 -41
  143. pymisp/data/misp-objects/.github/workflows/nosetests.yml +0 -39
  144. pymisp/data/misp-objects/.travis.yml +0 -16
  145. pymisp/data/misp-objects/LICENSE-software-only.md +0 -661
  146. pymisp/data/misp-objects/LICENSE.md +0 -36
  147. pymisp/data/misp-objects/README.md +0 -567
  148. pymisp/data/misp-objects/docs/time-related-objects.ods +0 -0
  149. pymisp/data/misp-objects/docs/time-related-objects.pdf +0 -0
  150. pymisp/data/misp-objects/jq_all_the_things.sh +0 -29
  151. pymisp/data/misp-objects/tools/adoc_objects.py +0 -145
  152. pymisp/data/misp-objects/tools/alfred_links_to_relarelationships.py +0 -48
  153. pymisp/data/misp-objects/tools/list_of_objects.py +0 -50
  154. pymisp/data/misp-objects/tools/updated.sh +0 -6
  155. pymisp/data/misp-objects/tools/validate_opposites.sh +0 -17
  156. pymisp/data/misp-objects/unique_uuid.py +0 -16
  157. pymisp/data/misp-objects/validate_all.sh +0 -38
  158. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/LICENSE +0 -0
tests/mispevent_testfiles/existing_event.json ADDED
@@ -0,0 +1,4599 @@
1
+ {
2
+ "Attribute": [
3
+ {
4
+ "Tag": [
5
+ {
6
+ "colour": "#00223b",
7
+ "exportable": true,
8
+ "hide_tag": false,
9
+ "id": "101",
10
+ "name": "osint:source-type=\"blog-post\"",
11
+ "user_id": "0"
12
+ },
13
+ {
14
+ "colour": "#007cd6",
15
+ "exportable": true,
16
+ "hide_tag": false,
17
+ "id": "618",
18
+ "name": "osint:certainty=\"93\"",
19
+ "user_id": "0"
20
+ }
21
+ ],
22
+ "category": "External analysis",
23
+ "comment": "",
24
+ "deleted": false,
25
+ "disable_correlation": false,
26
+ "distribution": "5",
27
+ "event_id": "9747",
28
+ "id": "1188757",
29
+ "object_id": "0",
30
+ "sharing_group_id": "0",
31
+ "timestamp": "1513893921",
32
+ "to_ids": false,
33
+ "type": "link",
34
+ "uuid": "5a3c2fda-78f4-44b7-8366-46da02de0b81",
35
+ "value": "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
36
+ },
37
+ {
38
+ "Tag": [
39
+ {
40
+ "colour": "#00223b",
41
+ "exportable": true,
42
+ "hide_tag": false,
43
+ "id": "101",
44
+ "name": "osint:source-type=\"blog-post\"",
45
+ "user_id": "0"
46
+ },
47
+ {
48
+ "colour": "#007cd6",
49
+ "exportable": true,
50
+ "hide_tag": false,
51
+ "id": "618",
52
+ "name": "osint:certainty=\"93\"",
53
+ "user_id": "0"
54
+ }
55
+ ],
56
+ "category": "External analysis",
57
+ "comment": "",
58
+ "deleted": false,
59
+ "disable_correlation": false,
60
+ "distribution": "5",
61
+ "event_id": "9747",
62
+ "id": "1188758",
63
+ "object_id": "0",
64
+ "sharing_group_id": "0",
65
+ "timestamp": "1513893921",
66
+ "to_ids": false,
67
+ "type": "text",
68
+ "uuid": "5a3c2fee-7c8c-438a-8f7f-465402de0b81",
69
+ "value": "The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET’s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit’s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group’s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
70
+ },
71
+ {
72
+ "category": "Network activity",
73
+ "comment": "Xagent Samples",
74
+ "deleted": false,
75
+ "disable_correlation": false,
76
+ "distribution": "5",
77
+ "event_id": "9747",
78
+ "id": "1188759",
79
+ "object_id": "0",
80
+ "sharing_group_id": "0",
81
+ "timestamp": "1513893957",
82
+ "to_ids": true,
83
+ "type": "domain",
84
+ "uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
85
+ "value": "movieultimate.com"
86
+ },
87
+ {
88
+ "category": "Network activity",
89
+ "comment": "Xagent Samples",
90
+ "deleted": false,
91
+ "disable_correlation": false,
92
+ "distribution": "5",
93
+ "event_id": "9747",
94
+ "id": "1188760",
95
+ "object_id": "0",
96
+ "sharing_group_id": "0",
97
+ "timestamp": "1513893957",
98
+ "to_ids": true,
99
+ "type": "domain",
100
+ "uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
101
+ "value": "meteost.com"
102
+ },
103
+ {
104
+ "category": "Network activity",
105
+ "comment": "Xagent Samples",
106
+ "deleted": false,
107
+ "disable_correlation": false,
108
+ "distribution": "5",
109
+ "event_id": "9747",
110
+ "id": "1188761",
111
+ "object_id": "0",
112
+ "sharing_group_id": "0",
113
+ "timestamp": "1513893957",
114
+ "to_ids": true,
115
+ "type": "domain",
116
+ "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
117
+ "value": "faststoragefiles.org"
118
+ },
119
+ {
120
+ "category": "Network activity",
121
+ "comment": "Xagent Samples",
122
+ "deleted": false,
123
+ "disable_correlation": false,
124
+ "distribution": "5",
125
+ "event_id": "9747",
126
+ "id": "1188762",
127
+ "object_id": "0",
128
+ "sharing_group_id": "0",
129
+ "timestamp": "1513893957",
130
+ "to_ids": true,
131
+ "type": "domain",
132
+ "uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
133
+ "value": "nethostnet.com"
134
+ },
135
+ {
136
+ "category": "Network activity",
137
+ "comment": "Xagent Samples",
138
+ "deleted": false,
139
+ "disable_correlation": false,
140
+ "distribution": "5",
141
+ "event_id": "9747",
142
+ "id": "1188763",
143
+ "object_id": "0",
144
+ "sharing_group_id": "0",
145
+ "timestamp": "1513893957",
146
+ "to_ids": true,
147
+ "type": "domain",
148
+ "uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
149
+ "value": "fsportal.net"
150
+ },
151
+ {
152
+ "category": "Network activity",
153
+ "comment": "Xagent Samples",
154
+ "deleted": false,
155
+ "disable_correlation": false,
156
+ "distribution": "5",
157
+ "event_id": "9747",
158
+ "id": "1188764",
159
+ "object_id": "0",
160
+ "sharing_group_id": "0",
161
+ "timestamp": "1513893957",
162
+ "to_ids": true,
163
+ "type": "domain",
164
+ "uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
165
+ "value": "fastdataexchange.org"
166
+ },
167
+ {
168
+ "category": "Network activity",
169
+ "comment": "Xagent Samples",
170
+ "deleted": false,
171
+ "disable_correlation": false,
172
+ "distribution": "5",
173
+ "event_id": "9747",
174
+ "id": "1188765",
175
+ "object_id": "0",
176
+ "sharing_group_id": "0",
177
+ "timestamp": "1513893957",
178
+ "to_ids": true,
179
+ "type": "domain",
180
+ "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
181
+ "value": "newfilmts.com"
182
+ }
183
+ ],
184
+ "Galaxy": [
185
+ {
186
+ "GalaxyCluster": [
187
+ {
188
+ "authors": [
189
+ "Alexandre Dulaunoy",
190
+ "Florian Roth",
191
+ "Thomas Schreck",
192
+ "Timo Steffens",
193
+ "Various"
194
+ ],
195
+ "default": false,
196
+ "description": "The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.",
197
+ "distribution": "0",
198
+ "galaxy_id": "366",
199
+ "id": "45563",
200
+ "meta": {
201
+ "country": [
202
+ "RU"
203
+ ],
204
+ "refs": [
205
+ "https://en.wikipedia.org/wiki/Sofacy_Group",
206
+ "https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf",
207
+ "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf",
208
+ "https://www2.fireeye.com/rs/848-DID-242/images/wp-mandiant-matryoshka-mining.pdf",
209
+ "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
210
+ "http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/"
211
+ ],
212
+ "synonyms": [
213
+ "APT 28",
214
+ "APT28",
215
+ "Pawn Storm",
216
+ "Fancy Bear",
217
+ "Sednit",
218
+ "TsarTeam",
219
+ "TG-4127",
220
+ "Group-4127",
221
+ "STRONTIUM",
222
+ "TAG_0700",
223
+ "Swallowtail",
224
+ "IRON TWILIGHT",
225
+ "Group 74"
226
+ ]
227
+ },
228
+ "source": "MISP Project",
229
+ "tag_id": "1100",
230
+ "tag_name": "misp-galaxy:threat-actor=\"Sofacy\"",
231
+ "type": "threat-actor",
232
+ "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
233
+ "value": "Sofacy",
234
+ "version": "30"
235
+ }
236
+ ],
237
+ "description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
238
+ "icon": "user-secret",
239
+ "id": "366",
240
+ "name": "Threat Actor",
241
+ "type": "threat-actor",
242
+ "uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3",
243
+ "version": "2"
244
+ },
245
+ {
246
+ "GalaxyCluster": [
247
+ {
248
+ "authors": [
249
+ "Kafeine",
250
+ "Will Metcalf",
251
+ "KahuSecurity"
252
+ ],
253
+ "default": false,
254
+ "description": "Sednit EK is the exploit kit used by APT28",
255
+ "distribution": "0",
256
+ "galaxy_id": "370",
257
+ "id": "38813",
258
+ "meta": {
259
+ "refs": [
260
+ "http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/",
261
+ "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
262
+ ],
263
+ "status": [
264
+ "Active"
265
+ ]
266
+ },
267
+ "source": "MISP Project",
268
+ "tag_id": "3007",
269
+ "tag_name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
270
+ "type": "exploit-kit",
271
+ "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
272
+ "value": "Sednit EK",
273
+ "version": "5"
274
+ },
275
+ {
276
+ "authors": [
277
+ "Kafeine",
278
+ "Will Metcalf",
279
+ "KahuSecurity"
280
+ ],
281
+ "default": false,
282
+ "description": "DealersChoice is a Flash Player Exploit platform triggered by RTF",
283
+ "distribution": "0",
284
+ "galaxy_id": "370",
285
+ "id": "38805",
286
+ "meta": {
287
+ "refs": [
288
+ "http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/",
289
+ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/"
290
+ ],
291
+ "status": [
292
+ "Active"
293
+ ],
294
+ "synonyms": [
295
+ "Sednit RTF EK"
296
+ ]
297
+ },
298
+ "source": "MISP Project",
299
+ "tag_id": "3015",
300
+ "tag_name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
301
+ "type": "exploit-kit",
302
+ "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
303
+ "value": "DealersChoice",
304
+ "version": "5"
305
+ }
306
+ ],
307
+ "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
308
+ "icon": "internet-explorer",
309
+ "id": "370",
310
+ "name": "Exploit-Kit",
311
+ "type": "exploit-kit",
312
+ "uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01",
313
+ "version": "3"
314
+ },
315
+ {
316
+ "GalaxyCluster": [
317
+ {
318
+ "authors": [
319
+ "Alexandre Dulaunoy",
320
+ "Florian Roth",
321
+ "Timo Steffens",
322
+ "Christophe Vandeplas"
323
+ ],
324
+ "default": false,
325
+ "description": "backdoor",
326
+ "distribution": "0",
327
+ "galaxy_id": "367",
328
+ "id": "46592",
329
+ "meta": {
330
+ "refs": [
331
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
332
+ ],
333
+ "synonyms": [
334
+ "Sednit",
335
+ "Seduploader",
336
+ "JHUHUGIT",
337
+ "Sofacy"
338
+ ],
339
+ "type": [
340
+ "Backdoor"
341
+ ]
342
+ },
343
+ "source": "MISP Project",
344
+ "tag_id": "2215",
345
+ "tag_name": "misp-galaxy:tool=\"GAMEFISH\"",
346
+ "type": "tool",
347
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
348
+ "value": "GAMEFISH",
349
+ "version": "45"
350
+ },
351
+ {
352
+ "authors": [
353
+ "Alexandre Dulaunoy",
354
+ "Florian Roth",
355
+ "Timo Steffens",
356
+ "Christophe Vandeplas"
357
+ ],
358
+ "default": false,
359
+ "description": "",
360
+ "distribution": "0",
361
+ "galaxy_id": "367",
362
+ "id": "46670",
363
+ "meta": {
364
+ "synonyms": [
365
+ "XTunnel"
366
+ ]
367
+ },
368
+ "source": "MISP Project",
369
+ "tag_id": "1012",
370
+ "tag_name": "misp-galaxy:tool=\"X-Tunnel\"",
371
+ "type": "tool",
372
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
373
+ "value": "X-Tunnel",
374
+ "version": "45"
375
+ },
376
+ {
377
+ "authors": [
378
+ "Alexandre Dulaunoy",
379
+ "Florian Roth",
380
+ "Timo Steffens",
381
+ "Christophe Vandeplas"
382
+ ],
383
+ "default": false,
384
+ "description": "backdoor used by apt28\n\nSedreco serves as a spying backdoor; its functionalities can be extended with dynamically loaded plugins. It is made up of two distinct components: a dropper and the persistent payload installed by this dropper. We have not seen this component since April 2016.",
385
+ "distribution": "0",
386
+ "galaxy_id": "367",
387
+ "id": "46591",
388
+ "meta": {
389
+ "possible_issues": [
390
+ "Report tells that is could be Xagent alias (Java Rat)"
391
+ ],
392
+ "refs": [
393
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
394
+ ],
395
+ "synonyms": [
396
+ "Sedreco",
397
+ "AZZY",
398
+ "ADVSTORESHELL",
399
+ "NETUI"
400
+ ],
401
+ "type": [
402
+ "Backdoor"
403
+ ]
404
+ },
405
+ "source": "MISP Project",
406
+ "tag_id": "3011",
407
+ "tag_name": "misp-galaxy:tool=\"EVILTOSS\"",
408
+ "type": "tool",
409
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
410
+ "value": "EVILTOSS",
411
+ "version": "45"
412
+ },
413
+ {
414
+ "authors": [
415
+ "Alexandre Dulaunoy",
416
+ "Florian Roth",
417
+ "Timo Steffens",
418
+ "Christophe Vandeplas"
419
+ ],
420
+ "default": false,
421
+ "description": "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.\n\nXagent is a modular backdoor with spying functionalities such as keystroke logging and file exfiltration. Xagent is the group’s flagship backdoor and heavily used in their operations. Early versions for Linux and Windows were seen years ago, then in 2015 an iOS version came out. One year later, an Android version was discovered and finally, in the beginning of 2017, an Xagent sample for OS X was described.",
422
+ "distribution": "0",
423
+ "galaxy_id": "367",
424
+ "id": "46669",
425
+ "meta": {
426
+ "refs": [
427
+ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/",
428
+ "https://app.box.com/s/l7n781ig6n8wlf1aff5hgwbh4qoi5jqq",
429
+ "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
430
+ ],
431
+ "synonyms": [
432
+ "XAgent"
433
+ ],
434
+ "type": [
435
+ "Backdoor"
436
+ ]
437
+ },
438
+ "source": "MISP Project",
439
+ "tag_id": "1011",
440
+ "tag_name": "misp-galaxy:tool=\"X-Agent\"",
441
+ "type": "tool",
442
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
443
+ "value": "X-Agent",
444
+ "version": "45"
445
+ }
446
+ ],
447
+ "description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
448
+ "icon": "optin-monster",
449
+ "id": "367",
450
+ "name": "Tool",
451
+ "type": "tool",
452
+ "uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b",
453
+ "version": "2"
454
+ },
455
+ {
456
+ "GalaxyCluster": [
457
+ {
458
+ "authors": [
459
+ "MITRE"
460
+ ],
461
+ "default": false,
462
+ "description": "JHUHUGIT is malware used by APT28. It is based on Carberp source code and serves as reconnaissance malware.[[Citation: Kaspersky Sofacy]][[Citation: F-Secure Sofacy 2015]][[Citation: ESET Sednit Part 1]][[Citation: FireEye APT28 January 2017]]\n\nAliases: JHUHUGIT, Seduploader, JKEYSKW, Sednit, GAMEFISH",
463
+ "distribution": "0",
464
+ "galaxy_id": "365",
465
+ "id": "41618",
466
+ "meta": {
467
+ "refs": [
468
+ "https://attack.mitre.org/wiki/Software/S0044",
469
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf",
470
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
471
+ "https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/",
472
+ "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
473
+ ],
474
+ "synonyms": [
475
+ "JHUHUGIT",
476
+ "Seduploader",
477
+ "JKEYSKW",
478
+ "Sednit",
479
+ "GAMEFISH"
480
+ ],
481
+ "uuid": [
482
+ "8ae43c46-57ef-47d5-a77a-eebb35628db2"
483
+ ]
484
+ },
485
+ "source": "https://github.com/mitre/cti",
486
+ "tag_id": "3008",
487
+ "tag_name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
488
+ "type": "mitre-malware",
489
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
490
+ "value": "JHUHUGIT",
491
+ "version": "4"
492
+ },
493
+ {
494
+ "authors": [
495
+ "MITRE"
496
+ ],
497
+ "default": false,
498
+ "description": "XTunnel a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.[[Citation: Crowdstrike DNC June 2016]][[Citation: Invincea XTunnel]][[Citation: ESET Sednit Part 2]]\n\nAliases: XTunnel, X-Tunnel, XAPS",
499
+ "distribution": "0",
500
+ "galaxy_id": "365",
501
+ "id": "41543",
502
+ "meta": {
503
+ "refs": [
504
+ "https://attack.mitre.org/wiki/Software/S0117",
505
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
506
+ "https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/",
507
+ "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
508
+ ],
509
+ "synonyms": [
510
+ "XTunnel",
511
+ "X-Tunnel",
512
+ "XAPS"
513
+ ],
514
+ "uuid": [
515
+ "7343e208-7cab-45f2-a47b-41ba5e2f0fab"
516
+ ]
517
+ },
518
+ "source": "https://github.com/mitre/cti",
519
+ "tag_id": "3009",
520
+ "tag_name": "misp-galaxy:mitre-malware=\"XTunnel\"",
521
+ "type": "mitre-malware",
522
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
523
+ "value": "XTunnel",
524
+ "version": "4"
525
+ },
526
+ {
527
+ "authors": [
528
+ "MITRE"
529
+ ],
530
+ "default": false,
531
+ "description": "ADVSTORESHELL is a spying backdoor that has been used by APT28 from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase.[[Citation: Kaspersky Sofacy]][[Citation: ESET Sednit Part 2]]\n\nAliases: ADVSTORESHELL, NETUI, EVILTOSS, AZZY, Sedreco",
532
+ "distribution": "0",
533
+ "galaxy_id": "365",
534
+ "id": "41582",
535
+ "meta": {
536
+ "refs": [
537
+ "https://attack.mitre.org/wiki/Software/S0045",
538
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
539
+ "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
540
+ ],
541
+ "synonyms": [
542
+ "ADVSTORESHELL",
543
+ "NETUI",
544
+ "EVILTOSS",
545
+ "AZZY",
546
+ "Sedreco"
547
+ ],
548
+ "uuid": [
549
+ "fb575479-14ef-41e9-bfab-0b7cf10bec73"
550
+ ]
551
+ },
552
+ "source": "https://github.com/mitre/cti",
553
+ "tag_id": "3010",
554
+ "tag_name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
555
+ "type": "mitre-malware",
556
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
557
+ "value": "ADVSTORESHELL",
558
+ "version": "4"
559
+ },
560
+ {
561
+ "authors": [
562
+ "MITRE"
563
+ ],
564
+ "default": false,
565
+ "description": "USBStealer is malware that has used by APT28 since at least 2005 to extract information from air-gapped networks. It does not have the capability to communicate over the Internet and has been used in conjunction with ADVSTORESHELL.[[Citation: ESET Sednit USBStealer 2014]][[Citation: Kaspersky Sofacy]]\n\nAliases: USBStealer, USB Stealer, Win32/USBStealer",
566
+ "distribution": "0",
567
+ "galaxy_id": "365",
568
+ "id": "41549",
569
+ "meta": {
570
+ "refs": [
571
+ "https://attack.mitre.org/wiki/Software/S0136",
572
+ "http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/",
573
+ "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
574
+ ],
575
+ "synonyms": [
576
+ "USBStealer",
577
+ "USB Stealer",
578
+ "Win32/USBStealer"
579
+ ],
580
+ "uuid": [
581
+ "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb"
582
+ ]
583
+ },
584
+ "source": "https://github.com/mitre/cti",
585
+ "tag_id": "3012",
586
+ "tag_name": "misp-galaxy:mitre-malware=\"USBStealer\"",
587
+ "type": "mitre-malware",
588
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
589
+ "value": "USBStealer",
590
+ "version": "4"
591
+ },
592
+ {
593
+ "authors": [
594
+ "MITRE"
595
+ ],
596
+ "default": false,
597
+ "description": "is a trojan that has been used by APT28 on OS X and appears to be a port of their standard CHOPSTICK or XAgent trojan.[[Citation: XAgentOSX]]",
598
+ "distribution": "0",
599
+ "galaxy_id": "365",
600
+ "id": "41551",
601
+ "meta": {
602
+ "refs": [
603
+ "https://attack.mitre.org/wiki/Software/S0161",
604
+ "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/"
605
+ ],
606
+ "uuid": [
607
+ "5930509b-7793-4db9-bdfc-4edda7709d0d"
608
+ ]
609
+ },
610
+ "source": "https://github.com/mitre/cti",
611
+ "tag_id": "3013",
612
+ "tag_name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
613
+ "type": "mitre-malware",
614
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
615
+ "value": "XAgentOSX",
616
+ "version": "4"
617
+ },
618
+ {
619
+ "authors": [
620
+ "MITRE"
621
+ ],
622
+ "default": false,
623
+ "description": "CHOPSTICK is malware family of modular backdoors used by APT28. It has been used from at least November 2012 to August 2016 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases.[[Citation: FireEye APT28]][[Citation: ESET Sednit Part 2]][[Citation: FireEye APT28 January 2017]]\n\nAliases: CHOPSTICK, SPLM, Xagent, X-Agent, webhp",
624
+ "distribution": "0",
625
+ "galaxy_id": "365",
626
+ "id": "41559",
627
+ "meta": {
628
+ "refs": [
629
+ "https://attack.mitre.org/wiki/Software/S0023",
630
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
631
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
632
+ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf"
633
+ ],
634
+ "synonyms": [
635
+ "CHOPSTICK",
636
+ "SPLM",
637
+ "Xagent",
638
+ "X-Agent",
639
+ "webhp"
640
+ ],
641
+ "uuid": [
642
+ "ccd61dfc-b03f-4689-8c18-7c97eab08472"
643
+ ]
644
+ },
645
+ "source": "https://github.com/mitre/cti",
646
+ "tag_id": "3014",
647
+ "tag_name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
648
+ "type": "mitre-malware",
649
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
650
+ "value": "CHOPSTICK",
651
+ "version": "4"
652
+ },
653
+ {
654
+ "authors": [
655
+ "MITRE"
656
+ ],
657
+ "default": false,
658
+ "description": "Downdelph is a first-stage downloader written in Delphi that has been used by APT28 in rare instances between 2013 and 2015.[[Citation: ESET Sednit Part 3]]\n\nAliases: Downdelph, Delphacy",
659
+ "distribution": "0",
660
+ "galaxy_id": "365",
661
+ "id": "41504",
662
+ "meta": {
663
+ "refs": [
664
+ "https://attack.mitre.org/wiki/Software/S0134",
665
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf"
666
+ ],
667
+ "synonyms": [
668
+ "Downdelph",
669
+ "Delphacy"
670
+ ],
671
+ "uuid": [
672
+ "08d20cd2-f084-45ee-8558-fa6ef5a18519"
673
+ ]
674
+ },
675
+ "source": "https://github.com/mitre/cti",
676
+ "tag_id": "3016",
677
+ "tag_name": "misp-galaxy:mitre-malware=\"Downdelph\"",
678
+ "type": "mitre-malware",
679
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
680
+ "value": "Downdelph",
681
+ "version": "4"
682
+ }
683
+ ],
684
+ "description": "Name of ATT&CK software",
685
+ "icon": "optin-monster",
686
+ "id": "365",
687
+ "name": "Malware",
688
+ "type": "mitre-malware",
689
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
690
+ "version": "4"
691
+ }
692
+ ],
693
+ "Object": [
694
+ {
695
+ "Attribute": [
696
+ {
697
+ "category": "Payload delivery",
698
+ "comment": "",
699
+ "deleted": false,
700
+ "disable_correlation": false,
701
+ "distribution": "5",
702
+ "event_id": "9747",
703
+ "id": "1188944",
704
+ "object_id": "1555",
705
+ "object_relation": "filename",
706
+ "sharing_group_id": "0",
707
+ "timestamp": "1513936310",
708
+ "to_ids": true,
709
+ "type": "filename",
710
+ "uuid": "5a3cd5b6-2850-435f-bd0d-4c62950d210f",
711
+ "value": "Bulletin.doc"
712
+ },
713
+ {
714
+ "category": "Payload delivery",
715
+ "comment": "",
716
+ "deleted": false,
717
+ "disable_correlation": false,
718
+ "distribution": "5",
719
+ "event_id": "9747",
720
+ "id": "1188945",
721
+ "object_id": "1555",
722
+ "object_relation": "sha1",
723
+ "sharing_group_id": "0",
724
+ "timestamp": "1513936310",
725
+ "to_ids": true,
726
+ "type": "sha1",
727
+ "uuid": "5a3cd5b6-78a8-4e47-8333-4c62950d210f",
728
+ "value": "68064fc152e23d56e541714af52651cb4ba81aaf"
729
+ },
730
+ {
731
+ "category": "Other",
732
+ "comment": "",
733
+ "deleted": false,
734
+ "disable_correlation": true,
735
+ "distribution": "5",
736
+ "event_id": "9747",
737
+ "id": "1188946",
738
+ "object_id": "1555",
739
+ "object_relation": "state",
740
+ "sharing_group_id": "0",
741
+ "timestamp": "1513936310",
742
+ "to_ids": false,
743
+ "type": "text",
744
+ "uuid": "5a3cd5b6-23d8-43ba-8518-4c62950d210f",
745
+ "value": "Malicious"
746
+ }
747
+ ],
748
+ "comment": "Win32/Sednit.AX",
749
+ "deleted": false,
750
+ "description": "File object describing a file with meta-information",
751
+ "distribution": "5",
752
+ "event_id": "9747",
753
+ "id": "1555",
754
+ "meta-category": "file",
755
+ "name": "file",
756
+ "sharing_group_id": "0",
757
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
758
+ "template_version": "8",
759
+ "timestamp": "1513936310",
760
+ "uuid": "5a3cd5b6-9568-4342-b2ab-4c62950d210f"
761
+ },
762
+ {
763
+ "Attribute": [
764
+ {
765
+ "category": "Payload delivery",
766
+ "comment": "",
767
+ "deleted": false,
768
+ "disable_correlation": false,
769
+ "distribution": "5",
770
+ "event_id": "9747",
771
+ "id": "1188947",
772
+ "object_id": "1556",
773
+ "object_relation": "sha1",
774
+ "sharing_group_id": "0",
775
+ "timestamp": "1513936388",
776
+ "to_ids": true,
777
+ "type": "sha1",
778
+ "uuid": "5a3cd604-748c-4fc0-88bf-c170950d210f",
779
+ "value": "f3805382ae2e23ff1147301d131a06e00e4ff75f"
780
+ },
781
+ {
782
+ "category": "Other",
783
+ "comment": "",
784
+ "deleted": false,
785
+ "disable_correlation": true,
786
+ "distribution": "5",
787
+ "event_id": "9747",
788
+ "id": "1188948",
789
+ "object_id": "1556",
790
+ "object_relation": "state",
791
+ "sharing_group_id": "0",
792
+ "timestamp": "1513936388",
793
+ "to_ids": false,
794
+ "type": "text",
795
+ "uuid": "5a3cd604-6668-4469-a1c0-c170950d210f",
796
+ "value": "Malicious"
797
+ }
798
+ ],
799
+ "comment": "Win32/Exploit.CVE-2016-4117.A",
800
+ "deleted": false,
801
+ "description": "File object describing a file with meta-information",
802
+ "distribution": "5",
803
+ "event_id": "9747",
804
+ "id": "1556",
805
+ "meta-category": "file",
806
+ "name": "file",
807
+ "sharing_group_id": "0",
808
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
809
+ "template_version": "8",
810
+ "timestamp": "1513936388",
811
+ "uuid": "5a3cd604-e11c-4de5-bbbf-c170950d210f"
812
+ },
813
+ {
814
+ "Attribute": [
815
+ {
816
+ "category": "Payload delivery",
817
+ "comment": "",
818
+ "deleted": false,
819
+ "disable_correlation": false,
820
+ "distribution": "5",
821
+ "event_id": "9747",
822
+ "id": "1188949",
823
+ "object_id": "1557",
824
+ "object_relation": "filename",
825
+ "sharing_group_id": "0",
826
+ "timestamp": "1513936531",
827
+ "to_ids": true,
828
+ "type": "filename",
829
+ "uuid": "5a3cd693-dc40-445d-a4d7-4ae0950d210f",
830
+ "value": "OC_PSO_2017.doc"
831
+ },
832
+ {
833
+ "category": "Payload delivery",
834
+ "comment": "",
835
+ "deleted": false,
836
+ "disable_correlation": false,
837
+ "distribution": "5",
838
+ "event_id": "9747",
839
+ "id": "1188950",
840
+ "object_id": "1557",
841
+ "object_relation": "sha1",
842
+ "sharing_group_id": "0",
843
+ "timestamp": "1513936531",
844
+ "to_ids": true,
845
+ "type": "sha1",
846
+ "uuid": "5a3cd693-8ffc-4d95-b522-4e84950d210f",
847
+ "value": "512bdfe937314ac3f195c462c395feeb36932971"
848
+ },
849
+ {
850
+ "category": "Other",
851
+ "comment": "",
852
+ "deleted": false,
853
+ "disable_correlation": true,
854
+ "distribution": "5",
855
+ "event_id": "9747",
856
+ "id": "1188951",
857
+ "object_id": "1557",
858
+ "object_relation": "state",
859
+ "sharing_group_id": "0",
860
+ "timestamp": "1513936531",
861
+ "to_ids": false,
862
+ "type": "text",
863
+ "uuid": "5a3cd693-a8f0-4aea-a834-4097950d210f",
864
+ "value": "Malicious"
865
+ }
866
+ ],
867
+ "comment": "Win32/Exploit.Agent.NUB",
868
+ "deleted": false,
869
+ "description": "File object describing a file with meta-information",
870
+ "distribution": "5",
871
+ "event_id": "9747",
872
+ "id": "1557",
873
+ "meta-category": "file",
874
+ "name": "file",
875
+ "sharing_group_id": "0",
876
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
877
+ "template_version": "8",
878
+ "timestamp": "1513936531",
879
+ "uuid": "5a3cd693-fd9c-4fcf-b69a-439c950d210f"
880
+ },
881
+ {
882
+ "Attribute": [
883
+ {
884
+ "category": "Payload delivery",
885
+ "comment": "",
886
+ "deleted": false,
887
+ "disable_correlation": false,
888
+ "distribution": "5",
889
+ "event_id": "9747",
890
+ "id": "1188952",
891
+ "object_id": "1558",
892
+ "object_relation": "filename",
893
+ "sharing_group_id": "0",
894
+ "timestamp": "1513936578",
895
+ "to_ids": true,
896
+ "type": "filename",
897
+ "uuid": "5a3cd6c2-d31c-40cc-bcc1-4458950d210f",
898
+ "value": "NASAMS.doc"
899
+ },
900
+ {
901
+ "category": "Payload delivery",
902
+ "comment": "",
903
+ "deleted": false,
904
+ "disable_correlation": false,
905
+ "distribution": "5",
906
+ "event_id": "9747",
907
+ "id": "1188953",
908
+ "object_id": "1558",
909
+ "object_relation": "sha1",
910
+ "sharing_group_id": "0",
911
+ "timestamp": "1513936578",
912
+ "to_ids": true,
913
+ "type": "sha1",
914
+ "uuid": "5a3cd6c2-6a54-4b4c-8748-4c84950d210f",
915
+ "value": "30b3e8c0f3f3cf200daa21c267ffab3cad64e68b"
916
+ },
917
+ {
918
+ "category": "Other",
919
+ "comment": "",
920
+ "deleted": false,
921
+ "disable_correlation": true,
922
+ "distribution": "5",
923
+ "event_id": "9747",
924
+ "id": "1188954",
925
+ "object_id": "1558",
926
+ "object_relation": "state",
927
+ "sharing_group_id": "0",
928
+ "timestamp": "1513936578",
929
+ "to_ids": false,
930
+ "type": "text",
931
+ "uuid": "5a3cd6c2-1c68-45de-8325-464a950d210f",
932
+ "value": "Malicious"
933
+ }
934
+ ],
935
+ "comment": "Win32/Exploit.Agent.NTR",
936
+ "deleted": false,
937
+ "description": "File object describing a file with meta-information",
938
+ "distribution": "5",
939
+ "event_id": "9747",
940
+ "id": "1558",
941
+ "meta-category": "file",
942
+ "name": "file",
943
+ "sharing_group_id": "0",
944
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
945
+ "template_version": "8",
946
+ "timestamp": "1513936578",
947
+ "uuid": "5a3cd6c2-d290-4787-910f-4e6d950d210f"
948
+ },
949
+ {
950
+ "Attribute": [
951
+ {
952
+ "category": "Payload delivery",
953
+ "comment": "",
954
+ "deleted": false,
955
+ "disable_correlation": false,
956
+ "distribution": "5",
957
+ "event_id": "9747",
958
+ "id": "1188955",
959
+ "object_id": "1559",
960
+ "object_relation": "filename",
961
+ "sharing_group_id": "0",
962
+ "timestamp": "1513936718",
963
+ "to_ids": true,
964
+ "type": "filename",
965
+ "uuid": "5a3cd74e-584c-45b9-8557-486d950d210f",
966
+ "value": "Programm_Details.doc"
967
+ },
968
+ {
969
+ "category": "Payload delivery",
970
+ "comment": "",
971
+ "deleted": false,
972
+ "disable_correlation": false,
973
+ "distribution": "5",
974
+ "event_id": "9747",
975
+ "id": "1188956",
976
+ "object_id": "1559",
977
+ "object_relation": "sha1",
978
+ "sharing_group_id": "0",
979
+ "timestamp": "1513936718",
980
+ "to_ids": true,
981
+ "type": "sha1",
982
+ "uuid": "5a3cd74e-f334-4e6b-b37f-462f950d210f",
983
+ "value": "4173b29a251cd9c1cab135f67cb60acab4ace0c5"
984
+ },
985
+ {
986
+ "category": "Other",
987
+ "comment": "",
988
+ "deleted": false,
989
+ "disable_correlation": true,
990
+ "distribution": "5",
991
+ "event_id": "9747",
992
+ "id": "1188957",
993
+ "object_id": "1559",
994
+ "object_relation": "state",
995
+ "sharing_group_id": "0",
996
+ "timestamp": "1513936718",
997
+ "to_ids": false,
998
+ "type": "text",
999
+ "uuid": "5a3cd74e-5900-4fbf-85c6-4c81950d210f",
1000
+ "value": "Malicious"
1001
+ }
1002
+ ],
1003
+ "comment": "Win32/Exploit.Agent.NTO",
1004
+ "deleted": false,
1005
+ "description": "File object describing a file with meta-information",
1006
+ "distribution": "5",
1007
+ "event_id": "9747",
1008
+ "id": "1559",
1009
+ "meta-category": "file",
1010
+ "name": "file",
1011
+ "sharing_group_id": "0",
1012
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1013
+ "template_version": "8",
1014
+ "timestamp": "1513936718",
1015
+ "uuid": "5a3cd74e-1504-40ff-9a28-4501950d210f"
1016
+ },
1017
+ {
1018
+ "Attribute": [
1019
+ {
1020
+ "category": "Payload delivery",
1021
+ "comment": "",
1022
+ "deleted": false,
1023
+ "disable_correlation": false,
1024
+ "distribution": "5",
1025
+ "event_id": "9747",
1026
+ "id": "1188958",
1027
+ "object_id": "1560",
1028
+ "object_relation": "filename",
1029
+ "sharing_group_id": "0",
1030
+ "timestamp": "1513936757",
1031
+ "to_ids": true,
1032
+ "type": "filename",
1033
+ "uuid": "5a3cd775-e8f4-465a-aca2-4c5a950d210f",
1034
+ "value": "Operation_in_Mosul.rtf"
1035
+ },
1036
+ {
1037
+ "category": "Payload delivery",
1038
+ "comment": "",
1039
+ "deleted": false,
1040
+ "disable_correlation": false,
1041
+ "distribution": "5",
1042
+ "event_id": "9747",
1043
+ "id": "1188959",
1044
+ "object_id": "1560",
1045
+ "object_relation": "sha1",
1046
+ "sharing_group_id": "0",
1047
+ "timestamp": "1513936757",
1048
+ "to_ids": true,
1049
+ "type": "sha1",
1050
+ "uuid": "5a3cd775-1190-4db7-961a-4c5a950d210f",
1051
+ "value": "12a37cfdd3f3671074dd5b0f354269cec028fb52"
1052
+ },
1053
+ {
1054
+ "category": "Other",
1055
+ "comment": "",
1056
+ "deleted": false,
1057
+ "disable_correlation": true,
1058
+ "distribution": "5",
1059
+ "event_id": "9747",
1060
+ "id": "1188960",
1061
+ "object_id": "1560",
1062
+ "object_relation": "state",
1063
+ "sharing_group_id": "0",
1064
+ "timestamp": "1513936757",
1065
+ "to_ids": false,
1066
+ "type": "text",
1067
+ "uuid": "5a3cd775-fa5c-4453-bcb0-4c5a950d210f",
1068
+ "value": "Malicious"
1069
+ }
1070
+ ],
1071
+ "comment": "Win32/Exploit.Agent.NTR",
1072
+ "deleted": false,
1073
+ "description": "File object describing a file with meta-information",
1074
+ "distribution": "5",
1075
+ "event_id": "9747",
1076
+ "id": "1560",
1077
+ "meta-category": "file",
1078
+ "name": "file",
1079
+ "sharing_group_id": "0",
1080
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1081
+ "template_version": "8",
1082
+ "timestamp": "1513936757",
1083
+ "uuid": "5a3cd775-e4cc-44bb-89b6-4c5a950d210f"
1084
+ },
1085
+ {
1086
+ "Attribute": [
1087
+ {
1088
+ "category": "Payload delivery",
1089
+ "comment": "",
1090
+ "deleted": false,
1091
+ "disable_correlation": false,
1092
+ "distribution": "5",
1093
+ "event_id": "9747",
1094
+ "id": "1188961",
1095
+ "object_id": "1561",
1096
+ "object_relation": "filename",
1097
+ "sharing_group_id": "0",
1098
+ "timestamp": "1513936943",
1099
+ "to_ids": true,
1100
+ "type": "filename",
1101
+ "uuid": "5a3cd82f-b918-4520-ba8b-5165950d210f",
1102
+ "value": "ARM-NATO_ENGLISH_30_NOV_2016.doc"
1103
+ },
1104
+ {
1105
+ "category": "Payload delivery",
1106
+ "comment": "",
1107
+ "deleted": false,
1108
+ "disable_correlation": false,
1109
+ "distribution": "5",
1110
+ "event_id": "9747",
1111
+ "id": "1188962",
1112
+ "object_id": "1561",
1113
+ "object_relation": "sha1",
1114
+ "sharing_group_id": "0",
1115
+ "timestamp": "1513936943",
1116
+ "to_ids": true,
1117
+ "type": "sha1",
1118
+ "uuid": "5a3cd82f-cae4-4209-9338-5165950d210f",
1119
+ "value": "15201766bd964b7c405aeb11db81457220c31e46"
1120
+ },
1121
+ {
1122
+ "category": "Other",
1123
+ "comment": "",
1124
+ "deleted": false,
1125
+ "disable_correlation": true,
1126
+ "distribution": "5",
1127
+ "event_id": "9747",
1128
+ "id": "1188963",
1129
+ "object_id": "1561",
1130
+ "object_relation": "state",
1131
+ "sharing_group_id": "0",
1132
+ "timestamp": "1513936943",
1133
+ "to_ids": false,
1134
+ "type": "text",
1135
+ "uuid": "5a3cd82f-d91c-43af-8262-5165950d210f",
1136
+ "value": "Malicious"
1137
+ }
1138
+ ],
1139
+ "comment": "SWF/Agent.L",
1140
+ "deleted": false,
1141
+ "description": "File object describing a file with meta-information",
1142
+ "distribution": "5",
1143
+ "event_id": "9747",
1144
+ "id": "1561",
1145
+ "meta-category": "file",
1146
+ "name": "file",
1147
+ "sharing_group_id": "0",
1148
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1149
+ "template_version": "8",
1150
+ "timestamp": "1513936943",
1151
+ "uuid": "5a3cd82f-2788-4561-bbeb-5165950d210f"
1152
+ },
1153
+ {
1154
+ "Attribute": [
1155
+ {
1156
+ "category": "Payload delivery",
1157
+ "comment": "",
1158
+ "deleted": false,
1159
+ "disable_correlation": false,
1160
+ "distribution": "5",
1161
+ "event_id": "9747",
1162
+ "id": "1188964",
1163
+ "object_id": "1562",
1164
+ "object_relation": "filename",
1165
+ "sharing_group_id": "0",
1166
+ "timestamp": "1513936967",
1167
+ "to_ids": true,
1168
+ "type": "filename",
1169
+ "uuid": "5a3cd847-0aa0-4b5c-aa30-5165950d210f",
1170
+ "value": "Olympic-Agenda-2020-20-20-Recommendations.doc"
1171
+ },
1172
+ {
1173
+ "category": "Payload delivery",
1174
+ "comment": "",
1175
+ "deleted": false,
1176
+ "disable_correlation": false,
1177
+ "distribution": "5",
1178
+ "event_id": "9747",
1179
+ "id": "1188965",
1180
+ "object_id": "1562",
1181
+ "object_relation": "sha1",
1182
+ "sharing_group_id": "0",
1183
+ "timestamp": "1513936967",
1184
+ "to_ids": true,
1185
+ "type": "sha1",
1186
+ "uuid": "5a3cd847-593c-4985-8756-5165950d210f",
1187
+ "value": "8078e411fbe33864dfd8f87ad5105cc1fd26d62e"
1188
+ },
1189
+ {
1190
+ "category": "Other",
1191
+ "comment": "",
1192
+ "deleted": false,
1193
+ "disable_correlation": true,
1194
+ "distribution": "5",
1195
+ "event_id": "9747",
1196
+ "id": "1188966",
1197
+ "object_id": "1562",
1198
+ "object_relation": "state",
1199
+ "sharing_group_id": "0",
1200
+ "timestamp": "1513936967",
1201
+ "to_ids": false,
1202
+ "type": "text",
1203
+ "uuid": "5a3cd847-1324-4fad-af60-5165950d210f",
1204
+ "value": "Malicious"
1205
+ }
1206
+ ],
1207
+ "comment": "Win32/Exploit.Agent.BL",
1208
+ "deleted": false,
1209
+ "description": "File object describing a file with meta-information",
1210
+ "distribution": "5",
1211
+ "event_id": "9747",
1212
+ "id": "1562",
1213
+ "meta-category": "file",
1214
+ "name": "file",
1215
+ "sharing_group_id": "0",
1216
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1217
+ "template_version": "8",
1218
+ "timestamp": "1513936967",
1219
+ "uuid": "5a3cd847-b5a0-42f7-ac4b-5165950d210f"
1220
+ },
1221
+ {
1222
+ "Attribute": [
1223
+ {
1224
+ "category": "Payload delivery",
1225
+ "comment": "",
1226
+ "deleted": false,
1227
+ "disable_correlation": false,
1228
+ "distribution": "5",
1229
+ "event_id": "9747",
1230
+ "id": "1188967",
1231
+ "object_id": "1563",
1232
+ "object_relation": "filename",
1233
+ "sharing_group_id": "0",
1234
+ "timestamp": "1513936993",
1235
+ "to_ids": true,
1236
+ "type": "filename",
1237
+ "uuid": "5a3cd861-9350-40c1-ac29-4771950d210f",
1238
+ "value": "Merry_Christmas!.docx"
1239
+ },
1240
+ {
1241
+ "category": "Payload delivery",
1242
+ "comment": "",
1243
+ "deleted": false,
1244
+ "disable_correlation": false,
1245
+ "distribution": "5",
1246
+ "event_id": "9747",
1247
+ "id": "1188968",
1248
+ "object_id": "1563",
1249
+ "object_relation": "sha1",
1250
+ "sharing_group_id": "0",
1251
+ "timestamp": "1513936993",
1252
+ "to_ids": true,
1253
+ "type": "sha1",
1254
+ "uuid": "5a3cd861-18ac-4cf0-b96f-4986950d210f",
1255
+ "value": "33447383379ca99083442b852589111296f0c603"
1256
+ },
1257
+ {
1258
+ "category": "Other",
1259
+ "comment": "",
1260
+ "deleted": false,
1261
+ "disable_correlation": true,
1262
+ "distribution": "5",
1263
+ "event_id": "9747",
1264
+ "id": "1188969",
1265
+ "object_id": "1563",
1266
+ "object_relation": "state",
1267
+ "sharing_group_id": "0",
1268
+ "timestamp": "1513936993",
1269
+ "to_ids": false,
1270
+ "type": "text",
1271
+ "uuid": "5a3cd861-cfbc-4096-baae-40e2950d210f",
1272
+ "value": "Malicious"
1273
+ }
1274
+ ],
1275
+ "comment": "Win32/Exploit.Agent.NUG",
1276
+ "deleted": false,
1277
+ "description": "File object describing a file with meta-information",
1278
+ "distribution": "5",
1279
+ "event_id": "9747",
1280
+ "id": "1563",
1281
+ "meta-category": "file",
1282
+ "name": "file",
1283
+ "sharing_group_id": "0",
1284
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1285
+ "template_version": "8",
1286
+ "timestamp": "1513936993",
1287
+ "uuid": "5a3cd861-65c0-4b69-9429-4f37950d210f"
1288
+ },
1289
+ {
1290
+ "Attribute": [
1291
+ {
1292
+ "category": "Payload delivery",
1293
+ "comment": "",
1294
+ "deleted": false,
1295
+ "disable_correlation": false,
1296
+ "distribution": "5",
1297
+ "event_id": "9747",
1298
+ "id": "1188970",
1299
+ "object_id": "1564",
1300
+ "object_relation": "filename",
1301
+ "sharing_group_id": "0",
1302
+ "timestamp": "1513937021",
1303
+ "to_ids": true,
1304
+ "type": "filename",
1305
+ "uuid": "5a3cd87d-fa9c-41aa-897f-49a5950d210f",
1306
+ "value": "Trump’s_Attack_on_Syria_English.docx"
1307
+ },
1308
+ {
1309
+ "category": "Payload delivery",
1310
+ "comment": "",
1311
+ "deleted": false,
1312
+ "disable_correlation": false,
1313
+ "distribution": "5",
1314
+ "event_id": "9747",
1315
+ "id": "1188971",
1316
+ "object_id": "1564",
1317
+ "object_relation": "sha1",
1318
+ "sharing_group_id": "0",
1319
+ "timestamp": "1513937021",
1320
+ "to_ids": true,
1321
+ "type": "sha1",
1322
+ "uuid": "5a3cd87d-c630-4487-8336-4615950d210f",
1323
+ "value": "d5235d136cfcadbef431eea7253d80bde414db9d"
1324
+ },
1325
+ {
1326
+ "category": "Other",
1327
+ "comment": "",
1328
+ "deleted": false,
1329
+ "disable_correlation": true,
1330
+ "distribution": "5",
1331
+ "event_id": "9747",
1332
+ "id": "1188972",
1333
+ "object_id": "1564",
1334
+ "object_relation": "state",
1335
+ "sharing_group_id": "0",
1336
+ "timestamp": "1513937021",
1337
+ "to_ids": false,
1338
+ "type": "text",
1339
+ "uuid": "5a3cd87d-8c98-4660-9026-44de950d210f",
1340
+ "value": "Malicious"
1341
+ }
1342
+ ],
1343
+ "comment": "Win32/Exploit.Agent.NWZ",
1344
+ "deleted": false,
1345
+ "description": "File object describing a file with meta-information",
1346
+ "distribution": "5",
1347
+ "event_id": "9747",
1348
+ "id": "1564",
1349
+ "meta-category": "file",
1350
+ "name": "file",
1351
+ "sharing_group_id": "0",
1352
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1353
+ "template_version": "8",
1354
+ "timestamp": "1513937021",
1355
+ "uuid": "5a3cd87d-f514-4071-a5f7-4ec2950d210f"
1356
+ },
1357
+ {
1358
+ "Attribute": [
1359
+ {
1360
+ "category": "Payload delivery",
1361
+ "comment": "",
1362
+ "deleted": false,
1363
+ "disable_correlation": false,
1364
+ "distribution": "5",
1365
+ "event_id": "9747",
1366
+ "id": "1188973",
1367
+ "object_id": "1565",
1368
+ "object_relation": "filename",
1369
+ "sharing_group_id": "0",
1370
+ "timestamp": "1513937047",
1371
+ "to_ids": true,
1372
+ "type": "filename",
1373
+ "uuid": "5a3cd897-4cc0-48b0-bb2c-461f950d210f",
1374
+ "value": "Hotel_Reservation_Form.doc"
1375
+ },
1376
+ {
1377
+ "category": "Payload delivery",
1378
+ "comment": "",
1379
+ "deleted": false,
1380
+ "disable_correlation": false,
1381
+ "distribution": "5",
1382
+ "event_id": "9747",
1383
+ "id": "1188974",
1384
+ "object_id": "1565",
1385
+ "object_relation": "sha1",
1386
+ "sharing_group_id": "0",
1387
+ "timestamp": "1513937047",
1388
+ "to_ids": true,
1389
+ "type": "sha1",
1390
+ "uuid": "5a3cd897-fa64-466c-9421-49c5950d210f",
1391
+ "value": "f293a2bfb728060c54efeeb03c5323893b5c80df"
1392
+ },
1393
+ {
1394
+ "category": "Other",
1395
+ "comment": "",
1396
+ "deleted": false,
1397
+ "disable_correlation": true,
1398
+ "distribution": "5",
1399
+ "event_id": "9747",
1400
+ "id": "1188975",
1401
+ "object_id": "1565",
1402
+ "object_relation": "state",
1403
+ "sharing_group_id": "0",
1404
+ "timestamp": "1513937047",
1405
+ "to_ids": false,
1406
+ "type": "text",
1407
+ "uuid": "5a3cd897-f020-44cf-8dfc-4225950d210f",
1408
+ "value": "Malicious"
1409
+ }
1410
+ ],
1411
+ "comment": "Win32/Sednit.BN",
1412
+ "deleted": false,
1413
+ "description": "File object describing a file with meta-information",
1414
+ "distribution": "5",
1415
+ "event_id": "9747",
1416
+ "id": "1565",
1417
+ "meta-category": "file",
1418
+ "name": "file",
1419
+ "sharing_group_id": "0",
1420
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1421
+ "template_version": "8",
1422
+ "timestamp": "1513937046",
1423
+ "uuid": "5a3cd896-f6cc-4e52-bcb2-442c950d210f"
1424
+ },
1425
+ {
1426
+ "Attribute": [
1427
+ {
1428
+ "category": "Payload delivery",
1429
+ "comment": "",
1430
+ "deleted": false,
1431
+ "disable_correlation": false,
1432
+ "distribution": "5",
1433
+ "event_id": "9747",
1434
+ "id": "1188976",
1435
+ "object_id": "1566",
1436
+ "object_relation": "filename",
1437
+ "sharing_group_id": "0",
1438
+ "timestamp": "1513937070",
1439
+ "to_ids": true,
1440
+ "type": "filename",
1441
+ "uuid": "5a3cd8ae-7194-48fd-810e-4c5a950d210f",
1442
+ "value": "SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc"
1443
+ },
1444
+ {
1445
+ "category": "Payload delivery",
1446
+ "comment": "",
1447
+ "deleted": false,
1448
+ "disable_correlation": false,
1449
+ "distribution": "5",
1450
+ "event_id": "9747",
1451
+ "id": "1188977",
1452
+ "object_id": "1566",
1453
+ "object_relation": "sha1",
1454
+ "sharing_group_id": "0",
1455
+ "timestamp": "1513937071",
1456
+ "to_ids": true,
1457
+ "type": "sha1",
1458
+ "uuid": "5a3cd8af-f39c-443c-bcf1-4c5a950d210f",
1459
+ "value": "bb10ed5d59672fbc6178e35d0feac0562513e9f0"
1460
+ },
1461
+ {
1462
+ "category": "Other",
1463
+ "comment": "",
1464
+ "deleted": false,
1465
+ "disable_correlation": true,
1466
+ "distribution": "5",
1467
+ "event_id": "9747",
1468
+ "id": "1188978",
1469
+ "object_id": "1566",
1470
+ "object_relation": "state",
1471
+ "sharing_group_id": "0",
1472
+ "timestamp": "1513937071",
1473
+ "to_ids": false,
1474
+ "type": "text",
1475
+ "uuid": "5a3cd8af-b3ec-478a-b585-4c5a950d210f",
1476
+ "value": "Malicious"
1477
+ }
1478
+ ],
1479
+ "comment": "Win32/Sednit.BN",
1480
+ "deleted": false,
1481
+ "description": "File object describing a file with meta-information",
1482
+ "distribution": "5",
1483
+ "event_id": "9747",
1484
+ "id": "1566",
1485
+ "meta-category": "file",
1486
+ "name": "file",
1487
+ "sharing_group_id": "0",
1488
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1489
+ "template_version": "8",
1490
+ "timestamp": "1513937070",
1491
+ "uuid": "5a3cd8ae-54d0-46bb-adbb-4c5a950d210f"
1492
+ },
1493
+ {
1494
+ "Attribute": [
1495
+ {
1496
+ "category": "Payload delivery",
1497
+ "comment": "",
1498
+ "deleted": false,
1499
+ "disable_correlation": false,
1500
+ "distribution": "5",
1501
+ "event_id": "9747",
1502
+ "id": "1188979",
1503
+ "object_id": "1567",
1504
+ "object_relation": "sha1",
1505
+ "sharing_group_id": "0",
1506
+ "timestamp": "1513937083",
1507
+ "to_ids": true,
1508
+ "type": "sha1",
1509
+ "uuid": "5a3cd8bb-74d8-4d19-ae08-4043950d210f",
1510
+ "value": "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9"
1511
+ },
1512
+ {
1513
+ "category": "Other",
1514
+ "comment": "",
1515
+ "deleted": false,
1516
+ "disable_correlation": true,
1517
+ "distribution": "5",
1518
+ "event_id": "9747",
1519
+ "id": "1188980",
1520
+ "object_id": "1567",
1521
+ "object_relation": "state",
1522
+ "sharing_group_id": "0",
1523
+ "timestamp": "1513937083",
1524
+ "to_ids": false,
1525
+ "type": "text",
1526
+ "uuid": "5a3cd8bb-77bc-4cc4-887f-429d950d210f",
1527
+ "value": "Malicious"
1528
+ }
1529
+ ],
1530
+ "comment": "",
1531
+ "deleted": false,
1532
+ "description": "File object describing a file with meta-information",
1533
+ "distribution": "5",
1534
+ "event_id": "9747",
1535
+ "id": "1567",
1536
+ "meta-category": "file",
1537
+ "name": "file",
1538
+ "sharing_group_id": "0",
1539
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1540
+ "template_version": "8",
1541
+ "timestamp": "1513937083",
1542
+ "uuid": "5a3cd8bb-a704-4f1d-a235-444e950d210f"
1543
+ },
1544
+ {
1545
+ "Attribute": [
1546
+ {
1547
+ "category": "Payload delivery",
1548
+ "comment": "",
1549
+ "deleted": false,
1550
+ "disable_correlation": false,
1551
+ "distribution": "5",
1552
+ "event_id": "9747",
1553
+ "id": "1188981",
1554
+ "object_id": "1568",
1555
+ "object_relation": "sha1",
1556
+ "sharing_group_id": "0",
1557
+ "timestamp": "1513937097",
1558
+ "to_ids": true,
1559
+ "type": "sha1",
1560
+ "uuid": "5a3cd8c9-4d2c-4145-a637-4f13950d210f",
1561
+ "value": "169c8f3e3d22e192c108bc95164d362ce5437465"
1562
+ },
1563
+ {
1564
+ "category": "Other",
1565
+ "comment": "",
1566
+ "deleted": false,
1567
+ "disable_correlation": true,
1568
+ "distribution": "5",
1569
+ "event_id": "9747",
1570
+ "id": "1188982",
1571
+ "object_id": "1568",
1572
+ "object_relation": "state",
1573
+ "sharing_group_id": "0",
1574
+ "timestamp": "1513937097",
1575
+ "to_ids": false,
1576
+ "type": "text",
1577
+ "uuid": "5a3cd8c9-7ff0-42f7-ae80-4eb6950d210f",
1578
+ "value": "Malicious"
1579
+ }
1580
+ ],
1581
+ "comment": "",
1582
+ "deleted": false,
1583
+ "description": "File object describing a file with meta-information",
1584
+ "distribution": "5",
1585
+ "event_id": "9747",
1586
+ "id": "1568",
1587
+ "meta-category": "file",
1588
+ "name": "file",
1589
+ "sharing_group_id": "0",
1590
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1591
+ "template_version": "8",
1592
+ "timestamp": "1513937097",
1593
+ "uuid": "5a3cd8c9-6568-406a-853c-4862950d210f"
1594
+ },
1595
+ {
1596
+ "Attribute": [
1597
+ {
1598
+ "category": "Payload delivery",
1599
+ "comment": "",
1600
+ "deleted": false,
1601
+ "disable_correlation": false,
1602
+ "distribution": "5",
1603
+ "event_id": "9747",
1604
+ "id": "1188983",
1605
+ "object_id": "1569",
1606
+ "object_relation": "sha1",
1607
+ "sharing_group_id": "0",
1608
+ "timestamp": "1513937116",
1609
+ "to_ids": true,
1610
+ "type": "sha1",
1611
+ "uuid": "5a3cd8dc-48c0-4ea0-a67d-4734950d210f",
1612
+ "value": "cc7607015cd7a1a4452acd3d87adabdd7e005bd7"
1613
+ },
1614
+ {
1615
+ "category": "Other",
1616
+ "comment": "",
1617
+ "deleted": false,
1618
+ "disable_correlation": true,
1619
+ "distribution": "5",
1620
+ "event_id": "9747",
1621
+ "id": "1188984",
1622
+ "object_id": "1569",
1623
+ "object_relation": "state",
1624
+ "sharing_group_id": "0",
1625
+ "timestamp": "1513937116",
1626
+ "to_ids": false,
1627
+ "type": "text",
1628
+ "uuid": "5a3cd8dc-9ed8-4a4d-9ceb-4daa950d210f",
1629
+ "value": "Malicious"
1630
+ }
1631
+ ],
1632
+ "comment": "Win32/Sednit.BN",
1633
+ "deleted": false,
1634
+ "description": "File object describing a file with meta-information",
1635
+ "distribution": "5",
1636
+ "event_id": "9747",
1637
+ "id": "1569",
1638
+ "meta-category": "file",
1639
+ "name": "file",
1640
+ "sharing_group_id": "0",
1641
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1642
+ "template_version": "8",
1643
+ "timestamp": "1513937115",
1644
+ "uuid": "5a3cd8db-2838-4466-a986-4afb950d210f"
1645
+ },
1646
+ {
1647
+ "Attribute": [
1648
+ {
1649
+ "category": "Payload delivery",
1650
+ "comment": "",
1651
+ "deleted": false,
1652
+ "disable_correlation": false,
1653
+ "distribution": "5",
1654
+ "event_id": "9747",
1655
+ "id": "1188985",
1656
+ "object_id": "1570",
1657
+ "object_relation": "filename",
1658
+ "sharing_group_id": "0",
1659
+ "timestamp": "1513937147",
1660
+ "to_ids": true,
1661
+ "type": "filename",
1662
+ "uuid": "5a3cd8fb-1efc-4059-ae7a-42f5950d210f",
1663
+ "value": "Caucasian_Eagle_ENG.docx"
1664
+ },
1665
+ {
1666
+ "category": "Payload delivery",
1667
+ "comment": "",
1668
+ "deleted": false,
1669
+ "disable_correlation": false,
1670
+ "distribution": "5",
1671
+ "event_id": "9747",
1672
+ "id": "1188986",
1673
+ "object_id": "1570",
1674
+ "object_relation": "sha1",
1675
+ "sharing_group_id": "0",
1676
+ "timestamp": "1513937147",
1677
+ "to_ids": true,
1678
+ "type": "sha1",
1679
+ "uuid": "5a3cd8fb-9cec-4a30-8b2f-4441950d210f",
1680
+ "value": "5d2c7d87995cc5b8184baba2c7a1900a48b2f42d"
1681
+ },
1682
+ {
1683
+ "category": "Other",
1684
+ "comment": "",
1685
+ "deleted": false,
1686
+ "disable_correlation": true,
1687
+ "distribution": "5",
1688
+ "event_id": "9747",
1689
+ "id": "1188987",
1690
+ "object_id": "1570",
1691
+ "object_relation": "state",
1692
+ "sharing_group_id": "0",
1693
+ "timestamp": "1513937147",
1694
+ "to_ids": false,
1695
+ "type": "text",
1696
+ "uuid": "5a3cd8fb-e52c-489b-8da5-43d1950d210f",
1697
+ "value": "Malicious"
1698
+ }
1699
+ ],
1700
+ "comment": "Win32/Exploit.Agent.NTM",
1701
+ "deleted": false,
1702
+ "description": "File object describing a file with meta-information",
1703
+ "distribution": "5",
1704
+ "event_id": "9747",
1705
+ "id": "1570",
1706
+ "meta-category": "file",
1707
+ "name": "file",
1708
+ "sharing_group_id": "0",
1709
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1710
+ "template_version": "8",
1711
+ "timestamp": "1513937147",
1712
+ "uuid": "5a3cd8fb-cd14-4b00-9710-430c950d210f"
1713
+ },
1714
+ {
1715
+ "Attribute": [
1716
+ {
1717
+ "category": "Payload delivery",
1718
+ "comment": "",
1719
+ "deleted": false,
1720
+ "disable_correlation": false,
1721
+ "distribution": "5",
1722
+ "event_id": "9747",
1723
+ "id": "1188988",
1724
+ "object_id": "1571",
1725
+ "object_relation": "filename",
1726
+ "sharing_group_id": "0",
1727
+ "timestamp": "1513937166",
1728
+ "to_ids": true,
1729
+ "type": "filename",
1730
+ "uuid": "5a3cd90e-5eb4-4069-b160-5276950d210f",
1731
+ "value": "World War3.docx"
1732
+ },
1733
+ {
1734
+ "category": "Payload delivery",
1735
+ "comment": "",
1736
+ "deleted": false,
1737
+ "disable_correlation": false,
1738
+ "distribution": "5",
1739
+ "event_id": "9747",
1740
+ "id": "1188989",
1741
+ "object_id": "1571",
1742
+ "object_relation": "sha1",
1743
+ "sharing_group_id": "0",
1744
+ "timestamp": "1513937166",
1745
+ "to_ids": true,
1746
+ "type": "sha1",
1747
+ "uuid": "5a3cd90e-6d2c-4ffc-a699-5276950d210f",
1748
+ "value": "7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3"
1749
+ },
1750
+ {
1751
+ "category": "Other",
1752
+ "comment": "",
1753
+ "deleted": false,
1754
+ "disable_correlation": true,
1755
+ "distribution": "5",
1756
+ "event_id": "9747",
1757
+ "id": "1188990",
1758
+ "object_id": "1571",
1759
+ "object_relation": "state",
1760
+ "sharing_group_id": "0",
1761
+ "timestamp": "1513937166",
1762
+ "to_ids": false,
1763
+ "type": "text",
1764
+ "uuid": "5a3cd90e-28e8-410e-8033-5276950d210f",
1765
+ "value": "Malicious"
1766
+ }
1767
+ ],
1768
+ "comment": "SWF/Exploit.CVE-2017-11292.A",
1769
+ "deleted": false,
1770
+ "description": "File object describing a file with meta-information",
1771
+ "distribution": "5",
1772
+ "event_id": "9747",
1773
+ "id": "1571",
1774
+ "meta-category": "file",
1775
+ "name": "file",
1776
+ "sharing_group_id": "0",
1777
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1778
+ "template_version": "8",
1779
+ "timestamp": "1513937166",
1780
+ "uuid": "5a3cd90e-538c-4b7e-95dc-5276950d210f"
1781
+ },
1782
+ {
1783
+ "Attribute": [
1784
+ {
1785
+ "category": "Payload delivery",
1786
+ "comment": "",
1787
+ "deleted": false,
1788
+ "disable_correlation": false,
1789
+ "distribution": "5",
1790
+ "event_id": "9747",
1791
+ "id": "1188991",
1792
+ "object_id": "1572",
1793
+ "object_relation": "filename",
1794
+ "sharing_group_id": "0",
1795
+ "timestamp": "1513937191",
1796
+ "to_ids": true,
1797
+ "type": "filename",
1798
+ "uuid": "5a3cd927-e810-4d22-a0e4-4057950d210f",
1799
+ "value": "SaberGuardian2017.docx"
1800
+ },
1801
+ {
1802
+ "category": "Payload delivery",
1803
+ "comment": "",
1804
+ "deleted": false,
1805
+ "disable_correlation": false,
1806
+ "distribution": "5",
1807
+ "event_id": "9747",
1808
+ "id": "1188992",
1809
+ "object_id": "1572",
1810
+ "object_relation": "sha1",
1811
+ "sharing_group_id": "0",
1812
+ "timestamp": "1513937191",
1813
+ "to_ids": true,
1814
+ "type": "sha1",
1815
+ "uuid": "5a3cd927-f284-43b9-83d1-473b950d210f",
1816
+ "value": "68c2809560c7623d2307d8797691abf3eafe319a"
1817
+ },
1818
+ {
1819
+ "category": "Other",
1820
+ "comment": "",
1821
+ "deleted": false,
1822
+ "disable_correlation": true,
1823
+ "distribution": "5",
1824
+ "event_id": "9747",
1825
+ "id": "1188993",
1826
+ "object_id": "1572",
1827
+ "object_relation": "state",
1828
+ "sharing_group_id": "0",
1829
+ "timestamp": "1513937191",
1830
+ "to_ids": false,
1831
+ "type": "text",
1832
+ "uuid": "5a3cd927-b844-49f2-a1a9-4c85950d210f",
1833
+ "value": "Malicious"
1834
+ }
1835
+ ],
1836
+ "comment": "VBA/DDE.E",
1837
+ "deleted": false,
1838
+ "description": "File object describing a file with meta-information",
1839
+ "distribution": "5",
1840
+ "event_id": "9747",
1841
+ "id": "1572",
1842
+ "meta-category": "file",
1843
+ "name": "file",
1844
+ "sharing_group_id": "0",
1845
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1846
+ "template_version": "8",
1847
+ "timestamp": "1513937191",
1848
+ "uuid": "5a3cd927-e410-489c-abfc-4b63950d210f"
1849
+ },
1850
+ {
1851
+ "Attribute": [
1852
+ {
1853
+ "category": "Payload delivery",
1854
+ "comment": "",
1855
+ "deleted": false,
1856
+ "disable_correlation": false,
1857
+ "distribution": "5",
1858
+ "event_id": "9747",
1859
+ "id": "1188994",
1860
+ "object_id": "1573",
1861
+ "object_relation": "filename",
1862
+ "sharing_group_id": "0",
1863
+ "timestamp": "1513937212",
1864
+ "to_ids": true,
1865
+ "type": "filename",
1866
+ "uuid": "5a3cd93c-2438-4dda-823e-463d950d210f",
1867
+ "value": "IsisAttackInNewYork.docx"
1868
+ },
1869
+ {
1870
+ "category": "Payload delivery",
1871
+ "comment": "",
1872
+ "deleted": false,
1873
+ "disable_correlation": false,
1874
+ "distribution": "5",
1875
+ "event_id": "9747",
1876
+ "id": "1188995",
1877
+ "object_id": "1573",
1878
+ "object_relation": "sha1",
1879
+ "sharing_group_id": "0",
1880
+ "timestamp": "1513937212",
1881
+ "to_ids": true,
1882
+ "type": "sha1",
1883
+ "uuid": "5a3cd93c-1ef0-4d81-9476-4655950d210f",
1884
+ "value": "1c6c700ceebfbe799e115582665105caa03c5c9e"
1885
+ },
1886
+ {
1887
+ "category": "Other",
1888
+ "comment": "",
1889
+ "deleted": false,
1890
+ "disable_correlation": true,
1891
+ "distribution": "5",
1892
+ "event_id": "9747",
1893
+ "id": "1188996",
1894
+ "object_id": "1573",
1895
+ "object_relation": "state",
1896
+ "sharing_group_id": "0",
1897
+ "timestamp": "1513937212",
1898
+ "to_ids": false,
1899
+ "type": "text",
1900
+ "uuid": "5a3cd93c-949c-40ac-9094-4a4a950d210f",
1901
+ "value": "Malicious"
1902
+ }
1903
+ ],
1904
+ "comment": "VBA/DDE.L",
1905
+ "deleted": false,
1906
+ "description": "File object describing a file with meta-information",
1907
+ "distribution": "5",
1908
+ "event_id": "9747",
1909
+ "id": "1573",
1910
+ "meta-category": "file",
1911
+ "name": "file",
1912
+ "sharing_group_id": "0",
1913
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1914
+ "template_version": "8",
1915
+ "timestamp": "1513937212",
1916
+ "uuid": "5a3cd93c-716c-4918-a00f-4671950d210f"
1917
+ },
1918
+ {
1919
+ "Attribute": [
1920
+ {
1921
+ "category": "Payload delivery",
1922
+ "comment": "",
1923
+ "deleted": false,
1924
+ "disable_correlation": false,
1925
+ "distribution": "5",
1926
+ "event_id": "9747",
1927
+ "id": "1188997",
1928
+ "object_id": "1574",
1929
+ "object_relation": "sha1",
1930
+ "sharing_group_id": "0",
1931
+ "timestamp": "1513937559",
1932
+ "to_ids": true,
1933
+ "type": "sha1",
1934
+ "uuid": "5a3cda97-7e58-4642-aaf5-c5ed950d210f",
1935
+ "value": "6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb"
1936
+ },
1937
+ {
1938
+ "category": "Other",
1939
+ "comment": "",
1940
+ "deleted": false,
1941
+ "disable_correlation": true,
1942
+ "distribution": "5",
1943
+ "event_id": "9747",
1944
+ "id": "1188998",
1945
+ "object_id": "1574",
1946
+ "object_relation": "state",
1947
+ "sharing_group_id": "0",
1948
+ "timestamp": "1513937559",
1949
+ "to_ids": false,
1950
+ "type": "text",
1951
+ "uuid": "5a3cda97-6020-423d-9d23-c5ed950d210f",
1952
+ "value": "Malicious"
1953
+ }
1954
+ ],
1955
+ "ObjectReference": [
1956
+ {
1957
+ "Attribute": {
1958
+ "category": "Network activity",
1959
+ "distribution": "5",
1960
+ "sharing_group_id": "0",
1961
+ "to_ids": true,
1962
+ "type": "domain",
1963
+ "uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
1964
+ "value": "movieultimate.com"
1965
+ },
1966
+ "comment": "",
1967
+ "deleted": false,
1968
+ "event_id": "9747",
1969
+ "id": "159",
1970
+ "object_id": "1574",
1971
+ "object_uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f",
1972
+ "referenced_id": "1188759",
1973
+ "referenced_type": "0",
1974
+ "referenced_uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
1975
+ "relationship_type": "communicates-with",
1976
+ "timestamp": "1513937826",
1977
+ "uuid": "5a3cdba2-2fdc-4f9a-a4eb-4dae950d210f"
1978
+ }
1979
+ ],
1980
+ "comment": "Win64/Sednit.Z",
1981
+ "deleted": false,
1982
+ "description": "File object describing a file with meta-information",
1983
+ "distribution": "5",
1984
+ "event_id": "9747",
1985
+ "id": "1574",
1986
+ "meta-category": "file",
1987
+ "name": "file",
1988
+ "sharing_group_id": "0",
1989
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1990
+ "template_version": "8",
1991
+ "timestamp": "1513937826",
1992
+ "uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f"
1993
+ },
1994
+ {
1995
+ "Attribute": [
1996
+ {
1997
+ "category": "Payload delivery",
1998
+ "comment": "",
1999
+ "deleted": false,
2000
+ "disable_correlation": false,
2001
+ "distribution": "5",
2002
+ "event_id": "9747",
2003
+ "id": "1188999",
2004
+ "object_id": "1575",
2005
+ "object_relation": "sha1",
2006
+ "sharing_group_id": "0",
2007
+ "timestamp": "1513937864",
2008
+ "to_ids": true,
2009
+ "type": "sha1",
2010
+ "uuid": "5a3cdbc8-0aac-4d8a-8c1f-4c5a950d210f",
2011
+ "value": "e19f753e514f6adec8f81bcdefb9117979e69627"
2012
+ },
2013
+ {
2014
+ "category": "Other",
2015
+ "comment": "",
2016
+ "deleted": false,
2017
+ "disable_correlation": true,
2018
+ "distribution": "5",
2019
+ "event_id": "9747",
2020
+ "id": "1189000",
2021
+ "object_id": "1575",
2022
+ "object_relation": "state",
2023
+ "sharing_group_id": "0",
2024
+ "timestamp": "1513937864",
2025
+ "to_ids": false,
2026
+ "type": "text",
2027
+ "uuid": "5a3cdbc8-e204-4606-b9ea-4c5a950d210f",
2028
+ "value": "Malicious"
2029
+ }
2030
+ ],
2031
+ "ObjectReference": [
2032
+ {
2033
+ "Attribute": {
2034
+ "category": "Network activity",
2035
+ "distribution": "5",
2036
+ "sharing_group_id": "0",
2037
+ "to_ids": true,
2038
+ "type": "domain",
2039
+ "uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
2040
+ "value": "meteost.com"
2041
+ },
2042
+ "comment": "",
2043
+ "deleted": false,
2044
+ "event_id": "9747",
2045
+ "id": "160",
2046
+ "object_id": "1575",
2047
+ "object_uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
2048
+ "referenced_id": "1188760",
2049
+ "referenced_type": "0",
2050
+ "referenced_uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
2051
+ "relationship_type": "communicates-with",
2052
+ "timestamp": "1513938091",
2053
+ "uuid": "5a3cdcab-8200-4c65-868e-42a9950d210f"
2054
+ }
2055
+ ],
2056
+ "comment": "Win64/Sednit.Z",
2057
+ "deleted": false,
2058
+ "description": "File object describing a file with meta-information",
2059
+ "distribution": "5",
2060
+ "event_id": "9747",
2061
+ "id": "1575",
2062
+ "meta-category": "file",
2063
+ "name": "file",
2064
+ "sharing_group_id": "0",
2065
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2066
+ "template_version": "8",
2067
+ "timestamp": "1513938091",
2068
+ "uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f"
2069
+ },
2070
+ {
2071
+ "Attribute": [
2072
+ {
2073
+ "category": "Payload delivery",
2074
+ "comment": "",
2075
+ "deleted": false,
2076
+ "disable_correlation": false,
2077
+ "distribution": "5",
2078
+ "event_id": "9747",
2079
+ "id": "1189001",
2080
+ "object_id": "1576",
2081
+ "object_relation": "sha1",
2082
+ "sharing_group_id": "0",
2083
+ "timestamp": "1513937910",
2084
+ "to_ids": true,
2085
+ "type": "sha1",
2086
+ "uuid": "5a3cdbf6-eca0-4c09-9bd0-4c59950d210f",
2087
+ "value": "961468ddd3d0fa25beb8210c81ba620f9170ed30"
2088
+ },
2089
+ {
2090
+ "category": "Other",
2091
+ "comment": "",
2092
+ "deleted": false,
2093
+ "disable_correlation": true,
2094
+ "distribution": "5",
2095
+ "event_id": "9747",
2096
+ "id": "1189002",
2097
+ "object_id": "1576",
2098
+ "object_relation": "state",
2099
+ "sharing_group_id": "0",
2100
+ "timestamp": "1513937910",
2101
+ "to_ids": false,
2102
+ "type": "text",
2103
+ "uuid": "5a3cdbf6-acd8-4a36-a028-4c59950d210f",
2104
+ "value": "Malicious"
2105
+ }
2106
+ ],
2107
+ "ObjectReference": [
2108
+ {
2109
+ "Attribute": {
2110
+ "category": "Network activity",
2111
+ "distribution": "5",
2112
+ "sharing_group_id": "0",
2113
+ "to_ids": true,
2114
+ "type": "domain",
2115
+ "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2116
+ "value": "faststoragefiles.org"
2117
+ },
2118
+ "comment": "",
2119
+ "deleted": false,
2120
+ "event_id": "9747",
2121
+ "id": "164",
2122
+ "object_id": "1576",
2123
+ "object_uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f",
2124
+ "referenced_id": "1188761",
2125
+ "referenced_type": "0",
2126
+ "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2127
+ "relationship_type": "communicates-with",
2128
+ "timestamp": "1513938210",
2129
+ "uuid": "5a3cdd22-b7d8-4754-a108-4742950d210f"
2130
+ }
2131
+ ],
2132
+ "comment": "Win32/Sednit.BO",
2133
+ "deleted": false,
2134
+ "description": "File object describing a file with meta-information",
2135
+ "distribution": "5",
2136
+ "event_id": "9747",
2137
+ "id": "1576",
2138
+ "meta-category": "file",
2139
+ "name": "file",
2140
+ "sharing_group_id": "0",
2141
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2142
+ "template_version": "8",
2143
+ "timestamp": "1513938210",
2144
+ "uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f"
2145
+ },
2146
+ {
2147
+ "Attribute": [
2148
+ {
2149
+ "category": "Payload delivery",
2150
+ "comment": "",
2151
+ "deleted": false,
2152
+ "disable_correlation": false,
2153
+ "distribution": "5",
2154
+ "event_id": "9747",
2155
+ "id": "1189003",
2156
+ "object_id": "1577",
2157
+ "object_relation": "sha1",
2158
+ "sharing_group_id": "0",
2159
+ "timestamp": "1513937929",
2160
+ "to_ids": true,
2161
+ "type": "sha1",
2162
+ "uuid": "5a3cdc09-b428-4c0b-9969-c5ed950d210f",
2163
+ "value": "a0719b50265505c8432616c0a4e14ed206981e95"
2164
+ },
2165
+ {
2166
+ "category": "Other",
2167
+ "comment": "",
2168
+ "deleted": false,
2169
+ "disable_correlation": true,
2170
+ "distribution": "5",
2171
+ "event_id": "9747",
2172
+ "id": "1189004",
2173
+ "object_id": "1577",
2174
+ "object_relation": "state",
2175
+ "sharing_group_id": "0",
2176
+ "timestamp": "1513937929",
2177
+ "to_ids": false,
2178
+ "type": "text",
2179
+ "uuid": "5a3cdc09-05d8-4356-ba52-c5ed950d210f",
2180
+ "value": "Malicious"
2181
+ }
2182
+ ],
2183
+ "ObjectReference": [
2184
+ {
2185
+ "Attribute": {
2186
+ "category": "Network activity",
2187
+ "distribution": "5",
2188
+ "sharing_group_id": "0",
2189
+ "to_ids": true,
2190
+ "type": "domain",
2191
+ "uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
2192
+ "value": "nethostnet.com"
2193
+ },
2194
+ "comment": "",
2195
+ "deleted": false,
2196
+ "event_id": "9747",
2197
+ "id": "162",
2198
+ "object_id": "1577",
2199
+ "object_uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
2200
+ "referenced_id": "1188762",
2201
+ "referenced_type": "0",
2202
+ "referenced_uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
2203
+ "relationship_type": "communicates-with",
2204
+ "timestamp": "1513938169",
2205
+ "uuid": "5a3cdcf9-d5a4-4c8e-a201-45b1950d210f"
2206
+ }
2207
+ ],
2208
+ "comment": "Win32/Sednit.BO",
2209
+ "deleted": false,
2210
+ "description": "File object describing a file with meta-information",
2211
+ "distribution": "5",
2212
+ "event_id": "9747",
2213
+ "id": "1577",
2214
+ "meta-category": "file",
2215
+ "name": "file",
2216
+ "sharing_group_id": "0",
2217
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2218
+ "template_version": "8",
2219
+ "timestamp": "1513938169",
2220
+ "uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f"
2221
+ },
2222
+ {
2223
+ "Attribute": [
2224
+ {
2225
+ "category": "Payload delivery",
2226
+ "comment": "",
2227
+ "deleted": false,
2228
+ "disable_correlation": false,
2229
+ "distribution": "5",
2230
+ "event_id": "9747",
2231
+ "id": "1189005",
2232
+ "object_id": "1578",
2233
+ "object_relation": "sha1",
2234
+ "sharing_group_id": "0",
2235
+ "timestamp": "1513937953",
2236
+ "to_ids": true,
2237
+ "type": "sha1",
2238
+ "uuid": "5a3cdc21-a170-4637-b139-4812950d210f",
2239
+ "value": "2cf6436b99d11d9d1e0c488af518e35162ecbc9c"
2240
+ },
2241
+ {
2242
+ "category": "Other",
2243
+ "comment": "",
2244
+ "deleted": false,
2245
+ "disable_correlation": true,
2246
+ "distribution": "5",
2247
+ "event_id": "9747",
2248
+ "id": "1189006",
2249
+ "object_id": "1578",
2250
+ "object_relation": "state",
2251
+ "sharing_group_id": "0",
2252
+ "timestamp": "1513937953",
2253
+ "to_ids": false,
2254
+ "type": "text",
2255
+ "uuid": "5a3cdc21-3274-4800-9e91-41e2950d210f",
2256
+ "value": "Malicious"
2257
+ }
2258
+ ],
2259
+ "ObjectReference": [
2260
+ {
2261
+ "Attribute": {
2262
+ "category": "Network activity",
2263
+ "distribution": "5",
2264
+ "sharing_group_id": "0",
2265
+ "to_ids": true,
2266
+ "type": "domain",
2267
+ "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2268
+ "value": "faststoragefiles.org"
2269
+ },
2270
+ "comment": "",
2271
+ "deleted": false,
2272
+ "event_id": "9747",
2273
+ "id": "165",
2274
+ "object_id": "1578",
2275
+ "object_uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f",
2276
+ "referenced_id": "1188761",
2277
+ "referenced_type": "0",
2278
+ "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2279
+ "relationship_type": "communicates-with",
2280
+ "timestamp": "1513938226",
2281
+ "uuid": "5a3cdd32-3044-4895-8f18-4d06950d210f"
2282
+ }
2283
+ ],
2284
+ "comment": "Win64/Sednit.Y",
2285
+ "deleted": false,
2286
+ "description": "File object describing a file with meta-information",
2287
+ "distribution": "5",
2288
+ "event_id": "9747",
2289
+ "id": "1578",
2290
+ "meta-category": "file",
2291
+ "name": "file",
2292
+ "sharing_group_id": "0",
2293
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2294
+ "template_version": "8",
2295
+ "timestamp": "1513938226",
2296
+ "uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f"
2297
+ },
2298
+ {
2299
+ "Attribute": [
2300
+ {
2301
+ "category": "Payload delivery",
2302
+ "comment": "",
2303
+ "deleted": false,
2304
+ "disable_correlation": false,
2305
+ "distribution": "5",
2306
+ "event_id": "9747",
2307
+ "id": "1189007",
2308
+ "object_id": "1579",
2309
+ "object_relation": "sha1",
2310
+ "sharing_group_id": "0",
2311
+ "timestamp": "1513937975",
2312
+ "to_ids": true,
2313
+ "type": "sha1",
2314
+ "uuid": "5a3cdc37-cee0-43d0-9e20-4db6950d210f",
2315
+ "value": "fec29b4f4dccc59770c65c128dfe4564d7c13d33"
2316
+ },
2317
+ {
2318
+ "category": "Other",
2319
+ "comment": "",
2320
+ "deleted": false,
2321
+ "disable_correlation": true,
2322
+ "distribution": "5",
2323
+ "event_id": "9747",
2324
+ "id": "1189008",
2325
+ "object_id": "1579",
2326
+ "object_relation": "state",
2327
+ "sharing_group_id": "0",
2328
+ "timestamp": "1513937976",
2329
+ "to_ids": false,
2330
+ "type": "text",
2331
+ "uuid": "5a3cdc38-ac24-44be-a1ed-4935950d210f",
2332
+ "value": "Malicious"
2333
+ }
2334
+ ],
2335
+ "ObjectReference": [
2336
+ {
2337
+ "Attribute": {
2338
+ "category": "Network activity",
2339
+ "distribution": "5",
2340
+ "sharing_group_id": "0",
2341
+ "to_ids": true,
2342
+ "type": "domain",
2343
+ "uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
2344
+ "value": "fsportal.net"
2345
+ },
2346
+ "comment": "",
2347
+ "deleted": false,
2348
+ "event_id": "9747",
2349
+ "id": "163",
2350
+ "object_id": "1579",
2351
+ "object_uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f",
2352
+ "referenced_id": "1188763",
2353
+ "referenced_type": "0",
2354
+ "referenced_uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
2355
+ "relationship_type": "communicates-with",
2356
+ "timestamp": "1513938189",
2357
+ "uuid": "5a3cdd0d-d990-42ba-830d-5156950d210f"
2358
+ }
2359
+ ],
2360
+ "comment": "Win64/Sednit.Y",
2361
+ "deleted": false,
2362
+ "description": "File object describing a file with meta-information",
2363
+ "distribution": "5",
2364
+ "event_id": "9747",
2365
+ "id": "1579",
2366
+ "meta-category": "file",
2367
+ "name": "file",
2368
+ "sharing_group_id": "0",
2369
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2370
+ "template_version": "8",
2371
+ "timestamp": "1513938190",
2372
+ "uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f"
2373
+ },
2374
+ {
2375
+ "Attribute": [
2376
+ {
2377
+ "category": "Payload delivery",
2378
+ "comment": "",
2379
+ "deleted": false,
2380
+ "disable_correlation": false,
2381
+ "distribution": "5",
2382
+ "event_id": "9747",
2383
+ "id": "1189009",
2384
+ "object_id": "1580",
2385
+ "object_relation": "sha1",
2386
+ "sharing_group_id": "0",
2387
+ "timestamp": "1513937992",
2388
+ "to_ids": true,
2389
+ "type": "sha1",
2390
+ "uuid": "5a3cdc48-c74c-4b6e-8202-5156950d210f",
2391
+ "value": "57d7f3d31c491f8aef4665ca4dd905c3c8a98795"
2392
+ },
2393
+ {
2394
+ "category": "Other",
2395
+ "comment": "",
2396
+ "deleted": false,
2397
+ "disable_correlation": true,
2398
+ "distribution": "5",
2399
+ "event_id": "9747",
2400
+ "id": "1189010",
2401
+ "object_id": "1580",
2402
+ "object_relation": "state",
2403
+ "sharing_group_id": "0",
2404
+ "timestamp": "1513937992",
2405
+ "to_ids": false,
2406
+ "type": "text",
2407
+ "uuid": "5a3cdc48-55dc-420e-9b5d-5156950d210f",
2408
+ "value": "Malicious"
2409
+ }
2410
+ ],
2411
+ "ObjectReference": [
2412
+ {
2413
+ "Attribute": {
2414
+ "category": "Network activity",
2415
+ "distribution": "5",
2416
+ "sharing_group_id": "0",
2417
+ "to_ids": true,
2418
+ "type": "domain",
2419
+ "uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
2420
+ "value": "fastdataexchange.org"
2421
+ },
2422
+ "comment": "",
2423
+ "deleted": false,
2424
+ "event_id": "9747",
2425
+ "id": "161",
2426
+ "object_id": "1580",
2427
+ "object_uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f",
2428
+ "referenced_id": "1188764",
2429
+ "referenced_type": "0",
2430
+ "referenced_uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
2431
+ "relationship_type": "communicates-with",
2432
+ "timestamp": "1513938129",
2433
+ "uuid": "5a3cdcd1-c6cc-43d8-a2f4-4681950d210f"
2434
+ }
2435
+ ],
2436
+ "comment": "Win64/Sednit.Z",
2437
+ "deleted": false,
2438
+ "description": "File object describing a file with meta-information",
2439
+ "distribution": "5",
2440
+ "event_id": "9747",
2441
+ "id": "1580",
2442
+ "meta-category": "file",
2443
+ "name": "file",
2444
+ "sharing_group_id": "0",
2445
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2446
+ "template_version": "8",
2447
+ "timestamp": "1513938129",
2448
+ "uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f"
2449
+ },
2450
+ {
2451
+ "Attribute": [
2452
+ {
2453
+ "category": "Payload delivery",
2454
+ "comment": "",
2455
+ "deleted": false,
2456
+ "disable_correlation": false,
2457
+ "distribution": "5",
2458
+ "event_id": "9747",
2459
+ "id": "1189011",
2460
+ "object_id": "1581",
2461
+ "object_relation": "sha1",
2462
+ "sharing_group_id": "0",
2463
+ "timestamp": "1513938011",
2464
+ "to_ids": true,
2465
+ "type": "sha1",
2466
+ "uuid": "5a3cdc5b-54a8-4e60-bc67-4c5a950d210f",
2467
+ "value": "a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138"
2468
+ },
2469
+ {
2470
+ "category": "Other",
2471
+ "comment": "",
2472
+ "deleted": false,
2473
+ "disable_correlation": true,
2474
+ "distribution": "5",
2475
+ "event_id": "9747",
2476
+ "id": "1189012",
2477
+ "object_id": "1581",
2478
+ "object_relation": "state",
2479
+ "sharing_group_id": "0",
2480
+ "timestamp": "1513938011",
2481
+ "to_ids": false,
2482
+ "type": "text",
2483
+ "uuid": "5a3cdc5b-b390-4183-aec7-4c5a950d210f",
2484
+ "value": "Malicious"
2485
+ }
2486
+ ],
2487
+ "ObjectReference": [
2488
+ {
2489
+ "Attribute": {
2490
+ "category": "Network activity",
2491
+ "distribution": "5",
2492
+ "sharing_group_id": "0",
2493
+ "to_ids": true,
2494
+ "type": "domain",
2495
+ "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2496
+ "value": "newfilmts.com"
2497
+ },
2498
+ "comment": "",
2499
+ "deleted": false,
2500
+ "event_id": "9747",
2501
+ "id": "168",
2502
+ "object_id": "1581",
2503
+ "object_uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f",
2504
+ "referenced_id": "1188765",
2505
+ "referenced_type": "0",
2506
+ "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2507
+ "relationship_type": "communicates-with",
2508
+ "timestamp": "1513938280",
2509
+ "uuid": "5a3cdd68-7968-40d1-a0a9-5156950d210f"
2510
+ }
2511
+ ],
2512
+ "comment": "Win32/Sednit.BO",
2513
+ "deleted": false,
2514
+ "description": "File object describing a file with meta-information",
2515
+ "distribution": "5",
2516
+ "event_id": "9747",
2517
+ "id": "1581",
2518
+ "meta-category": "file",
2519
+ "name": "file",
2520
+ "sharing_group_id": "0",
2521
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2522
+ "template_version": "8",
2523
+ "timestamp": "1513938280",
2524
+ "uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f"
2525
+ },
2526
+ {
2527
+ "Attribute": [
2528
+ {
2529
+ "category": "Payload delivery",
2530
+ "comment": "",
2531
+ "deleted": false,
2532
+ "disable_correlation": false,
2533
+ "distribution": "5",
2534
+ "event_id": "9747",
2535
+ "id": "1189013",
2536
+ "object_id": "1582",
2537
+ "object_relation": "sha1",
2538
+ "sharing_group_id": "0",
2539
+ "timestamp": "1513938034",
2540
+ "to_ids": true,
2541
+ "type": "sha1",
2542
+ "uuid": "5a3cdc72-ba30-4ecd-9d21-4654950d210f",
2543
+ "value": "1958e722afd0dba266576922abc98aa505cf5f9a"
2544
+ },
2545
+ {
2546
+ "category": "Other",
2547
+ "comment": "",
2548
+ "deleted": false,
2549
+ "disable_correlation": true,
2550
+ "distribution": "5",
2551
+ "event_id": "9747",
2552
+ "id": "1189014",
2553
+ "object_id": "1582",
2554
+ "object_relation": "state",
2555
+ "sharing_group_id": "0",
2556
+ "timestamp": "1513938034",
2557
+ "to_ids": false,
2558
+ "type": "text",
2559
+ "uuid": "5a3cdc72-0804-42c4-acfa-4ac5950d210f",
2560
+ "value": "Malicious"
2561
+ }
2562
+ ],
2563
+ "ObjectReference": [
2564
+ {
2565
+ "Attribute": {
2566
+ "category": "Network activity",
2567
+ "distribution": "5",
2568
+ "sharing_group_id": "0",
2569
+ "to_ids": true,
2570
+ "type": "domain",
2571
+ "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2572
+ "value": "newfilmts.com"
2573
+ },
2574
+ "comment": "",
2575
+ "deleted": false,
2576
+ "event_id": "9747",
2577
+ "id": "167",
2578
+ "object_id": "1582",
2579
+ "object_uuid": "5a3cdc72-1538-4c66-af46-427b950d210f",
2580
+ "referenced_id": "1188765",
2581
+ "referenced_type": "0",
2582
+ "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2583
+ "relationship_type": "communicates-with",
2584
+ "timestamp": "1513938264",
2585
+ "uuid": "5a3cdd58-9800-4bae-837c-4f20950d210f"
2586
+ }
2587
+ ],
2588
+ "comment": "Win32/Sednit.BO",
2589
+ "deleted": false,
2590
+ "description": "File object describing a file with meta-information",
2591
+ "distribution": "5",
2592
+ "event_id": "9747",
2593
+ "id": "1582",
2594
+ "meta-category": "file",
2595
+ "name": "file",
2596
+ "sharing_group_id": "0",
2597
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2598
+ "template_version": "8",
2599
+ "timestamp": "1513938264",
2600
+ "uuid": "5a3cdc72-1538-4c66-af46-427b950d210f"
2601
+ },
2602
+ {
2603
+ "Attribute": [
2604
+ {
2605
+ "category": "Payload delivery",
2606
+ "comment": "",
2607
+ "deleted": false,
2608
+ "disable_correlation": false,
2609
+ "distribution": "5",
2610
+ "event_id": "9747",
2611
+ "id": "1189015",
2612
+ "object_id": "1583",
2613
+ "object_relation": "sha1",
2614
+ "sharing_group_id": "0",
2615
+ "timestamp": "1513939882",
2616
+ "to_ids": true,
2617
+ "type": "sha1",
2618
+ "uuid": "5a3ce3aa-e104-481e-a7f4-4bc1950d210f",
2619
+ "value": "9f6bed7d7f4728490117cbc85819c2e6c494251b"
2620
+ },
2621
+ {
2622
+ "category": "Other",
2623
+ "comment": "",
2624
+ "deleted": false,
2625
+ "disable_correlation": true,
2626
+ "distribution": "5",
2627
+ "event_id": "9747",
2628
+ "id": "1189016",
2629
+ "object_id": "1583",
2630
+ "object_relation": "state",
2631
+ "sharing_group_id": "0",
2632
+ "timestamp": "1513939882",
2633
+ "to_ids": false,
2634
+ "type": "text",
2635
+ "uuid": "5a3ce3aa-74fc-48c7-af40-4c6a950d210f",
2636
+ "value": "Malicious"
2637
+ }
2638
+ ],
2639
+ "ObjectReference": [
2640
+ {
2641
+ "Object": {
2642
+ "distribution": "5",
2643
+ "meta-category": "network",
2644
+ "name": "domain-ip",
2645
+ "sharing_group_id": "0",
2646
+ "uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
2647
+ },
2648
+ "comment": "",
2649
+ "deleted": false,
2650
+ "event_id": "9747",
2651
+ "id": "173",
2652
+ "object_id": "1583",
2653
+ "object_uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
2654
+ "referenced_id": "1592",
2655
+ "referenced_type": "1",
2656
+ "referenced_uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f",
2657
+ "relationship_type": "communicates-with",
2658
+ "timestamp": "1513947459",
2659
+ "uuid": "5a3d0143-c300-4118-8afe-4a2d950d210f"
2660
+ }
2661
+ ],
2662
+ "comment": "Win32/Sednit.AX",
2663
+ "deleted": false,
2664
+ "description": "File object describing a file with meta-information",
2665
+ "distribution": "5",
2666
+ "event_id": "9747",
2667
+ "id": "1583",
2668
+ "meta-category": "file",
2669
+ "name": "file",
2670
+ "sharing_group_id": "0",
2671
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2672
+ "template_version": "8",
2673
+ "timestamp": "1513948642",
2674
+ "uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f"
2675
+ },
2676
+ {
2677
+ "Attribute": [
2678
+ {
2679
+ "category": "Payload delivery",
2680
+ "comment": "",
2681
+ "deleted": false,
2682
+ "disable_correlation": false,
2683
+ "distribution": "5",
2684
+ "event_id": "9747",
2685
+ "id": "1189017",
2686
+ "object_id": "1584",
2687
+ "object_relation": "sha1",
2688
+ "sharing_group_id": "0",
2689
+ "timestamp": "1513939907",
2690
+ "to_ids": true,
2691
+ "type": "sha1",
2692
+ "uuid": "5a3ce3c3-6d9c-48f4-93db-4a61950d210f",
2693
+ "value": "4bc722a9b0492a50bd86a1341f02c74c0d773db7"
2694
+ },
2695
+ {
2696
+ "category": "Other",
2697
+ "comment": "",
2698
+ "deleted": false,
2699
+ "disable_correlation": true,
2700
+ "distribution": "5",
2701
+ "event_id": "9747",
2702
+ "id": "1189018",
2703
+ "object_id": "1584",
2704
+ "object_relation": "state",
2705
+ "sharing_group_id": "0",
2706
+ "timestamp": "1513939907",
2707
+ "to_ids": false,
2708
+ "type": "text",
2709
+ "uuid": "5a3ce3c3-c38c-4e30-a904-4c8f950d210f",
2710
+ "value": "Malicious"
2711
+ }
2712
+ ],
2713
+ "ObjectReference": [
2714
+ {
2715
+ "Object": {
2716
+ "distribution": "5",
2717
+ "meta-category": "network",
2718
+ "name": "domain-ip",
2719
+ "sharing_group_id": "0",
2720
+ "uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
2721
+ },
2722
+ "comment": "",
2723
+ "deleted": false,
2724
+ "event_id": "9747",
2725
+ "id": "188",
2726
+ "object_id": "1584",
2727
+ "object_uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f",
2728
+ "referenced_id": "1603",
2729
+ "referenced_type": "1",
2730
+ "referenced_uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f",
2731
+ "relationship_type": "communicates-with",
2732
+ "timestamp": "1513948518",
2733
+ "uuid": "5a3d0566-34fc-4a62-b2a5-4f91950d210f"
2734
+ }
2735
+ ],
2736
+ "comment": "Win32/Sednit.BS",
2737
+ "deleted": false,
2738
+ "description": "File object describing a file with meta-information",
2739
+ "distribution": "5",
2740
+ "event_id": "9747",
2741
+ "id": "1584",
2742
+ "meta-category": "file",
2743
+ "name": "file",
2744
+ "sharing_group_id": "0",
2745
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2746
+ "template_version": "8",
2747
+ "timestamp": "1513948535",
2748
+ "uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f"
2749
+ },
2750
+ {
2751
+ "Attribute": [
2752
+ {
2753
+ "category": "Payload delivery",
2754
+ "comment": "",
2755
+ "deleted": false,
2756
+ "disable_correlation": false,
2757
+ "distribution": "5",
2758
+ "event_id": "9747",
2759
+ "id": "1189019",
2760
+ "object_id": "1585",
2761
+ "object_relation": "sha1",
2762
+ "sharing_group_id": "0",
2763
+ "timestamp": "1513939924",
2764
+ "to_ids": true,
2765
+ "type": "sha1",
2766
+ "uuid": "5a3ce3d4-9168-4e23-8b64-485a950d210f",
2767
+ "value": "ab354807e687993fbeb1b325eb6e4ab38d428a1e"
2768
+ },
2769
+ {
2770
+ "category": "Other",
2771
+ "comment": "",
2772
+ "deleted": false,
2773
+ "disable_correlation": true,
2774
+ "distribution": "5",
2775
+ "event_id": "9747",
2776
+ "id": "1189020",
2777
+ "object_id": "1585",
2778
+ "object_relation": "state",
2779
+ "sharing_group_id": "0",
2780
+ "timestamp": "1513939924",
2781
+ "to_ids": false,
2782
+ "type": "text",
2783
+ "uuid": "5a3ce3d4-27e0-4366-943f-4b9a950d210f",
2784
+ "value": "Malicious"
2785
+ }
2786
+ ],
2787
+ "ObjectReference": [
2788
+ {
2789
+ "Object": {
2790
+ "distribution": "5",
2791
+ "meta-category": "network",
2792
+ "name": "domain-ip",
2793
+ "sharing_group_id": "0",
2794
+ "uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
2795
+ },
2796
+ "comment": "",
2797
+ "deleted": false,
2798
+ "event_id": "9747",
2799
+ "id": "189",
2800
+ "object_id": "1585",
2801
+ "object_uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f",
2802
+ "referenced_id": "1602",
2803
+ "referenced_type": "1",
2804
+ "referenced_uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
2805
+ "relationship_type": "communicates-with",
2806
+ "timestamp": "1513948528",
2807
+ "uuid": "5a3d0570-a86c-4264-a43a-4125950d210f"
2808
+ }
2809
+ ],
2810
+ "comment": "Win32/Sednit.BS",
2811
+ "deleted": false,
2812
+ "description": "File object describing a file with meta-information",
2813
+ "distribution": "5",
2814
+ "event_id": "9747",
2815
+ "id": "1585",
2816
+ "meta-category": "file",
2817
+ "name": "file",
2818
+ "sharing_group_id": "0",
2819
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2820
+ "template_version": "8",
2821
+ "timestamp": "1513948597",
2822
+ "uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f"
2823
+ },
2824
+ {
2825
+ "Attribute": [
2826
+ {
2827
+ "category": "Payload delivery",
2828
+ "comment": "",
2829
+ "deleted": false,
2830
+ "disable_correlation": false,
2831
+ "distribution": "5",
2832
+ "event_id": "9747",
2833
+ "id": "1189021",
2834
+ "object_id": "1586",
2835
+ "object_relation": "sha1",
2836
+ "sharing_group_id": "0",
2837
+ "timestamp": "1513939946",
2838
+ "to_ids": true,
2839
+ "type": "sha1",
2840
+ "uuid": "5a3ce3ea-8dbc-4cf4-997f-448b950d210f",
2841
+ "value": "9c47ca3883196b3a84d67676a804ff50e22b0a9f"
2842
+ },
2843
+ {
2844
+ "category": "Other",
2845
+ "comment": "",
2846
+ "deleted": false,
2847
+ "disable_correlation": true,
2848
+ "distribution": "5",
2849
+ "event_id": "9747",
2850
+ "id": "1189022",
2851
+ "object_id": "1586",
2852
+ "object_relation": "state",
2853
+ "sharing_group_id": "0",
2854
+ "timestamp": "1513939946",
2855
+ "to_ids": false,
2856
+ "type": "text",
2857
+ "uuid": "5a3ce3ea-e714-444e-ad9b-40b0950d210f",
2858
+ "value": "Malicious"
2859
+ }
2860
+ ],
2861
+ "ObjectReference": [
2862
+ {
2863
+ "Object": {
2864
+ "distribution": "5",
2865
+ "meta-category": "network",
2866
+ "name": "domain-ip",
2867
+ "sharing_group_id": "0",
2868
+ "uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
2869
+ },
2870
+ "comment": "",
2871
+ "deleted": false,
2872
+ "event_id": "9747",
2873
+ "id": "190",
2874
+ "object_id": "1586",
2875
+ "object_uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f",
2876
+ "referenced_id": "1601",
2877
+ "referenced_type": "1",
2878
+ "referenced_uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f",
2879
+ "relationship_type": "communicates-with",
2880
+ "timestamp": "1513948614",
2881
+ "uuid": "5a3d05c6-0618-4520-9549-48a0950d210f"
2882
+ }
2883
+ ],
2884
+ "comment": "Win32/Sednit.BR",
2885
+ "deleted": false,
2886
+ "description": "File object describing a file with meta-information",
2887
+ "distribution": "5",
2888
+ "event_id": "9747",
2889
+ "id": "1586",
2890
+ "meta-category": "file",
2891
+ "name": "file",
2892
+ "sharing_group_id": "0",
2893
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2894
+ "template_version": "8",
2895
+ "timestamp": "1513948626",
2896
+ "uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f"
2897
+ },
2898
+ {
2899
+ "Attribute": [
2900
+ {
2901
+ "category": "Payload delivery",
2902
+ "comment": "",
2903
+ "deleted": false,
2904
+ "disable_correlation": false,
2905
+ "distribution": "5",
2906
+ "event_id": "9747",
2907
+ "id": "1189023",
2908
+ "object_id": "1587",
2909
+ "object_relation": "sha1",
2910
+ "sharing_group_id": "0",
2911
+ "timestamp": "1513939972",
2912
+ "to_ids": true,
2913
+ "type": "sha1",
2914
+ "uuid": "5a3ce404-7bfc-4316-bd32-55ea950d210f",
2915
+ "value": "8a68f26d01372114f660e32ac4c9117e5d0577f1"
2916
+ },
2917
+ {
2918
+ "category": "Other",
2919
+ "comment": "",
2920
+ "deleted": false,
2921
+ "disable_correlation": true,
2922
+ "distribution": "5",
2923
+ "event_id": "9747",
2924
+ "id": "1189024",
2925
+ "object_id": "1587",
2926
+ "object_relation": "state",
2927
+ "sharing_group_id": "0",
2928
+ "timestamp": "1513939972",
2929
+ "to_ids": false,
2930
+ "type": "text",
2931
+ "uuid": "5a3ce404-7224-4525-922a-55ea950d210f",
2932
+ "value": "Malicious"
2933
+ }
2934
+ ],
2935
+ "ObjectReference": [
2936
+ {
2937
+ "Object": {
2938
+ "distribution": "5",
2939
+ "meta-category": "network",
2940
+ "name": "domain-ip",
2941
+ "sharing_group_id": "0",
2942
+ "uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
2943
+ },
2944
+ "comment": "",
2945
+ "deleted": false,
2946
+ "event_id": "9747",
2947
+ "id": "182",
2948
+ "object_id": "1587",
2949
+ "object_uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f",
2950
+ "referenced_id": "1600",
2951
+ "referenced_type": "1",
2952
+ "referenced_uuid": "5a3ce680-90d4-478d-95db-48a6950d210f",
2953
+ "relationship_type": "communicates-with",
2954
+ "timestamp": "1513948044",
2955
+ "uuid": "5a3d038c-1cc8-4d9c-87ab-c5ed950d210f"
2956
+ }
2957
+ ],
2958
+ "comment": "Win32/Sednit.BN",
2959
+ "deleted": false,
2960
+ "description": "File object describing a file with meta-information",
2961
+ "distribution": "5",
2962
+ "event_id": "9747",
2963
+ "id": "1587",
2964
+ "meta-category": "file",
2965
+ "name": "file",
2966
+ "sharing_group_id": "0",
2967
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2968
+ "template_version": "8",
2969
+ "timestamp": "1513948073",
2970
+ "uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f"
2971
+ },
2972
+ {
2973
+ "Attribute": [
2974
+ {
2975
+ "category": "Payload delivery",
2976
+ "comment": "",
2977
+ "deleted": false,
2978
+ "disable_correlation": false,
2979
+ "distribution": "5",
2980
+ "event_id": "9747",
2981
+ "id": "1189025",
2982
+ "object_id": "1588",
2983
+ "object_relation": "sha1",
2984
+ "sharing_group_id": "0",
2985
+ "timestamp": "1513939991",
2986
+ "to_ids": true,
2987
+ "type": "sha1",
2988
+ "uuid": "5a3ce417-62a4-4d46-9a87-55ea950d210f",
2989
+ "value": "476fc1d31722ac26b46154cbf0c631d60268b28a"
2990
+ },
2991
+ {
2992
+ "category": "Other",
2993
+ "comment": "",
2994
+ "deleted": false,
2995
+ "disable_correlation": true,
2996
+ "distribution": "5",
2997
+ "event_id": "9747",
2998
+ "id": "1189026",
2999
+ "object_id": "1588",
3000
+ "object_relation": "state",
3001
+ "sharing_group_id": "0",
3002
+ "timestamp": "1513939991",
3003
+ "to_ids": false,
3004
+ "type": "text",
3005
+ "uuid": "5a3ce417-43f0-494d-ac2e-55ea950d210f",
3006
+ "value": "Malicious"
3007
+ }
3008
+ ],
3009
+ "ObjectReference": [
3010
+ {
3011
+ "Object": {
3012
+ "distribution": "5",
3013
+ "meta-category": "network",
3014
+ "name": "domain-ip",
3015
+ "sharing_group_id": "0",
3016
+ "uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
3017
+ },
3018
+ "comment": "",
3019
+ "deleted": false,
3020
+ "event_id": "9747",
3021
+ "id": "187",
3022
+ "object_id": "1588",
3023
+ "object_uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f",
3024
+ "referenced_id": "1599",
3025
+ "referenced_type": "1",
3026
+ "referenced_uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f",
3027
+ "relationship_type": "communicates-with",
3028
+ "timestamp": "1513948483",
3029
+ "uuid": "5a3d0543-8f74-4086-aafc-418a950d210f"
3030
+ }
3031
+ ],
3032
+ "comment": "Win32/Sednit.BN",
3033
+ "deleted": false,
3034
+ "description": "File object describing a file with meta-information",
3035
+ "distribution": "5",
3036
+ "event_id": "9747",
3037
+ "id": "1588",
3038
+ "meta-category": "file",
3039
+ "name": "file",
3040
+ "sharing_group_id": "0",
3041
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3042
+ "template_version": "8",
3043
+ "timestamp": "1513948498",
3044
+ "uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f"
3045
+ },
3046
+ {
3047
+ "Attribute": [
3048
+ {
3049
+ "category": "Payload delivery",
3050
+ "comment": "",
3051
+ "deleted": false,
3052
+ "disable_correlation": false,
3053
+ "distribution": "5",
3054
+ "event_id": "9747",
3055
+ "id": "1189027",
3056
+ "object_id": "1589",
3057
+ "object_relation": "sha1",
3058
+ "sharing_group_id": "0",
3059
+ "timestamp": "1513940012",
3060
+ "to_ids": true,
3061
+ "type": "sha1",
3062
+ "uuid": "5a3ce42c-836c-49e7-a9f3-4a5f950d210f",
3063
+ "value": "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1"
3064
+ },
3065
+ {
3066
+ "category": "Other",
3067
+ "comment": "",
3068
+ "deleted": false,
3069
+ "disable_correlation": true,
3070
+ "distribution": "5",
3071
+ "event_id": "9747",
3072
+ "id": "1189028",
3073
+ "object_id": "1589",
3074
+ "object_relation": "state",
3075
+ "sharing_group_id": "0",
3076
+ "timestamp": "1513940012",
3077
+ "to_ids": false,
3078
+ "type": "text",
3079
+ "uuid": "5a3ce42c-4c88-4940-94b8-4084950d210f",
3080
+ "value": "Malicious"
3081
+ }
3082
+ ],
3083
+ "ObjectReference": [
3084
+ {
3085
+ "Object": {
3086
+ "distribution": "5",
3087
+ "meta-category": "network",
3088
+ "name": "domain-ip",
3089
+ "sharing_group_id": "0",
3090
+ "uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
3091
+ },
3092
+ "comment": "",
3093
+ "deleted": false,
3094
+ "event_id": "9747",
3095
+ "id": "183",
3096
+ "object_id": "1589",
3097
+ "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
3098
+ "referenced_id": "1594",
3099
+ "referenced_type": "1",
3100
+ "referenced_uuid": "5a3ce60a-6db8-4212-b194-4339950d210f",
3101
+ "relationship_type": "communicates-with",
3102
+ "timestamp": "1513948106",
3103
+ "uuid": "5a3d03ca-2398-4060-b13c-404a950d210f"
3104
+ },
3105
+ {
3106
+ "Object": {
3107
+ "distribution": "5",
3108
+ "meta-category": "network",
3109
+ "name": "domain-ip",
3110
+ "sharing_group_id": "0",
3111
+ "uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
3112
+ },
3113
+ "comment": "",
3114
+ "deleted": false,
3115
+ "event_id": "9747",
3116
+ "id": "184",
3117
+ "object_id": "1589",
3118
+ "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
3119
+ "referenced_id": "1595",
3120
+ "referenced_type": "1",
3121
+ "referenced_uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
3122
+ "relationship_type": "communicates-with",
3123
+ "timestamp": "1513948117",
3124
+ "uuid": "5a3d03d5-6d8c-4dfb-b193-4002950d210f"
3125
+ }
3126
+ ],
3127
+ "comment": "Win32/Sednit.BN",
3128
+ "deleted": false,
3129
+ "description": "File object describing a file with meta-information",
3130
+ "distribution": "5",
3131
+ "event_id": "9747",
3132
+ "id": "1589",
3133
+ "meta-category": "file",
3134
+ "name": "file",
3135
+ "sharing_group_id": "0",
3136
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3137
+ "template_version": "8",
3138
+ "timestamp": "1513948128",
3139
+ "uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f"
3140
+ },
3141
+ {
3142
+ "Attribute": [
3143
+ {
3144
+ "category": "Payload delivery",
3145
+ "comment": "",
3146
+ "deleted": false,
3147
+ "disable_correlation": false,
3148
+ "distribution": "5",
3149
+ "event_id": "9747",
3150
+ "id": "1189029",
3151
+ "object_id": "1590",
3152
+ "object_relation": "sha1",
3153
+ "sharing_group_id": "0",
3154
+ "timestamp": "1513940027",
3155
+ "to_ids": true,
3156
+ "type": "sha1",
3157
+ "uuid": "5a3ce43b-6738-4a14-a318-4d65950d210f",
3158
+ "value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9"
3159
+ },
3160
+ {
3161
+ "category": "Other",
3162
+ "comment": "",
3163
+ "deleted": false,
3164
+ "disable_correlation": true,
3165
+ "distribution": "5",
3166
+ "event_id": "9747",
3167
+ "id": "1189030",
3168
+ "object_id": "1590",
3169
+ "object_relation": "state",
3170
+ "sharing_group_id": "0",
3171
+ "timestamp": "1513940027",
3172
+ "to_ids": false,
3173
+ "type": "text",
3174
+ "uuid": "5a3ce43b-3a10-4d78-9ee2-485c950d210f",
3175
+ "value": "Malicious"
3176
+ }
3177
+ ],
3178
+ "ObjectReference": [
3179
+ {
3180
+ "Object": {
3181
+ "distribution": "5",
3182
+ "meta-category": "network",
3183
+ "name": "domain-ip",
3184
+ "sharing_group_id": "0",
3185
+ "uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
3186
+ },
3187
+ "comment": "",
3188
+ "deleted": false,
3189
+ "event_id": "9747",
3190
+ "id": "186",
3191
+ "object_id": "1590",
3192
+ "object_uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f",
3193
+ "referenced_id": "1593",
3194
+ "referenced_type": "1",
3195
+ "referenced_uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
3196
+ "relationship_type": "communicates-with",
3197
+ "timestamp": "1513948320",
3198
+ "uuid": "5a3d04a0-9d28-47c3-a12c-465b950d210f"
3199
+ }
3200
+ ],
3201
+ "comment": "Win32/Sednit.BG",
3202
+ "deleted": false,
3203
+ "description": "File object describing a file with meta-information",
3204
+ "distribution": "5",
3205
+ "event_id": "9747",
3206
+ "id": "1590",
3207
+ "meta-category": "file",
3208
+ "name": "file",
3209
+ "sharing_group_id": "0",
3210
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3211
+ "template_version": "8",
3212
+ "timestamp": "1513948339",
3213
+ "uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f"
3214
+ },
3215
+ {
3216
+ "Attribute": [
3217
+ {
3218
+ "category": "Payload delivery",
3219
+ "comment": "",
3220
+ "deleted": false,
3221
+ "disable_correlation": false,
3222
+ "distribution": "5",
3223
+ "event_id": "9747",
3224
+ "id": "1189031",
3225
+ "object_id": "1591",
3226
+ "object_relation": "sha1",
3227
+ "sharing_group_id": "0",
3228
+ "timestamp": "1513940042",
3229
+ "to_ids": true,
3230
+ "type": "sha1",
3231
+ "uuid": "5a3ce44a-2ea4-4526-8bbc-c328950d210f",
3232
+ "value": "6e167da3c5d887fa2e58da848a2245d11b6c5ad6"
3233
+ },
3234
+ {
3235
+ "category": "Other",
3236
+ "comment": "",
3237
+ "deleted": false,
3238
+ "disable_correlation": true,
3239
+ "distribution": "5",
3240
+ "event_id": "9747",
3241
+ "id": "1189032",
3242
+ "object_id": "1591",
3243
+ "object_relation": "state",
3244
+ "sharing_group_id": "0",
3245
+ "timestamp": "1513940042",
3246
+ "to_ids": false,
3247
+ "type": "text",
3248
+ "uuid": "5a3ce44a-5118-4142-97f0-c328950d210f",
3249
+ "value": "Malicious"
3250
+ }
3251
+ ],
3252
+ "ObjectReference": [
3253
+ {
3254
+ "Object": {
3255
+ "distribution": "5",
3256
+ "meta-category": "network",
3257
+ "name": "domain-ip",
3258
+ "sharing_group_id": "0",
3259
+ "uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
3260
+ },
3261
+ "comment": "",
3262
+ "deleted": false,
3263
+ "event_id": "9747",
3264
+ "id": "170",
3265
+ "object_id": "1591",
3266
+ "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
3267
+ "referenced_id": "1597",
3268
+ "referenced_type": "1",
3269
+ "referenced_uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f",
3270
+ "relationship_type": "communicates-with",
3271
+ "timestamp": "1513940734",
3272
+ "uuid": "5a3ce6fe-b0c4-44df-a609-419a950d210f"
3273
+ },
3274
+ {
3275
+ "Object": {
3276
+ "distribution": "5",
3277
+ "meta-category": "network",
3278
+ "name": "domain-ip",
3279
+ "sharing_group_id": "0",
3280
+ "uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
3281
+ },
3282
+ "comment": "",
3283
+ "deleted": false,
3284
+ "event_id": "9747",
3285
+ "id": "171",
3286
+ "object_id": "1591",
3287
+ "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
3288
+ "referenced_id": "1598",
3289
+ "referenced_type": "1",
3290
+ "referenced_uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f",
3291
+ "relationship_type": "communicates-with",
3292
+ "timestamp": "1513940753",
3293
+ "uuid": "5a3ce711-a0dc-4dbe-b59e-495a950d210f"
3294
+ }
3295
+ ],
3296
+ "comment": "Win32/Sednit.BG",
3297
+ "deleted": false,
3298
+ "description": "File object describing a file with meta-information",
3299
+ "distribution": "5",
3300
+ "event_id": "9747",
3301
+ "id": "1591",
3302
+ "meta-category": "file",
3303
+ "name": "file",
3304
+ "sharing_group_id": "0",
3305
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3306
+ "template_version": "8",
3307
+ "timestamp": "1513940753",
3308
+ "uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f"
3309
+ },
3310
+ {
3311
+ "Attribute": [
3312
+ {
3313
+ "category": "Network activity",
3314
+ "comment": "",
3315
+ "deleted": false,
3316
+ "disable_correlation": false,
3317
+ "distribution": "5",
3318
+ "event_id": "9747",
3319
+ "id": "1189033",
3320
+ "object_id": "1592",
3321
+ "object_relation": "ip",
3322
+ "sharing_group_id": "0",
3323
+ "timestamp": "1513940362",
3324
+ "to_ids": true,
3325
+ "type": "ip-dst",
3326
+ "uuid": "5a3ce58a-fcd8-48d5-8b4a-4fd9950d210f",
3327
+ "value": "87.236.211.182"
3328
+ },
3329
+ {
3330
+ "category": "Network activity",
3331
+ "comment": "",
3332
+ "deleted": false,
3333
+ "disable_correlation": false,
3334
+ "distribution": "5",
3335
+ "event_id": "9747",
3336
+ "id": "1189034",
3337
+ "object_id": "1592",
3338
+ "object_relation": "domain",
3339
+ "sharing_group_id": "0",
3340
+ "timestamp": "1513940362",
3341
+ "to_ids": true,
3342
+ "type": "domain",
3343
+ "uuid": "5a3ce58a-6e14-48ea-9746-48f2950d210f",
3344
+ "value": "servicecdp.com"
3345
+ }
3346
+ ],
3347
+ "comment": "",
3348
+ "deleted": false,
3349
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3350
+ "distribution": "5",
3351
+ "event_id": "9747",
3352
+ "id": "1592",
3353
+ "meta-category": "network",
3354
+ "name": "domain-ip",
3355
+ "sharing_group_id": "0",
3356
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3357
+ "template_version": "5",
3358
+ "timestamp": "1513940362",
3359
+ "uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
3360
+ },
3361
+ {
3362
+ "Attribute": [
3363
+ {
3364
+ "category": "Network activity",
3365
+ "comment": "",
3366
+ "deleted": false,
3367
+ "disable_correlation": false,
3368
+ "distribution": "5",
3369
+ "event_id": "9747",
3370
+ "id": "1189035",
3371
+ "object_id": "1593",
3372
+ "object_relation": "ip",
3373
+ "sharing_group_id": "0",
3374
+ "timestamp": "1513940472",
3375
+ "to_ids": true,
3376
+ "type": "ip-dst",
3377
+ "uuid": "5a3ce5f8-99b4-41a2-915a-4bf8950d210f",
3378
+ "value": "95.215.45.43"
3379
+ },
3380
+ {
3381
+ "category": "Network activity",
3382
+ "comment": "",
3383
+ "deleted": false,
3384
+ "disable_correlation": false,
3385
+ "distribution": "5",
3386
+ "event_id": "9747",
3387
+ "id": "1189036",
3388
+ "object_id": "1593",
3389
+ "object_relation": "domain",
3390
+ "sharing_group_id": "0",
3391
+ "timestamp": "1513940472",
3392
+ "to_ids": true,
3393
+ "type": "domain",
3394
+ "uuid": "5a3ce5f8-62c8-4f04-89c2-4aeb950d210f",
3395
+ "value": "wmdmediacodecs.com"
3396
+ }
3397
+ ],
3398
+ "comment": "",
3399
+ "deleted": false,
3400
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3401
+ "distribution": "5",
3402
+ "event_id": "9747",
3403
+ "id": "1593",
3404
+ "meta-category": "network",
3405
+ "name": "domain-ip",
3406
+ "sharing_group_id": "0",
3407
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3408
+ "template_version": "5",
3409
+ "timestamp": "1513940472",
3410
+ "uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
3411
+ },
3412
+ {
3413
+ "Attribute": [
3414
+ {
3415
+ "category": "Network activity",
3416
+ "comment": "",
3417
+ "deleted": false,
3418
+ "disable_correlation": false,
3419
+ "distribution": "5",
3420
+ "event_id": "9747",
3421
+ "id": "1189037",
3422
+ "object_id": "1594",
3423
+ "object_relation": "ip",
3424
+ "sharing_group_id": "0",
3425
+ "timestamp": "1513940490",
3426
+ "to_ids": true,
3427
+ "type": "ip-dst",
3428
+ "uuid": "5a3ce60a-cc50-4553-bfff-4ea9950d210f",
3429
+ "value": "89.45.67.144"
3430
+ },
3431
+ {
3432
+ "category": "Network activity",
3433
+ "comment": "",
3434
+ "deleted": false,
3435
+ "disable_correlation": false,
3436
+ "distribution": "5",
3437
+ "event_id": "9747",
3438
+ "id": "1189038",
3439
+ "object_id": "1594",
3440
+ "object_relation": "domain",
3441
+ "sharing_group_id": "0",
3442
+ "timestamp": "1513940491",
3443
+ "to_ids": true,
3444
+ "type": "domain",
3445
+ "uuid": "5a3ce60b-e648-4667-8432-4ba8950d210f",
3446
+ "value": "mvband.net"
3447
+ }
3448
+ ],
3449
+ "comment": "",
3450
+ "deleted": false,
3451
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3452
+ "distribution": "5",
3453
+ "event_id": "9747",
3454
+ "id": "1594",
3455
+ "meta-category": "network",
3456
+ "name": "domain-ip",
3457
+ "sharing_group_id": "0",
3458
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3459
+ "template_version": "5",
3460
+ "timestamp": "1513940490",
3461
+ "uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
3462
+ },
3463
+ {
3464
+ "Attribute": [
3465
+ {
3466
+ "category": "Network activity",
3467
+ "comment": "",
3468
+ "deleted": false,
3469
+ "disable_correlation": false,
3470
+ "distribution": "5",
3471
+ "event_id": "9747",
3472
+ "id": "1189039",
3473
+ "object_id": "1595",
3474
+ "object_relation": "ip",
3475
+ "sharing_group_id": "0",
3476
+ "timestamp": "1513940506",
3477
+ "to_ids": true,
3478
+ "type": "ip-dst",
3479
+ "uuid": "5a3ce61a-4458-4c36-866e-44e9950d210f",
3480
+ "value": "89.33.246.117"
3481
+ },
3482
+ {
3483
+ "category": "Network activity",
3484
+ "comment": "",
3485
+ "deleted": false,
3486
+ "disable_correlation": false,
3487
+ "distribution": "5",
3488
+ "event_id": "9747",
3489
+ "id": "1189040",
3490
+ "object_id": "1595",
3491
+ "object_relation": "domain",
3492
+ "sharing_group_id": "0",
3493
+ "timestamp": "1513940506",
3494
+ "to_ids": true,
3495
+ "type": "domain",
3496
+ "uuid": "5a3ce61a-f820-4a43-b3d9-47e5950d210f",
3497
+ "value": "mvtband.net"
3498
+ }
3499
+ ],
3500
+ "comment": "",
3501
+ "deleted": false,
3502
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3503
+ "distribution": "5",
3504
+ "event_id": "9747",
3505
+ "id": "1595",
3506
+ "meta-category": "network",
3507
+ "name": "domain-ip",
3508
+ "sharing_group_id": "0",
3509
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3510
+ "template_version": "5",
3511
+ "timestamp": "1513940506",
3512
+ "uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
3513
+ },
3514
+ {
3515
+ "Attribute": [
3516
+ {
3517
+ "category": "Network activity",
3518
+ "comment": "",
3519
+ "deleted": false,
3520
+ "disable_correlation": false,
3521
+ "distribution": "5",
3522
+ "event_id": "9747",
3523
+ "id": "1189041",
3524
+ "object_id": "1596",
3525
+ "object_relation": "ip",
3526
+ "sharing_group_id": "0",
3527
+ "timestamp": "1513940542",
3528
+ "to_ids": true,
3529
+ "type": "ip-dst",
3530
+ "uuid": "5a3ce63e-66d4-483f-bae6-44f6950d210f",
3531
+ "value": "87.236.211.182"
3532
+ },
3533
+ {
3534
+ "category": "Network activity",
3535
+ "comment": "",
3536
+ "deleted": false,
3537
+ "disable_correlation": false,
3538
+ "distribution": "5",
3539
+ "event_id": "9747",
3540
+ "id": "1189042",
3541
+ "object_id": "1596",
3542
+ "object_relation": "domain",
3543
+ "sharing_group_id": "0",
3544
+ "timestamp": "1513940542",
3545
+ "to_ids": true,
3546
+ "type": "domain",
3547
+ "uuid": "5a3ce63e-0d88-405b-82a9-43b5950d210f",
3548
+ "value": "servicecdp.com"
3549
+ }
3550
+ ],
3551
+ "comment": "",
3552
+ "deleted": false,
3553
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3554
+ "distribution": "5",
3555
+ "event_id": "9747",
3556
+ "id": "1596",
3557
+ "meta-category": "network",
3558
+ "name": "domain-ip",
3559
+ "sharing_group_id": "0",
3560
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3561
+ "template_version": "5",
3562
+ "timestamp": "1513940542",
3563
+ "uuid": "5a3ce63e-0240-46f5-b9ed-4759950d210f"
3564
+ },
3565
+ {
3566
+ "Attribute": [
3567
+ {
3568
+ "category": "Network activity",
3569
+ "comment": "",
3570
+ "deleted": false,
3571
+ "disable_correlation": false,
3572
+ "distribution": "5",
3573
+ "event_id": "9747",
3574
+ "id": "1189043",
3575
+ "object_id": "1597",
3576
+ "object_relation": "ip",
3577
+ "sharing_group_id": "0",
3578
+ "timestamp": "1513940558",
3579
+ "to_ids": true,
3580
+ "type": "ip-dst",
3581
+ "uuid": "5a3ce64e-d7a8-4817-a132-4c72950d210f",
3582
+ "value": "185.156.173.70"
3583
+ },
3584
+ {
3585
+ "category": "Network activity",
3586
+ "comment": "",
3587
+ "deleted": false,
3588
+ "disable_correlation": false,
3589
+ "distribution": "5",
3590
+ "event_id": "9747",
3591
+ "id": "1189044",
3592
+ "object_id": "1597",
3593
+ "object_relation": "domain",
3594
+ "sharing_group_id": "0",
3595
+ "timestamp": "1513940558",
3596
+ "to_ids": true,
3597
+ "type": "domain",
3598
+ "uuid": "5a3ce64e-243c-4931-b733-403c950d210f",
3599
+ "value": "runvercheck.com"
3600
+ }
3601
+ ],
3602
+ "comment": "",
3603
+ "deleted": false,
3604
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3605
+ "distribution": "5",
3606
+ "event_id": "9747",
3607
+ "id": "1597",
3608
+ "meta-category": "network",
3609
+ "name": "domain-ip",
3610
+ "sharing_group_id": "0",
3611
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3612
+ "template_version": "5",
3613
+ "timestamp": "1513940558",
3614
+ "uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
3615
+ },
3616
+ {
3617
+ "Attribute": [
3618
+ {
3619
+ "category": "Network activity",
3620
+ "comment": "",
3621
+ "deleted": false,
3622
+ "disable_correlation": false,
3623
+ "distribution": "5",
3624
+ "event_id": "9747",
3625
+ "id": "1189045",
3626
+ "object_id": "1598",
3627
+ "object_relation": "ip",
3628
+ "sharing_group_id": "0",
3629
+ "timestamp": "1513940572",
3630
+ "to_ids": true,
3631
+ "type": "ip-dst",
3632
+ "uuid": "5a3ce65c-bf78-4b78-bafd-4cf6950d210f",
3633
+ "value": "191.101.31.96"
3634
+ },
3635
+ {
3636
+ "category": "Network activity",
3637
+ "comment": "",
3638
+ "deleted": false,
3639
+ "disable_correlation": false,
3640
+ "distribution": "5",
3641
+ "event_id": "9747",
3642
+ "id": "1189046",
3643
+ "object_id": "1598",
3644
+ "object_relation": "domain",
3645
+ "sharing_group_id": "0",
3646
+ "timestamp": "1513940572",
3647
+ "to_ids": true,
3648
+ "type": "domain",
3649
+ "uuid": "5a3ce65c-8140-4146-a927-45e4950d210f",
3650
+ "value": "remsupport.org"
3651
+ }
3652
+ ],
3653
+ "comment": "",
3654
+ "deleted": false,
3655
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3656
+ "distribution": "5",
3657
+ "event_id": "9747",
3658
+ "id": "1598",
3659
+ "meta-category": "network",
3660
+ "name": "domain-ip",
3661
+ "sharing_group_id": "0",
3662
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3663
+ "template_version": "5",
3664
+ "timestamp": "1513940572",
3665
+ "uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
3666
+ },
3667
+ {
3668
+ "Attribute": [
3669
+ {
3670
+ "category": "Network activity",
3671
+ "comment": "",
3672
+ "deleted": false,
3673
+ "disable_correlation": false,
3674
+ "distribution": "5",
3675
+ "event_id": "9747",
3676
+ "id": "1189047",
3677
+ "object_id": "1599",
3678
+ "object_relation": "ip",
3679
+ "sharing_group_id": "0",
3680
+ "timestamp": "1513940591",
3681
+ "to_ids": true,
3682
+ "type": "ip-dst",
3683
+ "uuid": "5a3ce66f-150c-43ec-a3ff-4aa5950d210f",
3684
+ "value": "89.187.150.44"
3685
+ },
3686
+ {
3687
+ "category": "Network activity",
3688
+ "comment": "",
3689
+ "deleted": false,
3690
+ "disable_correlation": false,
3691
+ "distribution": "5",
3692
+ "event_id": "9747",
3693
+ "id": "1189048",
3694
+ "object_id": "1599",
3695
+ "object_relation": "domain",
3696
+ "sharing_group_id": "0",
3697
+ "timestamp": "1513940591",
3698
+ "to_ids": true,
3699
+ "type": "domain",
3700
+ "uuid": "5a3ce66f-466c-478e-8064-4b42950d210f",
3701
+ "value": "viters.org"
3702
+ }
3703
+ ],
3704
+ "comment": "",
3705
+ "deleted": false,
3706
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3707
+ "distribution": "5",
3708
+ "event_id": "9747",
3709
+ "id": "1599",
3710
+ "meta-category": "network",
3711
+ "name": "domain-ip",
3712
+ "sharing_group_id": "0",
3713
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3714
+ "template_version": "5",
3715
+ "timestamp": "1513940590",
3716
+ "uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
3717
+ },
3718
+ {
3719
+ "Attribute": [
3720
+ {
3721
+ "category": "Network activity",
3722
+ "comment": "",
3723
+ "deleted": false,
3724
+ "disable_correlation": false,
3725
+ "distribution": "5",
3726
+ "event_id": "9747",
3727
+ "id": "1189049",
3728
+ "object_id": "1600",
3729
+ "object_relation": "ip",
3730
+ "sharing_group_id": "0",
3731
+ "timestamp": "1513940608",
3732
+ "to_ids": true,
3733
+ "type": "ip-dst",
3734
+ "uuid": "5a3ce680-7b04-466d-b187-4301950d210f",
3735
+ "value": "146.185.253.132"
3736
+ },
3737
+ {
3738
+ "category": "Network activity",
3739
+ "comment": "",
3740
+ "deleted": false,
3741
+ "disable_correlation": false,
3742
+ "distribution": "5",
3743
+ "event_id": "9747",
3744
+ "id": "1189050",
3745
+ "object_id": "1600",
3746
+ "object_relation": "domain",
3747
+ "sharing_group_id": "0",
3748
+ "timestamp": "1513940608",
3749
+ "to_ids": true,
3750
+ "type": "domain",
3751
+ "uuid": "5a3ce680-12f4-4001-9f86-4aa4950d210f",
3752
+ "value": "myinvestgroup.com"
3753
+ }
3754
+ ],
3755
+ "comment": "",
3756
+ "deleted": false,
3757
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3758
+ "distribution": "5",
3759
+ "event_id": "9747",
3760
+ "id": "1600",
3761
+ "meta-category": "network",
3762
+ "name": "domain-ip",
3763
+ "sharing_group_id": "0",
3764
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3765
+ "template_version": "5",
3766
+ "timestamp": "1513940608",
3767
+ "uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
3768
+ },
3769
+ {
3770
+ "Attribute": [
3771
+ {
3772
+ "category": "Network activity",
3773
+ "comment": "",
3774
+ "deleted": false,
3775
+ "disable_correlation": false,
3776
+ "distribution": "5",
3777
+ "event_id": "9747",
3778
+ "id": "1189051",
3779
+ "object_id": "1601",
3780
+ "object_relation": "ip",
3781
+ "sharing_group_id": "0",
3782
+ "timestamp": "1513940621",
3783
+ "to_ids": true,
3784
+ "type": "ip-dst",
3785
+ "uuid": "5a3ce68d-0108-4557-8921-4377950d210f",
3786
+ "value": "86.106.131.141"
3787
+ },
3788
+ {
3789
+ "category": "Network activity",
3790
+ "comment": "",
3791
+ "deleted": false,
3792
+ "disable_correlation": false,
3793
+ "distribution": "5",
3794
+ "event_id": "9747",
3795
+ "id": "1189052",
3796
+ "object_id": "1601",
3797
+ "object_relation": "domain",
3798
+ "sharing_group_id": "0",
3799
+ "timestamp": "1513940622",
3800
+ "to_ids": true,
3801
+ "type": "domain",
3802
+ "uuid": "5a3ce68e-54d0-4c67-8c4c-4dea950d210f",
3803
+ "value": "space-delivery.com"
3804
+ }
3805
+ ],
3806
+ "comment": "",
3807
+ "deleted": false,
3808
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3809
+ "distribution": "5",
3810
+ "event_id": "9747",
3811
+ "id": "1601",
3812
+ "meta-category": "network",
3813
+ "name": "domain-ip",
3814
+ "sharing_group_id": "0",
3815
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3816
+ "template_version": "5",
3817
+ "timestamp": "1513940621",
3818
+ "uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
3819
+ },
3820
+ {
3821
+ "Attribute": [
3822
+ {
3823
+ "category": "Network activity",
3824
+ "comment": "",
3825
+ "deleted": false,
3826
+ "disable_correlation": false,
3827
+ "distribution": "5",
3828
+ "event_id": "9747",
3829
+ "id": "1189054",
3830
+ "object_id": "1602",
3831
+ "object_relation": "ip",
3832
+ "sharing_group_id": "0",
3833
+ "timestamp": "1513940642",
3834
+ "to_ids": true,
3835
+ "type": "ip-dst",
3836
+ "uuid": "5a3ce6a2-4a38-4b90-8d74-4f10950d210f",
3837
+ "value": "89.34.111.160"
3838
+ },
3839
+ {
3840
+ "category": "Network activity",
3841
+ "comment": "",
3842
+ "deleted": false,
3843
+ "disable_correlation": false,
3844
+ "distribution": "5",
3845
+ "event_id": "9747",
3846
+ "id": "1189055",
3847
+ "object_id": "1602",
3848
+ "object_relation": "domain",
3849
+ "sharing_group_id": "0",
3850
+ "timestamp": "1513940642",
3851
+ "to_ids": true,
3852
+ "type": "domain",
3853
+ "uuid": "5a3ce6a2-ffa4-4afb-89ab-42a6950d210f",
3854
+ "value": "satellitedeluxpanorama.com"
3855
+ }
3856
+ ],
3857
+ "comment": "",
3858
+ "deleted": false,
3859
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3860
+ "distribution": "5",
3861
+ "event_id": "9747",
3862
+ "id": "1602",
3863
+ "meta-category": "network",
3864
+ "name": "domain-ip",
3865
+ "sharing_group_id": "0",
3866
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3867
+ "template_version": "5",
3868
+ "timestamp": "1513940641",
3869
+ "uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
3870
+ },
3871
+ {
3872
+ "Attribute": [
3873
+ {
3874
+ "category": "Network activity",
3875
+ "comment": "",
3876
+ "deleted": false,
3877
+ "disable_correlation": false,
3878
+ "distribution": "5",
3879
+ "event_id": "9747",
3880
+ "id": "1189056",
3881
+ "object_id": "1603",
3882
+ "object_relation": "ip",
3883
+ "sharing_group_id": "0",
3884
+ "timestamp": "1513940654",
3885
+ "to_ids": true,
3886
+ "type": "ip-dst",
3887
+ "uuid": "5a3ce6ae-601c-44b8-8eec-4a5f950d210f",
3888
+ "value": "185.216.35.26"
3889
+ },
3890
+ {
3891
+ "category": "Network activity",
3892
+ "comment": "",
3893
+ "deleted": false,
3894
+ "disable_correlation": false,
3895
+ "distribution": "5",
3896
+ "event_id": "9747",
3897
+ "id": "1189057",
3898
+ "object_id": "1603",
3899
+ "object_relation": "domain",
3900
+ "sharing_group_id": "0",
3901
+ "timestamp": "1513940654",
3902
+ "to_ids": true,
3903
+ "type": "domain",
3904
+ "uuid": "5a3ce6ae-3b00-420a-82fd-45fb950d210f",
3905
+ "value": "webviewres.net"
3906
+ }
3907
+ ],
3908
+ "comment": "",
3909
+ "deleted": false,
3910
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3911
+ "distribution": "5",
3912
+ "event_id": "9747",
3913
+ "id": "1603",
3914
+ "meta-category": "network",
3915
+ "name": "domain-ip",
3916
+ "sharing_group_id": "0",
3917
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3918
+ "template_version": "5",
3919
+ "timestamp": "1513940654",
3920
+ "uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
3921
+ }
3922
+ ],
3923
+ "Org": {
3924
+ "id": "2",
3925
+ "name": "CIRCL",
3926
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3927
+ },
3928
+ "Orgc": {
3929
+ "id": "2",
3930
+ "name": "CIRCL",
3931
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3932
+ },
3933
+ "RelatedEvent": [
3934
+ {
3935
+ "Event": {
3936
+ "Org": {
3937
+ "id": "2",
3938
+ "name": "CIRCL",
3939
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3940
+ },
3941
+ "Orgc": {
3942
+ "id": "2",
3943
+ "name": "CIRCL",
3944
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3945
+ },
3946
+ "analysis": "2",
3947
+ "date": "2017-12-14",
3948
+ "distribution": "3",
3949
+ "id": "9616",
3950
+ "info": "OSINT - Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure",
3951
+ "org_id": "2",
3952
+ "orgc_id": "2",
3953
+ "published": false,
3954
+ "threat_level_id": "3",
3955
+ "timestamp": "1513674510",
3956
+ "uuid": "5a329d19-03e0-4eaa-8b4d-4310950d210f"
3957
+ }
3958
+ },
3959
+ {
3960
+ "Event": {
3961
+ "Org": {
3962
+ "id": "2",
3963
+ "name": "CIRCL",
3964
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3965
+ },
3966
+ "Orgc": {
3967
+ "id": "2",
3968
+ "name": "CIRCL",
3969
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3970
+ },
3971
+ "analysis": "2",
3972
+ "date": "2017-12-07",
3973
+ "distribution": "3",
3974
+ "id": "9552",
3975
+ "info": "OSINT - Master Channel: The Boleto Mestre Campaign Targets Brazil",
3976
+ "org_id": "2",
3977
+ "orgc_id": "2",
3978
+ "published": false,
3979
+ "threat_level_id": "3",
3980
+ "timestamp": "1512657975",
3981
+ "uuid": "5a2943a3-c574-44bb-8e68-45de950d210f"
3982
+ }
3983
+ },
3984
+ {
3985
+ "Event": {
3986
+ "Org": {
3987
+ "id": "2",
3988
+ "name": "CIRCL",
3989
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3990
+ },
3991
+ "Orgc": {
3992
+ "id": "2",
3993
+ "name": "CIRCL",
3994
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3995
+ },
3996
+ "analysis": "0",
3997
+ "date": "2017-11-27",
3998
+ "distribution": "3",
3999
+ "id": "9513",
4000
+ "info": "OSINT - Tizi: Detecting and blocking socially engineered spyware on Android",
4001
+ "org_id": "2",
4002
+ "orgc_id": "2",
4003
+ "published": true,
4004
+ "threat_level_id": "3",
4005
+ "timestamp": "1512356440",
4006
+ "uuid": "5a23a972-e6a0-4a05-b505-4e8f02de0b81"
4007
+ }
4008
+ },
4009
+ {
4010
+ "Event": {
4011
+ "Org": {
4012
+ "id": "2",
4013
+ "name": "CIRCL",
4014
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4015
+ },
4016
+ "Orgc": {
4017
+ "id": "2",
4018
+ "name": "CIRCL",
4019
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4020
+ },
4021
+ "analysis": "2",
4022
+ "date": "2017-11-07",
4023
+ "distribution": "3",
4024
+ "id": "9309",
4025
+ "info": "OSINT - Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack",
4026
+ "org_id": "2",
4027
+ "orgc_id": "2",
4028
+ "published": true,
4029
+ "threat_level_id": "3",
4030
+ "timestamp": "1511385862",
4031
+ "uuid": "5a021bc2-8e0c-4ac5-b048-cc3e02de0b81"
4032
+ }
4033
+ },
4034
+ {
4035
+ "Event": {
4036
+ "Org": {
4037
+ "id": "291",
4038
+ "name": "NCSC-NL",
4039
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4040
+ },
4041
+ "Orgc": {
4042
+ "id": "291",
4043
+ "name": "NCSC-NL",
4044
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4045
+ },
4046
+ "analysis": "2",
4047
+ "date": "2017-10-23",
4048
+ "distribution": "3",
4049
+ "id": "9208",
4050
+ "info": "Talos: \"Cyber Conflict\" Decoy Document Used In Real Cyber Conflict",
4051
+ "org_id": "291",
4052
+ "orgc_id": "291",
4053
+ "published": true,
4054
+ "threat_level_id": "2",
4055
+ "timestamp": "1510088616",
4056
+ "uuid": "59ed9c81-6484-47a9-aab4-191d0a950b0c"
4057
+ }
4058
+ },
4059
+ {
4060
+ "Event": {
4061
+ "Org": {
4062
+ "id": "2",
4063
+ "name": "CIRCL",
4064
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4065
+ },
4066
+ "Orgc": {
4067
+ "id": "2",
4068
+ "name": "CIRCL",
4069
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4070
+ },
4071
+ "analysis": "2",
4072
+ "date": "2017-08-11",
4073
+ "distribution": "3",
4074
+ "id": "8798",
4075
+ "info": "OSINT - APT28 Targets Hospitality Sector, Presents Threat to Travelers",
4076
+ "org_id": "2",
4077
+ "orgc_id": "2",
4078
+ "published": true,
4079
+ "threat_level_id": "3",
4080
+ "timestamp": "1502460096",
4081
+ "uuid": "598db7fd-47a8-45f8-9414-408b02de0b81"
4082
+ }
4083
+ },
4084
+ {
4085
+ "Event": {
4086
+ "Org": {
4087
+ "id": "231",
4088
+ "name": "kingfisherops.com",
4089
+ "uuid": "566ff5f4-7020-4089-9003-4374950d210f"
4090
+ },
4091
+ "Orgc": {
4092
+ "id": "204",
4093
+ "name": "CERT-BUND",
4094
+ "uuid": "56a64d7a-63dc-4471-bce9-4accc25ed029"
4095
+ },
4096
+ "analysis": "0",
4097
+ "date": "2017-07-25",
4098
+ "distribution": "3",
4099
+ "id": "8750",
4100
+ "info": "European Defence Agency lure drops mssuppa.dat",
4101
+ "org_id": "231",
4102
+ "orgc_id": "204",
4103
+ "published": true,
4104
+ "threat_level_id": "2",
4105
+ "timestamp": "1500967989",
4106
+ "uuid": "5976f294-a844-44fe-a4f0-6c67c25ed029"
4107
+ }
4108
+ },
4109
+ {
4110
+ "Event": {
4111
+ "Org": {
4112
+ "id": "277",
4113
+ "name": "inthreat.com",
4114
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4115
+ },
4116
+ "Orgc": {
4117
+ "id": "277",
4118
+ "name": "inthreat.com",
4119
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4120
+ },
4121
+ "analysis": "2",
4122
+ "date": "2017-05-11",
4123
+ "distribution": "3",
4124
+ "id": "7820",
4125
+ "info": "APT28-Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy",
4126
+ "org_id": "277",
4127
+ "orgc_id": "277",
4128
+ "published": true,
4129
+ "threat_level_id": "2",
4130
+ "timestamp": "1494824291",
4131
+ "uuid": "59147a22-3100-4779-9377-360395ca48b7"
4132
+ }
4133
+ },
4134
+ {
4135
+ "Event": {
4136
+ "Org": {
4137
+ "id": "2",
4138
+ "name": "CIRCL",
4139
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4140
+ },
4141
+ "Orgc": {
4142
+ "id": "2",
4143
+ "name": "CIRCL",
4144
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4145
+ },
4146
+ "analysis": "2",
4147
+ "date": "2017-05-09",
4148
+ "distribution": "3",
4149
+ "id": "7801",
4150
+ "info": "OSINT - EPS Processing Zero-Days Exploited by Multiple Threat Actors",
4151
+ "org_id": "2",
4152
+ "orgc_id": "2",
4153
+ "published": true,
4154
+ "threat_level_id": "3",
4155
+ "timestamp": "1494354378",
4156
+ "uuid": "59120865-27e0-4e6d-9b74-4a9f950d210f"
4157
+ }
4158
+ },
4159
+ {
4160
+ "Event": {
4161
+ "Org": {
4162
+ "id": "2",
4163
+ "name": "CIRCL",
4164
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4165
+ },
4166
+ "Orgc": {
4167
+ "id": "2",
4168
+ "name": "CIRCL",
4169
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4170
+ },
4171
+ "analysis": "0",
4172
+ "date": "2016-12-29",
4173
+ "distribution": "3",
4174
+ "id": "5667",
4175
+ "info": "OSINT - GRIZZLY STEPPE – Russian Malicious Cyber Activity",
4176
+ "org_id": "2",
4177
+ "orgc_id": "2",
4178
+ "published": true,
4179
+ "threat_level_id": "3",
4180
+ "timestamp": "1494853878",
4181
+ "uuid": "58658c15-54ac-43c3-9beb-414502de0b81"
4182
+ }
4183
+ },
4184
+ {
4185
+ "Event": {
4186
+ "Org": {
4187
+ "id": "277",
4188
+ "name": "inthreat.com",
4189
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4190
+ },
4191
+ "Orgc": {
4192
+ "id": "277",
4193
+ "name": "inthreat.com",
4194
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4195
+ },
4196
+ "analysis": "2",
4197
+ "date": "2016-12-20",
4198
+ "distribution": "1",
4199
+ "id": "5616",
4200
+ "info": "APT28-The Sofacy Group's DealersChoice Attacks Continue",
4201
+ "org_id": "277",
4202
+ "orgc_id": "277",
4203
+ "published": true,
4204
+ "threat_level_id": "2",
4205
+ "timestamp": "1494829249",
4206
+ "uuid": "58594faf-e98c-4c03-a58c-43cf95ca48b7"
4207
+ }
4208
+ },
4209
+ {
4210
+ "Event": {
4211
+ "Org": {
4212
+ "id": "291",
4213
+ "name": "NCSC-NL",
4214
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4215
+ },
4216
+ "Orgc": {
4217
+ "id": "291",
4218
+ "name": "NCSC-NL",
4219
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4220
+ },
4221
+ "analysis": "1",
4222
+ "date": "2016-11-09",
4223
+ "distribution": "3",
4224
+ "id": "5348",
4225
+ "info": "[APT-28/Sofacy]Pawn Storm Ramps Up [European Government] Spear-phishing Before Zero-Days Get Patched",
4226
+ "org_id": "291",
4227
+ "orgc_id": "291",
4228
+ "published": true,
4229
+ "threat_level_id": "1",
4230
+ "timestamp": "1481709638",
4231
+ "uuid": "582341ff-0830-4b32-aaba-08640a950b0c"
4232
+ }
4233
+ },
4234
+ {
4235
+ "Event": {
4236
+ "Org": {
4237
+ "id": "74",
4238
+ "name": "PwC.lu",
4239
+ "uuid": "55f6ea61-4f74-40b6-a6df-4ff9950d210f"
4240
+ },
4241
+ "Orgc": {
4242
+ "id": "325",
4243
+ "name": "CUDESO",
4244
+ "uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
4245
+ },
4246
+ "analysis": "2",
4247
+ "date": "2016-11-09",
4248
+ "distribution": "3",
4249
+ "id": "5641",
4250
+ "info": "Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched",
4251
+ "org_id": "74",
4252
+ "orgc_id": "325",
4253
+ "published": true,
4254
+ "threat_level_id": "2",
4255
+ "timestamp": "1478712711",
4256
+ "uuid": "58235d0e-34d4-41c1-9a2e-04dcc0a8ab16"
4257
+ }
4258
+ },
4259
+ {
4260
+ "Event": {
4261
+ "Org": {
4262
+ "id": "335",
4263
+ "name": "Orange CERT-CC",
4264
+ "uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
4265
+ },
4266
+ "Orgc": {
4267
+ "id": "335",
4268
+ "name": "Orange CERT-CC",
4269
+ "uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
4270
+ },
4271
+ "analysis": "0",
4272
+ "date": "2016-10-18",
4273
+ "distribution": "0",
4274
+ "id": "5163",
4275
+ "info": "Orange-CERT-CC Test #01",
4276
+ "org_id": "335",
4277
+ "orgc_id": "335",
4278
+ "published": false,
4279
+ "threat_level_id": "3",
4280
+ "timestamp": "1476782422",
4281
+ "uuid": "5805e8a5-611c-498b-839b-bd57950d210f"
4282
+ }
4283
+ },
4284
+ {
4285
+ "Event": {
4286
+ "Org": {
4287
+ "id": "278",
4288
+ "name": "TDC.dk",
4289
+ "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4290
+ },
4291
+ "Orgc": {
4292
+ "id": "278",
4293
+ "name": "TDC.dk",
4294
+ "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4295
+ },
4296
+ "analysis": "2",
4297
+ "date": "2016-10-17",
4298
+ "distribution": "3",
4299
+ "id": "5165",
4300
+ "info": "OSINT: ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform",
4301
+ "org_id": "278",
4302
+ "orgc_id": "278",
4303
+ "published": true,
4304
+ "threat_level_id": "1",
4305
+ "timestamp": "1476789563",
4306
+ "uuid": "580602f6-f8b8-4ac3-9813-7bf7bce2ab96"
4307
+ }
4308
+ },
4309
+ {
4310
+ "Event": {
4311
+ "Org": {
4312
+ "id": "412",
4313
+ "name": "TS",
4314
+ "uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
4315
+ },
4316
+ "Orgc": {
4317
+ "id": "412",
4318
+ "name": "TS",
4319
+ "uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
4320
+ },
4321
+ "analysis": "2",
4322
+ "date": "2016-08-19",
4323
+ "distribution": "1",
4324
+ "id": "4710",
4325
+ "info": "bullettin.doc sample, linked to APT28 campaign",
4326
+ "org_id": "412",
4327
+ "orgc_id": "412",
4328
+ "published": true,
4329
+ "threat_level_id": "1",
4330
+ "timestamp": "1476776982",
4331
+ "uuid": "57b7248f-283c-442e-8e02-2d0f5b86d7e5"
4332
+ }
4333
+ },
4334
+ {
4335
+ "Event": {
4336
+ "Org": {
4337
+ "id": "277",
4338
+ "name": "inthreat.com",
4339
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4340
+ },
4341
+ "Orgc": {
4342
+ "id": "277",
4343
+ "name": "inthreat.com",
4344
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4345
+ },
4346
+ "analysis": "2",
4347
+ "date": "2016-06-20",
4348
+ "distribution": "3",
4349
+ "id": "4172",
4350
+ "info": "APT28 and APT29 - Inside the DNC Breaches",
4351
+ "org_id": "277",
4352
+ "orgc_id": "277",
4353
+ "published": true,
4354
+ "threat_level_id": "2",
4355
+ "timestamp": "1494829231",
4356
+ "uuid": "5767c102-c170-4124-ae3d-7bef95ca48b7"
4357
+ }
4358
+ },
4359
+ {
4360
+ "Event": {
4361
+ "Org": {
4362
+ "id": "347",
4363
+ "name": "incibe.es",
4364
+ "uuid": "5720623c-129c-4989-ae9d-4a11950d210f"
4365
+ },
4366
+ "Orgc": {
4367
+ "id": "665",
4368
+ "name": "INCIBE",
4369
+ "uuid": "56fa4fe4-f528-4480-8332-1ba3c0a80a8c"
4370
+ },
4371
+ "analysis": "2",
4372
+ "date": "2016-06-16",
4373
+ "distribution": "3",
4374
+ "id": "6131",
4375
+ "info": "New Sofacy (APT28) attacks against a US Government Agency",
4376
+ "org_id": "347",
4377
+ "orgc_id": "665",
4378
+ "published": true,
4379
+ "threat_level_id": "1",
4380
+ "timestamp": "1488792538",
4381
+ "uuid": "5762a86a-e314-4e4e-ba5a-51c5c0a80a8e"
4382
+ }
4383
+ },
4384
+ {
4385
+ "Event": {
4386
+ "Org": {
4387
+ "id": "26",
4388
+ "name": "CthulhuSPRL.be",
4389
+ "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
4390
+ },
4391
+ "Orgc": {
4392
+ "id": "26",
4393
+ "name": "CthulhuSPRL.be",
4394
+ "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
4395
+ },
4396
+ "analysis": "2",
4397
+ "date": "2016-06-15",
4398
+ "distribution": "3",
4399
+ "id": "3987",
4400
+ "info": "OSINT New Sofacy Attacks Against US Government Agency by Palo Alto Unit 42",
4401
+ "org_id": "26",
4402
+ "orgc_id": "26",
4403
+ "published": true,
4404
+ "threat_level_id": "1",
4405
+ "timestamp": "1466000907",
4406
+ "uuid": "57613790-f6b4-4895-943f-4467950d210f"
4407
+ }
4408
+ },
4409
+ {
4410
+ "Event": {
4411
+ "Org": {
4412
+ "id": "278",
4413
+ "name": "TDC.dk",
4414
+ "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4415
+ },
4416
+ "Orgc": {
4417
+ "id": "325",
4418
+ "name": "CUDESO",
4419
+ "uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
4420
+ },
4421
+ "analysis": "2",
4422
+ "date": "2016-06-14",
4423
+ "distribution": "3",
4424
+ "id": "4183",
4425
+ "info": "New Sofacy Attacks Against US Government Agency",
4426
+ "org_id": "278",
4427
+ "orgc_id": "325",
4428
+ "published": true,
4429
+ "threat_level_id": "2",
4430
+ "timestamp": "1467289109",
4431
+ "uuid": "57607369-2490-444a-9034-049fc0a8ab16"
4432
+ }
4433
+ }
4434
+ ],
4435
+ "Tag": [
4436
+ {
4437
+ "colour": "#00d622",
4438
+ "exportable": true,
4439
+ "hide_tag": false,
4440
+ "id": "2",
4441
+ "name": "tlp:white",
4442
+ "user_id": "0"
4443
+ },
4444
+ {
4445
+ "colour": "#ef0081",
4446
+ "exportable": true,
4447
+ "hide_tag": false,
4448
+ "id": "2986",
4449
+ "name": "workflow:state=\"incomplete\"",
4450
+ "user_id": "0"
4451
+ },
4452
+ {
4453
+ "colour": "#810046",
4454
+ "exportable": true,
4455
+ "hide_tag": false,
4456
+ "id": "2979",
4457
+ "name": "workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
4458
+ "user_id": "0"
4459
+ },
4460
+ {
4461
+ "colour": "#91004e",
4462
+ "exportable": true,
4463
+ "hide_tag": false,
4464
+ "id": "2980",
4465
+ "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"",
4466
+ "user_id": "0"
4467
+ },
4468
+ {
4469
+ "colour": "#12e000",
4470
+ "exportable": true,
4471
+ "hide_tag": false,
4472
+ "id": "1100",
4473
+ "name": "misp-galaxy:threat-actor=\"Sofacy\"",
4474
+ "user_id": "0"
4475
+ },
4476
+ {
4477
+ "colour": "#0088cc",
4478
+ "exportable": true,
4479
+ "hide_tag": false,
4480
+ "id": "3007",
4481
+ "name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
4482
+ "user_id": "0"
4483
+ },
4484
+ {
4485
+ "colour": "#0088cc",
4486
+ "exportable": true,
4487
+ "hide_tag": false,
4488
+ "id": "2215",
4489
+ "name": "misp-galaxy:tool=\"GAMEFISH\"",
4490
+ "user_id": "0"
4491
+ },
4492
+ {
4493
+ "colour": "#0088cc",
4494
+ "exportable": true,
4495
+ "hide_tag": false,
4496
+ "id": "3008",
4497
+ "name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
4498
+ "user_id": "0"
4499
+ },
4500
+ {
4501
+ "colour": "#0c9900",
4502
+ "exportable": true,
4503
+ "hide_tag": false,
4504
+ "id": "1012",
4505
+ "name": "misp-galaxy:tool=\"X-Tunnel\"",
4506
+ "user_id": "0"
4507
+ },
4508
+ {
4509
+ "colour": "#0088cc",
4510
+ "exportable": true,
4511
+ "hide_tag": false,
4512
+ "id": "3009",
4513
+ "name": "misp-galaxy:mitre-malware=\"XTunnel\"",
4514
+ "user_id": "0"
4515
+ },
4516
+ {
4517
+ "colour": "#0088cc",
4518
+ "exportable": true,
4519
+ "hide_tag": false,
4520
+ "id": "3010",
4521
+ "name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
4522
+ "user_id": "0"
4523
+ },
4524
+ {
4525
+ "colour": "#0088cc",
4526
+ "exportable": true,
4527
+ "hide_tag": false,
4528
+ "id": "3011",
4529
+ "name": "misp-galaxy:tool=\"EVILTOSS\"",
4530
+ "user_id": "0"
4531
+ },
4532
+ {
4533
+ "colour": "#0088cc",
4534
+ "exportable": true,
4535
+ "hide_tag": false,
4536
+ "id": "3012",
4537
+ "name": "misp-galaxy:mitre-malware=\"USBStealer\"",
4538
+ "user_id": "0"
4539
+ },
4540
+ {
4541
+ "colour": "#0c9800",
4542
+ "exportable": true,
4543
+ "hide_tag": false,
4544
+ "id": "1011",
4545
+ "name": "misp-galaxy:tool=\"X-Agent\"",
4546
+ "user_id": "0"
4547
+ },
4548
+ {
4549
+ "colour": "#0088cc",
4550
+ "exportable": true,
4551
+ "hide_tag": false,
4552
+ "id": "3013",
4553
+ "name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
4554
+ "user_id": "0"
4555
+ },
4556
+ {
4557
+ "colour": "#0088cc",
4558
+ "exportable": true,
4559
+ "hide_tag": false,
4560
+ "id": "3014",
4561
+ "name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
4562
+ "user_id": "0"
4563
+ },
4564
+ {
4565
+ "colour": "#0088cc",
4566
+ "exportable": true,
4567
+ "hide_tag": false,
4568
+ "id": "3015",
4569
+ "name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
4570
+ "user_id": "0"
4571
+ },
4572
+ {
4573
+ "colour": "#0088cc",
4574
+ "exportable": true,
4575
+ "hide_tag": false,
4576
+ "id": "3016",
4577
+ "name": "misp-galaxy:mitre-malware=\"Downdelph\"",
4578
+ "user_id": "0"
4579
+ }
4580
+ ],
4581
+ "analysis": "0",
4582
+ "attribute_count": "122",
4583
+ "date": "2017-12-21",
4584
+ "disable_correlation": false,
4585
+ "distribution": "3",
4586
+ "event_creator_email": "alexandre.dulaunoy@circl.lu",
4587
+ "id": "9747",
4588
+ "info": "OSINT - Sednit update: How Fancy Bear Spent the Year",
4589
+ "locked": false,
4590
+ "org_id": "2",
4591
+ "orgc_id": "2",
4592
+ "proposal_email_lock": false,
4593
+ "publish_timestamp": "0",
4594
+ "published": false,
4595
+ "sharing_group_id": "0",
4596
+ "threat_level_id": "3",
4597
+ "timestamp": "1513948642",
4598
+ "uuid": "5a3c2fcd-8328-42bb-a95e-4f4402de0b81"
4599
+ }