pymisp 2.5.4__py3-none-any.whl → 2.5.7__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (158) hide show
  1. CHANGELOG.txt +5380 -0
  2. examples/__init__.py +0 -0
  3. examples/add_attributes_from_csv.py +74 -0
  4. examples/add_email_object.py +29 -0
  5. examples/add_fail2ban_object.py +86 -0
  6. examples/add_feed.py +25 -0
  7. examples/add_file_object.py +47 -0
  8. examples/add_filetype_object_from_csv.py +53 -0
  9. examples/add_generic_object.py +26 -0
  10. examples/add_github_user.py +65 -0
  11. examples/add_gitlab_user.py +56 -0
  12. examples/add_named_attribute.py +25 -0
  13. examples/add_organisations.py +57 -0
  14. examples/add_ssh_authorized_keys.py +29 -0
  15. examples/add_user.py +22 -0
  16. examples/add_vehicle_object.py +22 -0
  17. examples/addtag2.py +45 -0
  18. examples/asciidoc_generator.py +114 -0
  19. examples/cache_all.py +10 -0
  20. examples/copyTagsFromAttributesToEvent.py +68 -0
  21. examples/copy_list.py +93 -0
  22. examples/create_events.py +26 -0
  23. examples/cytomic_orion.py +549 -0
  24. examples/del.py +22 -0
  25. examples/delete_user.py +16 -0
  26. examples/edit_organisation.py +20 -0
  27. examples/edit_user.py +20 -0
  28. examples/falsepositive_disabletoids.py +136 -0
  29. examples/fetch_events_feed.py +15 -0
  30. examples/fetch_warninglist_hits.py +38 -0
  31. examples/freetext.py +22 -0
  32. examples/generate_file_objects.py +78 -0
  33. examples/generate_meta_feed.py +15 -0
  34. examples/get.py +37 -0
  35. examples/get_csv.py +37 -0
  36. examples/get_network_activity.py +187 -0
  37. examples/last.py +48 -0
  38. examples/load_csv.py +94 -0
  39. examples/lookup.py +28 -0
  40. examples/misp2cef.py +71 -0
  41. examples/misp2clamav.py +52 -0
  42. examples/openioc_to_misp.py +27 -0
  43. examples/proofpoint_tap.py +203 -0
  44. examples/proofpoint_vap.py +65 -0
  45. examples/search.py +48 -0
  46. examples/search_attributes_yara.py +40 -0
  47. examples/search_sighting.py +42 -0
  48. examples/server_sync_check_conn.py +32 -0
  49. examples/sharing_groups.py +15 -0
  50. examples/show_sightings.py +168 -0
  51. examples/stats_report.py +405 -0
  52. examples/sync_sighting.py +171 -0
  53. examples/tags.py +25 -0
  54. examples/test_sign.py +19 -0
  55. examples/trustar_misp.py +59 -0
  56. examples/up.py +21 -0
  57. examples/upload.py +60 -0
  58. examples/users_list.py +15 -0
  59. examples/vmray_automation.py +281 -0
  60. examples/vt_to_misp.py +182 -0
  61. examples/warninglists.py +22 -0
  62. examples/yara.py +38 -0
  63. examples/yara_dump.py +98 -0
  64. pymisp/api.py +33 -5
  65. pymisp/data/misp-objects/objects/instagram-account/definition.json +66 -0
  66. pymisp/data/misp-objects/objects/lnk/definition.json +13 -1
  67. pymisp/data/misp-objects/objects/rmm/definition.json +88 -0
  68. pymisp/data/misp-objects/objects/target-system/definition.json +2 -2
  69. pymisp/data/misp-objects/schema_objects.json +1 -1
  70. pymisp/mispevent.py +8 -0
  71. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/METADATA +23 -28
  72. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/RECORD +140 -27
  73. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/WHEEL +1 -1
  74. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +1 -0
  75. tests/__init__.py +0 -0
  76. tests/csv_testfiles/invalid_fieldnames.csv +11 -0
  77. tests/csv_testfiles/valid_fieldnames.csv +4 -0
  78. tests/email_testfiles/mail_1.eml.zip +0 -0
  79. tests/email_testfiles/mail_1.msg +0 -0
  80. tests/email_testfiles/mail_1_bom.eml +858 -0
  81. tests/email_testfiles/mail_1_headers_only.eml +28 -0
  82. tests/email_testfiles/mail_2.eml +32 -0
  83. tests/email_testfiles/mail_3.eml +170 -0
  84. tests/email_testfiles/mail_3.msg +0 -0
  85. tests/email_testfiles/mail_4.msg +0 -0
  86. tests/email_testfiles/mail_5.msg +0 -0
  87. tests/email_testfiles/mail_multiple_to.eml +15 -0
  88. tests/email_testfiles/source +1 -0
  89. tests/git-vuln-finder-quagga.json +1493 -0
  90. tests/misp_event.json +76 -0
  91. tests/mispevent_testfiles/attribute.json +21 -0
  92. tests/mispevent_testfiles/attribute_del.json +23 -0
  93. tests/mispevent_testfiles/def_param.json +53 -0
  94. tests/mispevent_testfiles/event.json +8 -0
  95. tests/mispevent_testfiles/event_obj_attr_tag.json +57 -0
  96. tests/mispevent_testfiles/event_obj_def_param.json +62 -0
  97. tests/mispevent_testfiles/event_obj_tag.json +29 -0
  98. tests/mispevent_testfiles/event_tags.json +18 -0
  99. tests/mispevent_testfiles/existing_event.json +4599 -0
  100. tests/mispevent_testfiles/existing_event_edited.json +4601 -0
  101. tests/mispevent_testfiles/galaxy.json +25 -0
  102. tests/mispevent_testfiles/malware.json +19 -0
  103. tests/mispevent_testfiles/malware_exist.json +163 -0
  104. tests/mispevent_testfiles/misp_custom_obj.json +38 -0
  105. tests/mispevent_testfiles/overwrite_file/definition.json +457 -0
  106. tests/mispevent_testfiles/proposals.json +35 -0
  107. tests/mispevent_testfiles/shadow.json +148 -0
  108. tests/mispevent_testfiles/sighting.json +5 -0
  109. tests/mispevent_testfiles/simple.json +2 -0
  110. tests/mispevent_testfiles/test_object_template/definition.json +29 -0
  111. tests/new_misp_event.json +34 -0
  112. tests/reportlab_testfiles/HTML_event.json +1 -0
  113. tests/reportlab_testfiles/galaxy_1.json +1250 -0
  114. tests/reportlab_testfiles/image_event.json +2490 -0
  115. tests/reportlab_testfiles/japanese_test.json +156 -0
  116. tests/reportlab_testfiles/japanese_test_heavy.json +318 -0
  117. tests/reportlab_testfiles/long_event.json +3730 -0
  118. tests/reportlab_testfiles/mainly_objects_1.json +1092 -0
  119. tests/reportlab_testfiles/mainly_objects_2.json +977 -0
  120. tests/reportlab_testfiles/sighting_1.json +305 -0
  121. tests/reportlab_testfiles/sighting_2.json +221 -0
  122. tests/reportlab_testfiles/to_delete1.json +804 -0
  123. tests/reportlab_testfiles/to_delete2.json +1 -0
  124. tests/reportlab_testfiles/to_delete3.json +1 -0
  125. tests/reportlab_testfiles/very_long_event.json +1006 -0
  126. tests/reportlab_testoutputs/to_delete1.json.pdf +391 -0
  127. tests/reportlab_testoutputs/to_delete2.json.pdf +506 -0
  128. tests/reportlab_testoutputs/to_delete3.json.pdf +277 -0
  129. tests/search_index_result.json +69 -0
  130. tests/sharing_groups.json +98 -0
  131. tests/stix1.xml-utf8 +110 -0
  132. tests/stix2.json +1 -0
  133. tests/test_analyst_data.py +123 -0
  134. tests/test_emailobject.py +157 -0
  135. tests/test_fileobject.py +20 -0
  136. tests/test_mispevent.py +473 -0
  137. tests/test_reportlab.py +431 -0
  138. tests/testlive_comprehensive.py +3734 -0
  139. tests/testlive_sync.py +474 -0
  140. pymisp/data/misp-objects/.git +0 -1
  141. pymisp/data/misp-objects/.gitchangelog.rc +0 -289
  142. pymisp/data/misp-objects/.github/workflows/codeql.yml +0 -41
  143. pymisp/data/misp-objects/.github/workflows/nosetests.yml +0 -39
  144. pymisp/data/misp-objects/.travis.yml +0 -16
  145. pymisp/data/misp-objects/LICENSE-software-only.md +0 -661
  146. pymisp/data/misp-objects/LICENSE.md +0 -36
  147. pymisp/data/misp-objects/README.md +0 -567
  148. pymisp/data/misp-objects/docs/time-related-objects.ods +0 -0
  149. pymisp/data/misp-objects/docs/time-related-objects.pdf +0 -0
  150. pymisp/data/misp-objects/jq_all_the_things.sh +0 -29
  151. pymisp/data/misp-objects/tools/adoc_objects.py +0 -145
  152. pymisp/data/misp-objects/tools/alfred_links_to_relarelationships.py +0 -48
  153. pymisp/data/misp-objects/tools/list_of_objects.py +0 -50
  154. pymisp/data/misp-objects/tools/updated.sh +0 -6
  155. pymisp/data/misp-objects/tools/validate_opposites.sh +0 -17
  156. pymisp/data/misp-objects/unique_uuid.py +0 -16
  157. pymisp/data/misp-objects/validate_all.sh +0 -38
  158. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/LICENSE +0 -0
tests/mispevent_testfiles/existing_event_edited.json ADDED
@@ -0,0 +1,4601 @@
1
+ {
2
+ "Attribute": [
3
+ {
4
+ "Tag": [
5
+ {
6
+ "colour": "#00223b",
7
+ "exportable": true,
8
+ "hide_tag": false,
9
+ "id": "101",
10
+ "name": "osint:source-type=\"blog-post\"",
11
+ "user_id": "0"
12
+ },
13
+ {
14
+ "colour": "#007cd6",
15
+ "exportable": true,
16
+ "hide_tag": false,
17
+ "id": "618",
18
+ "name": "osint:certainty=\"93\"",
19
+ "user_id": "0"
20
+ }
21
+ ],
22
+ "category": "External analysis",
23
+ "comment": "",
24
+ "deleted": false,
25
+ "disable_correlation": false,
26
+ "distribution": "5",
27
+ "event_id": "9747",
28
+ "id": "1188757",
29
+ "object_id": "0",
30
+ "sharing_group_id": "0",
31
+ "timestamp": "1513893921",
32
+ "to_ids": false,
33
+ "type": "link",
34
+ "uuid": "5a3c2fda-78f4-44b7-8366-46da02de0b81",
35
+ "value": "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
36
+ },
37
+ {
38
+ "Tag": [
39
+ {
40
+ "colour": "#00223b",
41
+ "exportable": true,
42
+ "hide_tag": false,
43
+ "id": "101",
44
+ "name": "osint:source-type=\"blog-post\"",
45
+ "user_id": "0"
46
+ },
47
+ {
48
+ "colour": "#007cd6",
49
+ "exportable": true,
50
+ "hide_tag": false,
51
+ "id": "618",
52
+ "name": "osint:certainty=\"93\"",
53
+ "user_id": "0"
54
+ }
55
+ ],
56
+ "category": "External analysis",
57
+ "comment": "",
58
+ "deleted": false,
59
+ "disable_correlation": false,
60
+ "distribution": "5",
61
+ "event_id": "9747",
62
+ "id": "1188758",
63
+ "object_id": "0",
64
+ "sharing_group_id": "0",
65
+ "timestamp": "1513893921",
66
+ "to_ids": false,
67
+ "type": "text",
68
+ "uuid": "5a3c2fee-7c8c-438a-8f7f-465402de0b81",
69
+ "value": "The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET’s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit’s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group’s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
70
+ },
71
+ {
72
+ "category": "Network activity",
73
+ "comment": "Xagent Samples",
74
+ "deleted": false,
75
+ "disable_correlation": false,
76
+ "distribution": "5",
77
+ "event_id": "9747",
78
+ "id": "1188759",
79
+ "object_id": "0",
80
+ "sharing_group_id": "0",
81
+ "timestamp": "1513893957",
82
+ "to_ids": true,
83
+ "type": "domain",
84
+ "uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
85
+ "value": "movieultimate.com"
86
+ },
87
+ {
88
+ "category": "Network activity",
89
+ "comment": "Xagent Samples",
90
+ "deleted": false,
91
+ "disable_correlation": false,
92
+ "distribution": "5",
93
+ "event_id": "9747",
94
+ "id": "1188760",
95
+ "object_id": "0",
96
+ "sharing_group_id": "0",
97
+ "timestamp": "1513893957",
98
+ "to_ids": true,
99
+ "type": "domain",
100
+ "uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
101
+ "value": "meteost.com"
102
+ },
103
+ {
104
+ "category": "Network activity",
105
+ "comment": "Xagent Samples",
106
+ "deleted": false,
107
+ "disable_correlation": false,
108
+ "distribution": "5",
109
+ "event_id": "9747",
110
+ "id": "1188761",
111
+ "object_id": "0",
112
+ "sharing_group_id": "0",
113
+ "timestamp": "1513893957",
114
+ "to_ids": true,
115
+ "type": "domain",
116
+ "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
117
+ "value": "faststoragefiles.org"
118
+ },
119
+ {
120
+ "category": "Network activity",
121
+ "comment": "Xagent Samples",
122
+ "deleted": false,
123
+ "disable_correlation": false,
124
+ "distribution": "5",
125
+ "event_id": "9747",
126
+ "id": "1188762",
127
+ "object_id": "0",
128
+ "sharing_group_id": "0",
129
+ "timestamp": "1513893957",
130
+ "to_ids": true,
131
+ "type": "domain",
132
+ "uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
133
+ "value": "nethostnet.com"
134
+ },
135
+ {
136
+ "category": "Network activity",
137
+ "comment": "Xagent Samples",
138
+ "deleted": false,
139
+ "disable_correlation": false,
140
+ "distribution": "5",
141
+ "event_id": "9747",
142
+ "id": "1188763",
143
+ "object_id": "0",
144
+ "sharing_group_id": "0",
145
+ "timestamp": "1513893957",
146
+ "to_ids": true,
147
+ "type": "domain",
148
+ "uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
149
+ "value": "fsportal.net"
150
+ },
151
+ {
152
+ "category": "Network activity",
153
+ "comment": "Xagent Samples",
154
+ "deleted": false,
155
+ "disable_correlation": false,
156
+ "distribution": "5",
157
+ "event_id": "9747",
158
+ "id": "1188764",
159
+ "object_id": "0",
160
+ "sharing_group_id": "0",
161
+ "timestamp": "1513893957",
162
+ "to_ids": true,
163
+ "type": "domain",
164
+ "uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
165
+ "value": "fastdataexchange.org"
166
+ },
167
+ {
168
+ "category": "Network activity",
169
+ "comment": "Xagent Samples",
170
+ "deleted": false,
171
+ "disable_correlation": false,
172
+ "distribution": "5",
173
+ "event_id": "9747",
174
+ "id": "1188765",
175
+ "object_id": "0",
176
+ "sharing_group_id": "0",
177
+ "timestamp": "1513893957",
178
+ "to_ids": true,
179
+ "type": "domain",
180
+ "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
181
+ "value": "newfilmts.com"
182
+ }
183
+ ],
184
+ "Galaxy": [
185
+ {
186
+ "GalaxyCluster": [
187
+ {
188
+ "authors": [
189
+ "Alexandre Dulaunoy",
190
+ "Florian Roth",
191
+ "Thomas Schreck",
192
+ "Timo Steffens",
193
+ "Various"
194
+ ],
195
+ "default": false,
196
+ "description": "The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.",
197
+ "distribution": "0",
198
+ "galaxy_id": "366",
199
+ "id": "45563",
200
+ "meta": {
201
+ "country": [
202
+ "RU"
203
+ ],
204
+ "refs": [
205
+ "https://en.wikipedia.org/wiki/Sofacy_Group",
206
+ "https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf",
207
+ "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf",
208
+ "https://www2.fireeye.com/rs/848-DID-242/images/wp-mandiant-matryoshka-mining.pdf",
209
+ "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
210
+ "http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/"
211
+ ],
212
+ "synonyms": [
213
+ "APT 28",
214
+ "APT28",
215
+ "Pawn Storm",
216
+ "Fancy Bear",
217
+ "Sednit",
218
+ "TsarTeam",
219
+ "TG-4127",
220
+ "Group-4127",
221
+ "STRONTIUM",
222
+ "TAG_0700",
223
+ "Swallowtail",
224
+ "IRON TWILIGHT",
225
+ "Group 74"
226
+ ]
227
+ },
228
+ "source": "MISP Project",
229
+ "tag_id": "1100",
230
+ "tag_name": "misp-galaxy:threat-actor=\"Sofacy\"",
231
+ "type": "threat-actor",
232
+ "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
233
+ "value": "Sofacy",
234
+ "version": "30"
235
+ }
236
+ ],
237
+ "description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
238
+ "icon": "user-secret",
239
+ "id": "366",
240
+ "name": "Threat Actor",
241
+ "type": "threat-actor",
242
+ "uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3",
243
+ "version": "2"
244
+ },
245
+ {
246
+ "GalaxyCluster": [
247
+ {
248
+ "authors": [
249
+ "Kafeine",
250
+ "Will Metcalf",
251
+ "KahuSecurity"
252
+ ],
253
+ "default": false,
254
+ "description": "Sednit EK is the exploit kit used by APT28",
255
+ "distribution": "0",
256
+ "galaxy_id": "370",
257
+ "id": "38813",
258
+ "meta": {
259
+ "refs": [
260
+ "http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/",
261
+ "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
262
+ ],
263
+ "status": [
264
+ "Active"
265
+ ]
266
+ },
267
+ "source": "MISP Project",
268
+ "tag_id": "3007",
269
+ "tag_name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
270
+ "type": "exploit-kit",
271
+ "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
272
+ "value": "Sednit EK",
273
+ "version": "5"
274
+ },
275
+ {
276
+ "authors": [
277
+ "Kafeine",
278
+ "Will Metcalf",
279
+ "KahuSecurity"
280
+ ],
281
+ "default": false,
282
+ "description": "DealersChoice is a Flash Player Exploit platform triggered by RTF",
283
+ "distribution": "0",
284
+ "galaxy_id": "370",
285
+ "id": "38805",
286
+ "meta": {
287
+ "refs": [
288
+ "http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/",
289
+ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/"
290
+ ],
291
+ "status": [
292
+ "Active"
293
+ ],
294
+ "synonyms": [
295
+ "Sednit RTF EK"
296
+ ]
297
+ },
298
+ "source": "MISP Project",
299
+ "tag_id": "3015",
300
+ "tag_name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
301
+ "type": "exploit-kit",
302
+ "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
303
+ "value": "DealersChoice",
304
+ "version": "5"
305
+ }
306
+ ],
307
+ "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
308
+ "icon": "internet-explorer",
309
+ "id": "370",
310
+ "name": "Exploit-Kit",
311
+ "type": "exploit-kit",
312
+ "uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01",
313
+ "version": "3"
314
+ },
315
+ {
316
+ "GalaxyCluster": [
317
+ {
318
+ "authors": [
319
+ "Alexandre Dulaunoy",
320
+ "Florian Roth",
321
+ "Timo Steffens",
322
+ "Christophe Vandeplas"
323
+ ],
324
+ "default": false,
325
+ "description": "backdoor",
326
+ "distribution": "0",
327
+ "galaxy_id": "367",
328
+ "id": "46592",
329
+ "meta": {
330
+ "refs": [
331
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
332
+ ],
333
+ "synonyms": [
334
+ "Sednit",
335
+ "Seduploader",
336
+ "JHUHUGIT",
337
+ "Sofacy"
338
+ ],
339
+ "type": [
340
+ "Backdoor"
341
+ ]
342
+ },
343
+ "source": "MISP Project",
344
+ "tag_id": "2215",
345
+ "tag_name": "misp-galaxy:tool=\"GAMEFISH\"",
346
+ "type": "tool",
347
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
348
+ "value": "GAMEFISH",
349
+ "version": "45"
350
+ },
351
+ {
352
+ "authors": [
353
+ "Alexandre Dulaunoy",
354
+ "Florian Roth",
355
+ "Timo Steffens",
356
+ "Christophe Vandeplas"
357
+ ],
358
+ "default": false,
359
+ "description": "",
360
+ "distribution": "0",
361
+ "galaxy_id": "367",
362
+ "id": "46670",
363
+ "meta": {
364
+ "synonyms": [
365
+ "XTunnel"
366
+ ]
367
+ },
368
+ "source": "MISP Project",
369
+ "tag_id": "1012",
370
+ "tag_name": "misp-galaxy:tool=\"X-Tunnel\"",
371
+ "type": "tool",
372
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
373
+ "value": "X-Tunnel",
374
+ "version": "45"
375
+ },
376
+ {
377
+ "authors": [
378
+ "Alexandre Dulaunoy",
379
+ "Florian Roth",
380
+ "Timo Steffens",
381
+ "Christophe Vandeplas"
382
+ ],
383
+ "default": false,
384
+ "description": "backdoor used by apt28\n\nSedreco serves as a spying backdoor; its functionalities can be extended with dynamically loaded plugins. It is made up of two distinct components: a dropper and the persistent payload installed by this dropper. We have not seen this component since April 2016.",
385
+ "distribution": "0",
386
+ "galaxy_id": "367",
387
+ "id": "46591",
388
+ "meta": {
389
+ "possible_issues": [
390
+ "Report tells that is could be Xagent alias (Java Rat)"
391
+ ],
392
+ "refs": [
393
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
394
+ ],
395
+ "synonyms": [
396
+ "Sedreco",
397
+ "AZZY",
398
+ "ADVSTORESHELL",
399
+ "NETUI"
400
+ ],
401
+ "type": [
402
+ "Backdoor"
403
+ ]
404
+ },
405
+ "source": "MISP Project",
406
+ "tag_id": "3011",
407
+ "tag_name": "misp-galaxy:tool=\"EVILTOSS\"",
408
+ "type": "tool",
409
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
410
+ "value": "EVILTOSS",
411
+ "version": "45"
412
+ },
413
+ {
414
+ "authors": [
415
+ "Alexandre Dulaunoy",
416
+ "Florian Roth",
417
+ "Timo Steffens",
418
+ "Christophe Vandeplas"
419
+ ],
420
+ "default": false,
421
+ "description": "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.\n\nXagent is a modular backdoor with spying functionalities such as keystroke logging and file exfiltration. Xagent is the group’s flagship backdoor and heavily used in their operations. Early versions for Linux and Windows were seen years ago, then in 2015 an iOS version came out. One year later, an Android version was discovered and finally, in the beginning of 2017, an Xagent sample for OS X was described.",
422
+ "distribution": "0",
423
+ "galaxy_id": "367",
424
+ "id": "46669",
425
+ "meta": {
426
+ "refs": [
427
+ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/",
428
+ "https://app.box.com/s/l7n781ig6n8wlf1aff5hgwbh4qoi5jqq",
429
+ "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
430
+ ],
431
+ "synonyms": [
432
+ "XAgent"
433
+ ],
434
+ "type": [
435
+ "Backdoor"
436
+ ]
437
+ },
438
+ "source": "MISP Project",
439
+ "tag_id": "1011",
440
+ "tag_name": "misp-galaxy:tool=\"X-Agent\"",
441
+ "type": "tool",
442
+ "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
443
+ "value": "X-Agent",
444
+ "version": "45"
445
+ }
446
+ ],
447
+ "description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
448
+ "icon": "optin-monster",
449
+ "id": "367",
450
+ "name": "Tool",
451
+ "type": "tool",
452
+ "uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b",
453
+ "version": "2"
454
+ },
455
+ {
456
+ "GalaxyCluster": [
457
+ {
458
+ "authors": [
459
+ "MITRE"
460
+ ],
461
+ "default": false,
462
+ "description": "JHUHUGIT is malware used by APT28. It is based on Carberp source code and serves as reconnaissance malware.[[Citation: Kaspersky Sofacy]][[Citation: F-Secure Sofacy 2015]][[Citation: ESET Sednit Part 1]][[Citation: FireEye APT28 January 2017]]\n\nAliases: JHUHUGIT, Seduploader, JKEYSKW, Sednit, GAMEFISH",
463
+ "distribution": "0",
464
+ "galaxy_id": "365",
465
+ "id": "41618",
466
+ "meta": {
467
+ "refs": [
468
+ "https://attack.mitre.org/wiki/Software/S0044",
469
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf",
470
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
471
+ "https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/",
472
+ "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
473
+ ],
474
+ "synonyms": [
475
+ "JHUHUGIT",
476
+ "Seduploader",
477
+ "JKEYSKW",
478
+ "Sednit",
479
+ "GAMEFISH"
480
+ ],
481
+ "uuid": [
482
+ "8ae43c46-57ef-47d5-a77a-eebb35628db2"
483
+ ]
484
+ },
485
+ "source": "https://github.com/mitre/cti",
486
+ "tag_id": "3008",
487
+ "tag_name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
488
+ "type": "mitre-malware",
489
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
490
+ "value": "JHUHUGIT",
491
+ "version": "4"
492
+ },
493
+ {
494
+ "authors": [
495
+ "MITRE"
496
+ ],
497
+ "default": false,
498
+ "description": "XTunnel a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.[[Citation: Crowdstrike DNC June 2016]][[Citation: Invincea XTunnel]][[Citation: ESET Sednit Part 2]]\n\nAliases: XTunnel, X-Tunnel, XAPS",
499
+ "distribution": "0",
500
+ "galaxy_id": "365",
501
+ "id": "41543",
502
+ "meta": {
503
+ "refs": [
504
+ "https://attack.mitre.org/wiki/Software/S0117",
505
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
506
+ "https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/",
507
+ "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
508
+ ],
509
+ "synonyms": [
510
+ "XTunnel",
511
+ "X-Tunnel",
512
+ "XAPS"
513
+ ],
514
+ "uuid": [
515
+ "7343e208-7cab-45f2-a47b-41ba5e2f0fab"
516
+ ]
517
+ },
518
+ "source": "https://github.com/mitre/cti",
519
+ "tag_id": "3009",
520
+ "tag_name": "misp-galaxy:mitre-malware=\"XTunnel\"",
521
+ "type": "mitre-malware",
522
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
523
+ "value": "XTunnel",
524
+ "version": "4"
525
+ },
526
+ {
527
+ "authors": [
528
+ "MITRE"
529
+ ],
530
+ "default": false,
531
+ "description": "ADVSTORESHELL is a spying backdoor that has been used by APT28 from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase.[[Citation: Kaspersky Sofacy]][[Citation: ESET Sednit Part 2]]\n\nAliases: ADVSTORESHELL, NETUI, EVILTOSS, AZZY, Sedreco",
532
+ "distribution": "0",
533
+ "galaxy_id": "365",
534
+ "id": "41582",
535
+ "meta": {
536
+ "refs": [
537
+ "https://attack.mitre.org/wiki/Software/S0045",
538
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
539
+ "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
540
+ ],
541
+ "synonyms": [
542
+ "ADVSTORESHELL",
543
+ "NETUI",
544
+ "EVILTOSS",
545
+ "AZZY",
546
+ "Sedreco"
547
+ ],
548
+ "uuid": [
549
+ "fb575479-14ef-41e9-bfab-0b7cf10bec73"
550
+ ]
551
+ },
552
+ "source": "https://github.com/mitre/cti",
553
+ "tag_id": "3010",
554
+ "tag_name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
555
+ "type": "mitre-malware",
556
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
557
+ "value": "ADVSTORESHELL",
558
+ "version": "4"
559
+ },
560
+ {
561
+ "authors": [
562
+ "MITRE"
563
+ ],
564
+ "default": false,
565
+ "description": "USBStealer is malware that has used by APT28 since at least 2005 to extract information from air-gapped networks. It does not have the capability to communicate over the Internet and has been used in conjunction with ADVSTORESHELL.[[Citation: ESET Sednit USBStealer 2014]][[Citation: Kaspersky Sofacy]]\n\nAliases: USBStealer, USB Stealer, Win32/USBStealer",
566
+ "distribution": "0",
567
+ "galaxy_id": "365",
568
+ "id": "41549",
569
+ "meta": {
570
+ "refs": [
571
+ "https://attack.mitre.org/wiki/Software/S0136",
572
+ "http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/",
573
+ "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
574
+ ],
575
+ "synonyms": [
576
+ "USBStealer",
577
+ "USB Stealer",
578
+ "Win32/USBStealer"
579
+ ],
580
+ "uuid": [
581
+ "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb"
582
+ ]
583
+ },
584
+ "source": "https://github.com/mitre/cti",
585
+ "tag_id": "3012",
586
+ "tag_name": "misp-galaxy:mitre-malware=\"USBStealer\"",
587
+ "type": "mitre-malware",
588
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
589
+ "value": "USBStealer",
590
+ "version": "4"
591
+ },
592
+ {
593
+ "authors": [
594
+ "MITRE"
595
+ ],
596
+ "default": false,
597
+ "description": "is a trojan that has been used by APT28 on OS X and appears to be a port of their standard CHOPSTICK or XAgent trojan.[[Citation: XAgentOSX]]",
598
+ "distribution": "0",
599
+ "galaxy_id": "365",
600
+ "id": "41551",
601
+ "meta": {
602
+ "refs": [
603
+ "https://attack.mitre.org/wiki/Software/S0161",
604
+ "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/"
605
+ ],
606
+ "uuid": [
607
+ "5930509b-7793-4db9-bdfc-4edda7709d0d"
608
+ ]
609
+ },
610
+ "source": "https://github.com/mitre/cti",
611
+ "tag_id": "3013",
612
+ "tag_name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
613
+ "type": "mitre-malware",
614
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
615
+ "value": "XAgentOSX",
616
+ "version": "4"
617
+ },
618
+ {
619
+ "authors": [
620
+ "MITRE"
621
+ ],
622
+ "default": false,
623
+ "description": "CHOPSTICK is malware family of modular backdoors used by APT28. It has been used from at least November 2012 to August 2016 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases.[[Citation: FireEye APT28]][[Citation: ESET Sednit Part 2]][[Citation: FireEye APT28 January 2017]]\n\nAliases: CHOPSTICK, SPLM, Xagent, X-Agent, webhp",
624
+ "distribution": "0",
625
+ "galaxy_id": "365",
626
+ "id": "41559",
627
+ "meta": {
628
+ "refs": [
629
+ "https://attack.mitre.org/wiki/Software/S0023",
630
+ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
631
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
632
+ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf"
633
+ ],
634
+ "synonyms": [
635
+ "CHOPSTICK",
636
+ "SPLM",
637
+ "Xagent",
638
+ "X-Agent",
639
+ "webhp"
640
+ ],
641
+ "uuid": [
642
+ "ccd61dfc-b03f-4689-8c18-7c97eab08472"
643
+ ]
644
+ },
645
+ "source": "https://github.com/mitre/cti",
646
+ "tag_id": "3014",
647
+ "tag_name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
648
+ "type": "mitre-malware",
649
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
650
+ "value": "CHOPSTICK",
651
+ "version": "4"
652
+ },
653
+ {
654
+ "authors": [
655
+ "MITRE"
656
+ ],
657
+ "default": false,
658
+ "description": "Downdelph is a first-stage downloader written in Delphi that has been used by APT28 in rare instances between 2013 and 2015.[[Citation: ESET Sednit Part 3]]\n\nAliases: Downdelph, Delphacy",
659
+ "distribution": "0",
660
+ "galaxy_id": "365",
661
+ "id": "41504",
662
+ "meta": {
663
+ "refs": [
664
+ "https://attack.mitre.org/wiki/Software/S0134",
665
+ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf"
666
+ ],
667
+ "synonyms": [
668
+ "Downdelph",
669
+ "Delphacy"
670
+ ],
671
+ "uuid": [
672
+ "08d20cd2-f084-45ee-8558-fa6ef5a18519"
673
+ ]
674
+ },
675
+ "source": "https://github.com/mitre/cti",
676
+ "tag_id": "3016",
677
+ "tag_name": "misp-galaxy:mitre-malware=\"Downdelph\"",
678
+ "type": "mitre-malware",
679
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
680
+ "value": "Downdelph",
681
+ "version": "4"
682
+ }
683
+ ],
684
+ "description": "Name of ATT&CK software",
685
+ "icon": "optin-monster",
686
+ "id": "365",
687
+ "name": "Malware",
688
+ "type": "mitre-malware",
689
+ "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
690
+ "version": "4"
691
+ }
692
+ ],
693
+ "Object": [
694
+ {
695
+ "Attribute": [
696
+ {
697
+ "Tag": [
698
+ {
699
+ "name": "blah"
700
+ }
701
+ ],
702
+ "category": "Payload delivery",
703
+ "comment": "",
704
+ "deleted": false,
705
+ "disable_correlation": false,
706
+ "distribution": "5",
707
+ "event_id": "9747",
708
+ "id": "1188944",
709
+ "object_id": "1555",
710
+ "object_relation": "filename",
711
+ "sharing_group_id": "0",
712
+ "to_ids": true,
713
+ "type": "filename",
714
+ "uuid": "5a3cd5b6-2850-435f-bd0d-4c62950d210f",
715
+ "value": "Bulletin.doc"
716
+ },
717
+ {
718
+ "category": "Payload delivery",
719
+ "comment": "",
720
+ "deleted": false,
721
+ "disable_correlation": false,
722
+ "distribution": "5",
723
+ "event_id": "9747",
724
+ "id": "1188945",
725
+ "object_id": "1555",
726
+ "object_relation": "sha1",
727
+ "sharing_group_id": "0",
728
+ "timestamp": "1513936310",
729
+ "to_ids": true,
730
+ "type": "sha1",
731
+ "uuid": "5a3cd5b6-78a8-4e47-8333-4c62950d210f",
732
+ "value": "68064fc152e23d56e541714af52651cb4ba81aaf"
733
+ },
734
+ {
735
+ "category": "Other",
736
+ "comment": "",
737
+ "deleted": false,
738
+ "disable_correlation": true,
739
+ "distribution": "5",
740
+ "event_id": "9747",
741
+ "id": "1188946",
742
+ "object_id": "1555",
743
+ "object_relation": "state",
744
+ "sharing_group_id": "0",
745
+ "timestamp": "1513936310",
746
+ "to_ids": false,
747
+ "type": "text",
748
+ "uuid": "5a3cd5b6-23d8-43ba-8518-4c62950d210f",
749
+ "value": "Malicious"
750
+ }
751
+ ],
752
+ "comment": "Win32/Sednit.AX",
753
+ "deleted": false,
754
+ "description": "File object describing a file with meta-information",
755
+ "distribution": "5",
756
+ "event_id": "9747",
757
+ "id": "1555",
758
+ "meta-category": "file",
759
+ "name": "file",
760
+ "sharing_group_id": "0",
761
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
762
+ "template_version": "8",
763
+ "uuid": "5a3cd5b6-9568-4342-b2ab-4c62950d210f"
764
+ },
765
+ {
766
+ "Attribute": [
767
+ {
768
+ "category": "Payload delivery",
769
+ "comment": "",
770
+ "deleted": false,
771
+ "disable_correlation": false,
772
+ "distribution": "5",
773
+ "event_id": "9747",
774
+ "id": "1188947",
775
+ "object_id": "1556",
776
+ "object_relation": "sha1",
777
+ "sharing_group_id": "0",
778
+ "timestamp": "1513936388",
779
+ "to_ids": true,
780
+ "type": "sha1",
781
+ "uuid": "5a3cd604-748c-4fc0-88bf-c170950d210f",
782
+ "value": "f3805382ae2e23ff1147301d131a06e00e4ff75f"
783
+ },
784
+ {
785
+ "category": "Other",
786
+ "comment": "",
787
+ "deleted": false,
788
+ "disable_correlation": true,
789
+ "distribution": "5",
790
+ "event_id": "9747",
791
+ "id": "1188948",
792
+ "object_id": "1556",
793
+ "object_relation": "state",
794
+ "sharing_group_id": "0",
795
+ "timestamp": "1513936388",
796
+ "to_ids": false,
797
+ "type": "text",
798
+ "uuid": "5a3cd604-6668-4469-a1c0-c170950d210f",
799
+ "value": "Malicious"
800
+ }
801
+ ],
802
+ "comment": "Win32/Exploit.CVE-2016-4117.A",
803
+ "deleted": false,
804
+ "description": "File object describing a file with meta-information",
805
+ "distribution": "5",
806
+ "event_id": "9747",
807
+ "id": "1556",
808
+ "meta-category": "file",
809
+ "name": "file",
810
+ "sharing_group_id": "0",
811
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
812
+ "template_version": "8",
813
+ "timestamp": "1513936388",
814
+ "uuid": "5a3cd604-e11c-4de5-bbbf-c170950d210f"
815
+ },
816
+ {
817
+ "Attribute": [
818
+ {
819
+ "category": "Payload delivery",
820
+ "comment": "",
821
+ "deleted": false,
822
+ "disable_correlation": false,
823
+ "distribution": "5",
824
+ "event_id": "9747",
825
+ "id": "1188949",
826
+ "object_id": "1557",
827
+ "object_relation": "filename",
828
+ "sharing_group_id": "0",
829
+ "timestamp": "1513936531",
830
+ "to_ids": true,
831
+ "type": "filename",
832
+ "uuid": "5a3cd693-dc40-445d-a4d7-4ae0950d210f",
833
+ "value": "OC_PSO_2017.doc"
834
+ },
835
+ {
836
+ "category": "Payload delivery",
837
+ "comment": "",
838
+ "deleted": false,
839
+ "disable_correlation": false,
840
+ "distribution": "5",
841
+ "event_id": "9747",
842
+ "id": "1188950",
843
+ "object_id": "1557",
844
+ "object_relation": "sha1",
845
+ "sharing_group_id": "0",
846
+ "timestamp": "1513936531",
847
+ "to_ids": true,
848
+ "type": "sha1",
849
+ "uuid": "5a3cd693-8ffc-4d95-b522-4e84950d210f",
850
+ "value": "512bdfe937314ac3f195c462c395feeb36932971"
851
+ },
852
+ {
853
+ "category": "Other",
854
+ "comment": "",
855
+ "deleted": false,
856
+ "disable_correlation": true,
857
+ "distribution": "5",
858
+ "event_id": "9747",
859
+ "id": "1188951",
860
+ "object_id": "1557",
861
+ "object_relation": "state",
862
+ "sharing_group_id": "0",
863
+ "timestamp": "1513936531",
864
+ "to_ids": false,
865
+ "type": "text",
866
+ "uuid": "5a3cd693-a8f0-4aea-a834-4097950d210f",
867
+ "value": "Malicious"
868
+ }
869
+ ],
870
+ "comment": "Win32/Exploit.Agent.NUB",
871
+ "deleted": false,
872
+ "description": "File object describing a file with meta-information",
873
+ "distribution": "5",
874
+ "event_id": "9747",
875
+ "id": "1557",
876
+ "meta-category": "file",
877
+ "name": "file",
878
+ "sharing_group_id": "0",
879
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
880
+ "template_version": "8",
881
+ "timestamp": "1513936531",
882
+ "uuid": "5a3cd693-fd9c-4fcf-b69a-439c950d210f"
883
+ },
884
+ {
885
+ "Attribute": [
886
+ {
887
+ "category": "Payload delivery",
888
+ "comment": "",
889
+ "deleted": false,
890
+ "disable_correlation": false,
891
+ "distribution": "5",
892
+ "event_id": "9747",
893
+ "id": "1188952",
894
+ "object_id": "1558",
895
+ "object_relation": "filename",
896
+ "sharing_group_id": "0",
897
+ "timestamp": "1513936578",
898
+ "to_ids": true,
899
+ "type": "filename",
900
+ "uuid": "5a3cd6c2-d31c-40cc-bcc1-4458950d210f",
901
+ "value": "NASAMS.doc"
902
+ },
903
+ {
904
+ "category": "Payload delivery",
905
+ "comment": "",
906
+ "deleted": false,
907
+ "disable_correlation": false,
908
+ "distribution": "5",
909
+ "event_id": "9747",
910
+ "id": "1188953",
911
+ "object_id": "1558",
912
+ "object_relation": "sha1",
913
+ "sharing_group_id": "0",
914
+ "timestamp": "1513936578",
915
+ "to_ids": true,
916
+ "type": "sha1",
917
+ "uuid": "5a3cd6c2-6a54-4b4c-8748-4c84950d210f",
918
+ "value": "30b3e8c0f3f3cf200daa21c267ffab3cad64e68b"
919
+ },
920
+ {
921
+ "category": "Other",
922
+ "comment": "",
923
+ "deleted": false,
924
+ "disable_correlation": true,
925
+ "distribution": "5",
926
+ "event_id": "9747",
927
+ "id": "1188954",
928
+ "object_id": "1558",
929
+ "object_relation": "state",
930
+ "sharing_group_id": "0",
931
+ "timestamp": "1513936578",
932
+ "to_ids": false,
933
+ "type": "text",
934
+ "uuid": "5a3cd6c2-1c68-45de-8325-464a950d210f",
935
+ "value": "Malicious"
936
+ }
937
+ ],
938
+ "comment": "Win32/Exploit.Agent.NTR",
939
+ "deleted": false,
940
+ "description": "File object describing a file with meta-information",
941
+ "distribution": "5",
942
+ "event_id": "9747",
943
+ "id": "1558",
944
+ "meta-category": "file",
945
+ "name": "file",
946
+ "sharing_group_id": "0",
947
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
948
+ "template_version": "8",
949
+ "timestamp": "1513936578",
950
+ "uuid": "5a3cd6c2-d290-4787-910f-4e6d950d210f"
951
+ },
952
+ {
953
+ "Attribute": [
954
+ {
955
+ "category": "Payload delivery",
956
+ "comment": "",
957
+ "deleted": false,
958
+ "disable_correlation": false,
959
+ "distribution": "5",
960
+ "event_id": "9747",
961
+ "id": "1188955",
962
+ "object_id": "1559",
963
+ "object_relation": "filename",
964
+ "sharing_group_id": "0",
965
+ "timestamp": "1513936718",
966
+ "to_ids": true,
967
+ "type": "filename",
968
+ "uuid": "5a3cd74e-584c-45b9-8557-486d950d210f",
969
+ "value": "Programm_Details.doc"
970
+ },
971
+ {
972
+ "category": "Payload delivery",
973
+ "comment": "",
974
+ "deleted": false,
975
+ "disable_correlation": false,
976
+ "distribution": "5",
977
+ "event_id": "9747",
978
+ "id": "1188956",
979
+ "object_id": "1559",
980
+ "object_relation": "sha1",
981
+ "sharing_group_id": "0",
982
+ "timestamp": "1513936718",
983
+ "to_ids": true,
984
+ "type": "sha1",
985
+ "uuid": "5a3cd74e-f334-4e6b-b37f-462f950d210f",
986
+ "value": "4173b29a251cd9c1cab135f67cb60acab4ace0c5"
987
+ },
988
+ {
989
+ "category": "Other",
990
+ "comment": "",
991
+ "deleted": false,
992
+ "disable_correlation": true,
993
+ "distribution": "5",
994
+ "event_id": "9747",
995
+ "id": "1188957",
996
+ "object_id": "1559",
997
+ "object_relation": "state",
998
+ "sharing_group_id": "0",
999
+ "timestamp": "1513936718",
1000
+ "to_ids": false,
1001
+ "type": "text",
1002
+ "uuid": "5a3cd74e-5900-4fbf-85c6-4c81950d210f",
1003
+ "value": "Malicious"
1004
+ }
1005
+ ],
1006
+ "comment": "Win32/Exploit.Agent.NTO",
1007
+ "deleted": false,
1008
+ "description": "File object describing a file with meta-information",
1009
+ "distribution": "5",
1010
+ "event_id": "9747",
1011
+ "id": "1559",
1012
+ "meta-category": "file",
1013
+ "name": "file",
1014
+ "sharing_group_id": "0",
1015
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1016
+ "template_version": "8",
1017
+ "timestamp": "1513936718",
1018
+ "uuid": "5a3cd74e-1504-40ff-9a28-4501950d210f"
1019
+ },
1020
+ {
1021
+ "Attribute": [
1022
+ {
1023
+ "category": "Payload delivery",
1024
+ "comment": "",
1025
+ "deleted": false,
1026
+ "disable_correlation": false,
1027
+ "distribution": "5",
1028
+ "event_id": "9747",
1029
+ "id": "1188958",
1030
+ "object_id": "1560",
1031
+ "object_relation": "filename",
1032
+ "sharing_group_id": "0",
1033
+ "timestamp": "1513936757",
1034
+ "to_ids": true,
1035
+ "type": "filename",
1036
+ "uuid": "5a3cd775-e8f4-465a-aca2-4c5a950d210f",
1037
+ "value": "Operation_in_Mosul.rtf"
1038
+ },
1039
+ {
1040
+ "category": "Payload delivery",
1041
+ "comment": "",
1042
+ "deleted": false,
1043
+ "disable_correlation": false,
1044
+ "distribution": "5",
1045
+ "event_id": "9747",
1046
+ "id": "1188959",
1047
+ "object_id": "1560",
1048
+ "object_relation": "sha1",
1049
+ "sharing_group_id": "0",
1050
+ "timestamp": "1513936757",
1051
+ "to_ids": true,
1052
+ "type": "sha1",
1053
+ "uuid": "5a3cd775-1190-4db7-961a-4c5a950d210f",
1054
+ "value": "12a37cfdd3f3671074dd5b0f354269cec028fb52"
1055
+ },
1056
+ {
1057
+ "category": "Other",
1058
+ "comment": "",
1059
+ "deleted": false,
1060
+ "disable_correlation": true,
1061
+ "distribution": "5",
1062
+ "event_id": "9747",
1063
+ "id": "1188960",
1064
+ "object_id": "1560",
1065
+ "object_relation": "state",
1066
+ "sharing_group_id": "0",
1067
+ "timestamp": "1513936757",
1068
+ "to_ids": false,
1069
+ "type": "text",
1070
+ "uuid": "5a3cd775-fa5c-4453-bcb0-4c5a950d210f",
1071
+ "value": "Malicious"
1072
+ }
1073
+ ],
1074
+ "comment": "Win32/Exploit.Agent.NTR",
1075
+ "deleted": false,
1076
+ "description": "File object describing a file with meta-information",
1077
+ "distribution": "5",
1078
+ "event_id": "9747",
1079
+ "id": "1560",
1080
+ "meta-category": "file",
1081
+ "name": "file",
1082
+ "sharing_group_id": "0",
1083
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1084
+ "template_version": "8",
1085
+ "timestamp": "1513936757",
1086
+ "uuid": "5a3cd775-e4cc-44bb-89b6-4c5a950d210f"
1087
+ },
1088
+ {
1089
+ "Attribute": [
1090
+ {
1091
+ "category": "Payload delivery",
1092
+ "comment": "",
1093
+ "deleted": false,
1094
+ "disable_correlation": false,
1095
+ "distribution": "5",
1096
+ "event_id": "9747",
1097
+ "id": "1188961",
1098
+ "object_id": "1561",
1099
+ "object_relation": "filename",
1100
+ "sharing_group_id": "0",
1101
+ "timestamp": "1513936943",
1102
+ "to_ids": true,
1103
+ "type": "filename",
1104
+ "uuid": "5a3cd82f-b918-4520-ba8b-5165950d210f",
1105
+ "value": "ARM-NATO_ENGLISH_30_NOV_2016.doc"
1106
+ },
1107
+ {
1108
+ "category": "Payload delivery",
1109
+ "comment": "",
1110
+ "deleted": false,
1111
+ "disable_correlation": false,
1112
+ "distribution": "5",
1113
+ "event_id": "9747",
1114
+ "id": "1188962",
1115
+ "object_id": "1561",
1116
+ "object_relation": "sha1",
1117
+ "sharing_group_id": "0",
1118
+ "timestamp": "1513936943",
1119
+ "to_ids": true,
1120
+ "type": "sha1",
1121
+ "uuid": "5a3cd82f-cae4-4209-9338-5165950d210f",
1122
+ "value": "15201766bd964b7c405aeb11db81457220c31e46"
1123
+ },
1124
+ {
1125
+ "category": "Other",
1126
+ "comment": "",
1127
+ "deleted": false,
1128
+ "disable_correlation": true,
1129
+ "distribution": "5",
1130
+ "event_id": "9747",
1131
+ "id": "1188963",
1132
+ "object_id": "1561",
1133
+ "object_relation": "state",
1134
+ "sharing_group_id": "0",
1135
+ "timestamp": "1513936943",
1136
+ "to_ids": false,
1137
+ "type": "text",
1138
+ "uuid": "5a3cd82f-d91c-43af-8262-5165950d210f",
1139
+ "value": "Malicious"
1140
+ }
1141
+ ],
1142
+ "comment": "SWF/Agent.L",
1143
+ "deleted": false,
1144
+ "description": "File object describing a file with meta-information",
1145
+ "distribution": "5",
1146
+ "event_id": "9747",
1147
+ "id": "1561",
1148
+ "meta-category": "file",
1149
+ "name": "file",
1150
+ "sharing_group_id": "0",
1151
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1152
+ "template_version": "8",
1153
+ "timestamp": "1513936943",
1154
+ "uuid": "5a3cd82f-2788-4561-bbeb-5165950d210f"
1155
+ },
1156
+ {
1157
+ "Attribute": [
1158
+ {
1159
+ "category": "Payload delivery",
1160
+ "comment": "",
1161
+ "deleted": false,
1162
+ "disable_correlation": false,
1163
+ "distribution": "5",
1164
+ "event_id": "9747",
1165
+ "id": "1188964",
1166
+ "object_id": "1562",
1167
+ "object_relation": "filename",
1168
+ "sharing_group_id": "0",
1169
+ "timestamp": "1513936967",
1170
+ "to_ids": true,
1171
+ "type": "filename",
1172
+ "uuid": "5a3cd847-0aa0-4b5c-aa30-5165950d210f",
1173
+ "value": "Olympic-Agenda-2020-20-20-Recommendations.doc"
1174
+ },
1175
+ {
1176
+ "category": "Payload delivery",
1177
+ "comment": "",
1178
+ "deleted": false,
1179
+ "disable_correlation": false,
1180
+ "distribution": "5",
1181
+ "event_id": "9747",
1182
+ "id": "1188965",
1183
+ "object_id": "1562",
1184
+ "object_relation": "sha1",
1185
+ "sharing_group_id": "0",
1186
+ "timestamp": "1513936967",
1187
+ "to_ids": true,
1188
+ "type": "sha1",
1189
+ "uuid": "5a3cd847-593c-4985-8756-5165950d210f",
1190
+ "value": "8078e411fbe33864dfd8f87ad5105cc1fd26d62e"
1191
+ },
1192
+ {
1193
+ "category": "Other",
1194
+ "comment": "",
1195
+ "deleted": false,
1196
+ "disable_correlation": true,
1197
+ "distribution": "5",
1198
+ "event_id": "9747",
1199
+ "id": "1188966",
1200
+ "object_id": "1562",
1201
+ "object_relation": "state",
1202
+ "sharing_group_id": "0",
1203
+ "timestamp": "1513936967",
1204
+ "to_ids": false,
1205
+ "type": "text",
1206
+ "uuid": "5a3cd847-1324-4fad-af60-5165950d210f",
1207
+ "value": "Malicious"
1208
+ }
1209
+ ],
1210
+ "comment": "Win32/Exploit.Agent.BL",
1211
+ "deleted": false,
1212
+ "description": "File object describing a file with meta-information",
1213
+ "distribution": "5",
1214
+ "event_id": "9747",
1215
+ "id": "1562",
1216
+ "meta-category": "file",
1217
+ "name": "file",
1218
+ "sharing_group_id": "0",
1219
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1220
+ "template_version": "8",
1221
+ "timestamp": "1513936967",
1222
+ "uuid": "5a3cd847-b5a0-42f7-ac4b-5165950d210f"
1223
+ },
1224
+ {
1225
+ "Attribute": [
1226
+ {
1227
+ "category": "Payload delivery",
1228
+ "comment": "",
1229
+ "deleted": false,
1230
+ "disable_correlation": false,
1231
+ "distribution": "5",
1232
+ "event_id": "9747",
1233
+ "id": "1188967",
1234
+ "object_id": "1563",
1235
+ "object_relation": "filename",
1236
+ "sharing_group_id": "0",
1237
+ "timestamp": "1513936993",
1238
+ "to_ids": true,
1239
+ "type": "filename",
1240
+ "uuid": "5a3cd861-9350-40c1-ac29-4771950d210f",
1241
+ "value": "Merry_Christmas!.docx"
1242
+ },
1243
+ {
1244
+ "category": "Payload delivery",
1245
+ "comment": "",
1246
+ "deleted": false,
1247
+ "disable_correlation": false,
1248
+ "distribution": "5",
1249
+ "event_id": "9747",
1250
+ "id": "1188968",
1251
+ "object_id": "1563",
1252
+ "object_relation": "sha1",
1253
+ "sharing_group_id": "0",
1254
+ "timestamp": "1513936993",
1255
+ "to_ids": true,
1256
+ "type": "sha1",
1257
+ "uuid": "5a3cd861-18ac-4cf0-b96f-4986950d210f",
1258
+ "value": "33447383379ca99083442b852589111296f0c603"
1259
+ },
1260
+ {
1261
+ "category": "Other",
1262
+ "comment": "",
1263
+ "deleted": false,
1264
+ "disable_correlation": true,
1265
+ "distribution": "5",
1266
+ "event_id": "9747",
1267
+ "id": "1188969",
1268
+ "object_id": "1563",
1269
+ "object_relation": "state",
1270
+ "sharing_group_id": "0",
1271
+ "timestamp": "1513936993",
1272
+ "to_ids": false,
1273
+ "type": "text",
1274
+ "uuid": "5a3cd861-cfbc-4096-baae-40e2950d210f",
1275
+ "value": "Malicious"
1276
+ }
1277
+ ],
1278
+ "comment": "Win32/Exploit.Agent.NUG",
1279
+ "deleted": false,
1280
+ "description": "File object describing a file with meta-information",
1281
+ "distribution": "5",
1282
+ "event_id": "9747",
1283
+ "id": "1563",
1284
+ "meta-category": "file",
1285
+ "name": "file",
1286
+ "sharing_group_id": "0",
1287
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1288
+ "template_version": "8",
1289
+ "timestamp": "1513936993",
1290
+ "uuid": "5a3cd861-65c0-4b69-9429-4f37950d210f"
1291
+ },
1292
+ {
1293
+ "Attribute": [
1294
+ {
1295
+ "category": "Payload delivery",
1296
+ "comment": "",
1297
+ "deleted": false,
1298
+ "disable_correlation": false,
1299
+ "distribution": "5",
1300
+ "event_id": "9747",
1301
+ "id": "1188970",
1302
+ "object_id": "1564",
1303
+ "object_relation": "filename",
1304
+ "sharing_group_id": "0",
1305
+ "timestamp": "1513937021",
1306
+ "to_ids": true,
1307
+ "type": "filename",
1308
+ "uuid": "5a3cd87d-fa9c-41aa-897f-49a5950d210f",
1309
+ "value": "Trump’s_Attack_on_Syria_English.docx"
1310
+ },
1311
+ {
1312
+ "category": "Payload delivery",
1313
+ "comment": "",
1314
+ "deleted": false,
1315
+ "disable_correlation": false,
1316
+ "distribution": "5",
1317
+ "event_id": "9747",
1318
+ "id": "1188971",
1319
+ "object_id": "1564",
1320
+ "object_relation": "sha1",
1321
+ "sharing_group_id": "0",
1322
+ "timestamp": "1513937021",
1323
+ "to_ids": true,
1324
+ "type": "sha1",
1325
+ "uuid": "5a3cd87d-c630-4487-8336-4615950d210f",
1326
+ "value": "d5235d136cfcadbef431eea7253d80bde414db9d"
1327
+ },
1328
+ {
1329
+ "category": "Other",
1330
+ "comment": "",
1331
+ "deleted": false,
1332
+ "disable_correlation": true,
1333
+ "distribution": "5",
1334
+ "event_id": "9747",
1335
+ "id": "1188972",
1336
+ "object_id": "1564",
1337
+ "object_relation": "state",
1338
+ "sharing_group_id": "0",
1339
+ "timestamp": "1513937021",
1340
+ "to_ids": false,
1341
+ "type": "text",
1342
+ "uuid": "5a3cd87d-8c98-4660-9026-44de950d210f",
1343
+ "value": "Malicious"
1344
+ }
1345
+ ],
1346
+ "comment": "Win32/Exploit.Agent.NWZ",
1347
+ "deleted": false,
1348
+ "description": "File object describing a file with meta-information",
1349
+ "distribution": "5",
1350
+ "event_id": "9747",
1351
+ "id": "1564",
1352
+ "meta-category": "file",
1353
+ "name": "file",
1354
+ "sharing_group_id": "0",
1355
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1356
+ "template_version": "8",
1357
+ "timestamp": "1513937021",
1358
+ "uuid": "5a3cd87d-f514-4071-a5f7-4ec2950d210f"
1359
+ },
1360
+ {
1361
+ "Attribute": [
1362
+ {
1363
+ "category": "Payload delivery",
1364
+ "comment": "",
1365
+ "deleted": false,
1366
+ "disable_correlation": false,
1367
+ "distribution": "5",
1368
+ "event_id": "9747",
1369
+ "id": "1188973",
1370
+ "object_id": "1565",
1371
+ "object_relation": "filename",
1372
+ "sharing_group_id": "0",
1373
+ "timestamp": "1513937047",
1374
+ "to_ids": true,
1375
+ "type": "filename",
1376
+ "uuid": "5a3cd897-4cc0-48b0-bb2c-461f950d210f",
1377
+ "value": "Hotel_Reservation_Form.doc"
1378
+ },
1379
+ {
1380
+ "category": "Payload delivery",
1381
+ "comment": "",
1382
+ "deleted": false,
1383
+ "disable_correlation": false,
1384
+ "distribution": "5",
1385
+ "event_id": "9747",
1386
+ "id": "1188974",
1387
+ "object_id": "1565",
1388
+ "object_relation": "sha1",
1389
+ "sharing_group_id": "0",
1390
+ "timestamp": "1513937047",
1391
+ "to_ids": true,
1392
+ "type": "sha1",
1393
+ "uuid": "5a3cd897-fa64-466c-9421-49c5950d210f",
1394
+ "value": "f293a2bfb728060c54efeeb03c5323893b5c80df"
1395
+ },
1396
+ {
1397
+ "category": "Other",
1398
+ "comment": "",
1399
+ "deleted": false,
1400
+ "disable_correlation": true,
1401
+ "distribution": "5",
1402
+ "event_id": "9747",
1403
+ "id": "1188975",
1404
+ "object_id": "1565",
1405
+ "object_relation": "state",
1406
+ "sharing_group_id": "0",
1407
+ "timestamp": "1513937047",
1408
+ "to_ids": false,
1409
+ "type": "text",
1410
+ "uuid": "5a3cd897-f020-44cf-8dfc-4225950d210f",
1411
+ "value": "Malicious"
1412
+ }
1413
+ ],
1414
+ "comment": "Win32/Sednit.BN",
1415
+ "deleted": false,
1416
+ "description": "File object describing a file with meta-information",
1417
+ "distribution": "5",
1418
+ "event_id": "9747",
1419
+ "id": "1565",
1420
+ "meta-category": "file",
1421
+ "name": "file",
1422
+ "sharing_group_id": "0",
1423
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1424
+ "template_version": "8",
1425
+ "timestamp": "1513937046",
1426
+ "uuid": "5a3cd896-f6cc-4e52-bcb2-442c950d210f"
1427
+ },
1428
+ {
1429
+ "Attribute": [
1430
+ {
1431
+ "category": "Payload delivery",
1432
+ "comment": "",
1433
+ "deleted": false,
1434
+ "disable_correlation": false,
1435
+ "distribution": "5",
1436
+ "event_id": "9747",
1437
+ "id": "1188976",
1438
+ "object_id": "1566",
1439
+ "object_relation": "filename",
1440
+ "sharing_group_id": "0",
1441
+ "timestamp": "1513937070",
1442
+ "to_ids": true,
1443
+ "type": "filename",
1444
+ "uuid": "5a3cd8ae-7194-48fd-810e-4c5a950d210f",
1445
+ "value": "SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc"
1446
+ },
1447
+ {
1448
+ "category": "Payload delivery",
1449
+ "comment": "",
1450
+ "deleted": false,
1451
+ "disable_correlation": false,
1452
+ "distribution": "5",
1453
+ "event_id": "9747",
1454
+ "id": "1188977",
1455
+ "object_id": "1566",
1456
+ "object_relation": "sha1",
1457
+ "sharing_group_id": "0",
1458
+ "timestamp": "1513937071",
1459
+ "to_ids": true,
1460
+ "type": "sha1",
1461
+ "uuid": "5a3cd8af-f39c-443c-bcf1-4c5a950d210f",
1462
+ "value": "bb10ed5d59672fbc6178e35d0feac0562513e9f0"
1463
+ },
1464
+ {
1465
+ "category": "Other",
1466
+ "comment": "",
1467
+ "deleted": false,
1468
+ "disable_correlation": true,
1469
+ "distribution": "5",
1470
+ "event_id": "9747",
1471
+ "id": "1188978",
1472
+ "object_id": "1566",
1473
+ "object_relation": "state",
1474
+ "sharing_group_id": "0",
1475
+ "timestamp": "1513937071",
1476
+ "to_ids": false,
1477
+ "type": "text",
1478
+ "uuid": "5a3cd8af-b3ec-478a-b585-4c5a950d210f",
1479
+ "value": "Malicious"
1480
+ }
1481
+ ],
1482
+ "comment": "Win32/Sednit.BN",
1483
+ "deleted": false,
1484
+ "description": "File object describing a file with meta-information",
1485
+ "distribution": "5",
1486
+ "event_id": "9747",
1487
+ "id": "1566",
1488
+ "meta-category": "file",
1489
+ "name": "file",
1490
+ "sharing_group_id": "0",
1491
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1492
+ "template_version": "8",
1493
+ "timestamp": "1513937070",
1494
+ "uuid": "5a3cd8ae-54d0-46bb-adbb-4c5a950d210f"
1495
+ },
1496
+ {
1497
+ "Attribute": [
1498
+ {
1499
+ "category": "Payload delivery",
1500
+ "comment": "",
1501
+ "deleted": false,
1502
+ "disable_correlation": false,
1503
+ "distribution": "5",
1504
+ "event_id": "9747",
1505
+ "id": "1188979",
1506
+ "object_id": "1567",
1507
+ "object_relation": "sha1",
1508
+ "sharing_group_id": "0",
1509
+ "timestamp": "1513937083",
1510
+ "to_ids": true,
1511
+ "type": "sha1",
1512
+ "uuid": "5a3cd8bb-74d8-4d19-ae08-4043950d210f",
1513
+ "value": "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9"
1514
+ },
1515
+ {
1516
+ "category": "Other",
1517
+ "comment": "",
1518
+ "deleted": false,
1519
+ "disable_correlation": true,
1520
+ "distribution": "5",
1521
+ "event_id": "9747",
1522
+ "id": "1188980",
1523
+ "object_id": "1567",
1524
+ "object_relation": "state",
1525
+ "sharing_group_id": "0",
1526
+ "timestamp": "1513937083",
1527
+ "to_ids": false,
1528
+ "type": "text",
1529
+ "uuid": "5a3cd8bb-77bc-4cc4-887f-429d950d210f",
1530
+ "value": "Malicious"
1531
+ }
1532
+ ],
1533
+ "comment": "",
1534
+ "deleted": false,
1535
+ "description": "File object describing a file with meta-information",
1536
+ "distribution": "5",
1537
+ "event_id": "9747",
1538
+ "id": "1567",
1539
+ "meta-category": "file",
1540
+ "name": "file",
1541
+ "sharing_group_id": "0",
1542
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1543
+ "template_version": "8",
1544
+ "timestamp": "1513937083",
1545
+ "uuid": "5a3cd8bb-a704-4f1d-a235-444e950d210f"
1546
+ },
1547
+ {
1548
+ "Attribute": [
1549
+ {
1550
+ "category": "Payload delivery",
1551
+ "comment": "",
1552
+ "deleted": false,
1553
+ "disable_correlation": false,
1554
+ "distribution": "5",
1555
+ "event_id": "9747",
1556
+ "id": "1188981",
1557
+ "object_id": "1568",
1558
+ "object_relation": "sha1",
1559
+ "sharing_group_id": "0",
1560
+ "timestamp": "1513937097",
1561
+ "to_ids": true,
1562
+ "type": "sha1",
1563
+ "uuid": "5a3cd8c9-4d2c-4145-a637-4f13950d210f",
1564
+ "value": "169c8f3e3d22e192c108bc95164d362ce5437465"
1565
+ },
1566
+ {
1567
+ "category": "Other",
1568
+ "comment": "",
1569
+ "deleted": false,
1570
+ "disable_correlation": true,
1571
+ "distribution": "5",
1572
+ "event_id": "9747",
1573
+ "id": "1188982",
1574
+ "object_id": "1568",
1575
+ "object_relation": "state",
1576
+ "sharing_group_id": "0",
1577
+ "timestamp": "1513937097",
1578
+ "to_ids": false,
1579
+ "type": "text",
1580
+ "uuid": "5a3cd8c9-7ff0-42f7-ae80-4eb6950d210f",
1581
+ "value": "Malicious"
1582
+ }
1583
+ ],
1584
+ "comment": "",
1585
+ "deleted": false,
1586
+ "description": "File object describing a file with meta-information",
1587
+ "distribution": "5",
1588
+ "event_id": "9747",
1589
+ "id": "1568",
1590
+ "meta-category": "file",
1591
+ "name": "file",
1592
+ "sharing_group_id": "0",
1593
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1594
+ "template_version": "8",
1595
+ "timestamp": "1513937097",
1596
+ "uuid": "5a3cd8c9-6568-406a-853c-4862950d210f"
1597
+ },
1598
+ {
1599
+ "Attribute": [
1600
+ {
1601
+ "category": "Payload delivery",
1602
+ "comment": "",
1603
+ "deleted": false,
1604
+ "disable_correlation": false,
1605
+ "distribution": "5",
1606
+ "event_id": "9747",
1607
+ "id": "1188983",
1608
+ "object_id": "1569",
1609
+ "object_relation": "sha1",
1610
+ "sharing_group_id": "0",
1611
+ "timestamp": "1513937116",
1612
+ "to_ids": true,
1613
+ "type": "sha1",
1614
+ "uuid": "5a3cd8dc-48c0-4ea0-a67d-4734950d210f",
1615
+ "value": "cc7607015cd7a1a4452acd3d87adabdd7e005bd7"
1616
+ },
1617
+ {
1618
+ "category": "Other",
1619
+ "comment": "",
1620
+ "deleted": false,
1621
+ "disable_correlation": true,
1622
+ "distribution": "5",
1623
+ "event_id": "9747",
1624
+ "id": "1188984",
1625
+ "object_id": "1569",
1626
+ "object_relation": "state",
1627
+ "sharing_group_id": "0",
1628
+ "timestamp": "1513937116",
1629
+ "to_ids": false,
1630
+ "type": "text",
1631
+ "uuid": "5a3cd8dc-9ed8-4a4d-9ceb-4daa950d210f",
1632
+ "value": "Malicious"
1633
+ }
1634
+ ],
1635
+ "comment": "Win32/Sednit.BN",
1636
+ "deleted": false,
1637
+ "description": "File object describing a file with meta-information",
1638
+ "distribution": "5",
1639
+ "event_id": "9747",
1640
+ "id": "1569",
1641
+ "meta-category": "file",
1642
+ "name": "file",
1643
+ "sharing_group_id": "0",
1644
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1645
+ "template_version": "8",
1646
+ "timestamp": "1513937115",
1647
+ "uuid": "5a3cd8db-2838-4466-a986-4afb950d210f"
1648
+ },
1649
+ {
1650
+ "Attribute": [
1651
+ {
1652
+ "category": "Payload delivery",
1653
+ "comment": "",
1654
+ "deleted": false,
1655
+ "disable_correlation": false,
1656
+ "distribution": "5",
1657
+ "event_id": "9747",
1658
+ "id": "1188985",
1659
+ "object_id": "1570",
1660
+ "object_relation": "filename",
1661
+ "sharing_group_id": "0",
1662
+ "timestamp": "1513937147",
1663
+ "to_ids": true,
1664
+ "type": "filename",
1665
+ "uuid": "5a3cd8fb-1efc-4059-ae7a-42f5950d210f",
1666
+ "value": "Caucasian_Eagle_ENG.docx"
1667
+ },
1668
+ {
1669
+ "category": "Payload delivery",
1670
+ "comment": "",
1671
+ "deleted": false,
1672
+ "disable_correlation": false,
1673
+ "distribution": "5",
1674
+ "event_id": "9747",
1675
+ "id": "1188986",
1676
+ "object_id": "1570",
1677
+ "object_relation": "sha1",
1678
+ "sharing_group_id": "0",
1679
+ "timestamp": "1513937147",
1680
+ "to_ids": true,
1681
+ "type": "sha1",
1682
+ "uuid": "5a3cd8fb-9cec-4a30-8b2f-4441950d210f",
1683
+ "value": "5d2c7d87995cc5b8184baba2c7a1900a48b2f42d"
1684
+ },
1685
+ {
1686
+ "category": "Other",
1687
+ "comment": "",
1688
+ "deleted": false,
1689
+ "disable_correlation": true,
1690
+ "distribution": "5",
1691
+ "event_id": "9747",
1692
+ "id": "1188987",
1693
+ "object_id": "1570",
1694
+ "object_relation": "state",
1695
+ "sharing_group_id": "0",
1696
+ "timestamp": "1513937147",
1697
+ "to_ids": false,
1698
+ "type": "text",
1699
+ "uuid": "5a3cd8fb-e52c-489b-8da5-43d1950d210f",
1700
+ "value": "Malicious"
1701
+ }
1702
+ ],
1703
+ "comment": "Win32/Exploit.Agent.NTM",
1704
+ "deleted": false,
1705
+ "description": "File object describing a file with meta-information",
1706
+ "distribution": "5",
1707
+ "event_id": "9747",
1708
+ "id": "1570",
1709
+ "meta-category": "file",
1710
+ "name": "file",
1711
+ "sharing_group_id": "0",
1712
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1713
+ "template_version": "8",
1714
+ "timestamp": "1513937147",
1715
+ "uuid": "5a3cd8fb-cd14-4b00-9710-430c950d210f"
1716
+ },
1717
+ {
1718
+ "Attribute": [
1719
+ {
1720
+ "category": "Payload delivery",
1721
+ "comment": "",
1722
+ "deleted": false,
1723
+ "disable_correlation": false,
1724
+ "distribution": "5",
1725
+ "event_id": "9747",
1726
+ "id": "1188988",
1727
+ "object_id": "1571",
1728
+ "object_relation": "filename",
1729
+ "sharing_group_id": "0",
1730
+ "timestamp": "1513937166",
1731
+ "to_ids": true,
1732
+ "type": "filename",
1733
+ "uuid": "5a3cd90e-5eb4-4069-b160-5276950d210f",
1734
+ "value": "World War3.docx"
1735
+ },
1736
+ {
1737
+ "category": "Payload delivery",
1738
+ "comment": "",
1739
+ "deleted": false,
1740
+ "disable_correlation": false,
1741
+ "distribution": "5",
1742
+ "event_id": "9747",
1743
+ "id": "1188989",
1744
+ "object_id": "1571",
1745
+ "object_relation": "sha1",
1746
+ "sharing_group_id": "0",
1747
+ "timestamp": "1513937166",
1748
+ "to_ids": true,
1749
+ "type": "sha1",
1750
+ "uuid": "5a3cd90e-6d2c-4ffc-a699-5276950d210f",
1751
+ "value": "7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3"
1752
+ },
1753
+ {
1754
+ "category": "Other",
1755
+ "comment": "",
1756
+ "deleted": false,
1757
+ "disable_correlation": true,
1758
+ "distribution": "5",
1759
+ "event_id": "9747",
1760
+ "id": "1188990",
1761
+ "object_id": "1571",
1762
+ "object_relation": "state",
1763
+ "sharing_group_id": "0",
1764
+ "timestamp": "1513937166",
1765
+ "to_ids": false,
1766
+ "type": "text",
1767
+ "uuid": "5a3cd90e-28e8-410e-8033-5276950d210f",
1768
+ "value": "Malicious"
1769
+ }
1770
+ ],
1771
+ "comment": "SWF/Exploit.CVE-2017-11292.A",
1772
+ "deleted": false,
1773
+ "description": "File object describing a file with meta-information",
1774
+ "distribution": "5",
1775
+ "event_id": "9747",
1776
+ "id": "1571",
1777
+ "meta-category": "file",
1778
+ "name": "file",
1779
+ "sharing_group_id": "0",
1780
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1781
+ "template_version": "8",
1782
+ "timestamp": "1513937166",
1783
+ "uuid": "5a3cd90e-538c-4b7e-95dc-5276950d210f"
1784
+ },
1785
+ {
1786
+ "Attribute": [
1787
+ {
1788
+ "category": "Payload delivery",
1789
+ "comment": "",
1790
+ "deleted": false,
1791
+ "disable_correlation": false,
1792
+ "distribution": "5",
1793
+ "event_id": "9747",
1794
+ "id": "1188991",
1795
+ "object_id": "1572",
1796
+ "object_relation": "filename",
1797
+ "sharing_group_id": "0",
1798
+ "timestamp": "1513937191",
1799
+ "to_ids": true,
1800
+ "type": "filename",
1801
+ "uuid": "5a3cd927-e810-4d22-a0e4-4057950d210f",
1802
+ "value": "SaberGuardian2017.docx"
1803
+ },
1804
+ {
1805
+ "category": "Payload delivery",
1806
+ "comment": "",
1807
+ "deleted": false,
1808
+ "disable_correlation": false,
1809
+ "distribution": "5",
1810
+ "event_id": "9747",
1811
+ "id": "1188992",
1812
+ "object_id": "1572",
1813
+ "object_relation": "sha1",
1814
+ "sharing_group_id": "0",
1815
+ "timestamp": "1513937191",
1816
+ "to_ids": true,
1817
+ "type": "sha1",
1818
+ "uuid": "5a3cd927-f284-43b9-83d1-473b950d210f",
1819
+ "value": "68c2809560c7623d2307d8797691abf3eafe319a"
1820
+ },
1821
+ {
1822
+ "category": "Other",
1823
+ "comment": "",
1824
+ "deleted": false,
1825
+ "disable_correlation": true,
1826
+ "distribution": "5",
1827
+ "event_id": "9747",
1828
+ "id": "1188993",
1829
+ "object_id": "1572",
1830
+ "object_relation": "state",
1831
+ "sharing_group_id": "0",
1832
+ "timestamp": "1513937191",
1833
+ "to_ids": false,
1834
+ "type": "text",
1835
+ "uuid": "5a3cd927-b844-49f2-a1a9-4c85950d210f",
1836
+ "value": "Malicious"
1837
+ }
1838
+ ],
1839
+ "comment": "VBA/DDE.E",
1840
+ "deleted": false,
1841
+ "description": "File object describing a file with meta-information",
1842
+ "distribution": "5",
1843
+ "event_id": "9747",
1844
+ "id": "1572",
1845
+ "meta-category": "file",
1846
+ "name": "file",
1847
+ "sharing_group_id": "0",
1848
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1849
+ "template_version": "8",
1850
+ "timestamp": "1513937191",
1851
+ "uuid": "5a3cd927-e410-489c-abfc-4b63950d210f"
1852
+ },
1853
+ {
1854
+ "Attribute": [
1855
+ {
1856
+ "category": "Payload delivery",
1857
+ "comment": "",
1858
+ "deleted": false,
1859
+ "disable_correlation": false,
1860
+ "distribution": "5",
1861
+ "event_id": "9747",
1862
+ "id": "1188994",
1863
+ "object_id": "1573",
1864
+ "object_relation": "filename",
1865
+ "sharing_group_id": "0",
1866
+ "timestamp": "1513937212",
1867
+ "to_ids": true,
1868
+ "type": "filename",
1869
+ "uuid": "5a3cd93c-2438-4dda-823e-463d950d210f",
1870
+ "value": "IsisAttackInNewYork.docx"
1871
+ },
1872
+ {
1873
+ "category": "Payload delivery",
1874
+ "comment": "",
1875
+ "deleted": false,
1876
+ "disable_correlation": false,
1877
+ "distribution": "5",
1878
+ "event_id": "9747",
1879
+ "id": "1188995",
1880
+ "object_id": "1573",
1881
+ "object_relation": "sha1",
1882
+ "sharing_group_id": "0",
1883
+ "timestamp": "1513937212",
1884
+ "to_ids": true,
1885
+ "type": "sha1",
1886
+ "uuid": "5a3cd93c-1ef0-4d81-9476-4655950d210f",
1887
+ "value": "1c6c700ceebfbe799e115582665105caa03c5c9e"
1888
+ },
1889
+ {
1890
+ "category": "Other",
1891
+ "comment": "",
1892
+ "deleted": false,
1893
+ "disable_correlation": true,
1894
+ "distribution": "5",
1895
+ "event_id": "9747",
1896
+ "id": "1188996",
1897
+ "object_id": "1573",
1898
+ "object_relation": "state",
1899
+ "sharing_group_id": "0",
1900
+ "timestamp": "1513937212",
1901
+ "to_ids": false,
1902
+ "type": "text",
1903
+ "uuid": "5a3cd93c-949c-40ac-9094-4a4a950d210f",
1904
+ "value": "Malicious"
1905
+ }
1906
+ ],
1907
+ "comment": "VBA/DDE.L",
1908
+ "deleted": false,
1909
+ "description": "File object describing a file with meta-information",
1910
+ "distribution": "5",
1911
+ "event_id": "9747",
1912
+ "id": "1573",
1913
+ "meta-category": "file",
1914
+ "name": "file",
1915
+ "sharing_group_id": "0",
1916
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1917
+ "template_version": "8",
1918
+ "timestamp": "1513937212",
1919
+ "uuid": "5a3cd93c-716c-4918-a00f-4671950d210f"
1920
+ },
1921
+ {
1922
+ "Attribute": [
1923
+ {
1924
+ "category": "Payload delivery",
1925
+ "comment": "",
1926
+ "deleted": false,
1927
+ "disable_correlation": false,
1928
+ "distribution": "5",
1929
+ "event_id": "9747",
1930
+ "id": "1188997",
1931
+ "object_id": "1574",
1932
+ "object_relation": "sha1",
1933
+ "sharing_group_id": "0",
1934
+ "timestamp": "1513937559",
1935
+ "to_ids": true,
1936
+ "type": "sha1",
1937
+ "uuid": "5a3cda97-7e58-4642-aaf5-c5ed950d210f",
1938
+ "value": "6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb"
1939
+ },
1940
+ {
1941
+ "category": "Other",
1942
+ "comment": "",
1943
+ "deleted": false,
1944
+ "disable_correlation": true,
1945
+ "distribution": "5",
1946
+ "event_id": "9747",
1947
+ "id": "1188998",
1948
+ "object_id": "1574",
1949
+ "object_relation": "state",
1950
+ "sharing_group_id": "0",
1951
+ "timestamp": "1513937559",
1952
+ "to_ids": false,
1953
+ "type": "text",
1954
+ "uuid": "5a3cda97-6020-423d-9d23-c5ed950d210f",
1955
+ "value": "Malicious"
1956
+ }
1957
+ ],
1958
+ "ObjectReference": [
1959
+ {
1960
+ "Attribute": {
1961
+ "category": "Network activity",
1962
+ "distribution": "5",
1963
+ "sharing_group_id": "0",
1964
+ "to_ids": true,
1965
+ "type": "domain",
1966
+ "uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
1967
+ "value": "movieultimate.com"
1968
+ },
1969
+ "comment": "",
1970
+ "deleted": false,
1971
+ "event_id": "9747",
1972
+ "id": "159",
1973
+ "object_id": "1574",
1974
+ "object_uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f",
1975
+ "referenced_id": "1188759",
1976
+ "referenced_type": "0",
1977
+ "referenced_uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
1978
+ "relationship_type": "communicates-with",
1979
+ "timestamp": "1513937826",
1980
+ "uuid": "5a3cdba2-2fdc-4f9a-a4eb-4dae950d210f"
1981
+ }
1982
+ ],
1983
+ "comment": "Win64/Sednit.Z",
1984
+ "deleted": false,
1985
+ "description": "File object describing a file with meta-information",
1986
+ "distribution": "5",
1987
+ "event_id": "9747",
1988
+ "id": "1574",
1989
+ "meta-category": "file",
1990
+ "name": "file",
1991
+ "sharing_group_id": "0",
1992
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1993
+ "template_version": "8",
1994
+ "timestamp": "1513937826",
1995
+ "uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f"
1996
+ },
1997
+ {
1998
+ "Attribute": [
1999
+ {
2000
+ "category": "Payload delivery",
2001
+ "comment": "",
2002
+ "deleted": false,
2003
+ "disable_correlation": false,
2004
+ "distribution": "5",
2005
+ "event_id": "9747",
2006
+ "id": "1188999",
2007
+ "object_id": "1575",
2008
+ "object_relation": "sha1",
2009
+ "sharing_group_id": "0",
2010
+ "timestamp": "1513937864",
2011
+ "to_ids": true,
2012
+ "type": "sha1",
2013
+ "uuid": "5a3cdbc8-0aac-4d8a-8c1f-4c5a950d210f",
2014
+ "value": "e19f753e514f6adec8f81bcdefb9117979e69627"
2015
+ },
2016
+ {
2017
+ "category": "Other",
2018
+ "comment": "",
2019
+ "deleted": false,
2020
+ "disable_correlation": true,
2021
+ "distribution": "5",
2022
+ "event_id": "9747",
2023
+ "id": "1189000",
2024
+ "object_id": "1575",
2025
+ "object_relation": "state",
2026
+ "sharing_group_id": "0",
2027
+ "timestamp": "1513937864",
2028
+ "to_ids": false,
2029
+ "type": "text",
2030
+ "uuid": "5a3cdbc8-e204-4606-b9ea-4c5a950d210f",
2031
+ "value": "Malicious"
2032
+ }
2033
+ ],
2034
+ "ObjectReference": [
2035
+ {
2036
+ "Attribute": {
2037
+ "category": "Network activity",
2038
+ "distribution": "5",
2039
+ "sharing_group_id": "0",
2040
+ "to_ids": true,
2041
+ "type": "domain",
2042
+ "uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
2043
+ "value": "meteost.com"
2044
+ },
2045
+ "comment": "",
2046
+ "deleted": false,
2047
+ "event_id": "9747",
2048
+ "id": "160",
2049
+ "object_id": "1575",
2050
+ "object_uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
2051
+ "referenced_id": "1188760",
2052
+ "referenced_type": "0",
2053
+ "referenced_uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
2054
+ "relationship_type": "communicates-with",
2055
+ "timestamp": "1513938091",
2056
+ "uuid": "5a3cdcab-8200-4c65-868e-42a9950d210f"
2057
+ }
2058
+ ],
2059
+ "comment": "Win64/Sednit.Z",
2060
+ "deleted": false,
2061
+ "description": "File object describing a file with meta-information",
2062
+ "distribution": "5",
2063
+ "event_id": "9747",
2064
+ "id": "1575",
2065
+ "meta-category": "file",
2066
+ "name": "file",
2067
+ "sharing_group_id": "0",
2068
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2069
+ "template_version": "8",
2070
+ "timestamp": "1513938091",
2071
+ "uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f"
2072
+ },
2073
+ {
2074
+ "Attribute": [
2075
+ {
2076
+ "category": "Payload delivery",
2077
+ "comment": "",
2078
+ "deleted": false,
2079
+ "disable_correlation": false,
2080
+ "distribution": "5",
2081
+ "event_id": "9747",
2082
+ "id": "1189001",
2083
+ "object_id": "1576",
2084
+ "object_relation": "sha1",
2085
+ "sharing_group_id": "0",
2086
+ "timestamp": "1513937910",
2087
+ "to_ids": true,
2088
+ "type": "sha1",
2089
+ "uuid": "5a3cdbf6-eca0-4c09-9bd0-4c59950d210f",
2090
+ "value": "961468ddd3d0fa25beb8210c81ba620f9170ed30"
2091
+ },
2092
+ {
2093
+ "category": "Other",
2094
+ "comment": "",
2095
+ "deleted": false,
2096
+ "disable_correlation": true,
2097
+ "distribution": "5",
2098
+ "event_id": "9747",
2099
+ "id": "1189002",
2100
+ "object_id": "1576",
2101
+ "object_relation": "state",
2102
+ "sharing_group_id": "0",
2103
+ "timestamp": "1513937910",
2104
+ "to_ids": false,
2105
+ "type": "text",
2106
+ "uuid": "5a3cdbf6-acd8-4a36-a028-4c59950d210f",
2107
+ "value": "Malicious"
2108
+ }
2109
+ ],
2110
+ "ObjectReference": [
2111
+ {
2112
+ "Attribute": {
2113
+ "category": "Network activity",
2114
+ "distribution": "5",
2115
+ "sharing_group_id": "0",
2116
+ "to_ids": true,
2117
+ "type": "domain",
2118
+ "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2119
+ "value": "faststoragefiles.org"
2120
+ },
2121
+ "comment": "",
2122
+ "deleted": false,
2123
+ "event_id": "9747",
2124
+ "id": "164",
2125
+ "object_id": "1576",
2126
+ "object_uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f",
2127
+ "referenced_id": "1188761",
2128
+ "referenced_type": "0",
2129
+ "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2130
+ "relationship_type": "communicates-with",
2131
+ "timestamp": "1513938210",
2132
+ "uuid": "5a3cdd22-b7d8-4754-a108-4742950d210f"
2133
+ }
2134
+ ],
2135
+ "comment": "Win32/Sednit.BO",
2136
+ "deleted": false,
2137
+ "description": "File object describing a file with meta-information",
2138
+ "distribution": "5",
2139
+ "event_id": "9747",
2140
+ "id": "1576",
2141
+ "meta-category": "file",
2142
+ "name": "file",
2143
+ "sharing_group_id": "0",
2144
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2145
+ "template_version": "8",
2146
+ "timestamp": "1513938210",
2147
+ "uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f"
2148
+ },
2149
+ {
2150
+ "Attribute": [
2151
+ {
2152
+ "category": "Payload delivery",
2153
+ "comment": "",
2154
+ "deleted": false,
2155
+ "disable_correlation": false,
2156
+ "distribution": "5",
2157
+ "event_id": "9747",
2158
+ "id": "1189003",
2159
+ "object_id": "1577",
2160
+ "object_relation": "sha1",
2161
+ "sharing_group_id": "0",
2162
+ "timestamp": "1513937929",
2163
+ "to_ids": true,
2164
+ "type": "sha1",
2165
+ "uuid": "5a3cdc09-b428-4c0b-9969-c5ed950d210f",
2166
+ "value": "a0719b50265505c8432616c0a4e14ed206981e95"
2167
+ },
2168
+ {
2169
+ "category": "Other",
2170
+ "comment": "",
2171
+ "deleted": false,
2172
+ "disable_correlation": true,
2173
+ "distribution": "5",
2174
+ "event_id": "9747",
2175
+ "id": "1189004",
2176
+ "object_id": "1577",
2177
+ "object_relation": "state",
2178
+ "sharing_group_id": "0",
2179
+ "timestamp": "1513937929",
2180
+ "to_ids": false,
2181
+ "type": "text",
2182
+ "uuid": "5a3cdc09-05d8-4356-ba52-c5ed950d210f",
2183
+ "value": "Malicious"
2184
+ }
2185
+ ],
2186
+ "ObjectReference": [
2187
+ {
2188
+ "Attribute": {
2189
+ "category": "Network activity",
2190
+ "distribution": "5",
2191
+ "sharing_group_id": "0",
2192
+ "to_ids": true,
2193
+ "type": "domain",
2194
+ "uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
2195
+ "value": "nethostnet.com"
2196
+ },
2197
+ "comment": "",
2198
+ "deleted": false,
2199
+ "event_id": "9747",
2200
+ "id": "162",
2201
+ "object_id": "1577",
2202
+ "object_uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
2203
+ "referenced_id": "1188762",
2204
+ "referenced_type": "0",
2205
+ "referenced_uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
2206
+ "relationship_type": "communicates-with",
2207
+ "timestamp": "1513938169",
2208
+ "uuid": "5a3cdcf9-d5a4-4c8e-a201-45b1950d210f"
2209
+ }
2210
+ ],
2211
+ "comment": "Win32/Sednit.BO",
2212
+ "deleted": false,
2213
+ "description": "File object describing a file with meta-information",
2214
+ "distribution": "5",
2215
+ "event_id": "9747",
2216
+ "id": "1577",
2217
+ "meta-category": "file",
2218
+ "name": "file",
2219
+ "sharing_group_id": "0",
2220
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2221
+ "template_version": "8",
2222
+ "timestamp": "1513938169",
2223
+ "uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f"
2224
+ },
2225
+ {
2226
+ "Attribute": [
2227
+ {
2228
+ "category": "Payload delivery",
2229
+ "comment": "",
2230
+ "deleted": false,
2231
+ "disable_correlation": false,
2232
+ "distribution": "5",
2233
+ "event_id": "9747",
2234
+ "id": "1189005",
2235
+ "object_id": "1578",
2236
+ "object_relation": "sha1",
2237
+ "sharing_group_id": "0",
2238
+ "timestamp": "1513937953",
2239
+ "to_ids": true,
2240
+ "type": "sha1",
2241
+ "uuid": "5a3cdc21-a170-4637-b139-4812950d210f",
2242
+ "value": "2cf6436b99d11d9d1e0c488af518e35162ecbc9c"
2243
+ },
2244
+ {
2245
+ "category": "Other",
2246
+ "comment": "",
2247
+ "deleted": false,
2248
+ "disable_correlation": true,
2249
+ "distribution": "5",
2250
+ "event_id": "9747",
2251
+ "id": "1189006",
2252
+ "object_id": "1578",
2253
+ "object_relation": "state",
2254
+ "sharing_group_id": "0",
2255
+ "timestamp": "1513937953",
2256
+ "to_ids": false,
2257
+ "type": "text",
2258
+ "uuid": "5a3cdc21-3274-4800-9e91-41e2950d210f",
2259
+ "value": "Malicious"
2260
+ }
2261
+ ],
2262
+ "ObjectReference": [
2263
+ {
2264
+ "Attribute": {
2265
+ "category": "Network activity",
2266
+ "distribution": "5",
2267
+ "sharing_group_id": "0",
2268
+ "to_ids": true,
2269
+ "type": "domain",
2270
+ "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2271
+ "value": "faststoragefiles.org"
2272
+ },
2273
+ "comment": "",
2274
+ "deleted": false,
2275
+ "event_id": "9747",
2276
+ "id": "165",
2277
+ "object_id": "1578",
2278
+ "object_uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f",
2279
+ "referenced_id": "1188761",
2280
+ "referenced_type": "0",
2281
+ "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2282
+ "relationship_type": "communicates-with",
2283
+ "timestamp": "1513938226",
2284
+ "uuid": "5a3cdd32-3044-4895-8f18-4d06950d210f"
2285
+ }
2286
+ ],
2287
+ "comment": "Win64/Sednit.Y",
2288
+ "deleted": false,
2289
+ "description": "File object describing a file with meta-information",
2290
+ "distribution": "5",
2291
+ "event_id": "9747",
2292
+ "id": "1578",
2293
+ "meta-category": "file",
2294
+ "name": "file",
2295
+ "sharing_group_id": "0",
2296
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2297
+ "template_version": "8",
2298
+ "timestamp": "1513938226",
2299
+ "uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f"
2300
+ },
2301
+ {
2302
+ "Attribute": [
2303
+ {
2304
+ "category": "Payload delivery",
2305
+ "comment": "",
2306
+ "deleted": false,
2307
+ "disable_correlation": false,
2308
+ "distribution": "5",
2309
+ "event_id": "9747",
2310
+ "id": "1189007",
2311
+ "object_id": "1579",
2312
+ "object_relation": "sha1",
2313
+ "sharing_group_id": "0",
2314
+ "timestamp": "1513937975",
2315
+ "to_ids": true,
2316
+ "type": "sha1",
2317
+ "uuid": "5a3cdc37-cee0-43d0-9e20-4db6950d210f",
2318
+ "value": "fec29b4f4dccc59770c65c128dfe4564d7c13d33"
2319
+ },
2320
+ {
2321
+ "category": "Other",
2322
+ "comment": "",
2323
+ "deleted": false,
2324
+ "disable_correlation": true,
2325
+ "distribution": "5",
2326
+ "event_id": "9747",
2327
+ "id": "1189008",
2328
+ "object_id": "1579",
2329
+ "object_relation": "state",
2330
+ "sharing_group_id": "0",
2331
+ "timestamp": "1513937976",
2332
+ "to_ids": false,
2333
+ "type": "text",
2334
+ "uuid": "5a3cdc38-ac24-44be-a1ed-4935950d210f",
2335
+ "value": "Malicious"
2336
+ }
2337
+ ],
2338
+ "ObjectReference": [
2339
+ {
2340
+ "Attribute": {
2341
+ "category": "Network activity",
2342
+ "distribution": "5",
2343
+ "sharing_group_id": "0",
2344
+ "to_ids": true,
2345
+ "type": "domain",
2346
+ "uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
2347
+ "value": "fsportal.net"
2348
+ },
2349
+ "comment": "",
2350
+ "deleted": false,
2351
+ "event_id": "9747",
2352
+ "id": "163",
2353
+ "object_id": "1579",
2354
+ "object_uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f",
2355
+ "referenced_id": "1188763",
2356
+ "referenced_type": "0",
2357
+ "referenced_uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
2358
+ "relationship_type": "communicates-with",
2359
+ "timestamp": "1513938189",
2360
+ "uuid": "5a3cdd0d-d990-42ba-830d-5156950d210f"
2361
+ }
2362
+ ],
2363
+ "comment": "Win64/Sednit.Y",
2364
+ "deleted": false,
2365
+ "description": "File object describing a file with meta-information",
2366
+ "distribution": "5",
2367
+ "event_id": "9747",
2368
+ "id": "1579",
2369
+ "meta-category": "file",
2370
+ "name": "file",
2371
+ "sharing_group_id": "0",
2372
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2373
+ "template_version": "8",
2374
+ "timestamp": "1513938190",
2375
+ "uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f"
2376
+ },
2377
+ {
2378
+ "Attribute": [
2379
+ {
2380
+ "category": "Payload delivery",
2381
+ "comment": "",
2382
+ "deleted": false,
2383
+ "disable_correlation": false,
2384
+ "distribution": "5",
2385
+ "event_id": "9747",
2386
+ "id": "1189009",
2387
+ "object_id": "1580",
2388
+ "object_relation": "sha1",
2389
+ "sharing_group_id": "0",
2390
+ "timestamp": "1513937992",
2391
+ "to_ids": true,
2392
+ "type": "sha1",
2393
+ "uuid": "5a3cdc48-c74c-4b6e-8202-5156950d210f",
2394
+ "value": "57d7f3d31c491f8aef4665ca4dd905c3c8a98795"
2395
+ },
2396
+ {
2397
+ "category": "Other",
2398
+ "comment": "",
2399
+ "deleted": false,
2400
+ "disable_correlation": true,
2401
+ "distribution": "5",
2402
+ "event_id": "9747",
2403
+ "id": "1189010",
2404
+ "object_id": "1580",
2405
+ "object_relation": "state",
2406
+ "sharing_group_id": "0",
2407
+ "timestamp": "1513937992",
2408
+ "to_ids": false,
2409
+ "type": "text",
2410
+ "uuid": "5a3cdc48-55dc-420e-9b5d-5156950d210f",
2411
+ "value": "Malicious"
2412
+ }
2413
+ ],
2414
+ "ObjectReference": [
2415
+ {
2416
+ "Attribute": {
2417
+ "category": "Network activity",
2418
+ "distribution": "5",
2419
+ "sharing_group_id": "0",
2420
+ "to_ids": true,
2421
+ "type": "domain",
2422
+ "uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
2423
+ "value": "fastdataexchange.org"
2424
+ },
2425
+ "comment": "",
2426
+ "deleted": false,
2427
+ "event_id": "9747",
2428
+ "id": "161",
2429
+ "object_id": "1580",
2430
+ "object_uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f",
2431
+ "referenced_id": "1188764",
2432
+ "referenced_type": "0",
2433
+ "referenced_uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
2434
+ "relationship_type": "communicates-with",
2435
+ "timestamp": "1513938129",
2436
+ "uuid": "5a3cdcd1-c6cc-43d8-a2f4-4681950d210f"
2437
+ }
2438
+ ],
2439
+ "comment": "Win64/Sednit.Z",
2440
+ "deleted": false,
2441
+ "description": "File object describing a file with meta-information",
2442
+ "distribution": "5",
2443
+ "event_id": "9747",
2444
+ "id": "1580",
2445
+ "meta-category": "file",
2446
+ "name": "file",
2447
+ "sharing_group_id": "0",
2448
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2449
+ "template_version": "8",
2450
+ "timestamp": "1513938129",
2451
+ "uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f"
2452
+ },
2453
+ {
2454
+ "Attribute": [
2455
+ {
2456
+ "category": "Payload delivery",
2457
+ "comment": "",
2458
+ "deleted": false,
2459
+ "disable_correlation": false,
2460
+ "distribution": "5",
2461
+ "event_id": "9747",
2462
+ "id": "1189011",
2463
+ "object_id": "1581",
2464
+ "object_relation": "sha1",
2465
+ "sharing_group_id": "0",
2466
+ "timestamp": "1513938011",
2467
+ "to_ids": true,
2468
+ "type": "sha1",
2469
+ "uuid": "5a3cdc5b-54a8-4e60-bc67-4c5a950d210f",
2470
+ "value": "a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138"
2471
+ },
2472
+ {
2473
+ "category": "Other",
2474
+ "comment": "",
2475
+ "deleted": false,
2476
+ "disable_correlation": true,
2477
+ "distribution": "5",
2478
+ "event_id": "9747",
2479
+ "id": "1189012",
2480
+ "object_id": "1581",
2481
+ "object_relation": "state",
2482
+ "sharing_group_id": "0",
2483
+ "timestamp": "1513938011",
2484
+ "to_ids": false,
2485
+ "type": "text",
2486
+ "uuid": "5a3cdc5b-b390-4183-aec7-4c5a950d210f",
2487
+ "value": "Malicious"
2488
+ }
2489
+ ],
2490
+ "ObjectReference": [
2491
+ {
2492
+ "Attribute": {
2493
+ "category": "Network activity",
2494
+ "distribution": "5",
2495
+ "sharing_group_id": "0",
2496
+ "to_ids": true,
2497
+ "type": "domain",
2498
+ "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2499
+ "value": "newfilmts.com"
2500
+ },
2501
+ "comment": "",
2502
+ "deleted": false,
2503
+ "event_id": "9747",
2504
+ "id": "168",
2505
+ "object_id": "1581",
2506
+ "object_uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f",
2507
+ "referenced_id": "1188765",
2508
+ "referenced_type": "0",
2509
+ "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2510
+ "relationship_type": "communicates-with",
2511
+ "timestamp": "1513938280",
2512
+ "uuid": "5a3cdd68-7968-40d1-a0a9-5156950d210f"
2513
+ }
2514
+ ],
2515
+ "comment": "Win32/Sednit.BO",
2516
+ "deleted": false,
2517
+ "description": "File object describing a file with meta-information",
2518
+ "distribution": "5",
2519
+ "event_id": "9747",
2520
+ "id": "1581",
2521
+ "meta-category": "file",
2522
+ "name": "file",
2523
+ "sharing_group_id": "0",
2524
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2525
+ "template_version": "8",
2526
+ "timestamp": "1513938280",
2527
+ "uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f"
2528
+ },
2529
+ {
2530
+ "Attribute": [
2531
+ {
2532
+ "category": "Payload delivery",
2533
+ "comment": "",
2534
+ "deleted": false,
2535
+ "disable_correlation": false,
2536
+ "distribution": "5",
2537
+ "event_id": "9747",
2538
+ "id": "1189013",
2539
+ "object_id": "1582",
2540
+ "object_relation": "sha1",
2541
+ "sharing_group_id": "0",
2542
+ "timestamp": "1513938034",
2543
+ "to_ids": true,
2544
+ "type": "sha1",
2545
+ "uuid": "5a3cdc72-ba30-4ecd-9d21-4654950d210f",
2546
+ "value": "1958e722afd0dba266576922abc98aa505cf5f9a"
2547
+ },
2548
+ {
2549
+ "category": "Other",
2550
+ "comment": "",
2551
+ "deleted": false,
2552
+ "disable_correlation": true,
2553
+ "distribution": "5",
2554
+ "event_id": "9747",
2555
+ "id": "1189014",
2556
+ "object_id": "1582",
2557
+ "object_relation": "state",
2558
+ "sharing_group_id": "0",
2559
+ "timestamp": "1513938034",
2560
+ "to_ids": false,
2561
+ "type": "text",
2562
+ "uuid": "5a3cdc72-0804-42c4-acfa-4ac5950d210f",
2563
+ "value": "Malicious"
2564
+ }
2565
+ ],
2566
+ "ObjectReference": [
2567
+ {
2568
+ "Attribute": {
2569
+ "category": "Network activity",
2570
+ "distribution": "5",
2571
+ "sharing_group_id": "0",
2572
+ "to_ids": true,
2573
+ "type": "domain",
2574
+ "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2575
+ "value": "newfilmts.com"
2576
+ },
2577
+ "comment": "",
2578
+ "deleted": false,
2579
+ "event_id": "9747",
2580
+ "id": "167",
2581
+ "object_id": "1582",
2582
+ "object_uuid": "5a3cdc72-1538-4c66-af46-427b950d210f",
2583
+ "referenced_id": "1188765",
2584
+ "referenced_type": "0",
2585
+ "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2586
+ "relationship_type": "communicates-with",
2587
+ "timestamp": "1513938264",
2588
+ "uuid": "5a3cdd58-9800-4bae-837c-4f20950d210f"
2589
+ }
2590
+ ],
2591
+ "comment": "Win32/Sednit.BO",
2592
+ "deleted": false,
2593
+ "description": "File object describing a file with meta-information",
2594
+ "distribution": "5",
2595
+ "event_id": "9747",
2596
+ "id": "1582",
2597
+ "meta-category": "file",
2598
+ "name": "file",
2599
+ "sharing_group_id": "0",
2600
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2601
+ "template_version": "8",
2602
+ "timestamp": "1513938264",
2603
+ "uuid": "5a3cdc72-1538-4c66-af46-427b950d210f"
2604
+ },
2605
+ {
2606
+ "Attribute": [
2607
+ {
2608
+ "category": "Payload delivery",
2609
+ "comment": "",
2610
+ "deleted": false,
2611
+ "disable_correlation": false,
2612
+ "distribution": "5",
2613
+ "event_id": "9747",
2614
+ "id": "1189015",
2615
+ "object_id": "1583",
2616
+ "object_relation": "sha1",
2617
+ "sharing_group_id": "0",
2618
+ "timestamp": "1513939882",
2619
+ "to_ids": true,
2620
+ "type": "sha1",
2621
+ "uuid": "5a3ce3aa-e104-481e-a7f4-4bc1950d210f",
2622
+ "value": "9f6bed7d7f4728490117cbc85819c2e6c494251b"
2623
+ },
2624
+ {
2625
+ "category": "Other",
2626
+ "comment": "",
2627
+ "deleted": false,
2628
+ "disable_correlation": true,
2629
+ "distribution": "5",
2630
+ "event_id": "9747",
2631
+ "id": "1189016",
2632
+ "object_id": "1583",
2633
+ "object_relation": "state",
2634
+ "sharing_group_id": "0",
2635
+ "timestamp": "1513939882",
2636
+ "to_ids": false,
2637
+ "type": "text",
2638
+ "uuid": "5a3ce3aa-74fc-48c7-af40-4c6a950d210f",
2639
+ "value": "Malicious"
2640
+ }
2641
+ ],
2642
+ "ObjectReference": [
2643
+ {
2644
+ "Object": {
2645
+ "distribution": "5",
2646
+ "meta-category": "network",
2647
+ "name": "domain-ip",
2648
+ "sharing_group_id": "0",
2649
+ "uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
2650
+ },
2651
+ "comment": "",
2652
+ "deleted": false,
2653
+ "event_id": "9747",
2654
+ "id": "173",
2655
+ "object_id": "1583",
2656
+ "object_uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
2657
+ "referenced_id": "1592",
2658
+ "referenced_type": "1",
2659
+ "referenced_uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f",
2660
+ "relationship_type": "communicates-with",
2661
+ "timestamp": "1513947459",
2662
+ "uuid": "5a3d0143-c300-4118-8afe-4a2d950d210f"
2663
+ }
2664
+ ],
2665
+ "comment": "Win32/Sednit.AX",
2666
+ "deleted": false,
2667
+ "description": "File object describing a file with meta-information",
2668
+ "distribution": "5",
2669
+ "event_id": "9747",
2670
+ "id": "1583",
2671
+ "meta-category": "file",
2672
+ "name": "file",
2673
+ "sharing_group_id": "0",
2674
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2675
+ "template_version": "8",
2676
+ "timestamp": "1513948642",
2677
+ "uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f"
2678
+ },
2679
+ {
2680
+ "Attribute": [
2681
+ {
2682
+ "category": "Payload delivery",
2683
+ "comment": "",
2684
+ "deleted": false,
2685
+ "disable_correlation": false,
2686
+ "distribution": "5",
2687
+ "event_id": "9747",
2688
+ "id": "1189017",
2689
+ "object_id": "1584",
2690
+ "object_relation": "sha1",
2691
+ "sharing_group_id": "0",
2692
+ "timestamp": "1513939907",
2693
+ "to_ids": true,
2694
+ "type": "sha1",
2695
+ "uuid": "5a3ce3c3-6d9c-48f4-93db-4a61950d210f",
2696
+ "value": "4bc722a9b0492a50bd86a1341f02c74c0d773db7"
2697
+ },
2698
+ {
2699
+ "category": "Other",
2700
+ "comment": "",
2701
+ "deleted": false,
2702
+ "disable_correlation": true,
2703
+ "distribution": "5",
2704
+ "event_id": "9747",
2705
+ "id": "1189018",
2706
+ "object_id": "1584",
2707
+ "object_relation": "state",
2708
+ "sharing_group_id": "0",
2709
+ "timestamp": "1513939907",
2710
+ "to_ids": false,
2711
+ "type": "text",
2712
+ "uuid": "5a3ce3c3-c38c-4e30-a904-4c8f950d210f",
2713
+ "value": "Malicious"
2714
+ }
2715
+ ],
2716
+ "ObjectReference": [
2717
+ {
2718
+ "Object": {
2719
+ "distribution": "5",
2720
+ "meta-category": "network",
2721
+ "name": "domain-ip",
2722
+ "sharing_group_id": "0",
2723
+ "uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
2724
+ },
2725
+ "comment": "",
2726
+ "deleted": false,
2727
+ "event_id": "9747",
2728
+ "id": "188",
2729
+ "object_id": "1584",
2730
+ "object_uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f",
2731
+ "referenced_id": "1603",
2732
+ "referenced_type": "1",
2733
+ "referenced_uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f",
2734
+ "relationship_type": "communicates-with",
2735
+ "timestamp": "1513948518",
2736
+ "uuid": "5a3d0566-34fc-4a62-b2a5-4f91950d210f"
2737
+ }
2738
+ ],
2739
+ "comment": "Win32/Sednit.BS",
2740
+ "deleted": false,
2741
+ "description": "File object describing a file with meta-information",
2742
+ "distribution": "5",
2743
+ "event_id": "9747",
2744
+ "id": "1584",
2745
+ "meta-category": "file",
2746
+ "name": "file",
2747
+ "sharing_group_id": "0",
2748
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2749
+ "template_version": "8",
2750
+ "timestamp": "1513948535",
2751
+ "uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f"
2752
+ },
2753
+ {
2754
+ "Attribute": [
2755
+ {
2756
+ "category": "Payload delivery",
2757
+ "comment": "",
2758
+ "deleted": false,
2759
+ "disable_correlation": false,
2760
+ "distribution": "5",
2761
+ "event_id": "9747",
2762
+ "id": "1189019",
2763
+ "object_id": "1585",
2764
+ "object_relation": "sha1",
2765
+ "sharing_group_id": "0",
2766
+ "timestamp": "1513939924",
2767
+ "to_ids": true,
2768
+ "type": "sha1",
2769
+ "uuid": "5a3ce3d4-9168-4e23-8b64-485a950d210f",
2770
+ "value": "ab354807e687993fbeb1b325eb6e4ab38d428a1e"
2771
+ },
2772
+ {
2773
+ "category": "Other",
2774
+ "comment": "",
2775
+ "deleted": false,
2776
+ "disable_correlation": true,
2777
+ "distribution": "5",
2778
+ "event_id": "9747",
2779
+ "id": "1189020",
2780
+ "object_id": "1585",
2781
+ "object_relation": "state",
2782
+ "sharing_group_id": "0",
2783
+ "timestamp": "1513939924",
2784
+ "to_ids": false,
2785
+ "type": "text",
2786
+ "uuid": "5a3ce3d4-27e0-4366-943f-4b9a950d210f",
2787
+ "value": "Malicious"
2788
+ }
2789
+ ],
2790
+ "ObjectReference": [
2791
+ {
2792
+ "Object": {
2793
+ "distribution": "5",
2794
+ "meta-category": "network",
2795
+ "name": "domain-ip",
2796
+ "sharing_group_id": "0",
2797
+ "uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
2798
+ },
2799
+ "comment": "",
2800
+ "deleted": false,
2801
+ "event_id": "9747",
2802
+ "id": "189",
2803
+ "object_id": "1585",
2804
+ "object_uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f",
2805
+ "referenced_id": "1602",
2806
+ "referenced_type": "1",
2807
+ "referenced_uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
2808
+ "relationship_type": "communicates-with",
2809
+ "timestamp": "1513948528",
2810
+ "uuid": "5a3d0570-a86c-4264-a43a-4125950d210f"
2811
+ }
2812
+ ],
2813
+ "comment": "Win32/Sednit.BS",
2814
+ "deleted": false,
2815
+ "description": "File object describing a file with meta-information",
2816
+ "distribution": "5",
2817
+ "event_id": "9747",
2818
+ "id": "1585",
2819
+ "meta-category": "file",
2820
+ "name": "file",
2821
+ "sharing_group_id": "0",
2822
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2823
+ "template_version": "8",
2824
+ "timestamp": "1513948597",
2825
+ "uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f"
2826
+ },
2827
+ {
2828
+ "Attribute": [
2829
+ {
2830
+ "category": "Payload delivery",
2831
+ "comment": "",
2832
+ "deleted": false,
2833
+ "disable_correlation": false,
2834
+ "distribution": "5",
2835
+ "event_id": "9747",
2836
+ "id": "1189021",
2837
+ "object_id": "1586",
2838
+ "object_relation": "sha1",
2839
+ "sharing_group_id": "0",
2840
+ "timestamp": "1513939946",
2841
+ "to_ids": true,
2842
+ "type": "sha1",
2843
+ "uuid": "5a3ce3ea-8dbc-4cf4-997f-448b950d210f",
2844
+ "value": "9c47ca3883196b3a84d67676a804ff50e22b0a9f"
2845
+ },
2846
+ {
2847
+ "category": "Other",
2848
+ "comment": "",
2849
+ "deleted": false,
2850
+ "disable_correlation": true,
2851
+ "distribution": "5",
2852
+ "event_id": "9747",
2853
+ "id": "1189022",
2854
+ "object_id": "1586",
2855
+ "object_relation": "state",
2856
+ "sharing_group_id": "0",
2857
+ "timestamp": "1513939946",
2858
+ "to_ids": false,
2859
+ "type": "text",
2860
+ "uuid": "5a3ce3ea-e714-444e-ad9b-40b0950d210f",
2861
+ "value": "Malicious"
2862
+ }
2863
+ ],
2864
+ "ObjectReference": [
2865
+ {
2866
+ "Object": {
2867
+ "distribution": "5",
2868
+ "meta-category": "network",
2869
+ "name": "domain-ip",
2870
+ "sharing_group_id": "0",
2871
+ "uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
2872
+ },
2873
+ "comment": "",
2874
+ "deleted": false,
2875
+ "event_id": "9747",
2876
+ "id": "190",
2877
+ "object_id": "1586",
2878
+ "object_uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f",
2879
+ "referenced_id": "1601",
2880
+ "referenced_type": "1",
2881
+ "referenced_uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f",
2882
+ "relationship_type": "communicates-with",
2883
+ "timestamp": "1513948614",
2884
+ "uuid": "5a3d05c6-0618-4520-9549-48a0950d210f"
2885
+ }
2886
+ ],
2887
+ "comment": "Win32/Sednit.BR",
2888
+ "deleted": false,
2889
+ "description": "File object describing a file with meta-information",
2890
+ "distribution": "5",
2891
+ "event_id": "9747",
2892
+ "id": "1586",
2893
+ "meta-category": "file",
2894
+ "name": "file",
2895
+ "sharing_group_id": "0",
2896
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2897
+ "template_version": "8",
2898
+ "timestamp": "1513948626",
2899
+ "uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f"
2900
+ },
2901
+ {
2902
+ "Attribute": [
2903
+ {
2904
+ "category": "Payload delivery",
2905
+ "comment": "",
2906
+ "deleted": false,
2907
+ "disable_correlation": false,
2908
+ "distribution": "5",
2909
+ "event_id": "9747",
2910
+ "id": "1189023",
2911
+ "object_id": "1587",
2912
+ "object_relation": "sha1",
2913
+ "sharing_group_id": "0",
2914
+ "timestamp": "1513939972",
2915
+ "to_ids": true,
2916
+ "type": "sha1",
2917
+ "uuid": "5a3ce404-7bfc-4316-bd32-55ea950d210f",
2918
+ "value": "8a68f26d01372114f660e32ac4c9117e5d0577f1"
2919
+ },
2920
+ {
2921
+ "category": "Other",
2922
+ "comment": "",
2923
+ "deleted": false,
2924
+ "disable_correlation": true,
2925
+ "distribution": "5",
2926
+ "event_id": "9747",
2927
+ "id": "1189024",
2928
+ "object_id": "1587",
2929
+ "object_relation": "state",
2930
+ "sharing_group_id": "0",
2931
+ "timestamp": "1513939972",
2932
+ "to_ids": false,
2933
+ "type": "text",
2934
+ "uuid": "5a3ce404-7224-4525-922a-55ea950d210f",
2935
+ "value": "Malicious"
2936
+ }
2937
+ ],
2938
+ "ObjectReference": [
2939
+ {
2940
+ "Object": {
2941
+ "distribution": "5",
2942
+ "meta-category": "network",
2943
+ "name": "domain-ip",
2944
+ "sharing_group_id": "0",
2945
+ "uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
2946
+ },
2947
+ "comment": "",
2948
+ "deleted": false,
2949
+ "event_id": "9747",
2950
+ "id": "182",
2951
+ "object_id": "1587",
2952
+ "object_uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f",
2953
+ "referenced_id": "1600",
2954
+ "referenced_type": "1",
2955
+ "referenced_uuid": "5a3ce680-90d4-478d-95db-48a6950d210f",
2956
+ "relationship_type": "communicates-with",
2957
+ "timestamp": "1513948044",
2958
+ "uuid": "5a3d038c-1cc8-4d9c-87ab-c5ed950d210f"
2959
+ }
2960
+ ],
2961
+ "comment": "Win32/Sednit.BN",
2962
+ "deleted": false,
2963
+ "description": "File object describing a file with meta-information",
2964
+ "distribution": "5",
2965
+ "event_id": "9747",
2966
+ "id": "1587",
2967
+ "meta-category": "file",
2968
+ "name": "file",
2969
+ "sharing_group_id": "0",
2970
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2971
+ "template_version": "8",
2972
+ "timestamp": "1513948073",
2973
+ "uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f"
2974
+ },
2975
+ {
2976
+ "Attribute": [
2977
+ {
2978
+ "category": "Payload delivery",
2979
+ "comment": "",
2980
+ "deleted": false,
2981
+ "disable_correlation": false,
2982
+ "distribution": "5",
2983
+ "event_id": "9747",
2984
+ "id": "1189025",
2985
+ "object_id": "1588",
2986
+ "object_relation": "sha1",
2987
+ "sharing_group_id": "0",
2988
+ "timestamp": "1513939991",
2989
+ "to_ids": true,
2990
+ "type": "sha1",
2991
+ "uuid": "5a3ce417-62a4-4d46-9a87-55ea950d210f",
2992
+ "value": "476fc1d31722ac26b46154cbf0c631d60268b28a"
2993
+ },
2994
+ {
2995
+ "category": "Other",
2996
+ "comment": "",
2997
+ "deleted": false,
2998
+ "disable_correlation": true,
2999
+ "distribution": "5",
3000
+ "event_id": "9747",
3001
+ "id": "1189026",
3002
+ "object_id": "1588",
3003
+ "object_relation": "state",
3004
+ "sharing_group_id": "0",
3005
+ "timestamp": "1513939991",
3006
+ "to_ids": false,
3007
+ "type": "text",
3008
+ "uuid": "5a3ce417-43f0-494d-ac2e-55ea950d210f",
3009
+ "value": "Malicious"
3010
+ }
3011
+ ],
3012
+ "ObjectReference": [
3013
+ {
3014
+ "Object": {
3015
+ "distribution": "5",
3016
+ "meta-category": "network",
3017
+ "name": "domain-ip",
3018
+ "sharing_group_id": "0",
3019
+ "uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
3020
+ },
3021
+ "comment": "",
3022
+ "deleted": false,
3023
+ "event_id": "9747",
3024
+ "id": "187",
3025
+ "object_id": "1588",
3026
+ "object_uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f",
3027
+ "referenced_id": "1599",
3028
+ "referenced_type": "1",
3029
+ "referenced_uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f",
3030
+ "relationship_type": "communicates-with",
3031
+ "timestamp": "1513948483",
3032
+ "uuid": "5a3d0543-8f74-4086-aafc-418a950d210f"
3033
+ }
3034
+ ],
3035
+ "comment": "Win32/Sednit.BN",
3036
+ "deleted": false,
3037
+ "description": "File object describing a file with meta-information",
3038
+ "distribution": "5",
3039
+ "event_id": "9747",
3040
+ "id": "1588",
3041
+ "meta-category": "file",
3042
+ "name": "file",
3043
+ "sharing_group_id": "0",
3044
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3045
+ "template_version": "8",
3046
+ "timestamp": "1513948498",
3047
+ "uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f"
3048
+ },
3049
+ {
3050
+ "Attribute": [
3051
+ {
3052
+ "category": "Payload delivery",
3053
+ "comment": "",
3054
+ "deleted": false,
3055
+ "disable_correlation": false,
3056
+ "distribution": "5",
3057
+ "event_id": "9747",
3058
+ "id": "1189027",
3059
+ "object_id": "1589",
3060
+ "object_relation": "sha1",
3061
+ "sharing_group_id": "0",
3062
+ "timestamp": "1513940012",
3063
+ "to_ids": true,
3064
+ "type": "sha1",
3065
+ "uuid": "5a3ce42c-836c-49e7-a9f3-4a5f950d210f",
3066
+ "value": "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1"
3067
+ },
3068
+ {
3069
+ "category": "Other",
3070
+ "comment": "",
3071
+ "deleted": false,
3072
+ "disable_correlation": true,
3073
+ "distribution": "5",
3074
+ "event_id": "9747",
3075
+ "id": "1189028",
3076
+ "object_id": "1589",
3077
+ "object_relation": "state",
3078
+ "sharing_group_id": "0",
3079
+ "timestamp": "1513940012",
3080
+ "to_ids": false,
3081
+ "type": "text",
3082
+ "uuid": "5a3ce42c-4c88-4940-94b8-4084950d210f",
3083
+ "value": "Malicious"
3084
+ }
3085
+ ],
3086
+ "ObjectReference": [
3087
+ {
3088
+ "Object": {
3089
+ "distribution": "5",
3090
+ "meta-category": "network",
3091
+ "name": "domain-ip",
3092
+ "sharing_group_id": "0",
3093
+ "uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
3094
+ },
3095
+ "comment": "",
3096
+ "deleted": false,
3097
+ "event_id": "9747",
3098
+ "id": "183",
3099
+ "object_id": "1589",
3100
+ "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
3101
+ "referenced_id": "1594",
3102
+ "referenced_type": "1",
3103
+ "referenced_uuid": "5a3ce60a-6db8-4212-b194-4339950d210f",
3104
+ "relationship_type": "communicates-with",
3105
+ "timestamp": "1513948106",
3106
+ "uuid": "5a3d03ca-2398-4060-b13c-404a950d210f"
3107
+ },
3108
+ {
3109
+ "Object": {
3110
+ "distribution": "5",
3111
+ "meta-category": "network",
3112
+ "name": "domain-ip",
3113
+ "sharing_group_id": "0",
3114
+ "uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
3115
+ },
3116
+ "comment": "",
3117
+ "deleted": false,
3118
+ "event_id": "9747",
3119
+ "id": "184",
3120
+ "object_id": "1589",
3121
+ "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
3122
+ "referenced_id": "1595",
3123
+ "referenced_type": "1",
3124
+ "referenced_uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
3125
+ "relationship_type": "communicates-with",
3126
+ "timestamp": "1513948117",
3127
+ "uuid": "5a3d03d5-6d8c-4dfb-b193-4002950d210f"
3128
+ }
3129
+ ],
3130
+ "comment": "Win32/Sednit.BN",
3131
+ "deleted": false,
3132
+ "description": "File object describing a file with meta-information",
3133
+ "distribution": "5",
3134
+ "event_id": "9747",
3135
+ "id": "1589",
3136
+ "meta-category": "file",
3137
+ "name": "file",
3138
+ "sharing_group_id": "0",
3139
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3140
+ "template_version": "8",
3141
+ "timestamp": "1513948128",
3142
+ "uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f"
3143
+ },
3144
+ {
3145
+ "Attribute": [
3146
+ {
3147
+ "category": "Payload delivery",
3148
+ "comment": "",
3149
+ "deleted": false,
3150
+ "disable_correlation": false,
3151
+ "distribution": "5",
3152
+ "event_id": "9747",
3153
+ "id": "1189029",
3154
+ "object_id": "1590",
3155
+ "object_relation": "sha1",
3156
+ "sharing_group_id": "0",
3157
+ "timestamp": "1513940027",
3158
+ "to_ids": true,
3159
+ "type": "sha1",
3160
+ "uuid": "5a3ce43b-6738-4a14-a318-4d65950d210f",
3161
+ "value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9"
3162
+ },
3163
+ {
3164
+ "category": "Other",
3165
+ "comment": "",
3166
+ "deleted": false,
3167
+ "disable_correlation": true,
3168
+ "distribution": "5",
3169
+ "event_id": "9747",
3170
+ "id": "1189030",
3171
+ "object_id": "1590",
3172
+ "object_relation": "state",
3173
+ "sharing_group_id": "0",
3174
+ "timestamp": "1513940027",
3175
+ "to_ids": false,
3176
+ "type": "text",
3177
+ "uuid": "5a3ce43b-3a10-4d78-9ee2-485c950d210f",
3178
+ "value": "Malicious"
3179
+ }
3180
+ ],
3181
+ "ObjectReference": [
3182
+ {
3183
+ "Object": {
3184
+ "distribution": "5",
3185
+ "meta-category": "network",
3186
+ "name": "domain-ip",
3187
+ "sharing_group_id": "0",
3188
+ "uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
3189
+ },
3190
+ "comment": "",
3191
+ "deleted": false,
3192
+ "event_id": "9747",
3193
+ "id": "186",
3194
+ "object_id": "1590",
3195
+ "object_uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f",
3196
+ "referenced_id": "1593",
3197
+ "referenced_type": "1",
3198
+ "referenced_uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
3199
+ "relationship_type": "communicates-with",
3200
+ "timestamp": "1513948320",
3201
+ "uuid": "5a3d04a0-9d28-47c3-a12c-465b950d210f"
3202
+ }
3203
+ ],
3204
+ "comment": "Win32/Sednit.BG",
3205
+ "deleted": false,
3206
+ "description": "File object describing a file with meta-information",
3207
+ "distribution": "5",
3208
+ "event_id": "9747",
3209
+ "id": "1590",
3210
+ "meta-category": "file",
3211
+ "name": "file",
3212
+ "sharing_group_id": "0",
3213
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3214
+ "template_version": "8",
3215
+ "timestamp": "1513948339",
3216
+ "uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f"
3217
+ },
3218
+ {
3219
+ "Attribute": [
3220
+ {
3221
+ "category": "Payload delivery",
3222
+ "comment": "",
3223
+ "deleted": false,
3224
+ "disable_correlation": false,
3225
+ "distribution": "5",
3226
+ "event_id": "9747",
3227
+ "id": "1189031",
3228
+ "object_id": "1591",
3229
+ "object_relation": "sha1",
3230
+ "sharing_group_id": "0",
3231
+ "timestamp": "1513940042",
3232
+ "to_ids": true,
3233
+ "type": "sha1",
3234
+ "uuid": "5a3ce44a-2ea4-4526-8bbc-c328950d210f",
3235
+ "value": "6e167da3c5d887fa2e58da848a2245d11b6c5ad6"
3236
+ },
3237
+ {
3238
+ "category": "Other",
3239
+ "comment": "",
3240
+ "deleted": false,
3241
+ "disable_correlation": true,
3242
+ "distribution": "5",
3243
+ "event_id": "9747",
3244
+ "id": "1189032",
3245
+ "object_id": "1591",
3246
+ "object_relation": "state",
3247
+ "sharing_group_id": "0",
3248
+ "timestamp": "1513940042",
3249
+ "to_ids": false,
3250
+ "type": "text",
3251
+ "uuid": "5a3ce44a-5118-4142-97f0-c328950d210f",
3252
+ "value": "Malicious"
3253
+ }
3254
+ ],
3255
+ "ObjectReference": [
3256
+ {
3257
+ "Object": {
3258
+ "distribution": "5",
3259
+ "meta-category": "network",
3260
+ "name": "domain-ip",
3261
+ "sharing_group_id": "0",
3262
+ "uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
3263
+ },
3264
+ "comment": "",
3265
+ "deleted": false,
3266
+ "event_id": "9747",
3267
+ "id": "170",
3268
+ "object_id": "1591",
3269
+ "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
3270
+ "referenced_id": "1597",
3271
+ "referenced_type": "1",
3272
+ "referenced_uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f",
3273
+ "relationship_type": "communicates-with",
3274
+ "timestamp": "1513940734",
3275
+ "uuid": "5a3ce6fe-b0c4-44df-a609-419a950d210f"
3276
+ },
3277
+ {
3278
+ "Object": {
3279
+ "distribution": "5",
3280
+ "meta-category": "network",
3281
+ "name": "domain-ip",
3282
+ "sharing_group_id": "0",
3283
+ "uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
3284
+ },
3285
+ "comment": "",
3286
+ "deleted": false,
3287
+ "event_id": "9747",
3288
+ "id": "171",
3289
+ "object_id": "1591",
3290
+ "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
3291
+ "referenced_id": "1598",
3292
+ "referenced_type": "1",
3293
+ "referenced_uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f",
3294
+ "relationship_type": "communicates-with",
3295
+ "timestamp": "1513940753",
3296
+ "uuid": "5a3ce711-a0dc-4dbe-b59e-495a950d210f"
3297
+ }
3298
+ ],
3299
+ "comment": "Win32/Sednit.BG",
3300
+ "deleted": false,
3301
+ "description": "File object describing a file with meta-information",
3302
+ "distribution": "5",
3303
+ "event_id": "9747",
3304
+ "id": "1591",
3305
+ "meta-category": "file",
3306
+ "name": "file",
3307
+ "sharing_group_id": "0",
3308
+ "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3309
+ "template_version": "8",
3310
+ "timestamp": "1513940753",
3311
+ "uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f"
3312
+ },
3313
+ {
3314
+ "Attribute": [
3315
+ {
3316
+ "category": "Network activity",
3317
+ "comment": "",
3318
+ "deleted": false,
3319
+ "disable_correlation": false,
3320
+ "distribution": "5",
3321
+ "event_id": "9747",
3322
+ "id": "1189033",
3323
+ "object_id": "1592",
3324
+ "object_relation": "ip",
3325
+ "sharing_group_id": "0",
3326
+ "timestamp": "1513940362",
3327
+ "to_ids": true,
3328
+ "type": "ip-dst",
3329
+ "uuid": "5a3ce58a-fcd8-48d5-8b4a-4fd9950d210f",
3330
+ "value": "87.236.211.182"
3331
+ },
3332
+ {
3333
+ "category": "Network activity",
3334
+ "comment": "",
3335
+ "deleted": false,
3336
+ "disable_correlation": false,
3337
+ "distribution": "5",
3338
+ "event_id": "9747",
3339
+ "id": "1189034",
3340
+ "object_id": "1592",
3341
+ "object_relation": "domain",
3342
+ "sharing_group_id": "0",
3343
+ "timestamp": "1513940362",
3344
+ "to_ids": true,
3345
+ "type": "domain",
3346
+ "uuid": "5a3ce58a-6e14-48ea-9746-48f2950d210f",
3347
+ "value": "servicecdp.com"
3348
+ }
3349
+ ],
3350
+ "comment": "",
3351
+ "deleted": false,
3352
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3353
+ "distribution": "5",
3354
+ "event_id": "9747",
3355
+ "id": "1592",
3356
+ "meta-category": "network",
3357
+ "name": "domain-ip",
3358
+ "sharing_group_id": "0",
3359
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3360
+ "template_version": "5",
3361
+ "timestamp": "1513940362",
3362
+ "uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
3363
+ },
3364
+ {
3365
+ "Attribute": [
3366
+ {
3367
+ "category": "Network activity",
3368
+ "comment": "",
3369
+ "deleted": false,
3370
+ "disable_correlation": false,
3371
+ "distribution": "5",
3372
+ "event_id": "9747",
3373
+ "id": "1189035",
3374
+ "object_id": "1593",
3375
+ "object_relation": "ip",
3376
+ "sharing_group_id": "0",
3377
+ "timestamp": "1513940472",
3378
+ "to_ids": true,
3379
+ "type": "ip-dst",
3380
+ "uuid": "5a3ce5f8-99b4-41a2-915a-4bf8950d210f",
3381
+ "value": "95.215.45.43"
3382
+ },
3383
+ {
3384
+ "category": "Network activity",
3385
+ "comment": "",
3386
+ "deleted": false,
3387
+ "disable_correlation": false,
3388
+ "distribution": "5",
3389
+ "event_id": "9747",
3390
+ "id": "1189036",
3391
+ "object_id": "1593",
3392
+ "object_relation": "domain",
3393
+ "sharing_group_id": "0",
3394
+ "timestamp": "1513940472",
3395
+ "to_ids": true,
3396
+ "type": "domain",
3397
+ "uuid": "5a3ce5f8-62c8-4f04-89c2-4aeb950d210f",
3398
+ "value": "wmdmediacodecs.com"
3399
+ }
3400
+ ],
3401
+ "comment": "",
3402
+ "deleted": false,
3403
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3404
+ "distribution": "5",
3405
+ "event_id": "9747",
3406
+ "id": "1593",
3407
+ "meta-category": "network",
3408
+ "name": "domain-ip",
3409
+ "sharing_group_id": "0",
3410
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3411
+ "template_version": "5",
3412
+ "timestamp": "1513940472",
3413
+ "uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
3414
+ },
3415
+ {
3416
+ "Attribute": [
3417
+ {
3418
+ "category": "Network activity",
3419
+ "comment": "",
3420
+ "deleted": false,
3421
+ "disable_correlation": false,
3422
+ "distribution": "5",
3423
+ "event_id": "9747",
3424
+ "id": "1189037",
3425
+ "object_id": "1594",
3426
+ "object_relation": "ip",
3427
+ "sharing_group_id": "0",
3428
+ "timestamp": "1513940490",
3429
+ "to_ids": true,
3430
+ "type": "ip-dst",
3431
+ "uuid": "5a3ce60a-cc50-4553-bfff-4ea9950d210f",
3432
+ "value": "89.45.67.144"
3433
+ },
3434
+ {
3435
+ "category": "Network activity",
3436
+ "comment": "",
3437
+ "deleted": false,
3438
+ "disable_correlation": false,
3439
+ "distribution": "5",
3440
+ "event_id": "9747",
3441
+ "id": "1189038",
3442
+ "object_id": "1594",
3443
+ "object_relation": "domain",
3444
+ "sharing_group_id": "0",
3445
+ "timestamp": "1513940491",
3446
+ "to_ids": true,
3447
+ "type": "domain",
3448
+ "uuid": "5a3ce60b-e648-4667-8432-4ba8950d210f",
3449
+ "value": "mvband.net"
3450
+ }
3451
+ ],
3452
+ "comment": "",
3453
+ "deleted": false,
3454
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3455
+ "distribution": "5",
3456
+ "event_id": "9747",
3457
+ "id": "1594",
3458
+ "meta-category": "network",
3459
+ "name": "domain-ip",
3460
+ "sharing_group_id": "0",
3461
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3462
+ "template_version": "5",
3463
+ "timestamp": "1513940490",
3464
+ "uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
3465
+ },
3466
+ {
3467
+ "Attribute": [
3468
+ {
3469
+ "category": "Network activity",
3470
+ "comment": "",
3471
+ "deleted": false,
3472
+ "disable_correlation": false,
3473
+ "distribution": "5",
3474
+ "event_id": "9747",
3475
+ "id": "1189039",
3476
+ "object_id": "1595",
3477
+ "object_relation": "ip",
3478
+ "sharing_group_id": "0",
3479
+ "timestamp": "1513940506",
3480
+ "to_ids": true,
3481
+ "type": "ip-dst",
3482
+ "uuid": "5a3ce61a-4458-4c36-866e-44e9950d210f",
3483
+ "value": "89.33.246.117"
3484
+ },
3485
+ {
3486
+ "category": "Network activity",
3487
+ "comment": "",
3488
+ "deleted": false,
3489
+ "disable_correlation": false,
3490
+ "distribution": "5",
3491
+ "event_id": "9747",
3492
+ "id": "1189040",
3493
+ "object_id": "1595",
3494
+ "object_relation": "domain",
3495
+ "sharing_group_id": "0",
3496
+ "timestamp": "1513940506",
3497
+ "to_ids": true,
3498
+ "type": "domain",
3499
+ "uuid": "5a3ce61a-f820-4a43-b3d9-47e5950d210f",
3500
+ "value": "mvtband.net"
3501
+ }
3502
+ ],
3503
+ "comment": "",
3504
+ "deleted": false,
3505
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3506
+ "distribution": "5",
3507
+ "event_id": "9747",
3508
+ "id": "1595",
3509
+ "meta-category": "network",
3510
+ "name": "domain-ip",
3511
+ "sharing_group_id": "0",
3512
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3513
+ "template_version": "5",
3514
+ "timestamp": "1513940506",
3515
+ "uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
3516
+ },
3517
+ {
3518
+ "Attribute": [
3519
+ {
3520
+ "category": "Network activity",
3521
+ "comment": "",
3522
+ "deleted": false,
3523
+ "disable_correlation": false,
3524
+ "distribution": "5",
3525
+ "event_id": "9747",
3526
+ "id": "1189041",
3527
+ "object_id": "1596",
3528
+ "object_relation": "ip",
3529
+ "sharing_group_id": "0",
3530
+ "timestamp": "1513940542",
3531
+ "to_ids": true,
3532
+ "type": "ip-dst",
3533
+ "uuid": "5a3ce63e-66d4-483f-bae6-44f6950d210f",
3534
+ "value": "87.236.211.182"
3535
+ },
3536
+ {
3537
+ "category": "Network activity",
3538
+ "comment": "",
3539
+ "deleted": false,
3540
+ "disable_correlation": false,
3541
+ "distribution": "5",
3542
+ "event_id": "9747",
3543
+ "id": "1189042",
3544
+ "object_id": "1596",
3545
+ "object_relation": "domain",
3546
+ "sharing_group_id": "0",
3547
+ "timestamp": "1513940542",
3548
+ "to_ids": true,
3549
+ "type": "domain",
3550
+ "uuid": "5a3ce63e-0d88-405b-82a9-43b5950d210f",
3551
+ "value": "servicecdp.com"
3552
+ }
3553
+ ],
3554
+ "comment": "",
3555
+ "deleted": false,
3556
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3557
+ "distribution": "5",
3558
+ "event_id": "9747",
3559
+ "id": "1596",
3560
+ "meta-category": "network",
3561
+ "name": "domain-ip",
3562
+ "sharing_group_id": "0",
3563
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3564
+ "template_version": "5",
3565
+ "timestamp": "1513940542",
3566
+ "uuid": "5a3ce63e-0240-46f5-b9ed-4759950d210f"
3567
+ },
3568
+ {
3569
+ "Attribute": [
3570
+ {
3571
+ "category": "Network activity",
3572
+ "comment": "",
3573
+ "deleted": false,
3574
+ "disable_correlation": false,
3575
+ "distribution": "5",
3576
+ "event_id": "9747",
3577
+ "id": "1189043",
3578
+ "object_id": "1597",
3579
+ "object_relation": "ip",
3580
+ "sharing_group_id": "0",
3581
+ "timestamp": "1513940558",
3582
+ "to_ids": true,
3583
+ "type": "ip-dst",
3584
+ "uuid": "5a3ce64e-d7a8-4817-a132-4c72950d210f",
3585
+ "value": "185.156.173.70"
3586
+ },
3587
+ {
3588
+ "category": "Network activity",
3589
+ "comment": "",
3590
+ "deleted": false,
3591
+ "disable_correlation": false,
3592
+ "distribution": "5",
3593
+ "event_id": "9747",
3594
+ "id": "1189044",
3595
+ "object_id": "1597",
3596
+ "object_relation": "domain",
3597
+ "sharing_group_id": "0",
3598
+ "timestamp": "1513940558",
3599
+ "to_ids": true,
3600
+ "type": "domain",
3601
+ "uuid": "5a3ce64e-243c-4931-b733-403c950d210f",
3602
+ "value": "runvercheck.com"
3603
+ }
3604
+ ],
3605
+ "comment": "",
3606
+ "deleted": false,
3607
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3608
+ "distribution": "5",
3609
+ "event_id": "9747",
3610
+ "id": "1597",
3611
+ "meta-category": "network",
3612
+ "name": "domain-ip",
3613
+ "sharing_group_id": "0",
3614
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3615
+ "template_version": "5",
3616
+ "timestamp": "1513940558",
3617
+ "uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
3618
+ },
3619
+ {
3620
+ "Attribute": [
3621
+ {
3622
+ "category": "Network activity",
3623
+ "comment": "",
3624
+ "deleted": false,
3625
+ "disable_correlation": false,
3626
+ "distribution": "5",
3627
+ "event_id": "9747",
3628
+ "id": "1189045",
3629
+ "object_id": "1598",
3630
+ "object_relation": "ip",
3631
+ "sharing_group_id": "0",
3632
+ "timestamp": "1513940572",
3633
+ "to_ids": true,
3634
+ "type": "ip-dst",
3635
+ "uuid": "5a3ce65c-bf78-4b78-bafd-4cf6950d210f",
3636
+ "value": "191.101.31.96"
3637
+ },
3638
+ {
3639
+ "category": "Network activity",
3640
+ "comment": "",
3641
+ "deleted": false,
3642
+ "disable_correlation": false,
3643
+ "distribution": "5",
3644
+ "event_id": "9747",
3645
+ "id": "1189046",
3646
+ "object_id": "1598",
3647
+ "object_relation": "domain",
3648
+ "sharing_group_id": "0",
3649
+ "timestamp": "1513940572",
3650
+ "to_ids": true,
3651
+ "type": "domain",
3652
+ "uuid": "5a3ce65c-8140-4146-a927-45e4950d210f",
3653
+ "value": "remsupport.org"
3654
+ }
3655
+ ],
3656
+ "comment": "",
3657
+ "deleted": false,
3658
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3659
+ "distribution": "5",
3660
+ "event_id": "9747",
3661
+ "id": "1598",
3662
+ "meta-category": "network",
3663
+ "name": "domain-ip",
3664
+ "sharing_group_id": "0",
3665
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3666
+ "template_version": "5",
3667
+ "timestamp": "1513940572",
3668
+ "uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
3669
+ },
3670
+ {
3671
+ "Attribute": [
3672
+ {
3673
+ "category": "Network activity",
3674
+ "comment": "",
3675
+ "deleted": false,
3676
+ "disable_correlation": false,
3677
+ "distribution": "5",
3678
+ "event_id": "9747",
3679
+ "id": "1189047",
3680
+ "object_id": "1599",
3681
+ "object_relation": "ip",
3682
+ "sharing_group_id": "0",
3683
+ "timestamp": "1513940591",
3684
+ "to_ids": true,
3685
+ "type": "ip-dst",
3686
+ "uuid": "5a3ce66f-150c-43ec-a3ff-4aa5950d210f",
3687
+ "value": "89.187.150.44"
3688
+ },
3689
+ {
3690
+ "category": "Network activity",
3691
+ "comment": "",
3692
+ "deleted": false,
3693
+ "disable_correlation": false,
3694
+ "distribution": "5",
3695
+ "event_id": "9747",
3696
+ "id": "1189048",
3697
+ "object_id": "1599",
3698
+ "object_relation": "domain",
3699
+ "sharing_group_id": "0",
3700
+ "timestamp": "1513940591",
3701
+ "to_ids": true,
3702
+ "type": "domain",
3703
+ "uuid": "5a3ce66f-466c-478e-8064-4b42950d210f",
3704
+ "value": "viters.org"
3705
+ }
3706
+ ],
3707
+ "comment": "",
3708
+ "deleted": false,
3709
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3710
+ "distribution": "5",
3711
+ "event_id": "9747",
3712
+ "id": "1599",
3713
+ "meta-category": "network",
3714
+ "name": "domain-ip",
3715
+ "sharing_group_id": "0",
3716
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3717
+ "template_version": "5",
3718
+ "timestamp": "1513940590",
3719
+ "uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
3720
+ },
3721
+ {
3722
+ "Attribute": [
3723
+ {
3724
+ "category": "Network activity",
3725
+ "comment": "",
3726
+ "deleted": false,
3727
+ "disable_correlation": false,
3728
+ "distribution": "5",
3729
+ "event_id": "9747",
3730
+ "id": "1189049",
3731
+ "object_id": "1600",
3732
+ "object_relation": "ip",
3733
+ "sharing_group_id": "0",
3734
+ "timestamp": "1513940608",
3735
+ "to_ids": true,
3736
+ "type": "ip-dst",
3737
+ "uuid": "5a3ce680-7b04-466d-b187-4301950d210f",
3738
+ "value": "146.185.253.132"
3739
+ },
3740
+ {
3741
+ "category": "Network activity",
3742
+ "comment": "",
3743
+ "deleted": false,
3744
+ "disable_correlation": false,
3745
+ "distribution": "5",
3746
+ "event_id": "9747",
3747
+ "id": "1189050",
3748
+ "object_id": "1600",
3749
+ "object_relation": "domain",
3750
+ "sharing_group_id": "0",
3751
+ "timestamp": "1513940608",
3752
+ "to_ids": true,
3753
+ "type": "domain",
3754
+ "uuid": "5a3ce680-12f4-4001-9f86-4aa4950d210f",
3755
+ "value": "myinvestgroup.com"
3756
+ }
3757
+ ],
3758
+ "comment": "",
3759
+ "deleted": false,
3760
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3761
+ "distribution": "5",
3762
+ "event_id": "9747",
3763
+ "id": "1600",
3764
+ "meta-category": "network",
3765
+ "name": "domain-ip",
3766
+ "sharing_group_id": "0",
3767
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3768
+ "template_version": "5",
3769
+ "timestamp": "1513940608",
3770
+ "uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
3771
+ },
3772
+ {
3773
+ "Attribute": [
3774
+ {
3775
+ "category": "Network activity",
3776
+ "comment": "",
3777
+ "deleted": false,
3778
+ "disable_correlation": false,
3779
+ "distribution": "5",
3780
+ "event_id": "9747",
3781
+ "id": "1189051",
3782
+ "object_id": "1601",
3783
+ "object_relation": "ip",
3784
+ "sharing_group_id": "0",
3785
+ "timestamp": "1513940621",
3786
+ "to_ids": true,
3787
+ "type": "ip-dst",
3788
+ "uuid": "5a3ce68d-0108-4557-8921-4377950d210f",
3789
+ "value": "86.106.131.141"
3790
+ },
3791
+ {
3792
+ "category": "Network activity",
3793
+ "comment": "",
3794
+ "deleted": false,
3795
+ "disable_correlation": false,
3796
+ "distribution": "5",
3797
+ "event_id": "9747",
3798
+ "id": "1189052",
3799
+ "object_id": "1601",
3800
+ "object_relation": "domain",
3801
+ "sharing_group_id": "0",
3802
+ "timestamp": "1513940622",
3803
+ "to_ids": true,
3804
+ "type": "domain",
3805
+ "uuid": "5a3ce68e-54d0-4c67-8c4c-4dea950d210f",
3806
+ "value": "space-delivery.com"
3807
+ }
3808
+ ],
3809
+ "comment": "",
3810
+ "deleted": false,
3811
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3812
+ "distribution": "5",
3813
+ "event_id": "9747",
3814
+ "id": "1601",
3815
+ "meta-category": "network",
3816
+ "name": "domain-ip",
3817
+ "sharing_group_id": "0",
3818
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3819
+ "template_version": "5",
3820
+ "timestamp": "1513940621",
3821
+ "uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
3822
+ },
3823
+ {
3824
+ "Attribute": [
3825
+ {
3826
+ "category": "Network activity",
3827
+ "comment": "",
3828
+ "deleted": false,
3829
+ "disable_correlation": false,
3830
+ "distribution": "5",
3831
+ "event_id": "9747",
3832
+ "id": "1189054",
3833
+ "object_id": "1602",
3834
+ "object_relation": "ip",
3835
+ "sharing_group_id": "0",
3836
+ "timestamp": "1513940642",
3837
+ "to_ids": true,
3838
+ "type": "ip-dst",
3839
+ "uuid": "5a3ce6a2-4a38-4b90-8d74-4f10950d210f",
3840
+ "value": "89.34.111.160"
3841
+ },
3842
+ {
3843
+ "category": "Network activity",
3844
+ "comment": "",
3845
+ "deleted": false,
3846
+ "disable_correlation": false,
3847
+ "distribution": "5",
3848
+ "event_id": "9747",
3849
+ "id": "1189055",
3850
+ "object_id": "1602",
3851
+ "object_relation": "domain",
3852
+ "sharing_group_id": "0",
3853
+ "timestamp": "1513940642",
3854
+ "to_ids": true,
3855
+ "type": "domain",
3856
+ "uuid": "5a3ce6a2-ffa4-4afb-89ab-42a6950d210f",
3857
+ "value": "satellitedeluxpanorama.com"
3858
+ }
3859
+ ],
3860
+ "comment": "",
3861
+ "deleted": false,
3862
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3863
+ "distribution": "5",
3864
+ "event_id": "9747",
3865
+ "id": "1602",
3866
+ "meta-category": "network",
3867
+ "name": "domain-ip",
3868
+ "sharing_group_id": "0",
3869
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3870
+ "template_version": "5",
3871
+ "timestamp": "1513940641",
3872
+ "uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
3873
+ },
3874
+ {
3875
+ "Attribute": [
3876
+ {
3877
+ "category": "Network activity",
3878
+ "comment": "",
3879
+ "deleted": false,
3880
+ "disable_correlation": false,
3881
+ "distribution": "5",
3882
+ "event_id": "9747",
3883
+ "id": "1189056",
3884
+ "object_id": "1603",
3885
+ "object_relation": "ip",
3886
+ "sharing_group_id": "0",
3887
+ "timestamp": "1513940654",
3888
+ "to_ids": true,
3889
+ "type": "ip-dst",
3890
+ "uuid": "5a3ce6ae-601c-44b8-8eec-4a5f950d210f",
3891
+ "value": "185.216.35.26"
3892
+ },
3893
+ {
3894
+ "category": "Network activity",
3895
+ "comment": "",
3896
+ "deleted": false,
3897
+ "disable_correlation": false,
3898
+ "distribution": "5",
3899
+ "event_id": "9747",
3900
+ "id": "1189057",
3901
+ "object_id": "1603",
3902
+ "object_relation": "domain",
3903
+ "sharing_group_id": "0",
3904
+ "timestamp": "1513940654",
3905
+ "to_ids": true,
3906
+ "type": "domain",
3907
+ "uuid": "5a3ce6ae-3b00-420a-82fd-45fb950d210f",
3908
+ "value": "webviewres.net"
3909
+ }
3910
+ ],
3911
+ "comment": "",
3912
+ "deleted": false,
3913
+ "description": "A domain and IP address seen as a tuple in a specific time frame.",
3914
+ "distribution": "5",
3915
+ "event_id": "9747",
3916
+ "id": "1603",
3917
+ "meta-category": "network",
3918
+ "name": "domain-ip",
3919
+ "sharing_group_id": "0",
3920
+ "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3921
+ "template_version": "5",
3922
+ "timestamp": "1513940654",
3923
+ "uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
3924
+ }
3925
+ ],
3926
+ "Org": {
3927
+ "id": "2",
3928
+ "name": "CIRCL",
3929
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3930
+ },
3931
+ "Orgc": {
3932
+ "id": "2",
3933
+ "name": "CIRCL",
3934
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3935
+ },
3936
+ "RelatedEvent": [
3937
+ {
3938
+ "Event": {
3939
+ "Org": {
3940
+ "id": "2",
3941
+ "name": "CIRCL",
3942
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3943
+ },
3944
+ "Orgc": {
3945
+ "id": "2",
3946
+ "name": "CIRCL",
3947
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3948
+ },
3949
+ "analysis": "2",
3950
+ "date": "2017-12-14",
3951
+ "distribution": "3",
3952
+ "id": "9616",
3953
+ "info": "OSINT - Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure",
3954
+ "org_id": "2",
3955
+ "orgc_id": "2",
3956
+ "published": false,
3957
+ "threat_level_id": "3",
3958
+ "timestamp": "1513674510",
3959
+ "uuid": "5a329d19-03e0-4eaa-8b4d-4310950d210f"
3960
+ }
3961
+ },
3962
+ {
3963
+ "Event": {
3964
+ "Org": {
3965
+ "id": "2",
3966
+ "name": "CIRCL",
3967
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3968
+ },
3969
+ "Orgc": {
3970
+ "id": "2",
3971
+ "name": "CIRCL",
3972
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3973
+ },
3974
+ "analysis": "2",
3975
+ "date": "2017-12-07",
3976
+ "distribution": "3",
3977
+ "id": "9552",
3978
+ "info": "OSINT - Master Channel: The Boleto Mestre Campaign Targets Brazil",
3979
+ "org_id": "2",
3980
+ "orgc_id": "2",
3981
+ "published": false,
3982
+ "threat_level_id": "3",
3983
+ "timestamp": "1512657975",
3984
+ "uuid": "5a2943a3-c574-44bb-8e68-45de950d210f"
3985
+ }
3986
+ },
3987
+ {
3988
+ "Event": {
3989
+ "Org": {
3990
+ "id": "2",
3991
+ "name": "CIRCL",
3992
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3993
+ },
3994
+ "Orgc": {
3995
+ "id": "2",
3996
+ "name": "CIRCL",
3997
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3998
+ },
3999
+ "analysis": "0",
4000
+ "date": "2017-11-27",
4001
+ "distribution": "3",
4002
+ "id": "9513",
4003
+ "info": "OSINT - Tizi: Detecting and blocking socially engineered spyware on Android",
4004
+ "org_id": "2",
4005
+ "orgc_id": "2",
4006
+ "published": true,
4007
+ "threat_level_id": "3",
4008
+ "timestamp": "1512356440",
4009
+ "uuid": "5a23a972-e6a0-4a05-b505-4e8f02de0b81"
4010
+ }
4011
+ },
4012
+ {
4013
+ "Event": {
4014
+ "Org": {
4015
+ "id": "2",
4016
+ "name": "CIRCL",
4017
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4018
+ },
4019
+ "Orgc": {
4020
+ "id": "2",
4021
+ "name": "CIRCL",
4022
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4023
+ },
4024
+ "analysis": "2",
4025
+ "date": "2017-11-07",
4026
+ "distribution": "3",
4027
+ "id": "9309",
4028
+ "info": "OSINT - Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack",
4029
+ "org_id": "2",
4030
+ "orgc_id": "2",
4031
+ "published": true,
4032
+ "threat_level_id": "3",
4033
+ "timestamp": "1511385862",
4034
+ "uuid": "5a021bc2-8e0c-4ac5-b048-cc3e02de0b81"
4035
+ }
4036
+ },
4037
+ {
4038
+ "Event": {
4039
+ "Org": {
4040
+ "id": "291",
4041
+ "name": "NCSC-NL",
4042
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4043
+ },
4044
+ "Orgc": {
4045
+ "id": "291",
4046
+ "name": "NCSC-NL",
4047
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4048
+ },
4049
+ "analysis": "2",
4050
+ "date": "2017-10-23",
4051
+ "distribution": "3",
4052
+ "id": "9208",
4053
+ "info": "Talos: \"Cyber Conflict\" Decoy Document Used In Real Cyber Conflict",
4054
+ "org_id": "291",
4055
+ "orgc_id": "291",
4056
+ "published": true,
4057
+ "threat_level_id": "2",
4058
+ "timestamp": "1510088616",
4059
+ "uuid": "59ed9c81-6484-47a9-aab4-191d0a950b0c"
4060
+ }
4061
+ },
4062
+ {
4063
+ "Event": {
4064
+ "Org": {
4065
+ "id": "2",
4066
+ "name": "CIRCL",
4067
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4068
+ },
4069
+ "Orgc": {
4070
+ "id": "2",
4071
+ "name": "CIRCL",
4072
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4073
+ },
4074
+ "analysis": "2",
4075
+ "date": "2017-08-11",
4076
+ "distribution": "3",
4077
+ "id": "8798",
4078
+ "info": "OSINT - APT28 Targets Hospitality Sector, Presents Threat to Travelers",
4079
+ "org_id": "2",
4080
+ "orgc_id": "2",
4081
+ "published": true,
4082
+ "threat_level_id": "3",
4083
+ "timestamp": "1502460096",
4084
+ "uuid": "598db7fd-47a8-45f8-9414-408b02de0b81"
4085
+ }
4086
+ },
4087
+ {
4088
+ "Event": {
4089
+ "Org": {
4090
+ "id": "231",
4091
+ "name": "kingfisherops.com",
4092
+ "uuid": "566ff5f4-7020-4089-9003-4374950d210f"
4093
+ },
4094
+ "Orgc": {
4095
+ "id": "204",
4096
+ "name": "CERT-BUND",
4097
+ "uuid": "56a64d7a-63dc-4471-bce9-4accc25ed029"
4098
+ },
4099
+ "analysis": "0",
4100
+ "date": "2017-07-25",
4101
+ "distribution": "3",
4102
+ "id": "8750",
4103
+ "info": "European Defence Agency lure drops mssuppa.dat",
4104
+ "org_id": "231",
4105
+ "orgc_id": "204",
4106
+ "published": true,
4107
+ "threat_level_id": "2",
4108
+ "timestamp": "1500967989",
4109
+ "uuid": "5976f294-a844-44fe-a4f0-6c67c25ed029"
4110
+ }
4111
+ },
4112
+ {
4113
+ "Event": {
4114
+ "Org": {
4115
+ "id": "277",
4116
+ "name": "inthreat.com",
4117
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4118
+ },
4119
+ "Orgc": {
4120
+ "id": "277",
4121
+ "name": "inthreat.com",
4122
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4123
+ },
4124
+ "analysis": "2",
4125
+ "date": "2017-05-11",
4126
+ "distribution": "3",
4127
+ "id": "7820",
4128
+ "info": "APT28-Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy",
4129
+ "org_id": "277",
4130
+ "orgc_id": "277",
4131
+ "published": true,
4132
+ "threat_level_id": "2",
4133
+ "timestamp": "1494824291",
4134
+ "uuid": "59147a22-3100-4779-9377-360395ca48b7"
4135
+ }
4136
+ },
4137
+ {
4138
+ "Event": {
4139
+ "Org": {
4140
+ "id": "2",
4141
+ "name": "CIRCL",
4142
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4143
+ },
4144
+ "Orgc": {
4145
+ "id": "2",
4146
+ "name": "CIRCL",
4147
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4148
+ },
4149
+ "analysis": "2",
4150
+ "date": "2017-05-09",
4151
+ "distribution": "3",
4152
+ "id": "7801",
4153
+ "info": "OSINT - EPS Processing Zero-Days Exploited by Multiple Threat Actors",
4154
+ "org_id": "2",
4155
+ "orgc_id": "2",
4156
+ "published": true,
4157
+ "threat_level_id": "3",
4158
+ "timestamp": "1494354378",
4159
+ "uuid": "59120865-27e0-4e6d-9b74-4a9f950d210f"
4160
+ }
4161
+ },
4162
+ {
4163
+ "Event": {
4164
+ "Org": {
4165
+ "id": "2",
4166
+ "name": "CIRCL",
4167
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4168
+ },
4169
+ "Orgc": {
4170
+ "id": "2",
4171
+ "name": "CIRCL",
4172
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4173
+ },
4174
+ "analysis": "0",
4175
+ "date": "2016-12-29",
4176
+ "distribution": "3",
4177
+ "id": "5667",
4178
+ "info": "OSINT - GRIZZLY STEPPE – Russian Malicious Cyber Activity",
4179
+ "org_id": "2",
4180
+ "orgc_id": "2",
4181
+ "published": true,
4182
+ "threat_level_id": "3",
4183
+ "timestamp": "1494853878",
4184
+ "uuid": "58658c15-54ac-43c3-9beb-414502de0b81"
4185
+ }
4186
+ },
4187
+ {
4188
+ "Event": {
4189
+ "Org": {
4190
+ "id": "277",
4191
+ "name": "inthreat.com",
4192
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4193
+ },
4194
+ "Orgc": {
4195
+ "id": "277",
4196
+ "name": "inthreat.com",
4197
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4198
+ },
4199
+ "analysis": "2",
4200
+ "date": "2016-12-20",
4201
+ "distribution": "1",
4202
+ "id": "5616",
4203
+ "info": "APT28-The Sofacy Group's DealersChoice Attacks Continue",
4204
+ "org_id": "277",
4205
+ "orgc_id": "277",
4206
+ "published": true,
4207
+ "threat_level_id": "2",
4208
+ "timestamp": "1494829249",
4209
+ "uuid": "58594faf-e98c-4c03-a58c-43cf95ca48b7"
4210
+ }
4211
+ },
4212
+ {
4213
+ "Event": {
4214
+ "Org": {
4215
+ "id": "291",
4216
+ "name": "NCSC-NL",
4217
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4218
+ },
4219
+ "Orgc": {
4220
+ "id": "291",
4221
+ "name": "NCSC-NL",
4222
+ "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4223
+ },
4224
+ "analysis": "1",
4225
+ "date": "2016-11-09",
4226
+ "distribution": "3",
4227
+ "id": "5348",
4228
+ "info": "[APT-28/Sofacy]Pawn Storm Ramps Up [European Government] Spear-phishing Before Zero-Days Get Patched",
4229
+ "org_id": "291",
4230
+ "orgc_id": "291",
4231
+ "published": true,
4232
+ "threat_level_id": "1",
4233
+ "timestamp": "1481709638",
4234
+ "uuid": "582341ff-0830-4b32-aaba-08640a950b0c"
4235
+ }
4236
+ },
4237
+ {
4238
+ "Event": {
4239
+ "Org": {
4240
+ "id": "74",
4241
+ "name": "PwC.lu",
4242
+ "uuid": "55f6ea61-4f74-40b6-a6df-4ff9950d210f"
4243
+ },
4244
+ "Orgc": {
4245
+ "id": "325",
4246
+ "name": "CUDESO",
4247
+ "uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
4248
+ },
4249
+ "analysis": "2",
4250
+ "date": "2016-11-09",
4251
+ "distribution": "3",
4252
+ "id": "5641",
4253
+ "info": "Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched",
4254
+ "org_id": "74",
4255
+ "orgc_id": "325",
4256
+ "published": true,
4257
+ "threat_level_id": "2",
4258
+ "timestamp": "1478712711",
4259
+ "uuid": "58235d0e-34d4-41c1-9a2e-04dcc0a8ab16"
4260
+ }
4261
+ },
4262
+ {
4263
+ "Event": {
4264
+ "Org": {
4265
+ "id": "335",
4266
+ "name": "Orange CERT-CC",
4267
+ "uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
4268
+ },
4269
+ "Orgc": {
4270
+ "id": "335",
4271
+ "name": "Orange CERT-CC",
4272
+ "uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
4273
+ },
4274
+ "analysis": "0",
4275
+ "date": "2016-10-18",
4276
+ "distribution": "0",
4277
+ "id": "5163",
4278
+ "info": "Orange-CERT-CC Test #01",
4279
+ "org_id": "335",
4280
+ "orgc_id": "335",
4281
+ "published": false,
4282
+ "threat_level_id": "3",
4283
+ "timestamp": "1476782422",
4284
+ "uuid": "5805e8a5-611c-498b-839b-bd57950d210f"
4285
+ }
4286
+ },
4287
+ {
4288
+ "Event": {
4289
+ "Org": {
4290
+ "id": "278",
4291
+ "name": "TDC.dk",
4292
+ "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4293
+ },
4294
+ "Orgc": {
4295
+ "id": "278",
4296
+ "name": "TDC.dk",
4297
+ "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4298
+ },
4299
+ "analysis": "2",
4300
+ "date": "2016-10-17",
4301
+ "distribution": "3",
4302
+ "id": "5165",
4303
+ "info": "OSINT: ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform",
4304
+ "org_id": "278",
4305
+ "orgc_id": "278",
4306
+ "published": true,
4307
+ "threat_level_id": "1",
4308
+ "timestamp": "1476789563",
4309
+ "uuid": "580602f6-f8b8-4ac3-9813-7bf7bce2ab96"
4310
+ }
4311
+ },
4312
+ {
4313
+ "Event": {
4314
+ "Org": {
4315
+ "id": "412",
4316
+ "name": "TS",
4317
+ "uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
4318
+ },
4319
+ "Orgc": {
4320
+ "id": "412",
4321
+ "name": "TS",
4322
+ "uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
4323
+ },
4324
+ "analysis": "2",
4325
+ "date": "2016-08-19",
4326
+ "distribution": "1",
4327
+ "id": "4710",
4328
+ "info": "bullettin.doc sample, linked to APT28 campaign",
4329
+ "org_id": "412",
4330
+ "orgc_id": "412",
4331
+ "published": true,
4332
+ "threat_level_id": "1",
4333
+ "timestamp": "1476776982",
4334
+ "uuid": "57b7248f-283c-442e-8e02-2d0f5b86d7e5"
4335
+ }
4336
+ },
4337
+ {
4338
+ "Event": {
4339
+ "Org": {
4340
+ "id": "277",
4341
+ "name": "inthreat.com",
4342
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4343
+ },
4344
+ "Orgc": {
4345
+ "id": "277",
4346
+ "name": "inthreat.com",
4347
+ "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4348
+ },
4349
+ "analysis": "2",
4350
+ "date": "2016-06-20",
4351
+ "distribution": "3",
4352
+ "id": "4172",
4353
+ "info": "APT28 and APT29 - Inside the DNC Breaches",
4354
+ "org_id": "277",
4355
+ "orgc_id": "277",
4356
+ "published": true,
4357
+ "threat_level_id": "2",
4358
+ "timestamp": "1494829231",
4359
+ "uuid": "5767c102-c170-4124-ae3d-7bef95ca48b7"
4360
+ }
4361
+ },
4362
+ {
4363
+ "Event": {
4364
+ "Org": {
4365
+ "id": "347",
4366
+ "name": "incibe.es",
4367
+ "uuid": "5720623c-129c-4989-ae9d-4a11950d210f"
4368
+ },
4369
+ "Orgc": {
4370
+ "id": "665",
4371
+ "name": "INCIBE",
4372
+ "uuid": "56fa4fe4-f528-4480-8332-1ba3c0a80a8c"
4373
+ },
4374
+ "analysis": "2",
4375
+ "date": "2016-06-16",
4376
+ "distribution": "3",
4377
+ "id": "6131",
4378
+ "info": "New Sofacy (APT28) attacks against a US Government Agency",
4379
+ "org_id": "347",
4380
+ "orgc_id": "665",
4381
+ "published": true,
4382
+ "threat_level_id": "1",
4383
+ "timestamp": "1488792538",
4384
+ "uuid": "5762a86a-e314-4e4e-ba5a-51c5c0a80a8e"
4385
+ }
4386
+ },
4387
+ {
4388
+ "Event": {
4389
+ "Org": {
4390
+ "id": "26",
4391
+ "name": "CthulhuSPRL.be",
4392
+ "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
4393
+ },
4394
+ "Orgc": {
4395
+ "id": "26",
4396
+ "name": "CthulhuSPRL.be",
4397
+ "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
4398
+ },
4399
+ "analysis": "2",
4400
+ "date": "2016-06-15",
4401
+ "distribution": "3",
4402
+ "id": "3987",
4403
+ "info": "OSINT New Sofacy Attacks Against US Government Agency by Palo Alto Unit 42",
4404
+ "org_id": "26",
4405
+ "orgc_id": "26",
4406
+ "published": true,
4407
+ "threat_level_id": "1",
4408
+ "timestamp": "1466000907",
4409
+ "uuid": "57613790-f6b4-4895-943f-4467950d210f"
4410
+ }
4411
+ },
4412
+ {
4413
+ "Event": {
4414
+ "Org": {
4415
+ "id": "278",
4416
+ "name": "TDC.dk",
4417
+ "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4418
+ },
4419
+ "Orgc": {
4420
+ "id": "325",
4421
+ "name": "CUDESO",
4422
+ "uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
4423
+ },
4424
+ "analysis": "2",
4425
+ "date": "2016-06-14",
4426
+ "distribution": "3",
4427
+ "id": "4183",
4428
+ "info": "New Sofacy Attacks Against US Government Agency",
4429
+ "org_id": "278",
4430
+ "orgc_id": "325",
4431
+ "published": true,
4432
+ "threat_level_id": "2",
4433
+ "timestamp": "1467289109",
4434
+ "uuid": "57607369-2490-444a-9034-049fc0a8ab16"
4435
+ }
4436
+ }
4437
+ ],
4438
+ "Tag": [
4439
+ {
4440
+ "colour": "#00d622",
4441
+ "exportable": true,
4442
+ "hide_tag": false,
4443
+ "id": "2",
4444
+ "name": "tlp:white",
4445
+ "user_id": "0"
4446
+ },
4447
+ {
4448
+ "colour": "#ef0081",
4449
+ "exportable": true,
4450
+ "hide_tag": false,
4451
+ "id": "2986",
4452
+ "name": "workflow:state=\"incomplete\"",
4453
+ "user_id": "0"
4454
+ },
4455
+ {
4456
+ "colour": "#810046",
4457
+ "exportable": true,
4458
+ "hide_tag": false,
4459
+ "id": "2979",
4460
+ "name": "workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
4461
+ "user_id": "0"
4462
+ },
4463
+ {
4464
+ "colour": "#91004e",
4465
+ "exportable": true,
4466
+ "hide_tag": false,
4467
+ "id": "2980",
4468
+ "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"",
4469
+ "user_id": "0"
4470
+ },
4471
+ {
4472
+ "colour": "#12e000",
4473
+ "exportable": true,
4474
+ "hide_tag": false,
4475
+ "id": "1100",
4476
+ "name": "misp-galaxy:threat-actor=\"Sofacy\"",
4477
+ "user_id": "0"
4478
+ },
4479
+ {
4480
+ "colour": "#0088cc",
4481
+ "exportable": true,
4482
+ "hide_tag": false,
4483
+ "id": "3007",
4484
+ "name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
4485
+ "user_id": "0"
4486
+ },
4487
+ {
4488
+ "colour": "#0088cc",
4489
+ "exportable": true,
4490
+ "hide_tag": false,
4491
+ "id": "2215",
4492
+ "name": "misp-galaxy:tool=\"GAMEFISH\"",
4493
+ "user_id": "0"
4494
+ },
4495
+ {
4496
+ "colour": "#0088cc",
4497
+ "exportable": true,
4498
+ "hide_tag": false,
4499
+ "id": "3008",
4500
+ "name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
4501
+ "user_id": "0"
4502
+ },
4503
+ {
4504
+ "colour": "#0c9900",
4505
+ "exportable": true,
4506
+ "hide_tag": false,
4507
+ "id": "1012",
4508
+ "name": "misp-galaxy:tool=\"X-Tunnel\"",
4509
+ "user_id": "0"
4510
+ },
4511
+ {
4512
+ "colour": "#0088cc",
4513
+ "exportable": true,
4514
+ "hide_tag": false,
4515
+ "id": "3009",
4516
+ "name": "misp-galaxy:mitre-malware=\"XTunnel\"",
4517
+ "user_id": "0"
4518
+ },
4519
+ {
4520
+ "colour": "#0088cc",
4521
+ "exportable": true,
4522
+ "hide_tag": false,
4523
+ "id": "3010",
4524
+ "name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
4525
+ "user_id": "0"
4526
+ },
4527
+ {
4528
+ "colour": "#0088cc",
4529
+ "exportable": true,
4530
+ "hide_tag": false,
4531
+ "id": "3011",
4532
+ "name": "misp-galaxy:tool=\"EVILTOSS\"",
4533
+ "user_id": "0"
4534
+ },
4535
+ {
4536
+ "colour": "#0088cc",
4537
+ "exportable": true,
4538
+ "hide_tag": false,
4539
+ "id": "3012",
4540
+ "name": "misp-galaxy:mitre-malware=\"USBStealer\"",
4541
+ "user_id": "0"
4542
+ },
4543
+ {
4544
+ "colour": "#0c9800",
4545
+ "exportable": true,
4546
+ "hide_tag": false,
4547
+ "id": "1011",
4548
+ "name": "misp-galaxy:tool=\"X-Agent\"",
4549
+ "user_id": "0"
4550
+ },
4551
+ {
4552
+ "colour": "#0088cc",
4553
+ "exportable": true,
4554
+ "hide_tag": false,
4555
+ "id": "3013",
4556
+ "name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
4557
+ "user_id": "0"
4558
+ },
4559
+ {
4560
+ "colour": "#0088cc",
4561
+ "exportable": true,
4562
+ "hide_tag": false,
4563
+ "id": "3014",
4564
+ "name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
4565
+ "user_id": "0"
4566
+ },
4567
+ {
4568
+ "colour": "#0088cc",
4569
+ "exportable": true,
4570
+ "hide_tag": false,
4571
+ "id": "3015",
4572
+ "name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
4573
+ "user_id": "0"
4574
+ },
4575
+ {
4576
+ "colour": "#0088cc",
4577
+ "exportable": true,
4578
+ "hide_tag": false,
4579
+ "id": "3016",
4580
+ "name": "misp-galaxy:mitre-malware=\"Downdelph\"",
4581
+ "user_id": "0"
4582
+ }
4583
+ ],
4584
+ "analysis": "0",
4585
+ "attribute_count": "122",
4586
+ "date": "2017-12-21",
4587
+ "disable_correlation": false,
4588
+ "distribution": "3",
4589
+ "event_creator_email": "alexandre.dulaunoy@circl.lu",
4590
+ "id": "9747",
4591
+ "info": "OSINT - Sednit update: How Fancy Bear Spent the Year",
4592
+ "locked": false,
4593
+ "org_id": "2",
4594
+ "orgc_id": "2",
4595
+ "proposal_email_lock": false,
4596
+ "publish_timestamp": "0",
4597
+ "published": false,
4598
+ "sharing_group_id": "0",
4599
+ "threat_level_id": "3",
4600
+ "uuid": "5a3c2fcd-8328-42bb-a95e-4f4402de0b81"
4601
+ }