pymisp 2.5.4__py3-none-any.whl → 2.5.7__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (158) hide show
  1. CHANGELOG.txt +5380 -0
  2. examples/__init__.py +0 -0
  3. examples/add_attributes_from_csv.py +74 -0
  4. examples/add_email_object.py +29 -0
  5. examples/add_fail2ban_object.py +86 -0
  6. examples/add_feed.py +25 -0
  7. examples/add_file_object.py +47 -0
  8. examples/add_filetype_object_from_csv.py +53 -0
  9. examples/add_generic_object.py +26 -0
  10. examples/add_github_user.py +65 -0
  11. examples/add_gitlab_user.py +56 -0
  12. examples/add_named_attribute.py +25 -0
  13. examples/add_organisations.py +57 -0
  14. examples/add_ssh_authorized_keys.py +29 -0
  15. examples/add_user.py +22 -0
  16. examples/add_vehicle_object.py +22 -0
  17. examples/addtag2.py +45 -0
  18. examples/asciidoc_generator.py +114 -0
  19. examples/cache_all.py +10 -0
  20. examples/copyTagsFromAttributesToEvent.py +68 -0
  21. examples/copy_list.py +93 -0
  22. examples/create_events.py +26 -0
  23. examples/cytomic_orion.py +549 -0
  24. examples/del.py +22 -0
  25. examples/delete_user.py +16 -0
  26. examples/edit_organisation.py +20 -0
  27. examples/edit_user.py +20 -0
  28. examples/falsepositive_disabletoids.py +136 -0
  29. examples/fetch_events_feed.py +15 -0
  30. examples/fetch_warninglist_hits.py +38 -0
  31. examples/freetext.py +22 -0
  32. examples/generate_file_objects.py +78 -0
  33. examples/generate_meta_feed.py +15 -0
  34. examples/get.py +37 -0
  35. examples/get_csv.py +37 -0
  36. examples/get_network_activity.py +187 -0
  37. examples/last.py +48 -0
  38. examples/load_csv.py +94 -0
  39. examples/lookup.py +28 -0
  40. examples/misp2cef.py +71 -0
  41. examples/misp2clamav.py +52 -0
  42. examples/openioc_to_misp.py +27 -0
  43. examples/proofpoint_tap.py +203 -0
  44. examples/proofpoint_vap.py +65 -0
  45. examples/search.py +48 -0
  46. examples/search_attributes_yara.py +40 -0
  47. examples/search_sighting.py +42 -0
  48. examples/server_sync_check_conn.py +32 -0
  49. examples/sharing_groups.py +15 -0
  50. examples/show_sightings.py +168 -0
  51. examples/stats_report.py +405 -0
  52. examples/sync_sighting.py +171 -0
  53. examples/tags.py +25 -0
  54. examples/test_sign.py +19 -0
  55. examples/trustar_misp.py +59 -0
  56. examples/up.py +21 -0
  57. examples/upload.py +60 -0
  58. examples/users_list.py +15 -0
  59. examples/vmray_automation.py +281 -0
  60. examples/vt_to_misp.py +182 -0
  61. examples/warninglists.py +22 -0
  62. examples/yara.py +38 -0
  63. examples/yara_dump.py +98 -0
  64. pymisp/api.py +33 -5
  65. pymisp/data/misp-objects/objects/instagram-account/definition.json +66 -0
  66. pymisp/data/misp-objects/objects/lnk/definition.json +13 -1
  67. pymisp/data/misp-objects/objects/rmm/definition.json +88 -0
  68. pymisp/data/misp-objects/objects/target-system/definition.json +2 -2
  69. pymisp/data/misp-objects/schema_objects.json +1 -1
  70. pymisp/mispevent.py +8 -0
  71. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/METADATA +23 -28
  72. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/RECORD +140 -27
  73. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/WHEEL +1 -1
  74. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +1 -0
  75. tests/__init__.py +0 -0
  76. tests/csv_testfiles/invalid_fieldnames.csv +11 -0
  77. tests/csv_testfiles/valid_fieldnames.csv +4 -0
  78. tests/email_testfiles/mail_1.eml.zip +0 -0
  79. tests/email_testfiles/mail_1.msg +0 -0
  80. tests/email_testfiles/mail_1_bom.eml +858 -0
  81. tests/email_testfiles/mail_1_headers_only.eml +28 -0
  82. tests/email_testfiles/mail_2.eml +32 -0
  83. tests/email_testfiles/mail_3.eml +170 -0
  84. tests/email_testfiles/mail_3.msg +0 -0
  85. tests/email_testfiles/mail_4.msg +0 -0
  86. tests/email_testfiles/mail_5.msg +0 -0
  87. tests/email_testfiles/mail_multiple_to.eml +15 -0
  88. tests/email_testfiles/source +1 -0
  89. tests/git-vuln-finder-quagga.json +1493 -0
  90. tests/misp_event.json +76 -0
  91. tests/mispevent_testfiles/attribute.json +21 -0
  92. tests/mispevent_testfiles/attribute_del.json +23 -0
  93. tests/mispevent_testfiles/def_param.json +53 -0
  94. tests/mispevent_testfiles/event.json +8 -0
  95. tests/mispevent_testfiles/event_obj_attr_tag.json +57 -0
  96. tests/mispevent_testfiles/event_obj_def_param.json +62 -0
  97. tests/mispevent_testfiles/event_obj_tag.json +29 -0
  98. tests/mispevent_testfiles/event_tags.json +18 -0
  99. tests/mispevent_testfiles/existing_event.json +4599 -0
  100. tests/mispevent_testfiles/existing_event_edited.json +4601 -0
  101. tests/mispevent_testfiles/galaxy.json +25 -0
  102. tests/mispevent_testfiles/malware.json +19 -0
  103. tests/mispevent_testfiles/malware_exist.json +163 -0
  104. tests/mispevent_testfiles/misp_custom_obj.json +38 -0
  105. tests/mispevent_testfiles/overwrite_file/definition.json +457 -0
  106. tests/mispevent_testfiles/proposals.json +35 -0
  107. tests/mispevent_testfiles/shadow.json +148 -0
  108. tests/mispevent_testfiles/sighting.json +5 -0
  109. tests/mispevent_testfiles/simple.json +2 -0
  110. tests/mispevent_testfiles/test_object_template/definition.json +29 -0
  111. tests/new_misp_event.json +34 -0
  112. tests/reportlab_testfiles/HTML_event.json +1 -0
  113. tests/reportlab_testfiles/galaxy_1.json +1250 -0
  114. tests/reportlab_testfiles/image_event.json +2490 -0
  115. tests/reportlab_testfiles/japanese_test.json +156 -0
  116. tests/reportlab_testfiles/japanese_test_heavy.json +318 -0
  117. tests/reportlab_testfiles/long_event.json +3730 -0
  118. tests/reportlab_testfiles/mainly_objects_1.json +1092 -0
  119. tests/reportlab_testfiles/mainly_objects_2.json +977 -0
  120. tests/reportlab_testfiles/sighting_1.json +305 -0
  121. tests/reportlab_testfiles/sighting_2.json +221 -0
  122. tests/reportlab_testfiles/to_delete1.json +804 -0
  123. tests/reportlab_testfiles/to_delete2.json +1 -0
  124. tests/reportlab_testfiles/to_delete3.json +1 -0
  125. tests/reportlab_testfiles/very_long_event.json +1006 -0
  126. tests/reportlab_testoutputs/to_delete1.json.pdf +391 -0
  127. tests/reportlab_testoutputs/to_delete2.json.pdf +506 -0
  128. tests/reportlab_testoutputs/to_delete3.json.pdf +277 -0
  129. tests/search_index_result.json +69 -0
  130. tests/sharing_groups.json +98 -0
  131. tests/stix1.xml-utf8 +110 -0
  132. tests/stix2.json +1 -0
  133. tests/test_analyst_data.py +123 -0
  134. tests/test_emailobject.py +157 -0
  135. tests/test_fileobject.py +20 -0
  136. tests/test_mispevent.py +473 -0
  137. tests/test_reportlab.py +431 -0
  138. tests/testlive_comprehensive.py +3734 -0
  139. tests/testlive_sync.py +474 -0
  140. pymisp/data/misp-objects/.git +0 -1
  141. pymisp/data/misp-objects/.gitchangelog.rc +0 -289
  142. pymisp/data/misp-objects/.github/workflows/codeql.yml +0 -41
  143. pymisp/data/misp-objects/.github/workflows/nosetests.yml +0 -39
  144. pymisp/data/misp-objects/.travis.yml +0 -16
  145. pymisp/data/misp-objects/LICENSE-software-only.md +0 -661
  146. pymisp/data/misp-objects/LICENSE.md +0 -36
  147. pymisp/data/misp-objects/README.md +0 -567
  148. pymisp/data/misp-objects/docs/time-related-objects.ods +0 -0
  149. pymisp/data/misp-objects/docs/time-related-objects.pdf +0 -0
  150. pymisp/data/misp-objects/jq_all_the_things.sh +0 -29
  151. pymisp/data/misp-objects/tools/adoc_objects.py +0 -145
  152. pymisp/data/misp-objects/tools/alfred_links_to_relarelationships.py +0 -48
  153. pymisp/data/misp-objects/tools/list_of_objects.py +0 -50
  154. pymisp/data/misp-objects/tools/updated.sh +0 -6
  155. pymisp/data/misp-objects/tools/validate_opposites.sh +0 -17
  156. pymisp/data/misp-objects/unique_uuid.py +0 -16
  157. pymisp/data/misp-objects/validate_all.sh +0 -38
  158. {pymisp-2.5.4.dist-info → pymisp-2.5.7.dist-info}/LICENSE +0 -0
tests/reportlab_testfiles/long_event.json ADDED
@@ -0,0 +1,3730 @@
1
+ {
2
+ "Event": {
3
+ "threat_level_id": "2",
4
+ "timestamp": "1467971098",
5
+ "info": "OSINT - ASERT Threat Intelligence Report 2016-03 The Four-Element Sword Engagement",
6
+ "published": true,
7
+ "date": "2016-04-18",
8
+ "analysis": "2",
9
+ "uuid": "57153590-f73c-49fa-be4b-4737950d210f",
10
+ "publish_timestamp": "1550654767",
11
+ "Orgc": {
12
+ "name": "CIRCL",
13
+ "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
14
+ },
15
+ "Tag": [
16
+ {
17
+ "name": "tlp:white",
18
+ "exportable": true,
19
+ "colour": "#ffffff"
20
+ },
21
+ {
22
+ "name": "type:OSINT",
23
+ "exportable": true,
24
+ "colour": "#004646"
25
+ }
26
+ ],
27
+ "Attribute": [
28
+ {
29
+ "timestamp": "1461067952",
30
+ "value": "107.183.86",
31
+ "type": "url",
32
+ "to_ids": true,
33
+ "object_relation": null,
34
+ "comment": "Imported via the freetext import.",
35
+ "uuid": "571620b0-5e38-4e8c-9c29-416d950d210f",
36
+ "category": "Network activity"
37
+ },
38
+ {
39
+ "timestamp": "1461067794",
40
+ "value": "a0dc5723d3e20e93b48a960b31c984c0",
41
+ "type": "md5",
42
+ "to_ids": true,
43
+ "object_relation": null,
44
+ "comment": "Imported via the freetext import.",
45
+ "uuid": "57162012-72b8-433b-b5e2-4651950d210f",
46
+ "category": "Payload delivery"
47
+ },
48
+ {
49
+ "timestamp": "1461067795",
50
+ "value": "185fc01ec8adbaa94da741c4c1cf1b83185ae63899f14ce9949553c5dac3ecf6",
51
+ "type": "sha256",
52
+ "to_ids": true,
53
+ "object_relation": null,
54
+ "comment": "Imported via the freetext import.",
55
+ "uuid": "57162013-7804-4691-ac9e-4a15950d210f",
56
+ "category": "Payload delivery"
57
+ },
58
+ {
59
+ "timestamp": "1461067951",
60
+ "value": "akm.epac.to",
61
+ "type": "hostname",
62
+ "to_ids": true,
63
+ "object_relation": null,
64
+ "comment": "Imported via the freetext import.",
65
+ "uuid": "571620af-e57c-4008-80f2-4933950d210f",
66
+ "category": "Network activity"
67
+ },
68
+ {
69
+ "timestamp": "1461067952",
70
+ "value": "gugehotel.cn",
71
+ "type": "domain",
72
+ "to_ids": true,
73
+ "object_relation": null,
74
+ "comment": "Imported via the freetext import.",
75
+ "uuid": "571620b0-7c50-43ef-9724-4c76950d210f",
76
+ "category": "Network activity"
77
+ },
78
+ {
79
+ "timestamp": "1461070490",
80
+ "value": "905d1cd328c8cfc378fb00bfa38f0427",
81
+ "type": "md5",
82
+ "to_ids": true,
83
+ "object_relation": null,
84
+ "comment": "Imported via the freetext import.",
85
+ "uuid": "57162a9a-7fd8-4e15-91ac-4ad5950d210f",
86
+ "category": "Payload delivery"
87
+ },
88
+ {
89
+ "timestamp": "1461067457",
90
+ "value": "uhfx.dat",
91
+ "type": "filename",
92
+ "to_ids": true,
93
+ "object_relation": null,
94
+ "comment": "",
95
+ "uuid": "57161ec1-1d00-4ab1-b71d-4cd4950d210f",
96
+ "category": "Payload delivery"
97
+ },
98
+ {
99
+ "timestamp": "1461071212",
100
+ "value": "fea5902afa6e504a798c73a09b83df5e",
101
+ "type": "imphash",
102
+ "to_ids": true,
103
+ "object_relation": null,
104
+ "comment": "Imported via the freetext import.",
105
+ "uuid": "57162a9b-e1e0-444f-bab2-46e3950d210f",
106
+ "category": "Payload delivery"
107
+ },
108
+ {
109
+ "timestamp": "1461067503",
110
+ "value": "yxsrhsxhxdbldkc.dat",
111
+ "type": "filename",
112
+ "to_ids": false,
113
+ "object_relation": null,
114
+ "comment": "",
115
+ "uuid": "57161eef-6108-4bf2-9029-4966950d210f",
116
+ "category": "Payload delivery"
117
+ },
118
+ {
119
+ "timestamp": "1461067697",
120
+ "value": "Q:\\Projects\\Br2012\\Release\\svc.pdb",
121
+ "type": "pdb",
122
+ "to_ids": false,
123
+ "object_relation": null,
124
+ "comment": "",
125
+ "uuid": "57161f87-c9ec-4f8f-a2ee-48ef950d210f",
126
+ "category": "Artifacts dropped"
127
+ },
128
+ {
129
+ "timestamp": "1461066519",
130
+ "value": "bill_clay6801@yahoo.com",
131
+ "type": "email-src",
132
+ "to_ids": false,
133
+ "object_relation": null,
134
+ "comment": "",
135
+ "uuid": "57161b17-23b8-4631-96fd-4bad950d210f",
136
+ "category": "Payload delivery"
137
+ },
138
+ {
139
+ "timestamp": "1461066538",
140
+ "value": "[BULK] TIBET, OUR BELOVED NATION AND WILL NEVER FORGET IT.",
141
+ "type": "email-subject",
142
+ "to_ids": false,
143
+ "object_relation": null,
144
+ "comment": "",
145
+ "uuid": "57161b2a-89a0-4f7c-9258-4f93950d210f",
146
+ "category": "Payload delivery"
147
+ },
148
+ {
149
+ "timestamp": "1461066559",
150
+ "value": "brochure .rar",
151
+ "type": "email-attachment",
152
+ "to_ids": false,
153
+ "object_relation": null,
154
+ "comment": "",
155
+ "uuid": "57161b3f-f344-447f-804d-4be4950d210f",
156
+ "category": "Payload delivery"
157
+ },
158
+ {
159
+ "timestamp": "1461069222",
160
+ "value": "brochure .doc",
161
+ "type": "filename",
162
+ "to_ids": true,
163
+ "object_relation": null,
164
+ "comment": "",
165
+ "uuid": "57161c89-443c-40bb-a5f8-4cbb950d210f",
166
+ "category": "Payload delivery"
167
+ },
168
+ {
169
+ "timestamp": "1461067319",
170
+ "value": "103.240.203.232",
171
+ "type": "ip-dst",
172
+ "to_ids": true,
173
+ "object_relation": null,
174
+ "comment": "On port 8080; Located in Honk Kong",
175
+ "uuid": "57161e37-fe5c-4f2a-b9ec-4eea950d210f",
176
+ "category": "Network activity"
177
+ },
178
+ {
179
+ "timestamp": "1461067666",
180
+ "value": "webmonder.gicp.net",
181
+ "type": "hostname",
182
+ "to_ids": true,
183
+ "object_relation": null,
184
+ "comment": "",
185
+ "uuid": "571610cd-4774-4e4e-bd0a-4407950d210f",
186
+ "category": "Network activity"
187
+ },
188
+ {
189
+ "timestamp": "1461064617",
190
+ "value": "hkhumanrights.asia@gmail.com",
191
+ "type": "email-src",
192
+ "to_ids": false,
193
+ "object_relation": null,
194
+ "comment": "",
195
+ "uuid": "571613a9-3a2c-478a-a180-43a1950d210f",
196
+ "category": "Payload delivery"
197
+ },
198
+ {
199
+ "timestamp": "1461064643",
200
+ "value": "US Congress sanctions $6 million fund for Tibetans in Nepal anf India",
201
+ "type": "email-subject",
202
+ "to_ids": false,
203
+ "object_relation": null,
204
+ "comment": "",
205
+ "uuid": "571613c3-5d04-4eea-9690-4b95950d210f",
206
+ "category": "Payload delivery"
207
+ },
208
+ {
209
+ "timestamp": "1461064661",
210
+ "value": "US Congress sanctions $6 million fund for Tibetans in Nepal anf India.doc",
211
+ "type": "email-attachment",
212
+ "to_ids": false,
213
+ "object_relation": null,
214
+ "comment": "",
215
+ "uuid": "571613d5-dc64-43bc-9481-42d0950d210f",
216
+ "category": "Payload delivery"
217
+ },
218
+ {
219
+ "timestamp": "1461059772",
220
+ "value": "60ef10cce9974cdc8a453d8fdd8ddf0cad49c6f07d2c4d095ff483998685b421",
221
+ "type": "sha256",
222
+ "to_ids": true,
223
+ "object_relation": null,
224
+ "comment": "~tmp.doc",
225
+ "uuid": "571600bc-8178-4d6f-b5fd-47a4950d210f",
226
+ "category": "Payload delivery"
227
+ },
228
+ {
229
+ "timestamp": "1461059770",
230
+ "value": "b6e22968461bfb2934c556fc44d0baf0",
231
+ "type": "md5",
232
+ "to_ids": true,
233
+ "object_relation": null,
234
+ "comment": "spearfish",
235
+ "uuid": "571600ba-b0b0-4adb-bd01-43ef950d210f",
236
+ "category": "Payload delivery"
237
+ },
238
+ {
239
+ "timestamp": "1461059771",
240
+ "value": "74a4fe17dc7101dbb2bb8f0c41069057",
241
+ "type": "md5",
242
+ "to_ids": true,
243
+ "object_relation": null,
244
+ "comment": "RTF",
245
+ "uuid": "571600bb-a9b4-4883-ac7d-4d5a950d210f",
246
+ "category": "Payload delivery"
247
+ },
248
+ {
249
+ "timestamp": "1461059771",
250
+ "value": "fcfe3867e4fa17d52c51235cf68a86c2",
251
+ "type": "md5",
252
+ "to_ids": true,
253
+ "object_relation": null,
254
+ "comment": "~tmp.doc",
255
+ "uuid": "571600bb-045c-4cbc-b0d6-43da950d210f",
256
+ "category": "Payload delivery"
257
+ },
258
+ {
259
+ "timestamp": "1461059771",
260
+ "value": "4f52292a2136eb7f9538230ae54a323c518fa44cf6de5d10ca7a04ecb6a77872",
261
+ "type": "sha256",
262
+ "to_ids": true,
263
+ "object_relation": null,
264
+ "comment": "spearfish",
265
+ "uuid": "571600bb-54f0-43d7-83cb-4b3c950d210f",
266
+ "category": "Payload delivery"
267
+ },
268
+ {
269
+ "timestamp": "1461059772",
270
+ "value": "0683fac0b564fe5d2096e207b374a238a811e67b87856fc19bdf8eb3d6f76b49",
271
+ "type": "sha256",
272
+ "to_ids": true,
273
+ "object_relation": null,
274
+ "comment": "RTF",
275
+ "uuid": "571600bc-6348-4e1e-b96d-4cf2950d210f",
276
+ "category": "Payload delivery"
277
+ },
278
+ {
279
+ "timestamp": "1461064172",
280
+ "value": "\u8207\u5929\u7a7a\u6709\u7d04!12\u500b2016\u5e74\u4e0d\u53ef\u932f\u904e\u7684\u5929\u6587\u73fe\u8c61mm.doc",
281
+ "type": "email-attachment",
282
+ "to_ids": true,
283
+ "object_relation": null,
284
+ "comment": "",
285
+ "uuid": "5715feb0-6a48-44c4-b1ba-4a57950d210f",
286
+ "category": "Payload delivery"
287
+ },
288
+ {
289
+ "timestamp": "1461058335",
290
+ "value": "114.60.106.156",
291
+ "type": "ip-dst",
292
+ "to_ids": false,
293
+ "object_relation": null,
294
+ "comment": "Imported via the freetext import.",
295
+ "uuid": "5715fb1f-18ec-4ed6-8a25-4abd950d210f",
296
+ "category": "Network activity"
297
+ },
298
+ {
299
+ "timestamp": "1461058711",
300
+ "value": "14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4",
301
+ "type": "sha256",
302
+ "to_ids": true,
303
+ "object_relation": null,
304
+ "comment": "malicious RTF targeting CVE-\u00ad2010\u20103333",
305
+ "uuid": "5715fc97-a5a4-4538-bf86-4bcc950d210f",
306
+ "category": "Payload delivery"
307
+ },
308
+ {
309
+ "timestamp": "1461067672",
310
+ "value": "humanbeing2009.gicp.net",
311
+ "type": "hostname",
312
+ "to_ids": true,
313
+ "object_relation": null,
314
+ "comment": "",
315
+ "uuid": "5715fd00-807c-4ce8-8f27-437d950d210f",
316
+ "category": "Network activity"
317
+ },
318
+ {
319
+ "timestamp": "1461058035",
320
+ "value": "uyguhr1.webhop.net",
321
+ "type": "hostname",
322
+ "to_ids": false,
323
+ "object_relation": null,
324
+ "comment": "Associated with 180.169.28.58 TCP/8080",
325
+ "uuid": "5715f9f3-61e4-431c-96da-426e950d210f",
326
+ "category": "Network activity"
327
+ },
328
+ {
329
+ "timestamp": "1461058036",
330
+ "value": "uygur.51vip.biz",
331
+ "type": "hostname",
332
+ "to_ids": false,
333
+ "object_relation": null,
334
+ "comment": "Associated with 180.169.28.58 TCP/8080",
335
+ "uuid": "5715f9f4-3954-463f-8012-48a4950d210f",
336
+ "category": "Network activity"
337
+ },
338
+ {
339
+ "timestamp": "1461058036",
340
+ "value": "uyguhr.epac.to",
341
+ "type": "hostname",
342
+ "to_ids": false,
343
+ "object_relation": null,
344
+ "comment": "Associated with 180.169.28.58 TCP/8080",
345
+ "uuid": "5715f9f4-1008-435d-b573-431d950d210f",
346
+ "category": "Network activity"
347
+ },
348
+ {
349
+ "timestamp": "1461058036",
350
+ "value": "xinxin20080628.gicp.net",
351
+ "type": "hostname",
352
+ "to_ids": false,
353
+ "object_relation": null,
354
+ "comment": "Associated with 180.169.28.58 TCP/8080",
355
+ "uuid": "5715f9f4-2cd0-4d29-827e-40fc950d210f",
356
+ "category": "Network activity"
357
+ },
358
+ {
359
+ "timestamp": "1461058034",
360
+ "value": "oyghur.yebhio.net",
361
+ "type": "hostname",
362
+ "to_ids": false,
363
+ "object_relation": null,
364
+ "comment": "Associated with 180.169.28.58 TCP/8080",
365
+ "uuid": "5715f9f2-de84-4c91-8d98-4f9c950d210f",
366
+ "category": "Network activity"
367
+ },
368
+ {
369
+ "timestamp": "1461058035",
370
+ "value": "www.uyghuri.mrface.com",
371
+ "type": "hostname",
372
+ "to_ids": false,
373
+ "object_relation": null,
374
+ "comment": "Associated with 180.169.28.58 TCP/8080",
375
+ "uuid": "5715f9f3-44bc-457b-90cb-40a1950d210f",
376
+ "category": "Network activity"
377
+ },
378
+ {
379
+ "timestamp": "1461058035",
380
+ "value": "uyghuri.mrface.com",
381
+ "type": "hostname",
382
+ "to_ids": false,
383
+ "object_relation": null,
384
+ "comment": "Associated with 180.169.28.58 TCP/8080",
385
+ "uuid": "5715f9f3-f55c-4519-b36f-4547950d210f",
386
+ "category": "Network activity"
387
+ },
388
+ {
389
+ "timestamp": "1461058035",
390
+ "value": "uygur.elcp.net",
391
+ "type": "hostname",
392
+ "to_ids": false,
393
+ "object_relation": null,
394
+ "comment": "Associated with 180.169.28.58 TCP/8080",
395
+ "uuid": "5715f9f3-818c-4fdd-bd6f-45a4950d210f",
396
+ "category": "Network activity"
397
+ },
398
+ {
399
+ "timestamp": "1461057398",
400
+ "value": "bacc4edb5e775d2c957022ad8360946c19f9f75ef2709c1db2d6708d53ec2cd1",
401
+ "type": "sha256",
402
+ "to_ids": true,
403
+ "object_relation": null,
404
+ "comment": "spearfish",
405
+ "uuid": "5715f3b3-6998-40e7-9235-4b3e950d210f",
406
+ "category": "Payload delivery"
407
+ },
408
+ {
409
+ "timestamp": "1461056715",
410
+ "value": "IEChecker.exe|7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6",
411
+ "type": "filename|sha256",
412
+ "to_ids": true,
413
+ "object_relation": null,
414
+ "comment": "",
415
+ "uuid": "5715f3b4-c4f0-4b6b-8661-494f950d210f",
416
+ "category": "Payload delivery"
417
+ },
418
+ {
419
+ "timestamp": "1461057157",
420
+ "value": "goodnewspaper.gicp.net",
421
+ "type": "hostname",
422
+ "to_ids": false,
423
+ "object_relation": null,
424
+ "comment": "Associated with 180.169.28.58 TCP/8080",
425
+ "uuid": "5715f659-3464-4c20-9622-489c950d210f",
426
+ "category": "Network activity"
427
+ },
428
+ {
429
+ "timestamp": "1461058034",
430
+ "value": "uyguhr.sov.te",
431
+ "type": "hostname",
432
+ "to_ids": false,
433
+ "object_relation": null,
434
+ "comment": "Associated with 180.169.28.58 TCP/8080",
435
+ "uuid": "5715f9f2-4e18-46a8-a304-4aaf950d210f",
436
+ "category": "Network activity"
437
+ },
438
+ {
439
+ "timestamp": "1461056523",
440
+ "value": "af2cc5bb8d97bf019280c80e2891103a8a1d5e5f8c6305b6f6c4dd83ec245a7d",
441
+ "type": "sha256",
442
+ "to_ids": false,
443
+ "object_relation": null,
444
+ "comment": "RTF",
445
+ "uuid": "5715f40b-36e0-4bcc-935b-4c64950d210f",
446
+ "category": "Payload delivery"
447
+ },
448
+ {
449
+ "timestamp": "1461057163",
450
+ "value": "goodnewspaper.f3322.org",
451
+ "type": "hostname",
452
+ "to_ids": false,
453
+ "object_relation": null,
454
+ "comment": "Associated with 180.169.28.58 TCP/8080",
455
+ "uuid": "5715f500-cff4-42db-a2d9-44b1950d210f",
456
+ "category": "Network activity"
457
+ },
458
+ {
459
+ "timestamp": "1461057168",
460
+ "value": "20080628.3322.org",
461
+ "type": "hostname",
462
+ "to_ids": false,
463
+ "object_relation": null,
464
+ "comment": "Associated with 180.169.28.58 TCP/8080",
465
+ "uuid": "5715f500-5c34-42da-bd1f-497f950d210f",
466
+ "category": "Network activity"
467
+ },
468
+ {
469
+ "timestamp": "1461057112",
470
+ "value": "goodnewspaper.3322.org",
471
+ "type": "hostname",
472
+ "to_ids": true,
473
+ "object_relation": null,
474
+ "comment": "Associated with 180.169.28.58 TCP/8080",
475
+ "uuid": "5715f658-9c1c-4a06-9273-4785950d210f",
476
+ "category": "Network activity"
477
+ },
478
+ {
479
+ "timestamp": "1461070838",
480
+ "value": "https://www.virustotal.com/file/4a5d864f69aff245793606b694bcbc5243b81e0b018596bce85ecab0e12ac849/analysis/1414340059/",
481
+ "type": "link",
482
+ "to_ids": false,
483
+ "object_relation": null,
484
+ "comment": "",
485
+ "uuid": "57162bf6-0ef8-4188-9ac9-45d202de0b81",
486
+ "category": "External analysis"
487
+ },
488
+ {
489
+ "timestamp": "1461070837",
490
+ "value": "08d7b5b8c9375e6d8ed7201dcb40d741d4d7866c",
491
+ "type": "sha1",
492
+ "to_ids": true,
493
+ "object_relation": null,
494
+ "comment": "Imported via the freetext import. - Xchecked via VT: b2ae8c02163dcee142afe71188914321",
495
+ "uuid": "57162bf5-af2c-4d7f-8068-4c6402de0b81",
496
+ "category": "Payload delivery"
497
+ },
498
+ {
499
+ "timestamp": "1461070837",
500
+ "value": "4a5d864f69aff245793606b694bcbc5243b81e0b018596bce85ecab0e12ac849",
501
+ "type": "sha256",
502
+ "to_ids": true,
503
+ "object_relation": null,
504
+ "comment": "Imported via the freetext import. - Xchecked via VT: b2ae8c02163dcee142afe71188914321",
505
+ "uuid": "57162bf5-f478-4079-b265-40bc02de0b81",
506
+ "category": "Payload delivery"
507
+ },
508
+ {
509
+ "timestamp": "1461070837",
510
+ "value": "https://www.virustotal.com/file/51c0d075067709c9f8794a25a7e3920bf69f8c755a1794e857acd818ea8a1010/analysis/1458152391/",
511
+ "type": "link",
512
+ "to_ids": false,
513
+ "object_relation": null,
514
+ "comment": "",
515
+ "uuid": "57162bf5-7020-440e-94b6-4d4f02de0b81",
516
+ "category": "External analysis"
517
+ },
518
+ {
519
+ "timestamp": "1461070836",
520
+ "value": "2a09888223879b1c44ed1780edf48d089a9925f7",
521
+ "type": "sha1",
522
+ "to_ids": true,
523
+ "object_relation": null,
524
+ "comment": "Imported via the freetext import. - Xchecked via VT: 937c13f5915a103aec8d28bdec7cc769",
525
+ "uuid": "57162bf4-a518-4dd7-8c8b-4b6902de0b81",
526
+ "category": "Payload delivery"
527
+ },
528
+ {
529
+ "timestamp": "1461070836",
530
+ "value": "51c0d075067709c9f8794a25a7e3920bf69f8c755a1794e857acd818ea8a1010",
531
+ "type": "sha256",
532
+ "to_ids": true,
533
+ "object_relation": null,
534
+ "comment": "Imported via the freetext import. - Xchecked via VT: 937c13f5915a103aec8d28bdec7cc769",
535
+ "uuid": "57162bf4-6bf4-435d-92cc-493902de0b81",
536
+ "category": "Payload delivery"
537
+ },
538
+ {
539
+ "timestamp": "1461070836",
540
+ "value": "https://www.virustotal.com/file/7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6/analysis/1452693896/",
541
+ "type": "link",
542
+ "to_ids": false,
543
+ "object_relation": null,
544
+ "comment": "",
545
+ "uuid": "57162bf4-0c00-4b36-ad3d-4a8802de0b81",
546
+ "category": "External analysis"
547
+ },
548
+ {
549
+ "timestamp": "1461070835",
550
+ "value": "c6fe39647f6e902ed7737f4ed057fdda419d5bb3",
551
+ "type": "sha1",
552
+ "to_ids": true,
553
+ "object_relation": null,
554
+ "comment": "- Xchecked via VT: 7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6",
555
+ "uuid": "57162bf3-5e1c-4c4a-a19e-424002de0b81",
556
+ "category": "Payload delivery"
557
+ },
558
+ {
559
+ "timestamp": "1461070835",
560
+ "value": "https://www.virustotal.com/file/5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39/analysis/1456612300/",
561
+ "type": "link",
562
+ "to_ids": false,
563
+ "object_relation": null,
564
+ "comment": "",
565
+ "uuid": "57162bf3-afb4-4ac7-b466-4e8902de0b81",
566
+ "category": "External analysis"
567
+ },
568
+ {
569
+ "timestamp": "1461070835",
570
+ "value": "09b7e38aa3279eab002f8528c9cae52601bb1038",
571
+ "type": "sha1",
572
+ "to_ids": true,
573
+ "object_relation": null,
574
+ "comment": "- Xchecked via VT: 5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39",
575
+ "uuid": "57162bf3-3e24-4b6c-997e-498202de0b81",
576
+ "category": "Payload delivery"
577
+ },
578
+ {
579
+ "timestamp": "1461070834",
580
+ "value": "https://www.virustotal.com/file/185fc01ec8adbaa94da741c4c1cf1b83185ae63899f14ce9949553c5dac3ecf6/analysis/1453280584/",
581
+ "type": "link",
582
+ "to_ids": false,
583
+ "object_relation": null,
584
+ "comment": "",
585
+ "uuid": "57162bf2-f18c-491d-8c87-475102de0b81",
586
+ "category": "External analysis"
587
+ },
588
+ {
589
+ "timestamp": "1461070834",
590
+ "value": "6fdd47a2a9dcddd93d9b8ee8a9bb2a28632df58b",
591
+ "type": "sha1",
592
+ "to_ids": true,
593
+ "object_relation": null,
594
+ "comment": "Imported via the freetext import. - Xchecked via VT: 185fc01ec8adbaa94da741c4c1cf1b83185ae63899f14ce9949553c5dac3ecf6",
595
+ "uuid": "57162bf2-96bc-4f65-8358-454502de0b81",
596
+ "category": "Payload delivery"
597
+ },
598
+ {
599
+ "timestamp": "1461070834",
600
+ "value": "https://www.virustotal.com/file/4f52292a2136eb7f9538230ae54a323c518fa44cf6de5d10ca7a04ecb6a77872/analysis/1455729543/",
601
+ "type": "link",
602
+ "to_ids": false,
603
+ "object_relation": null,
604
+ "comment": "",
605
+ "uuid": "57162bf2-324c-4447-9a59-4ed702de0b81",
606
+ "category": "External analysis"
607
+ },
608
+ {
609
+ "timestamp": "1461070833",
610
+ "value": "9a794b18a1452269adfcc8315520959b512d1c37",
611
+ "type": "sha1",
612
+ "to_ids": true,
613
+ "object_relation": null,
614
+ "comment": "spearfish - Xchecked via VT: 4f52292a2136eb7f9538230ae54a323c518fa44cf6de5d10ca7a04ecb6a77872",
615
+ "uuid": "57162bf1-b520-4634-bdc0-4bd202de0b81",
616
+ "category": "Payload delivery"
617
+ },
618
+ {
619
+ "timestamp": "1461070833",
620
+ "value": "https://www.virustotal.com/file/0683fac0b564fe5d2096e207b374a238a811e67b87856fc19bdf8eb3d6f76b49/analysis/1453026661/",
621
+ "type": "link",
622
+ "to_ids": false,
623
+ "object_relation": null,
624
+ "comment": "",
625
+ "uuid": "57162bf1-1d44-4294-9d0e-412b02de0b81",
626
+ "category": "External analysis"
627
+ },
628
+ {
629
+ "timestamp": "1461070833",
630
+ "value": "133f5b9bb5d344109c9c628f5dce248b838c257b",
631
+ "type": "sha1",
632
+ "to_ids": true,
633
+ "object_relation": null,
634
+ "comment": "RTF - Xchecked via VT: 0683fac0b564fe5d2096e207b374a238a811e67b87856fc19bdf8eb3d6f76b49",
635
+ "uuid": "57162bf1-6a38-4c76-89ec-441502de0b81",
636
+ "category": "Payload delivery"
637
+ },
638
+ {
639
+ "timestamp": "1461070833",
640
+ "value": "https://www.virustotal.com/file/14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4/analysis/1457552893/",
641
+ "type": "link",
642
+ "to_ids": false,
643
+ "object_relation": null,
644
+ "comment": "",
645
+ "uuid": "57162bf1-3924-4392-ab1e-48a302de0b81",
646
+ "category": "External analysis"
647
+ },
648
+ {
649
+ "timestamp": "1461070832",
650
+ "value": "c7c4a469ddf4bef2daf9bacc7711f0ae",
651
+ "type": "md5",
652
+ "to_ids": true,
653
+ "object_relation": null,
654
+ "comment": "malicious RTF targeting CVE-\u00ad2010\u20103333 - Xchecked via VT: 14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4",
655
+ "uuid": "57162bf0-fb5c-4756-810e-4a9f02de0b81",
656
+ "category": "Payload delivery"
657
+ },
658
+ {
659
+ "timestamp": "1461070832",
660
+ "value": "256ede6a7bff266589aaf996a47bf3eedcd8b980",
661
+ "type": "sha1",
662
+ "to_ids": true,
663
+ "object_relation": null,
664
+ "comment": "malicious RTF targeting CVE-\u00ad2010\u20103333 - Xchecked via VT: 14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4",
665
+ "uuid": "57162bf0-b654-42a6-92c0-4cb202de0b81",
666
+ "category": "Payload delivery"
667
+ },
668
+ {
669
+ "timestamp": "1461070832",
670
+ "value": "https://www.virustotal.com/file/bacc4edb5e775d2c957022ad8360946c19f9f75ef2709c1db2d6708d53ec2cd1/analysis/1455727175/",
671
+ "type": "link",
672
+ "to_ids": false,
673
+ "object_relation": null,
674
+ "comment": "",
675
+ "uuid": "57162bf0-8618-4bdb-9e83-4d3102de0b81",
676
+ "category": "External analysis"
677
+ },
678
+ {
679
+ "timestamp": "1461070831",
680
+ "value": "c1e63556e2bb088b15d2ccb1c0fe6c9ce29cf4e6",
681
+ "type": "sha1",
682
+ "to_ids": true,
683
+ "object_relation": null,
684
+ "comment": "spearfish - Xchecked via VT: bacc4edb5e775d2c957022ad8360946c19f9f75ef2709c1db2d6708d53ec2cd1",
685
+ "uuid": "57162bef-6e34-4ad3-964f-40aa02de0b81",
686
+ "category": "Payload delivery"
687
+ },
688
+ {
689
+ "timestamp": "1461070831",
690
+ "value": "https://www.virustotal.com/file/af2cc5bb8d97bf019280c80e2891103a8a1d5e5f8c6305b6f6c4dd83ec245a7d/analysis/1453438981/",
691
+ "type": "link",
692
+ "to_ids": false,
693
+ "object_relation": null,
694
+ "comment": "",
695
+ "uuid": "57162bef-6dcc-4dc2-9a86-419402de0b81",
696
+ "category": "External analysis"
697
+ },
698
+ {
699
+ "timestamp": "1461070831",
700
+ "value": "26f1e48f5e05f6d1f923e3a74219ca7bfa7c0995",
701
+ "type": "sha1",
702
+ "to_ids": false,
703
+ "object_relation": null,
704
+ "comment": "RTF - Xchecked via VT: af2cc5bb8d97bf019280c80e2891103a8a1d5e5f8c6305b6f6c4dd83ec245a7d",
705
+ "uuid": "57162bef-5094-438d-b933-46c902de0b81",
706
+ "category": "Payload delivery"
707
+ },
708
+ {
709
+ "timestamp": "1461070830",
710
+ "value": "https://www.virustotal.com/file/766e0c75bb13986f6a18f9f6af422dbda8c6717becc9b02cc4046943a960d21f/analysis/1457068422/",
711
+ "type": "link",
712
+ "to_ids": false,
713
+ "object_relation": null,
714
+ "comment": "",
715
+ "uuid": "57162bee-05b0-4a80-af98-436002de0b81",
716
+ "category": "External analysis"
717
+ },
718
+ {
719
+ "timestamp": "1461070830",
720
+ "value": "83d3bb544e0542dd9c4168350adef928e4205e69",
721
+ "type": "sha1",
722
+ "to_ids": true,
723
+ "object_relation": null,
724
+ "comment": "Imported via the freetext import. - Xchecked via VT: 766e0c75bb13986f6a18f9f6af422dbda8c6717becc9b02cc4046943a960d21f",
725
+ "uuid": "57162bee-44f4-423e-9c17-4a6202de0b81",
726
+ "category": "Payload delivery"
727
+ },
728
+ {
729
+ "timestamp": "1461070830",
730
+ "value": "https://www.virustotal.com/file/9d69221584a5c6f8147479282eae3017c2884ae5138d3b910c36a2a38039c776/analysis/1436830597/",
731
+ "type": "link",
732
+ "to_ids": false,
733
+ "object_relation": null,
734
+ "comment": "",
735
+ "uuid": "57162bee-b524-49ab-9591-43a702de0b81",
736
+ "category": "External analysis"
737
+ },
738
+ {
739
+ "timestamp": "1461071176",
740
+ "value": "ba77d50870756d247a580b8a3a56722c",
741
+ "type": "md5",
742
+ "to_ids": true,
743
+ "object_relation": null,
744
+ "comment": "Imported via the freetext import.",
745
+ "uuid": "57162d48-9f6c-4250-b463-4c73950d210f",
746
+ "category": "Payload delivery"
747
+ },
748
+ {
749
+ "timestamp": "1461070829",
750
+ "value": "c3a1b57a062bfd27ea9a56f6439193369970e336",
751
+ "type": "sha1",
752
+ "to_ids": true,
753
+ "object_relation": null,
754
+ "comment": "Imported via the freetext import. - Xchecked via VT: 9d69221584a5c6f8147479282eae3017c2884ae5138d3b910c36a2a38039c776",
755
+ "uuid": "57162bed-1bfc-4f65-bb04-4e8a02de0b81",
756
+ "category": "Payload delivery"
757
+ },
758
+ {
759
+ "timestamp": "1461070939",
760
+ "value": "brochure .doc|0ed325b841a2beb446c5e9a6825deaa021651c8b627aa7147d89edde05af6598",
761
+ "type": "filename|sha256",
762
+ "to_ids": true,
763
+ "object_relation": null,
764
+ "comment": "",
765
+ "uuid": "57162be0-b2b0-4a8d-83be-4446950d210f",
766
+ "category": "Payload delivery"
767
+ },
768
+ {
769
+ "timestamp": "1461070890",
770
+ "value": "brochure .rar|e8af4f3504b0e1cf165dfd1070342b831fd7b5b45da94c6f2a25c28dd6eb3c4a",
771
+ "type": "filename|sha256",
772
+ "to_ids": true,
773
+ "object_relation": null,
774
+ "comment": "Imported via the freetext import.",
775
+ "uuid": "57162be0-4da4-41ff-a407-440d950d210f",
776
+ "category": "Payload delivery"
777
+ },
778
+ {
779
+ "timestamp": "1461070743",
780
+ "value": "brochure .doc|835fee42132feebe9b3231297e5e71a8",
781
+ "type": "filename|md5",
782
+ "to_ids": true,
783
+ "object_relation": null,
784
+ "comment": "Imported via the freetext import.",
785
+ "uuid": "57162b63-ecd8-4688-aa03-45bc950d210f",
786
+ "category": "Payload delivery"
787
+ },
788
+ {
789
+ "timestamp": "1461070729",
790
+ "value": "brochure .rar|c8c6365bf21d947e8e986d4766a9fc16",
791
+ "type": "filename|md5",
792
+ "to_ids": true,
793
+ "object_relation": null,
794
+ "comment": "Imported via the freetext import.",
795
+ "uuid": "57162b62-5d5c-4a71-a20b-458b950d210f",
796
+ "category": "Payload delivery"
797
+ },
798
+ {
799
+ "timestamp": "1461070650",
800
+ "value": "uhfx.dll|a46905252567ed2fe17a407d8ae14036fde180f0a42756304109f34d1e8ad872",
801
+ "type": "filename|sha256",
802
+ "to_ids": true,
803
+ "object_relation": null,
804
+ "comment": "",
805
+ "uuid": "57162b3a-443c-40f1-9f45-40cb950d210f",
806
+ "category": "Payload delivery"
807
+ },
808
+ {
809
+ "timestamp": "1461070619",
810
+ "value": "tnyjs.dll|5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39",
811
+ "type": "filename|sha256",
812
+ "to_ids": true,
813
+ "object_relation": null,
814
+ "comment": "",
815
+ "uuid": "57162b1b-f190-45e8-a60c-4b3d950d210f",
816
+ "category": "Payload delivery"
817
+ },
818
+ {
819
+ "timestamp": "1461070493",
820
+ "value": "18219708781208889af05842ea6d563e56910424ec97ef8f695c0c7a82610a23",
821
+ "type": "sha256",
822
+ "to_ids": true,
823
+ "object_relation": null,
824
+ "comment": "Imported via the freetext import.",
825
+ "uuid": "57162a9d-6488-4e2c-852c-4ec9950d210f",
826
+ "category": "Payload delivery"
827
+ },
828
+ {
829
+ "timestamp": "1461070492",
830
+ "value": "uhfx.dll|6db7ad23186f445c410f59a41e7f8ac5",
831
+ "type": "filename|md5",
832
+ "to_ids": true,
833
+ "object_relation": null,
834
+ "comment": "Imported via the freetext import.",
835
+ "uuid": "57162a9c-162c-42a2-b2aa-4af9950d210f",
836
+ "category": "Payload delivery"
837
+ },
838
+ {
839
+ "timestamp": "1461070491",
840
+ "value": "tnyjs.dll|5bc954d76342d2860192398f186f3310",
841
+ "type": "filename|md5",
842
+ "to_ids": true,
843
+ "object_relation": null,
844
+ "comment": "Imported via the freetext import.",
845
+ "uuid": "57162a9b-3828-4d68-8917-4d4f950d210f",
846
+ "category": "Payload delivery"
847
+ },
848
+ {
849
+ "timestamp": "1461069906",
850
+ "value": "rule kivars_service {\r\n\r\nmeta:\r\n\r\n\tdescription = \"Detects instances of Kivars malware when installed as a service\"\r\n\tauthor = \"cwilson@arbor.net\"\r\n\tSHA\u2010256 = \"443d24d719dec79a2e1be682943795b617064d86f2ebaec7975978f0b1f6950d\"\r\n\tSHA-256 = \"44439e2ae675c548ad193aa67baa8e6abff5cc60c8a4c843a5c9f0c13ffec2d8\"\r\n\tSHA\u00ad-256 = \"74ed059519573a393aa7562e2a2afaf046cf872ea51f708a22b58b85c98718a8\"\r\n\tSHA\u00ad\u2010256 = \"80748362762996d4b23f8d4e55d2ef8ca2689b84cc0b5984f420afbb73acad1f\"\r\n\tSHA\u2010256 = \"9ba14273bfdd4a4b192c625d900b29e1fc3c8673154d3b4c4c3202109e918c8d\"\r\n\tSHA-256 = \"fba3cd920165b47cb39f3c970b8157b4e776cc062c74579a252d8dd2874b2e6b\"\r\n\r\nstrings:\r\n\r\n\t$s1 = \"\\\\Projects\\\\Br2012\\\\Release\\\\svc.pdb\"\r\n\t$s2 = \"This is a flag\"\r\n\t$s3 = \"svc.dll\"\r\n\t$s4 = \"ServiceMain\"\r\n\t$s5 = \"winsta0\"\r\n\r\ncondition:\r\n\r\n\tuint16(0) == 0x5A4D and < 1000000 and (all of ($s*))\r\n\r\n}",
851
+ "type": "yara",
852
+ "to_ids": false,
853
+ "object_relation": null,
854
+ "comment": "",
855
+ "uuid": "57162852-bbe8-4aa9-a420-4f3a950d210f",
856
+ "category": "Payload delivery"
857
+ },
858
+ {
859
+ "timestamp": "1461068924",
860
+ "value": "122.10.9.121",
861
+ "type": "ip-dst",
862
+ "to_ids": true,
863
+ "object_relation": null,
864
+ "comment": "Imported via the freetext import.",
865
+ "uuid": "5716247c-22d4-421d-9e0e-4f80950d210f",
866
+ "category": "Network activity"
867
+ },
868
+ {
869
+ "timestamp": "1461068923",
870
+ "value": "adc.microsoftmse.com",
871
+ "type": "hostname",
872
+ "to_ids": true,
873
+ "object_relation": null,
874
+ "comment": "Imported via the freetext import.",
875
+ "uuid": "5716247b-2390-4de2-951c-4bc2950d210f",
876
+ "category": "Network activity"
877
+ },
878
+ {
879
+ "timestamp": "1461068866",
880
+ "value": "766e0c75bb13986f6a18f9f6af422dbda8c6717becc9b02cc4046943a960d21f",
881
+ "type": "sha256",
882
+ "to_ids": true,
883
+ "object_relation": null,
884
+ "comment": "Imported via the freetext import.",
885
+ "uuid": "57162442-3070-40ac-8735-4c27950d210f",
886
+ "category": "Payload delivery"
887
+ },
888
+ {
889
+ "timestamp": "1461068866",
890
+ "value": "0566703ccda6c60816ef1d8d917aa7b0",
891
+ "type": "md5",
892
+ "to_ids": true,
893
+ "object_relation": null,
894
+ "comment": "Imported via the freetext import.",
895
+ "uuid": "57162442-63f4-4891-9148-4876950d210f",
896
+ "category": "Payload delivery"
897
+ },
898
+ {
899
+ "timestamp": "1461068770",
900
+ "value": "wins.microsoftmse.com",
901
+ "type": "hostname",
902
+ "to_ids": true,
903
+ "object_relation": null,
904
+ "comment": "Imported via the freetext import.",
905
+ "uuid": "571623e2-0aa4-44a7-9198-4cc1950d210f",
906
+ "category": "Network activity"
907
+ },
908
+ {
909
+ "timestamp": "1461068770",
910
+ "value": "b2ae8c02163dcee142afe71188914321",
911
+ "type": "md5",
912
+ "to_ids": true,
913
+ "object_relation": null,
914
+ "comment": "Imported via the freetext import.",
915
+ "uuid": "571623e2-80e4-4864-a72c-4ca1950d210f",
916
+ "category": "Payload delivery"
917
+ },
918
+ {
919
+ "timestamp": "1461068770",
920
+ "value": "9d69221584a5c6f8147479282eae3017c2884ae5138d3b910c36a2a38039c776",
921
+ "type": "sha256",
922
+ "to_ids": true,
923
+ "object_relation": null,
924
+ "comment": "Imported via the freetext import.",
925
+ "uuid": "571623e2-1a50-4035-927b-4453950d210f",
926
+ "category": "Payload delivery"
927
+ },
928
+ {
929
+ "timestamp": "1461068769",
930
+ "value": "19b2ed8ab09a43151c9951ff0432a861",
931
+ "type": "md5",
932
+ "to_ids": true,
933
+ "object_relation": null,
934
+ "comment": "Imported via the freetext import.",
935
+ "uuid": "571623e1-44e0-4808-9333-4c60950d210f",
936
+ "category": "Payload delivery"
937
+ },
938
+ {
939
+ "timestamp": "1461068769",
940
+ "value": "203.160.247.21",
941
+ "type": "ip-dst",
942
+ "to_ids": true,
943
+ "object_relation": null,
944
+ "comment": "On port 443",
945
+ "uuid": "571623e1-3bb0-4f0b-8543-4483950d210f",
946
+ "category": "Network activity"
947
+ },
948
+ {
949
+ "timestamp": "1461068769",
950
+ "value": "937c13f5915a103aec8d28bdec7cc769",
951
+ "type": "md5",
952
+ "to_ids": true,
953
+ "object_relation": null,
954
+ "comment": "Imported via the freetext import.",
955
+ "uuid": "571623e1-aaf8-4d39-a018-4a6e950d210f",
956
+ "category": "Payload delivery"
957
+ },
958
+ {
959
+ "timestamp": "1461056735",
960
+ "value": "IEChecker.exe|46c7d064a34c4e02bb2df56e0f8470c0",
961
+ "type": "filename|md5",
962
+ "to_ids": true,
963
+ "object_relation": null,
964
+ "comment": "",
965
+ "uuid": "5715f2cf-8de8-4475-a716-4de1950d210f",
966
+ "category": "Payload delivery"
967
+ },
968
+ {
969
+ "timestamp": "1461056207",
970
+ "value": "c674ae90f686d831cffc223a55782a93",
971
+ "type": "md5",
972
+ "to_ids": true,
973
+ "object_relation": null,
974
+ "comment": "RTF",
975
+ "uuid": "5715f2cf-ee4c-4585-a40e-4d6c950d210f",
976
+ "category": "Payload delivery"
977
+ },
978
+ {
979
+ "timestamp": "1461056206",
980
+ "value": "7d4f8341b58602a17184bc5c07311e8b",
981
+ "type": "md5",
982
+ "to_ids": true,
983
+ "object_relation": null,
984
+ "comment": "spearfish",
985
+ "uuid": "5715f2ce-b55c-4357-bdfe-43d5950d210f",
986
+ "category": "Payload delivery"
987
+ },
988
+ {
989
+ "timestamp": "1461067343",
990
+ "value": "180.169.28.58",
991
+ "type": "ip-dst",
992
+ "to_ids": true,
993
+ "object_relation": null,
994
+ "comment": "On port 8080",
995
+ "uuid": "5715eae1-b6f0-46c6-af87-40de950d210f",
996
+ "category": "Network activity"
997
+ },
998
+ {
999
+ "timestamp": "1461007906",
1000
+ "value": "198.55.120.143",
1001
+ "type": "ip-dst",
1002
+ "to_ids": true,
1003
+ "object_relation": null,
1004
+ "comment": "On port 7386",
1005
+ "uuid": "57153622-b0fc-4002-ae3c-3e3c950d210f",
1006
+ "category": "Network activity"
1007
+ },
1008
+ {
1009
+ "timestamp": "1461007824",
1010
+ "value": "CVE-2015-1770",
1011
+ "type": "vulnerability",
1012
+ "to_ids": false,
1013
+ "object_relation": null,
1014
+ "comment": "",
1015
+ "uuid": "571535d0-c074-4f8b-b2dc-4fb9950d210f",
1016
+ "category": "Payload delivery"
1017
+ },
1018
+ {
1019
+ "timestamp": "1461007824",
1020
+ "value": "CVE-2015-1641",
1021
+ "type": "vulnerability",
1022
+ "to_ids": false,
1023
+ "object_relation": null,
1024
+ "comment": "",
1025
+ "uuid": "571535d0-b898-4ab7-80f4-4555950d210f",
1026
+ "category": "Payload delivery"
1027
+ },
1028
+ {
1029
+ "timestamp": "1461007824",
1030
+ "value": "CVE-2012-1856",
1031
+ "type": "vulnerability",
1032
+ "to_ids": false,
1033
+ "object_relation": null,
1034
+ "comment": "",
1035
+ "uuid": "571535d0-ee34-47e6-8ae9-4c82950d210f",
1036
+ "category": "Payload delivery"
1037
+ },
1038
+ {
1039
+ "timestamp": "1461007824",
1040
+ "value": "CVE-2012-0158",
1041
+ "type": "vulnerability",
1042
+ "to_ids": false,
1043
+ "object_relation": null,
1044
+ "comment": "",
1045
+ "uuid": "571535d0-050c-4c6f-9eee-4b3c950d210f",
1046
+ "category": "Payload delivery"
1047
+ },
1048
+ {
1049
+ "timestamp": "1461007775",
1050
+ "value": "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/04/ASERT-Threat-Intelligence-Report-2016-03-The-Four-Element-Sword-Engagement.pdf",
1051
+ "type": "link",
1052
+ "to_ids": false,
1053
+ "object_relation": null,
1054
+ "comment": "",
1055
+ "uuid": "5715359f-6c3c-49f6-9447-4a6b950d210f",
1056
+ "category": "External analysis"
1057
+ },
1058
+ {
1059
+ "timestamp": "1461070838",
1060
+ "value": "e12e06f42cbdf05e91b89e364ed4319dd257fc71",
1061
+ "type": "sha1",
1062
+ "to_ids": true,
1063
+ "object_relation": null,
1064
+ "comment": "Imported via the freetext import. - Xchecked via VT: c8c6365bf21d947e8e986d4766a9fc16",
1065
+ "uuid": "57162bf6-6068-46fd-a2fe-49ef02de0b81",
1066
+ "category": "Payload delivery"
1067
+ },
1068
+ {
1069
+ "timestamp": "1461070838",
1070
+ "value": "https://www.virustotal.com/file/e8af4f3504b0e1cf165dfd1070342b831fd7b5b45da94c6f2a25c28dd6eb3c4a/analysis/1451715280/",
1071
+ "type": "link",
1072
+ "to_ids": false,
1073
+ "object_relation": null,
1074
+ "comment": "",
1075
+ "uuid": "57162bf6-8e08-4388-865b-42b102de0b81",
1076
+ "category": "External analysis"
1077
+ },
1078
+ {
1079
+ "timestamp": "1461070839",
1080
+ "value": "3370ec0c71056a6fc6860c54dee96675ffb85b92",
1081
+ "type": "sha1",
1082
+ "to_ids": true,
1083
+ "object_relation": null,
1084
+ "comment": "Imported via the freetext import. - Xchecked via VT: 835fee42132feebe9b3231297e5e71a8",
1085
+ "uuid": "57162bf7-00c0-407d-bd0a-48c102de0b81",
1086
+ "category": "Payload delivery"
1087
+ },
1088
+ {
1089
+ "timestamp": "1461070839",
1090
+ "value": "https://www.virustotal.com/file/0ed325b841a2beb446c5e9a6825deaa021651c8b627aa7147d89edde05af6598/analysis/1456325644/",
1091
+ "type": "link",
1092
+ "to_ids": false,
1093
+ "object_relation": null,
1094
+ "comment": "",
1095
+ "uuid": "57162bf7-3248-4844-84a2-44aa02de0b81",
1096
+ "category": "External analysis"
1097
+ },
1098
+ {
1099
+ "timestamp": "1461071177",
1100
+ "value": "1c4e3c4df094c32faf0c30f6a613c63e",
1101
+ "type": "md5",
1102
+ "to_ids": true,
1103
+ "object_relation": null,
1104
+ "comment": "Imported via the freetext import.",
1105
+ "uuid": "57162d49-a7fc-4dc4-9fc7-46a4950d210f",
1106
+ "category": "Payload delivery"
1107
+ },
1108
+ {
1109
+ "timestamp": "1461071177",
1110
+ "value": "89e4cff1496aafa0776619729a75d4ab",
1111
+ "type": "md5",
1112
+ "to_ids": true,
1113
+ "object_relation": null,
1114
+ "comment": "Imported via the freetext import.",
1115
+ "uuid": "57162d49-fa0c-4103-ab37-4905950d210f",
1116
+ "category": "Payload delivery"
1117
+ },
1118
+ {
1119
+ "timestamp": "1461071178",
1120
+ "value": "f25634becd08d5298db1f3014e477e00",
1121
+ "type": "md5",
1122
+ "to_ids": true,
1123
+ "object_relation": null,
1124
+ "comment": "Imported via the freetext import.",
1125
+ "uuid": "57162d4a-afa8-4668-812a-4191950d210f",
1126
+ "category": "Payload delivery"
1127
+ },
1128
+ {
1129
+ "timestamp": "1461071178",
1130
+ "value": "ad251fd7427c0334f34aabe100a216b4af48b1ab4a01705f44b3421edd0be6ae",
1131
+ "type": "sha256",
1132
+ "to_ids": true,
1133
+ "object_relation": null,
1134
+ "comment": "Imported via the freetext import.",
1135
+ "uuid": "57162d4a-fbac-4e6d-9bce-427e950d210f",
1136
+ "category": "Payload delivery"
1137
+ },
1138
+ {
1139
+ "timestamp": "1461071178",
1140
+ "value": "f6bc895b36446d172c4a99be2587376b48fa3b1b0f6150eb8ab83f649f7b8bc6",
1141
+ "type": "sha256",
1142
+ "to_ids": true,
1143
+ "object_relation": null,
1144
+ "comment": "Imported via the freetext import.",
1145
+ "uuid": "57162d4a-ffc8-4fe8-ae07-4722950d210f",
1146
+ "category": "Payload delivery"
1147
+ },
1148
+ {
1149
+ "timestamp": "1461071179",
1150
+ "value": "8dfcae0eb358f48fc30163e58c75823117f6fd501a48f3dfeb19a06d1c21aa51",
1151
+ "type": "sha256",
1152
+ "to_ids": true,
1153
+ "object_relation": null,
1154
+ "comment": "Imported via the freetext import.",
1155
+ "uuid": "57162d4b-fea8-47c9-b704-447a950d210f",
1156
+ "category": "Payload delivery"
1157
+ },
1158
+ {
1159
+ "timestamp": "1461071179",
1160
+ "value": "f8a18e8b8e6606617e3a63ee5a3050a1b30361703c9a7d9e2d5cc94090c9907b",
1161
+ "type": "sha256",
1162
+ "to_ids": true,
1163
+ "object_relation": null,
1164
+ "comment": "Imported via the freetext import.",
1165
+ "uuid": "57162d4b-cb90-49de-8706-4258950d210f",
1166
+ "category": "Payload delivery"
1167
+ },
1168
+ {
1169
+ "timestamp": "1461071840",
1170
+ "value": "D:\\WORK\\T9000\\N_Inst_User_M1\\Release\\N_Inst_User32.pdb",
1171
+ "type": "pdb",
1172
+ "to_ids": false,
1173
+ "object_relation": null,
1174
+ "comment": "",
1175
+ "uuid": "57162fe0-9dd8-4d4b-b5db-4511950d210f",
1176
+ "category": "Artifacts dropped"
1177
+ },
1178
+ {
1179
+ "timestamp": "1461074339",
1180
+ "value": "4f1784a4e4181b4c80f8d77675a267cbdd0e35ea1756c9fdb82294251bef1d28",
1181
+ "type": "sha256",
1182
+ "to_ids": true,
1183
+ "object_relation": null,
1184
+ "comment": "bait file",
1185
+ "uuid": "5716393a-9718-4575-b267-4c6d950d210f",
1186
+ "category": "Payload delivery"
1187
+ },
1188
+ {
1189
+ "timestamp": "1461074368",
1190
+ "value": "E804.tmp|5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c",
1191
+ "type": "filename|sha256",
1192
+ "to_ids": true,
1193
+ "object_relation": null,
1194
+ "comment": "",
1195
+ "uuid": "571639c0-0f48-454b-b4f5-4f8e950d210f",
1196
+ "category": "Payload delivery"
1197
+ },
1198
+ {
1199
+ "timestamp": "1461074314",
1200
+ "value": "647b443ecaa38d2834e5681f20540fa84a5cf2b7e1bee6a2524ce59783cb8d1b",
1201
+ "type": "sha256",
1202
+ "to_ids": true,
1203
+ "object_relation": null,
1204
+ "comment": "RTF",
1205
+ "uuid": "5716393a-59ec-46a8-be9f-4729950d210f",
1206
+ "category": "Payload delivery"
1207
+ },
1208
+ {
1209
+ "timestamp": "1461074289",
1210
+ "value": "9ae498307da6c2e677a97a458bff1aea",
1211
+ "type": "md5",
1212
+ "to_ids": true,
1213
+ "object_relation": null,
1214
+ "comment": "bait file",
1215
+ "uuid": "5716393a-be40-4cea-860e-4198950d210f",
1216
+ "category": "Payload delivery"
1217
+ },
1218
+ {
1219
+ "timestamp": "1461074233",
1220
+ "value": "E804.tmp|e4e8493898d94f737ff4dc8fab743a4a",
1221
+ "type": "filename|md5",
1222
+ "to_ids": true,
1223
+ "object_relation": null,
1224
+ "comment": "Imported via the freetext import.",
1225
+ "uuid": "57163939-db08-4130-8859-4246950d210f",
1226
+ "category": "Payload delivery"
1227
+ },
1228
+ {
1229
+ "timestamp": "1461074276",
1230
+ "value": "da97c88858214242374f27d32e27d957",
1231
+ "type": "md5",
1232
+ "to_ids": true,
1233
+ "object_relation": null,
1234
+ "comment": "RTF",
1235
+ "uuid": "57163938-0878-4bcb-a764-4f47950d210f",
1236
+ "category": "Payload delivery"
1237
+ },
1238
+ {
1239
+ "timestamp": "1461073849",
1240
+ "value": "d5fa43be20aa94baf1737289c5034e2235f1393890fb6f4e8d4104565be52d8c",
1241
+ "type": "sha256",
1242
+ "to_ids": true,
1243
+ "object_relation": null,
1244
+ "comment": "Imported via the freetext import.",
1245
+ "uuid": "571637b9-a1d4-47e7-924c-478d950d210f",
1246
+ "category": "Payload delivery"
1247
+ },
1248
+ {
1249
+ "timestamp": "1461073848",
1250
+ "value": "fb1e8c42d11e3a2de97814e451ee3375",
1251
+ "type": "md5",
1252
+ "to_ids": true,
1253
+ "object_relation": null,
1254
+ "comment": "Imported via the freetext import.",
1255
+ "uuid": "571637b8-b8a0-472d-982f-49ac950d210f",
1256
+ "category": "Payload delivery"
1257
+ },
1258
+ {
1259
+ "timestamp": "1461072137",
1260
+ "value": "igfxtray.exe",
1261
+ "type": "url",
1262
+ "to_ids": true,
1263
+ "object_relation": null,
1264
+ "comment": "Imported via the freetext import.",
1265
+ "uuid": "57163109-be58-4cc7-89c1-4446950d210f",
1266
+ "category": "Network activity"
1267
+ },
1268
+ {
1269
+ "timestamp": "1461072137",
1270
+ "value": "Data/dtl.dat",
1271
+ "type": "url",
1272
+ "to_ids": true,
1273
+ "object_relation": null,
1274
+ "comment": "Imported via the freetext import.",
1275
+ "uuid": "57163109-6304-413e-9884-4a42950d210f",
1276
+ "category": "Network activity"
1277
+ },
1278
+ {
1279
+ "timestamp": "1461072137",
1280
+ "value": "Data/glp.uin",
1281
+ "type": "url",
1282
+ "to_ids": true,
1283
+ "object_relation": null,
1284
+ "comment": "Imported via the freetext import.",
1285
+ "uuid": "57163109-1e04-4ef4-bf92-480b950d210f",
1286
+ "category": "Network activity"
1287
+ },
1288
+ {
1289
+ "timestamp": "1461072625",
1290
+ "value": "http://198.55.120.143:7386/B/ResN32.dll",
1291
+ "type": "url",
1292
+ "to_ids": true,
1293
+ "object_relation": null,
1294
+ "comment": "Imported via the freetext import.",
1295
+ "uuid": "571632f1-d2f8-4e0c-9322-4370950d210f",
1296
+ "category": "Network activity"
1297
+ },
1298
+ {
1299
+ "timestamp": "1461072625",
1300
+ "value": "fdb6543bfb77aa6ddff0f4dfe07e442f",
1301
+ "type": "md5",
1302
+ "to_ids": true,
1303
+ "object_relation": null,
1304
+ "comment": "RTF",
1305
+ "uuid": "571632f1-9d80-4532-9288-4598950d210f",
1306
+ "category": "Payload delivery"
1307
+ },
1308
+ {
1309
+ "timestamp": "1461072626",
1310
+ "value": "d8d70851641efbdfce8d561e6b1a2f29",
1311
+ "type": "md5",
1312
+ "to_ids": true,
1313
+ "object_relation": null,
1314
+ "comment": "T9000 main binary",
1315
+ "uuid": "571632f2-4d40-4809-af5e-411a950d210f",
1316
+ "category": "Payload delivery"
1317
+ },
1318
+ {
1319
+ "timestamp": "1461072626",
1320
+ "value": "Elevate.dll|1d335f6a58cb9fab503a9b9cb371f57b",
1321
+ "type": "filename|md5",
1322
+ "to_ids": true,
1323
+ "object_relation": null,
1324
+ "comment": "Imported via the freetext import.",
1325
+ "uuid": "571632f2-5290-46c4-bd6b-48d3950d210f",
1326
+ "category": "Payload delivery"
1327
+ },
1328
+ {
1329
+ "timestamp": "1461072627",
1330
+ "value": "QQMgr.dll|b9c584c7c34d14599de8cd3b72f2074b",
1331
+ "type": "filename|md5",
1332
+ "to_ids": true,
1333
+ "object_relation": null,
1334
+ "comment": "Imported via the freetext import.",
1335
+ "uuid": "571632f3-f5b8-4fe6-bff3-4e11950d210f",
1336
+ "category": "Payload delivery"
1337
+ },
1338
+ {
1339
+ "timestamp": "1461072627",
1340
+ "value": "QQMgr.inf|8ac933be588f49560179c26ddbc6a753",
1341
+ "type": "filename|md5",
1342
+ "to_ids": true,
1343
+ "object_relation": null,
1344
+ "comment": "Imported via the freetext import.",
1345
+ "uuid": "571632f3-63a8-43a2-9260-43b9950d210f",
1346
+ "category": "Payload delivery"
1347
+ },
1348
+ {
1349
+ "timestamp": "1461072628",
1350
+ "value": "ResN32.dat|50753c28878ce10a748fbd7b831ecbe1",
1351
+ "type": "filename|md5",
1352
+ "to_ids": true,
1353
+ "object_relation": null,
1354
+ "comment": "Imported via the freetext import.",
1355
+ "uuid": "571632f4-d0a0-4595-9c2d-46fa950d210f",
1356
+ "category": "Payload delivery"
1357
+ },
1358
+ {
1359
+ "timestamp": "1461072629",
1360
+ "value": "ResN32.dll|a45e5c32fc2bc7be9d6e4bba8b2807bf",
1361
+ "type": "filename|md5",
1362
+ "to_ids": true,
1363
+ "object_relation": null,
1364
+ "comment": "Imported via the freetext import.",
1365
+ "uuid": "571632f5-2e3c-4637-95ce-46db950d210f",
1366
+ "category": "Payload delivery"
1367
+ },
1368
+ {
1369
+ "timestamp": "1461072629",
1370
+ "value": "hccutils.dll|2299fb8268f47294eb2b18282540a955",
1371
+ "type": "filename|md5",
1372
+ "to_ids": true,
1373
+ "object_relation": null,
1374
+ "comment": "Imported via the freetext import.",
1375
+ "uuid": "571632f5-6a74-4bfc-bb34-499a950d210f",
1376
+ "category": "Payload delivery"
1377
+ },
1378
+ {
1379
+ "timestamp": "1461072630",
1380
+ "value": "hccutils.inf|2f31ef1a8fca047ed0d623010d569857",
1381
+ "type": "filename|md5",
1382
+ "to_ids": true,
1383
+ "object_relation": null,
1384
+ "comment": "Imported via the freetext import.",
1385
+ "uuid": "571632f6-743c-4e90-8619-4c5a950d210f",
1386
+ "category": "Payload delivery"
1387
+ },
1388
+ {
1389
+ "timestamp": "1461072631",
1390
+ "value": "hjwe.dat|d3601a5160b8d122261989d147221eb7",
1391
+ "type": "filename|md5",
1392
+ "to_ids": true,
1393
+ "object_relation": null,
1394
+ "comment": "Imported via the freetext import.",
1395
+ "uuid": "571632f7-b1dc-4a7e-98d1-43c3950d210f",
1396
+ "category": "Payload delivery"
1397
+ },
1398
+ {
1399
+ "timestamp": "1461072631",
1400
+ "value": "qhnj.dat|a9de62186cb8d0e23b0dc75e1ae373ac",
1401
+ "type": "filename|md5",
1402
+ "to_ids": true,
1403
+ "object_relation": null,
1404
+ "comment": "Imported via the freetext import.",
1405
+ "uuid": "571632f7-ba34-4fde-b022-499e950d210f",
1406
+ "category": "Payload delivery"
1407
+ },
1408
+ {
1409
+ "timestamp": "1461072632",
1410
+ "value": "tyeu.dat|29ec20f5fa1817dc9250c434e61420ea",
1411
+ "type": "filename|md5",
1412
+ "to_ids": true,
1413
+ "object_relation": null,
1414
+ "comment": "Imported via the freetext import.",
1415
+ "uuid": "571632f8-ba50-40d4-b668-40b6950d210f",
1416
+ "category": "Payload delivery"
1417
+ },
1418
+ {
1419
+ "timestamp": "1461072632",
1420
+ "value": "vnkd.dat|35f4ce864c3a3dc016fea3459d6402a9",
1421
+ "type": "filename|md5",
1422
+ "to_ids": true,
1423
+ "object_relation": null,
1424
+ "comment": "Imported via the freetext import.",
1425
+ "uuid": "571632f8-b0ac-45b2-b300-4acd950d210f",
1426
+ "category": "Payload delivery"
1427
+ },
1428
+ {
1429
+ "timestamp": "1461072966",
1430
+ "value": "8e4de6fb35ce4cd47e06b48fb86b7da3eba02031cfd8ae714e25f8f7903f0141",
1431
+ "type": "sha256",
1432
+ "to_ids": true,
1433
+ "object_relation": null,
1434
+ "comment": "RTF",
1435
+ "uuid": "571633f1-ceac-4898-af6f-4077950d210f",
1436
+ "category": "Payload delivery"
1437
+ },
1438
+ {
1439
+ "timestamp": "1461072994",
1440
+ "value": "7c04286734718300e2c0691be9b6622f2d2525ca07ab27102a424af6f8cc3aec",
1441
+ "type": "sha256",
1442
+ "to_ids": true,
1443
+ "object_relation": null,
1444
+ "comment": "T9000 man binary",
1445
+ "uuid": "571633f2-853c-4d2a-99c0-4157950d210f",
1446
+ "category": "Payload delivery"
1447
+ },
1448
+ {
1449
+ "timestamp": "1461073261",
1450
+ "value": "Elevate.dll|9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95",
1451
+ "type": "filename|sha256",
1452
+ "to_ids": true,
1453
+ "object_relation": null,
1454
+ "comment": "",
1455
+ "uuid": "5716356d-8e44-44e0-bdbe-43e8950d210f",
1456
+ "category": "Payload delivery"
1457
+ },
1458
+ {
1459
+ "timestamp": "1461073285",
1460
+ "value": "QQMgr.dll|bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f",
1461
+ "type": "filename|sha256",
1462
+ "to_ids": true,
1463
+ "object_relation": null,
1464
+ "comment": "",
1465
+ "uuid": "57163585-4fa0-4a17-9aab-46c2950d210f",
1466
+ "category": "Payload delivery"
1467
+ },
1468
+ {
1469
+ "timestamp": "1461073322",
1470
+ "value": "ResN32.dat|5b90fa081e3ac29a7339995f9b087dab9981409ff62e3215eb558908c6b96b14",
1471
+ "type": "filename|sha256",
1472
+ "to_ids": true,
1473
+ "object_relation": null,
1474
+ "comment": "",
1475
+ "uuid": "571635aa-1d00-4b7f-b330-4030950d210f",
1476
+ "category": "Payload delivery"
1477
+ },
1478
+ {
1479
+ "timestamp": "1461073346",
1480
+ "value": "QQMgr.inf|ace7e3535f2f1fe32e693920a9f411eea21682c87a8e6661d3b67330cd221a2a",
1481
+ "type": "filename|sha256",
1482
+ "to_ids": true,
1483
+ "object_relation": null,
1484
+ "comment": "",
1485
+ "uuid": "571635c2-8fb0-46d1-ba3d-4861950d210f",
1486
+ "category": "Payload delivery"
1487
+ },
1488
+ {
1489
+ "timestamp": "1461073418",
1490
+ "value": "ResN32.dll|1cea4e49bd785378d8beb863bb8eb662042dffd18c85b8c14c74a0367071d9a7",
1491
+ "type": "filename|sha256",
1492
+ "to_ids": true,
1493
+ "object_relation": null,
1494
+ "comment": "",
1495
+ "uuid": "5716360a-2a3c-429e-82dd-49d2950d210f",
1496
+ "category": "Payload delivery"
1497
+ },
1498
+ {
1499
+ "timestamp": "1461073467",
1500
+ "value": "hccutils.dll|3dfc94605daf51ebd7bbccbb3a9049999f8d555db0999a6a7e6265a7e458cab9",
1501
+ "type": "filename|sha256",
1502
+ "to_ids": true,
1503
+ "object_relation": null,
1504
+ "comment": "",
1505
+ "uuid": "5716363b-7a90-44eb-92d5-46e3950d210f",
1506
+ "category": "Payload delivery"
1507
+ },
1508
+ {
1509
+ "timestamp": "1461073483",
1510
+ "value": "hccutils.inf|f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27",
1511
+ "type": "filename|sha256",
1512
+ "to_ids": true,
1513
+ "object_relation": null,
1514
+ "comment": "",
1515
+ "uuid": "5716364b-1940-4d7c-a2ee-4ba3950d210f",
1516
+ "category": "Payload delivery"
1517
+ },
1518
+ {
1519
+ "timestamp": "1461073500",
1520
+ "value": "hjwe.dat|bb73261072d2ef220b8f87c6bb7488ad2da736790898d61f33a5fb7747abf48b",
1521
+ "type": "filename|sha256",
1522
+ "to_ids": true,
1523
+ "object_relation": null,
1524
+ "comment": "",
1525
+ "uuid": "5716365c-65b4-4d71-9618-4d3c950d210f",
1526
+ "category": "Payload delivery"
1527
+ },
1528
+ {
1529
+ "timestamp": "1461073515",
1530
+ "value": "vnkd.dat|c22b40db7f9f8ebdbde4e5fc3a44e15449f75c40830c88932f9abd541cc78465",
1531
+ "type": "filename|sha256",
1532
+ "to_ids": true,
1533
+ "object_relation": null,
1534
+ "comment": "",
1535
+ "uuid": "5716366b-7980-4c53-a04c-44ae950d210f",
1536
+ "category": "Payload delivery"
1537
+ },
1538
+ {
1539
+ "timestamp": "1461073533",
1540
+ "value": "tyeu.dat|e52b5ed63719a2798314a9c49c42c0ed4eb22a1ac4a2ad30e8bfc899edcea926",
1541
+ "type": "filename|sha256",
1542
+ "to_ids": true,
1543
+ "object_relation": null,
1544
+ "comment": "",
1545
+ "uuid": "5716367d-2b88-45b5-a3bb-4915950d210f",
1546
+ "category": "Payload delivery"
1547
+ },
1548
+ {
1549
+ "timestamp": "1461073550",
1550
+ "value": "qhnj.dat|c61dbc7b51caab1d0353cbba9a8f51f65ef167459277c1c16f15eb6c7025cfe3",
1551
+ "type": "filename|sha256",
1552
+ "to_ids": true,
1553
+ "object_relation": null,
1554
+ "comment": "",
1555
+ "uuid": "5716368e-b1b0-4184-aa05-445c950d210f",
1556
+ "category": "Payload delivery"
1557
+ },
1558
+ {
1559
+ "timestamp": "1461074701",
1560
+ "value": "e1269c22ad1e057b9c91523498b4b04d",
1561
+ "type": "md5",
1562
+ "to_ids": true,
1563
+ "object_relation": null,
1564
+ "comment": "Imported via the freetext import.",
1565
+ "uuid": "57163b0d-9214-43d4-9c9f-4d5f950d210f",
1566
+ "category": "Payload delivery"
1567
+ },
1568
+ {
1569
+ "timestamp": "1461074701",
1570
+ "value": "b9914fb8c645e0c41d497db303c1ffa594da709686252fccb8d28dffac86275b",
1571
+ "type": "sha256",
1572
+ "to_ids": true,
1573
+ "object_relation": null,
1574
+ "comment": "Imported via the freetext import.",
1575
+ "uuid": "57163b0d-3c58-4378-b036-4eea950d210f",
1576
+ "category": "Payload delivery"
1577
+ },
1578
+ {
1579
+ "timestamp": "1461134495",
1580
+ "value": "yeaton.xicp.net",
1581
+ "type": "hostname",
1582
+ "to_ids": true,
1583
+ "object_relation": null,
1584
+ "comment": "Imported via the freetext import.",
1585
+ "uuid": "5717249f-c33c-4b52-926b-4475950d210f",
1586
+ "category": "Network activity"
1587
+ },
1588
+ {
1589
+ "timestamp": "1461134866",
1590
+ "value": "BC29.tmp|e4e8493898d94f737ff4dc8fab743a4a",
1591
+ "type": "filename|md5",
1592
+ "to_ids": true,
1593
+ "object_relation": null,
1594
+ "comment": "Imported via the freetext import.",
1595
+ "uuid": "57172612-830c-44ef-8b61-4f00950d210f",
1596
+ "category": "Payload delivery"
1597
+ },
1598
+ {
1599
+ "timestamp": "1461134867",
1600
+ "value": "~tmp.doc|751196ce79dacd906eec9b5a1c92890b",
1601
+ "type": "filename|md5",
1602
+ "to_ids": true,
1603
+ "object_relation": null,
1604
+ "comment": "Imported via the freetext import.",
1605
+ "uuid": "57172613-bf60-445b-b242-4473950d210f",
1606
+ "category": "Payload delivery"
1607
+ },
1608
+ {
1609
+ "timestamp": "1461135278",
1610
+ "value": "~tmp.doc|e6ad959a18725954a56a7954d3f47671",
1611
+ "type": "filename|md5",
1612
+ "to_ids": true,
1613
+ "object_relation": null,
1614
+ "comment": "Imported via the freetext import.",
1615
+ "uuid": "571727ae-9478-46db-87bb-4241950d210f",
1616
+ "category": "Payload delivery"
1617
+ },
1618
+ {
1619
+ "timestamp": "1461135278",
1620
+ "value": "iuso.exe|07eb4867e436bbef759a9877402af994",
1621
+ "type": "filename|md5",
1622
+ "to_ids": true,
1623
+ "object_relation": null,
1624
+ "comment": "Imported via the freetext import.",
1625
+ "uuid": "571727ae-ef9c-4de4-af85-4e73950d210f",
1626
+ "category": "Payload delivery"
1627
+ },
1628
+ {
1629
+ "timestamp": "1461135279",
1630
+ "value": "wget.bat|47e60e347b5791d5f17939f9c97fee01",
1631
+ "type": "filename|md5",
1632
+ "to_ids": true,
1633
+ "object_relation": null,
1634
+ "comment": "Imported via the freetext import.",
1635
+ "uuid": "571727af-0e74-4f10-9b4c-4965950d210f",
1636
+ "category": "Payload delivery"
1637
+ },
1638
+ {
1639
+ "timestamp": "1461135280",
1640
+ "value": "wget.exe|f9f8d1c53d312f17c6f830e7b4e6651d",
1641
+ "type": "filename|md5",
1642
+ "to_ids": true,
1643
+ "object_relation": null,
1644
+ "comment": "Imported via the freetext import.",
1645
+ "uuid": "571727b0-16e0-45d6-a286-4a06950d210f",
1646
+ "category": "Payload delivery"
1647
+ },
1648
+ {
1649
+ "timestamp": "1461135280",
1650
+ "value": "wthk.txt|d579d7a42ff140952da57264614c37bc",
1651
+ "type": "filename|md5",
1652
+ "to_ids": true,
1653
+ "object_relation": null,
1654
+ "comment": "Imported via the freetext import.",
1655
+ "uuid": "571727b0-e65c-469d-a368-4a7f950d210f",
1656
+ "category": "Payload delivery"
1657
+ },
1658
+ {
1659
+ "timestamp": "1461135281",
1660
+ "value": "conhost.exe|f70b295c6a5121b918682310ce0c2165",
1661
+ "type": "filename|md5",
1662
+ "to_ids": true,
1663
+ "object_relation": null,
1664
+ "comment": "Imported via the freetext import.",
1665
+ "uuid": "571727b1-66c8-4be7-8ee1-43c3950d210f",
1666
+ "category": "Payload delivery"
1667
+ },
1668
+ {
1669
+ "timestamp": "1461135282",
1670
+ "value": "SBieDll.dll|f80edbb0fcfe7cec17592f61a06e4df2",
1671
+ "type": "filename|md5",
1672
+ "to_ids": true,
1673
+ "object_relation": null,
1674
+ "comment": "Imported via the freetext import.",
1675
+ "uuid": "571727b2-5eb0-4dce-98b8-4dba950d210f",
1676
+ "category": "Payload delivery"
1677
+ },
1678
+ {
1679
+ "timestamp": "1461135282",
1680
+ "value": "dll2.xor|ce8ec932be16b69ffa06626b3b423395",
1681
+ "type": "filename|md5",
1682
+ "to_ids": true,
1683
+ "object_relation": null,
1684
+ "comment": "Imported via the freetext import.",
1685
+ "uuid": "571727b2-c0ec-413f-abe2-467c950d210f",
1686
+ "category": "Payload delivery"
1687
+ },
1688
+ {
1689
+ "timestamp": "1461135283",
1690
+ "value": "maindll.dll|d8ede9e6c3a1a30398b0b98130ee3b38",
1691
+ "type": "filename|md5",
1692
+ "to_ids": true,
1693
+ "object_relation": null,
1694
+ "comment": "Imported via the freetext import.",
1695
+ "uuid": "571727b3-cc50-4e24-8329-49c8950d210f",
1696
+ "category": "Payload delivery"
1697
+ },
1698
+ {
1699
+ "timestamp": "1461135284",
1700
+ "value": "nvsvc.exe|e0eb981ad6be0bd16246d5d442028687",
1701
+ "type": "filename|md5",
1702
+ "to_ids": true,
1703
+ "object_relation": null,
1704
+ "comment": "Imported via the freetext import.",
1705
+ "uuid": "571727b4-a3b8-4cbc-be4a-4ebc950d210f",
1706
+ "category": "Payload delivery"
1707
+ },
1708
+ {
1709
+ "timestamp": "1461135285",
1710
+ "value": "runas.exe|6a541de84074a2c4ff99eb43252d9030",
1711
+ "type": "filename|md5",
1712
+ "to_ids": true,
1713
+ "object_relation": null,
1714
+ "comment": "Imported via the freetext import.",
1715
+ "uuid": "571727b5-f7e8-45ce-b313-4df9950d210f",
1716
+ "category": "Payload delivery"
1717
+ },
1718
+ {
1719
+ "timestamp": "1461135892",
1720
+ "value": "983333e2c878a62d95747c36748198f0",
1721
+ "type": "md5",
1722
+ "to_ids": true,
1723
+ "object_relation": null,
1724
+ "comment": "Imported via the freetext import.",
1725
+ "uuid": "57172a14-7bd8-4080-9f8a-4167950d210f",
1726
+ "category": "Payload delivery"
1727
+ },
1728
+ {
1729
+ "timestamp": "1461136137",
1730
+ "value": "5ff7e8bd99466159e0285a2029cd3bdd3fed220b",
1731
+ "type": "sha1",
1732
+ "to_ids": true,
1733
+ "object_relation": null,
1734
+ "comment": "Imported via the freetext import. - Xchecked via VT: b9914fb8c645e0c41d497db303c1ffa594da709686252fccb8d28dffac86275b",
1735
+ "uuid": "57172b09-ec08-4253-84d9-497402de0b81",
1736
+ "category": "Payload delivery"
1737
+ },
1738
+ {
1739
+ "timestamp": "1461136138",
1740
+ "value": "https://www.virustotal.com/file/b9914fb8c645e0c41d497db303c1ffa594da709686252fccb8d28dffac86275b/analysis/1395781579/",
1741
+ "type": "link",
1742
+ "to_ids": false,
1743
+ "object_relation": null,
1744
+ "comment": "",
1745
+ "uuid": "57172b0a-fb18-45f2-8f9d-4ac102de0b81",
1746
+ "category": "External analysis"
1747
+ },
1748
+ {
1749
+ "timestamp": "1461136138",
1750
+ "value": "94be2b286a5b0bfe1a0aa575153f919cb3e1d4d9",
1751
+ "type": "sha1",
1752
+ "to_ids": true,
1753
+ "object_relation": null,
1754
+ "comment": "T9000 man binary - Xchecked via VT: 7c04286734718300e2c0691be9b6622f2d2525ca07ab27102a424af6f8cc3aec",
1755
+ "uuid": "57172b0a-c39c-4fb0-ad04-437302de0b81",
1756
+ "category": "Payload delivery"
1757
+ },
1758
+ {
1759
+ "timestamp": "1461136138",
1760
+ "value": "https://www.virustotal.com/file/7c04286734718300e2c0691be9b6622f2d2525ca07ab27102a424af6f8cc3aec/analysis/1456141482/",
1761
+ "type": "link",
1762
+ "to_ids": false,
1763
+ "object_relation": null,
1764
+ "comment": "",
1765
+ "uuid": "57172b0a-3154-4f7c-9b4a-473702de0b81",
1766
+ "category": "External analysis"
1767
+ },
1768
+ {
1769
+ "timestamp": "1461136139",
1770
+ "value": "e4007951cfbc27216e9c81eb75bff9ddac9d6f7c",
1771
+ "type": "sha1",
1772
+ "to_ids": true,
1773
+ "object_relation": null,
1774
+ "comment": "RTF - Xchecked via VT: 8e4de6fb35ce4cd47e06b48fb86b7da3eba02031cfd8ae714e25f8f7903f0141",
1775
+ "uuid": "57172b0b-c0ac-4958-9e53-420a02de0b81",
1776
+ "category": "Payload delivery"
1777
+ },
1778
+ {
1779
+ "timestamp": "1461136139",
1780
+ "value": "https://www.virustotal.com/file/8e4de6fb35ce4cd47e06b48fb86b7da3eba02031cfd8ae714e25f8f7903f0141/analysis/1457170420/",
1781
+ "type": "link",
1782
+ "to_ids": false,
1783
+ "object_relation": null,
1784
+ "comment": "",
1785
+ "uuid": "57172b0b-1d78-4aae-939a-4a6d02de0b81",
1786
+ "category": "External analysis"
1787
+ },
1788
+ {
1789
+ "timestamp": "1461136139",
1790
+ "value": "2552c92922e2391246e761dcfc1e4b930fc4ae2f",
1791
+ "type": "sha1",
1792
+ "to_ids": true,
1793
+ "object_relation": null,
1794
+ "comment": "Imported via the freetext import. - Xchecked via VT: d5fa43be20aa94baf1737289c5034e2235f1393890fb6f4e8d4104565be52d8c",
1795
+ "uuid": "57172b0b-0a64-4adf-bf72-441802de0b81",
1796
+ "category": "Payload delivery"
1797
+ },
1798
+ {
1799
+ "timestamp": "1461136140",
1800
+ "value": "https://www.virustotal.com/file/d5fa43be20aa94baf1737289c5034e2235f1393890fb6f4e8d4104565be52d8c/analysis/1455281121/",
1801
+ "type": "link",
1802
+ "to_ids": false,
1803
+ "object_relation": null,
1804
+ "comment": "",
1805
+ "uuid": "57172b0c-83d0-4f34-9174-4a5e02de0b81",
1806
+ "category": "External analysis"
1807
+ },
1808
+ {
1809
+ "timestamp": "1461136140",
1810
+ "value": "b57c11f3f3b272d3ac49cc6ef684ccebe48ebf15",
1811
+ "type": "sha1",
1812
+ "to_ids": true,
1813
+ "object_relation": null,
1814
+ "comment": "RTF - Xchecked via VT: 647b443ecaa38d2834e5681f20540fa84a5cf2b7e1bee6a2524ce59783cb8d1b",
1815
+ "uuid": "57172b0c-8a80-4cb3-a81d-44ed02de0b81",
1816
+ "category": "Payload delivery"
1817
+ },
1818
+ {
1819
+ "timestamp": "1461136140",
1820
+ "value": "https://www.virustotal.com/file/647b443ecaa38d2834e5681f20540fa84a5cf2b7e1bee6a2524ce59783cb8d1b/analysis/1453199270/",
1821
+ "type": "link",
1822
+ "to_ids": false,
1823
+ "object_relation": null,
1824
+ "comment": "",
1825
+ "uuid": "57172b0c-49a0-4108-813f-4ef302de0b81",
1826
+ "category": "External analysis"
1827
+ },
1828
+ {
1829
+ "timestamp": "1461136141",
1830
+ "value": "a44f10783544927137fe94d998523c4ac9a45b92",
1831
+ "type": "sha1",
1832
+ "to_ids": true,
1833
+ "object_relation": null,
1834
+ "comment": "Imported via the freetext import. - Xchecked via VT: f6bc895b36446d172c4a99be2587376b48fa3b1b0f6150eb8ab83f649f7b8bc6",
1835
+ "uuid": "57172b0d-b1fc-4e7a-af10-416702de0b81",
1836
+ "category": "Payload delivery"
1837
+ },
1838
+ {
1839
+ "timestamp": "1461136141",
1840
+ "value": "https://www.virustotal.com/file/f6bc895b36446d172c4a99be2587376b48fa3b1b0f6150eb8ab83f649f7b8bc6/analysis/1452679497/",
1841
+ "type": "link",
1842
+ "to_ids": false,
1843
+ "object_relation": null,
1844
+ "comment": "",
1845
+ "uuid": "57172b0d-78a8-457f-af6d-446f02de0b81",
1846
+ "category": "External analysis"
1847
+ },
1848
+ {
1849
+ "timestamp": "1461136142",
1850
+ "value": "2dcb8061c8473c48a6877b26a8704d1b764e7ece",
1851
+ "type": "sha1",
1852
+ "to_ids": true,
1853
+ "object_relation": null,
1854
+ "comment": "Imported via the freetext import. - Xchecked via VT: ad251fd7427c0334f34aabe100a216b4af48b1ab4a01705f44b3421edd0be6ae",
1855
+ "uuid": "57172b0e-7aa4-49ce-aeb6-43b002de0b81",
1856
+ "category": "Payload delivery"
1857
+ },
1858
+ {
1859
+ "timestamp": "1461136142",
1860
+ "value": "https://www.virustotal.com/file/ad251fd7427c0334f34aabe100a216b4af48b1ab4a01705f44b3421edd0be6ae/analysis/1453200173/",
1861
+ "type": "link",
1862
+ "to_ids": false,
1863
+ "object_relation": null,
1864
+ "comment": "",
1865
+ "uuid": "57172b0e-2518-42b2-a3f1-40e902de0b81",
1866
+ "category": "External analysis"
1867
+ },
1868
+ {
1869
+ "timestamp": "1461136142",
1870
+ "value": "cbac437a51f5b0942ddd4999eeee83dabd8f4304",
1871
+ "type": "sha1",
1872
+ "to_ids": true,
1873
+ "object_relation": null,
1874
+ "comment": "- Xchecked via VT: c61dbc7b51caab1d0353cbba9a8f51f65ef167459277c1c16f15eb6c7025cfe3",
1875
+ "uuid": "57172b0e-0ba8-4133-bb81-4bf902de0b81",
1876
+ "category": "Payload delivery"
1877
+ },
1878
+ {
1879
+ "timestamp": "1461136143",
1880
+ "value": "https://www.virustotal.com/file/c61dbc7b51caab1d0353cbba9a8f51f65ef167459277c1c16f15eb6c7025cfe3/analysis/1458792067/",
1881
+ "type": "link",
1882
+ "to_ids": false,
1883
+ "object_relation": null,
1884
+ "comment": "",
1885
+ "uuid": "57172b0f-0068-4f9d-8aa1-414002de0b81",
1886
+ "category": "External analysis"
1887
+ },
1888
+ {
1889
+ "timestamp": "1461136143",
1890
+ "value": "9f99c171532faec90ac1371ff077423b3cb64613",
1891
+ "type": "sha1",
1892
+ "to_ids": true,
1893
+ "object_relation": null,
1894
+ "comment": "- Xchecked via VT: e52b5ed63719a2798314a9c49c42c0ed4eb22a1ac4a2ad30e8bfc899edcea926",
1895
+ "uuid": "57172b0f-cc1c-49b9-8bae-4bf302de0b81",
1896
+ "category": "Payload delivery"
1897
+ },
1898
+ {
1899
+ "timestamp": "1461136143",
1900
+ "value": "https://www.virustotal.com/file/e52b5ed63719a2798314a9c49c42c0ed4eb22a1ac4a2ad30e8bfc899edcea926/analysis/1459253251/",
1901
+ "type": "link",
1902
+ "to_ids": false,
1903
+ "object_relation": null,
1904
+ "comment": "",
1905
+ "uuid": "57172b0f-e398-420a-a136-49d302de0b81",
1906
+ "category": "External analysis"
1907
+ },
1908
+ {
1909
+ "timestamp": "1461136144",
1910
+ "value": "c25ac5e3c7739cb404d38437933539d082ed0919",
1911
+ "type": "sha1",
1912
+ "to_ids": true,
1913
+ "object_relation": null,
1914
+ "comment": "- Xchecked via VT: c22b40db7f9f8ebdbde4e5fc3a44e15449f75c40830c88932f9abd541cc78465",
1915
+ "uuid": "57172b10-07e0-4001-a6d8-4fac02de0b81",
1916
+ "category": "Payload delivery"
1917
+ },
1918
+ {
1919
+ "timestamp": "1461136144",
1920
+ "value": "https://www.virustotal.com/file/c22b40db7f9f8ebdbde4e5fc3a44e15449f75c40830c88932f9abd541cc78465/analysis/1457523266/",
1921
+ "type": "link",
1922
+ "to_ids": false,
1923
+ "object_relation": null,
1924
+ "comment": "",
1925
+ "uuid": "57172b10-30a4-4633-9876-46b902de0b81",
1926
+ "category": "External analysis"
1927
+ },
1928
+ {
1929
+ "timestamp": "1461136145",
1930
+ "value": "5842ba2f51517d3276f5662398d6d3f19e44a345",
1931
+ "type": "sha1",
1932
+ "to_ids": true,
1933
+ "object_relation": null,
1934
+ "comment": "- Xchecked via VT: bb73261072d2ef220b8f87c6bb7488ad2da736790898d61f33a5fb7747abf48b",
1935
+ "uuid": "57172b11-b8f4-4ba3-8482-4f6e02de0b81",
1936
+ "category": "Payload delivery"
1937
+ },
1938
+ {
1939
+ "timestamp": "1461136145",
1940
+ "value": "https://www.virustotal.com/file/bb73261072d2ef220b8f87c6bb7488ad2da736790898d61f33a5fb7747abf48b/analysis/1454685259/",
1941
+ "type": "link",
1942
+ "to_ids": false,
1943
+ "object_relation": null,
1944
+ "comment": "",
1945
+ "uuid": "57172b11-45b0-42ab-9d84-41a302de0b81",
1946
+ "category": "External analysis"
1947
+ },
1948
+ {
1949
+ "timestamp": "1461136145",
1950
+ "value": "c2c49007a99b79f6e74382fa22ed595602a24130",
1951
+ "type": "sha1",
1952
+ "to_ids": true,
1953
+ "object_relation": null,
1954
+ "comment": "- Xchecked via VT: f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27",
1955
+ "uuid": "57172b11-b554-4a57-9917-474502de0b81",
1956
+ "category": "Payload delivery"
1957
+ },
1958
+ {
1959
+ "timestamp": "1461136146",
1960
+ "value": "https://www.virustotal.com/file/f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27/analysis/1461046893/",
1961
+ "type": "link",
1962
+ "to_ids": false,
1963
+ "object_relation": null,
1964
+ "comment": "",
1965
+ "uuid": "57172b12-f8e0-43a0-b10f-469802de0b81",
1966
+ "category": "External analysis"
1967
+ },
1968
+ {
1969
+ "timestamp": "1461136146",
1970
+ "value": "cb57196bde3f520e87c948b4676bf487c0fd513e",
1971
+ "type": "sha1",
1972
+ "to_ids": true,
1973
+ "object_relation": null,
1974
+ "comment": "- Xchecked via VT: 3dfc94605daf51ebd7bbccbb3a9049999f8d555db0999a6a7e6265a7e458cab9",
1975
+ "uuid": "57172b12-ccb4-414a-892f-4d1602de0b81",
1976
+ "category": "Payload delivery"
1977
+ },
1978
+ {
1979
+ "timestamp": "1461136146",
1980
+ "value": "https://www.virustotal.com/file/3dfc94605daf51ebd7bbccbb3a9049999f8d555db0999a6a7e6265a7e458cab9/analysis/1459165746/",
1981
+ "type": "link",
1982
+ "to_ids": false,
1983
+ "object_relation": null,
1984
+ "comment": "",
1985
+ "uuid": "57172b12-b1d4-4cb1-a6d8-48ee02de0b81",
1986
+ "category": "External analysis"
1987
+ },
1988
+ {
1989
+ "timestamp": "1461136147",
1990
+ "value": "fb7eba5de0304aa81711e645d6f3f203a1092613",
1991
+ "type": "sha1",
1992
+ "to_ids": true,
1993
+ "object_relation": null,
1994
+ "comment": "- Xchecked via VT: 1cea4e49bd785378d8beb863bb8eb662042dffd18c85b8c14c74a0367071d9a7",
1995
+ "uuid": "57172b13-c430-4759-beca-4a0e02de0b81",
1996
+ "category": "Payload delivery"
1997
+ },
1998
+ {
1999
+ "timestamp": "1461136147",
2000
+ "value": "https://www.virustotal.com/file/1cea4e49bd785378d8beb863bb8eb662042dffd18c85b8c14c74a0367071d9a7/analysis/1455281133/",
2001
+ "type": "link",
2002
+ "to_ids": false,
2003
+ "object_relation": null,
2004
+ "comment": "",
2005
+ "uuid": "57172b13-f4b0-42e3-94e1-4fa402de0b81",
2006
+ "category": "External analysis"
2007
+ },
2008
+ {
2009
+ "timestamp": "1461136148",
2010
+ "value": "d9296175d7894bdbd5db1b7b477bdd39b8652ac6",
2011
+ "type": "sha1",
2012
+ "to_ids": true,
2013
+ "object_relation": null,
2014
+ "comment": "- Xchecked via VT: ace7e3535f2f1fe32e693920a9f411eea21682c87a8e6661d3b67330cd221a2a",
2015
+ "uuid": "57172b14-295c-4018-8c0b-4ff702de0b81",
2016
+ "category": "Payload delivery"
2017
+ },
2018
+ {
2019
+ "timestamp": "1461136148",
2020
+ "value": "https://www.virustotal.com/file/ace7e3535f2f1fe32e693920a9f411eea21682c87a8e6661d3b67330cd221a2a/analysis/1461046904/",
2021
+ "type": "link",
2022
+ "to_ids": false,
2023
+ "object_relation": null,
2024
+ "comment": "",
2025
+ "uuid": "57172b14-4674-4191-94f8-4a8802de0b81",
2026
+ "category": "External analysis"
2027
+ },
2028
+ {
2029
+ "timestamp": "1461136148",
2030
+ "value": "6f3c21da298db324b7d2c299c219bd75c49d9dfd",
2031
+ "type": "sha1",
2032
+ "to_ids": true,
2033
+ "object_relation": null,
2034
+ "comment": "- Xchecked via VT: 5b90fa081e3ac29a7339995f9b087dab9981409ff62e3215eb558908c6b96b14",
2035
+ "uuid": "57172b14-6408-4a0d-83f5-4e9b02de0b81",
2036
+ "category": "Payload delivery"
2037
+ },
2038
+ {
2039
+ "timestamp": "1461136149",
2040
+ "value": "https://www.virustotal.com/file/5b90fa081e3ac29a7339995f9b087dab9981409ff62e3215eb558908c6b96b14/analysis/1461046903/",
2041
+ "type": "link",
2042
+ "to_ids": false,
2043
+ "object_relation": null,
2044
+ "comment": "",
2045
+ "uuid": "57172b15-8988-4d9e-a32e-420602de0b81",
2046
+ "category": "External analysis"
2047
+ },
2048
+ {
2049
+ "timestamp": "1461136149",
2050
+ "value": "73160d3a59db4a5858cd51ef7428a444caaf7cc4",
2051
+ "type": "sha1",
2052
+ "to_ids": true,
2053
+ "object_relation": null,
2054
+ "comment": "- Xchecked via VT: bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f",
2055
+ "uuid": "57172b15-ae10-4a05-a760-470702de0b81",
2056
+ "category": "Payload delivery"
2057
+ },
2058
+ {
2059
+ "timestamp": "1461136149",
2060
+ "value": "https://www.virustotal.com/file/bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f/analysis/1456141391/",
2061
+ "type": "link",
2062
+ "to_ids": false,
2063
+ "object_relation": null,
2064
+ "comment": "",
2065
+ "uuid": "57172b15-61e4-481c-be10-44b702de0b81",
2066
+ "category": "External analysis"
2067
+ },
2068
+ {
2069
+ "timestamp": "1461136150",
2070
+ "value": "b8f03d78c139faee34293a727e7be74ad0a511d9",
2071
+ "type": "sha1",
2072
+ "to_ids": true,
2073
+ "object_relation": null,
2074
+ "comment": "- Xchecked via VT: 9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95",
2075
+ "uuid": "57172b16-3340-4e35-97a0-4bd902de0b81",
2076
+ "category": "Payload delivery"
2077
+ },
2078
+ {
2079
+ "timestamp": "1461136150",
2080
+ "value": "https://www.virustotal.com/file/9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95/analysis/1456962260/",
2081
+ "type": "link",
2082
+ "to_ids": false,
2083
+ "object_relation": null,
2084
+ "comment": "",
2085
+ "uuid": "57172b16-0ce0-4c6f-b784-454502de0b81",
2086
+ "category": "External analysis"
2087
+ },
2088
+ {
2089
+ "timestamp": "1461136151",
2090
+ "value": "d22394046ee36dce7ca64ff95d095cdb02c88629",
2091
+ "type": "sha1",
2092
+ "to_ids": true,
2093
+ "object_relation": null,
2094
+ "comment": "- Xchecked via VT: 5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c",
2095
+ "uuid": "57172b17-5f24-4f62-b72b-4c2002de0b81",
2096
+ "category": "Payload delivery"
2097
+ },
2098
+ {
2099
+ "timestamp": "1461136151",
2100
+ "value": "https://www.virustotal.com/file/5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c/analysis/1454953266/",
2101
+ "type": "link",
2102
+ "to_ids": false,
2103
+ "object_relation": null,
2104
+ "comment": "",
2105
+ "uuid": "57172b17-4414-4f3f-8fc8-49ea02de0b81",
2106
+ "category": "External analysis"
2107
+ },
2108
+ {
2109
+ "timestamp": "1461136151",
2110
+ "value": "ef97f13f49266a170f4d334482376bb31335fc323ed80917b9943207ff75f750",
2111
+ "type": "sha256",
2112
+ "to_ids": true,
2113
+ "object_relation": null,
2114
+ "comment": "Imported via the freetext import. - Xchecked via VT: 983333e2c878a62d95747c36748198f0",
2115
+ "uuid": "57172b17-868c-4c3b-b79d-45aa02de0b81",
2116
+ "category": "Payload delivery"
2117
+ },
2118
+ {
2119
+ "timestamp": "1461136152",
2120
+ "value": "b27957884d6506b24751b3d81fb243fb4d97afe5",
2121
+ "type": "sha1",
2122
+ "to_ids": true,
2123
+ "object_relation": null,
2124
+ "comment": "Imported via the freetext import. - Xchecked via VT: 983333e2c878a62d95747c36748198f0",
2125
+ "uuid": "57172b18-fe4c-41b3-abfe-4c5602de0b81",
2126
+ "category": "Payload delivery"
2127
+ },
2128
+ {
2129
+ "timestamp": "1461136152",
2130
+ "value": "https://www.virustotal.com/file/ef97f13f49266a170f4d334482376bb31335fc323ed80917b9943207ff75f750/analysis/1385566211/",
2131
+ "type": "link",
2132
+ "to_ids": false,
2133
+ "object_relation": null,
2134
+ "comment": "",
2135
+ "uuid": "57172b18-ec7c-4e74-b032-49e302de0b81",
2136
+ "category": "External analysis"
2137
+ },
2138
+ {
2139
+ "timestamp": "1461136152",
2140
+ "value": "5b34b3365eb6a6c700b391172849a2668d66a167669018ae3b9555bc2d1e54ab",
2141
+ "type": "sha256",
2142
+ "to_ids": true,
2143
+ "object_relation": null,
2144
+ "comment": "Imported via the freetext import. - Xchecked via VT: 6a541de84074a2c4ff99eb43252d9030",
2145
+ "uuid": "57172b18-d2dc-423c-ba45-49a002de0b81",
2146
+ "category": "Payload delivery"
2147
+ },
2148
+ {
2149
+ "timestamp": "1461136153",
2150
+ "value": "c2ffd2f81a33e962b48df1b39c296a163e34aeea",
2151
+ "type": "sha1",
2152
+ "to_ids": true,
2153
+ "object_relation": null,
2154
+ "comment": "Imported via the freetext import. - Xchecked via VT: 6a541de84074a2c4ff99eb43252d9030",
2155
+ "uuid": "57172b19-ab98-403b-bea6-44ce02de0b81",
2156
+ "category": "Payload delivery"
2157
+ },
2158
+ {
2159
+ "timestamp": "1461136153",
2160
+ "value": "https://www.virustotal.com/file/5b34b3365eb6a6c700b391172849a2668d66a167669018ae3b9555bc2d1e54ab/analysis/1456856209/",
2161
+ "type": "link",
2162
+ "to_ids": false,
2163
+ "object_relation": null,
2164
+ "comment": "",
2165
+ "uuid": "57172b19-c660-45a5-8c0d-4d5802de0b81",
2166
+ "category": "External analysis"
2167
+ },
2168
+ {
2169
+ "timestamp": "1461136153",
2170
+ "value": "ec05e37230e6534fa148b8e022f797ad0afe80f699fbd222a46672118663cf00",
2171
+ "type": "sha256",
2172
+ "to_ids": true,
2173
+ "object_relation": null,
2174
+ "comment": "Imported via the freetext import. - Xchecked via VT: e0eb981ad6be0bd16246d5d442028687",
2175
+ "uuid": "57172b19-bd24-4c48-9f17-44cb02de0b81",
2176
+ "category": "Payload delivery"
2177
+ },
2178
+ {
2179
+ "timestamp": "1461136154",
2180
+ "value": "cbeffef7965a081490171ad36e3001bd74e4123b",
2181
+ "type": "sha1",
2182
+ "to_ids": true,
2183
+ "object_relation": null,
2184
+ "comment": "Imported via the freetext import. - Xchecked via VT: e0eb981ad6be0bd16246d5d442028687",
2185
+ "uuid": "57172b1a-48e0-4588-acb3-48fa02de0b81",
2186
+ "category": "Payload delivery"
2187
+ },
2188
+ {
2189
+ "timestamp": "1461136154",
2190
+ "value": "https://www.virustotal.com/file/ec05e37230e6534fa148b8e022f797ad0afe80f699fbd222a46672118663cf00/analysis/1456856205/",
2191
+ "type": "link",
2192
+ "to_ids": false,
2193
+ "object_relation": null,
2194
+ "comment": "",
2195
+ "uuid": "57172b1a-3d00-4a32-a155-4a8f02de0b81",
2196
+ "category": "External analysis"
2197
+ },
2198
+ {
2199
+ "timestamp": "1461136155",
2200
+ "value": "5838582ea26312cc60b43da555189b439d3688597a705e3a52dc4d935517f69d",
2201
+ "type": "sha256",
2202
+ "to_ids": true,
2203
+ "object_relation": null,
2204
+ "comment": "Imported via the freetext import. - Xchecked via VT: d8ede9e6c3a1a30398b0b98130ee3b38",
2205
+ "uuid": "57172b1b-bda4-481e-91aa-4f1a02de0b81",
2206
+ "category": "Payload delivery"
2207
+ },
2208
+ {
2209
+ "timestamp": "1461136155",
2210
+ "value": "7536c344b450af882910ce8c9620d0254aff294c",
2211
+ "type": "sha1",
2212
+ "to_ids": true,
2213
+ "object_relation": null,
2214
+ "comment": "Imported via the freetext import. - Xchecked via VT: d8ede9e6c3a1a30398b0b98130ee3b38",
2215
+ "uuid": "57172b1b-dc30-447b-898a-458202de0b81",
2216
+ "category": "Payload delivery"
2217
+ },
2218
+ {
2219
+ "timestamp": "1461136155",
2220
+ "value": "https://www.virustotal.com/file/5838582ea26312cc60b43da555189b439d3688597a705e3a52dc4d935517f69d/analysis/1461075979/",
2221
+ "type": "link",
2222
+ "to_ids": false,
2223
+ "object_relation": null,
2224
+ "comment": "",
2225
+ "uuid": "57172b1b-43d4-40b6-baac-41e702de0b81",
2226
+ "category": "External analysis"
2227
+ },
2228
+ {
2229
+ "timestamp": "1461136156",
2230
+ "value": "2ac69633da711f244377483d99fac53089ec6614a61d8a1492a0e7228cbb8ffd",
2231
+ "type": "sha256",
2232
+ "to_ids": true,
2233
+ "object_relation": null,
2234
+ "comment": "Imported via the freetext import. - Xchecked via VT: f80edbb0fcfe7cec17592f61a06e4df2",
2235
+ "uuid": "57172b1c-b8d0-4a48-bb1d-46da02de0b81",
2236
+ "category": "Payload delivery"
2237
+ },
2238
+ {
2239
+ "timestamp": "1461136156",
2240
+ "value": "e11c82def33edf7162c6b3b24546af341069f4f4",
2241
+ "type": "sha1",
2242
+ "to_ids": true,
2243
+ "object_relation": null,
2244
+ "comment": "Imported via the freetext import. - Xchecked via VT: f80edbb0fcfe7cec17592f61a06e4df2",
2245
+ "uuid": "57172b1c-4444-48d9-b21d-408b02de0b81",
2246
+ "category": "Payload delivery"
2247
+ },
2248
+ {
2249
+ "timestamp": "1461136156",
2250
+ "value": "https://www.virustotal.com/file/2ac69633da711f244377483d99fac53089ec6614a61d8a1492a0e7228cbb8ffd/analysis/1461089261/",
2251
+ "type": "link",
2252
+ "to_ids": false,
2253
+ "object_relation": null,
2254
+ "comment": "",
2255
+ "uuid": "57172b1c-dfbc-4ceb-af43-40ed02de0b81",
2256
+ "category": "External analysis"
2257
+ },
2258
+ {
2259
+ "timestamp": "1461136157",
2260
+ "value": "4849af113960f473749acf71d11d56854589cf21d623e66c7408bebd5ad0608f",
2261
+ "type": "sha256",
2262
+ "to_ids": true,
2263
+ "object_relation": null,
2264
+ "comment": "Imported via the freetext import. - Xchecked via VT: f70b295c6a5121b918682310ce0c2165",
2265
+ "uuid": "57172b1d-edf0-4761-baab-4b6902de0b81",
2266
+ "category": "Payload delivery"
2267
+ },
2268
+ {
2269
+ "timestamp": "1461136157",
2270
+ "value": "367c0e93dc97478e2f0101e23cae084467932cb2",
2271
+ "type": "sha1",
2272
+ "to_ids": true,
2273
+ "object_relation": null,
2274
+ "comment": "Imported via the freetext import. - Xchecked via VT: f70b295c6a5121b918682310ce0c2165",
2275
+ "uuid": "57172b1d-add4-4872-8f43-46aa02de0b81",
2276
+ "category": "Payload delivery"
2277
+ },
2278
+ {
2279
+ "timestamp": "1461136157",
2280
+ "value": "https://www.virustotal.com/file/4849af113960f473749acf71d11d56854589cf21d623e66c7408bebd5ad0608f/analysis/1461046897/",
2281
+ "type": "link",
2282
+ "to_ids": false,
2283
+ "object_relation": null,
2284
+ "comment": "",
2285
+ "uuid": "57172b1d-0d80-4dbf-80b8-4b8202de0b81",
2286
+ "category": "External analysis"
2287
+ },
2288
+ {
2289
+ "timestamp": "1461136158",
2290
+ "value": "5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d",
2291
+ "type": "sha256",
2292
+ "to_ids": true,
2293
+ "object_relation": null,
2294
+ "comment": "Imported via the freetext import. - Xchecked via VT: d579d7a42ff140952da57264614c37bc",
2295
+ "uuid": "57172b1e-faac-4a67-a2ff-472802de0b81",
2296
+ "category": "Payload delivery"
2297
+ },
2298
+ {
2299
+ "timestamp": "1461136158",
2300
+ "value": "62d16dc7335729e2d3508335b12787865f4f6035",
2301
+ "type": "sha1",
2302
+ "to_ids": true,
2303
+ "object_relation": null,
2304
+ "comment": "Imported via the freetext import. - Xchecked via VT: d579d7a42ff140952da57264614c37bc",
2305
+ "uuid": "57172b1e-d608-4814-bd1c-4a7502de0b81",
2306
+ "category": "Payload delivery"
2307
+ },
2308
+ {
2309
+ "timestamp": "1461136158",
2310
+ "value": "https://www.virustotal.com/file/5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d/analysis/1452527131/",
2311
+ "type": "link",
2312
+ "to_ids": false,
2313
+ "object_relation": null,
2314
+ "comment": "",
2315
+ "uuid": "57172b1e-dd84-43fe-b7c0-4adf02de0b81",
2316
+ "category": "External analysis"
2317
+ },
2318
+ {
2319
+ "timestamp": "1461136159",
2320
+ "value": "bedfbfe249b4a2be35bbfb1cf166d2119e132ee7c608909d34238e9eba6c9749",
2321
+ "type": "sha256",
2322
+ "to_ids": true,
2323
+ "object_relation": null,
2324
+ "comment": "Imported via the freetext import. - Xchecked via VT: f9f8d1c53d312f17c6f830e7b4e6651d",
2325
+ "uuid": "57172b1f-add0-49b0-adfa-4e4e02de0b81",
2326
+ "category": "Payload delivery"
2327
+ },
2328
+ {
2329
+ "timestamp": "1461136159",
2330
+ "value": "6b3eb6069b69fbcfa6e1e9c231ce95674d698f51",
2331
+ "type": "sha1",
2332
+ "to_ids": true,
2333
+ "object_relation": null,
2334
+ "comment": "Imported via the freetext import. - Xchecked via VT: f9f8d1c53d312f17c6f830e7b4e6651d",
2335
+ "uuid": "57172b1f-3090-4011-a9e9-444902de0b81",
2336
+ "category": "Payload delivery"
2337
+ },
2338
+ {
2339
+ "timestamp": "1461136160",
2340
+ "value": "https://www.virustotal.com/file/bedfbfe249b4a2be35bbfb1cf166d2119e132ee7c608909d34238e9eba6c9749/analysis/1461046900/",
2341
+ "type": "link",
2342
+ "to_ids": false,
2343
+ "object_relation": null,
2344
+ "comment": "",
2345
+ "uuid": "57172b20-0268-42e0-9264-4cd902de0b81",
2346
+ "category": "External analysis"
2347
+ },
2348
+ {
2349
+ "timestamp": "1461136160",
2350
+ "value": "9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692",
2351
+ "type": "sha256",
2352
+ "to_ids": true,
2353
+ "object_relation": null,
2354
+ "comment": "Imported via the freetext import. - Xchecked via VT: 47e60e347b5791d5f17939f9c97fee01",
2355
+ "uuid": "57172b20-9494-4e9e-9e67-40e902de0b81",
2356
+ "category": "Payload delivery"
2357
+ },
2358
+ {
2359
+ "timestamp": "1461136160",
2360
+ "value": "86ba123a6c28df4a470de09c5fdc5ac5ae3d24ce",
2361
+ "type": "sha1",
2362
+ "to_ids": true,
2363
+ "object_relation": null,
2364
+ "comment": "Imported via the freetext import. - Xchecked via VT: 47e60e347b5791d5f17939f9c97fee01",
2365
+ "uuid": "57172b20-f1b0-4c9a-b746-484102de0b81",
2366
+ "category": "Payload delivery"
2367
+ },
2368
+ {
2369
+ "timestamp": "1461136161",
2370
+ "value": "https://www.virustotal.com/file/9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692/analysis/1461046910/",
2371
+ "type": "link",
2372
+ "to_ids": false,
2373
+ "object_relation": null,
2374
+ "comment": "",
2375
+ "uuid": "57172b21-3880-4218-9131-437a02de0b81",
2376
+ "category": "External analysis"
2377
+ },
2378
+ {
2379
+ "timestamp": "1461136161",
2380
+ "value": "cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082",
2381
+ "type": "sha256",
2382
+ "to_ids": true,
2383
+ "object_relation": null,
2384
+ "comment": "Imported via the freetext import. - Xchecked via VT: 07eb4867e436bbef759a9877402af994",
2385
+ "uuid": "57172b21-5834-47e6-a2c7-41f402de0b81",
2386
+ "category": "Payload delivery"
2387
+ },
2388
+ {
2389
+ "timestamp": "1461136161",
2390
+ "value": "4d758a60b57d2f693fc4a87cbc74ec1744a644ce",
2391
+ "type": "sha1",
2392
+ "to_ids": true,
2393
+ "object_relation": null,
2394
+ "comment": "Imported via the freetext import. - Xchecked via VT: 07eb4867e436bbef759a9877402af994",
2395
+ "uuid": "57172b21-2738-44d4-857b-426e02de0b81",
2396
+ "category": "Payload delivery"
2397
+ },
2398
+ {
2399
+ "timestamp": "1461136162",
2400
+ "value": "https://www.virustotal.com/file/cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082/analysis/1452794663/",
2401
+ "type": "link",
2402
+ "to_ids": false,
2403
+ "object_relation": null,
2404
+ "comment": "",
2405
+ "uuid": "57172b22-3068-4484-8cfd-444602de0b81",
2406
+ "category": "External analysis"
2407
+ },
2408
+ {
2409
+ "timestamp": "1461136162",
2410
+ "value": "f0b5336b6f890e2029ac242ad2b613cad535828f7b7004a2284683f3195b7616",
2411
+ "type": "sha256",
2412
+ "to_ids": true,
2413
+ "object_relation": null,
2414
+ "comment": "Imported via the freetext import. - Xchecked via VT: e6ad959a18725954a56a7954d3f47671",
2415
+ "uuid": "57172b22-7284-4c9d-a29e-49e902de0b81",
2416
+ "category": "Payload delivery"
2417
+ },
2418
+ {
2419
+ "timestamp": "1461136162",
2420
+ "value": "62fbb1ed89888cbe7ffa7d01537545574c244bfd",
2421
+ "type": "sha1",
2422
+ "to_ids": true,
2423
+ "object_relation": null,
2424
+ "comment": "Imported via the freetext import. - Xchecked via VT: e6ad959a18725954a56a7954d3f47671",
2425
+ "uuid": "57172b22-8e80-4eab-ae04-417102de0b81",
2426
+ "category": "Payload delivery"
2427
+ },
2428
+ {
2429
+ "timestamp": "1461136163",
2430
+ "value": "https://www.virustotal.com/file/f0b5336b6f890e2029ac242ad2b613cad535828f7b7004a2284683f3195b7616/analysis/1461046885/",
2431
+ "type": "link",
2432
+ "to_ids": false,
2433
+ "object_relation": null,
2434
+ "comment": "",
2435
+ "uuid": "57172b23-045c-4ba6-8d54-41c502de0b81",
2436
+ "category": "External analysis"
2437
+ },
2438
+ {
2439
+ "timestamp": "1461136212",
2440
+ "value": "59.188.12.123",
2441
+ "type": "ip-dst",
2442
+ "to_ids": true,
2443
+ "object_relation": null,
2444
+ "comment": "On port 8008",
2445
+ "uuid": "57172b54-6d44-460d-ac20-40a7950d210f",
2446
+ "category": "Network activity"
2447
+ },
2448
+ {
2449
+ "timestamp": "1461136297",
2450
+ "value": "09ddd70517cb48a46d9f93644b29c72f",
2451
+ "type": "md5",
2452
+ "to_ids": true,
2453
+ "object_relation": null,
2454
+ "comment": "RTF",
2455
+ "uuid": "57172ba9-9b28-4af8-91e6-44e4950d210f",
2456
+ "category": "Payload delivery"
2457
+ },
2458
+ {
2459
+ "timestamp": "1461136298",
2460
+ "value": "d8becbd6f188e3fb2c4d23a2d36d137b",
2461
+ "type": "md5",
2462
+ "to_ids": true,
2463
+ "object_relation": null,
2464
+ "comment": "RAR",
2465
+ "uuid": "57172baa-a0c4-40e6-8de2-4c99950d210f",
2466
+ "category": "Payload delivery"
2467
+ },
2468
+ {
2469
+ "timestamp": "1461137412",
2470
+ "value": "www.whitewall.top",
2471
+ "type": "url",
2472
+ "to_ids": true,
2473
+ "object_relation": null,
2474
+ "comment": "On port 8080",
2475
+ "uuid": "57173004-40c8-44cc-a582-464a950d210f",
2476
+ "category": "Network activity"
2477
+ },
2478
+ {
2479
+ "timestamp": "1461137413",
2480
+ "value": "fsguidll.exe|2d7a648ebe64e536944c011c8dcbb375",
2481
+ "type": "filename|md5",
2482
+ "to_ids": true,
2483
+ "object_relation": null,
2484
+ "comment": "Imported via the freetext import.",
2485
+ "uuid": "57173005-f2dc-43f4-bd30-48b8950d210f",
2486
+ "category": "Payload delivery"
2487
+ },
2488
+ {
2489
+ "timestamp": "1461137414",
2490
+ "value": "fslapi.dll|13d3d0699562a57cf575dd7f969b3141",
2491
+ "type": "filename|md5",
2492
+ "to_ids": true,
2493
+ "object_relation": null,
2494
+ "comment": "Imported via the freetext import.",
2495
+ "uuid": "57173006-1804-4885-b572-44a9950d210f",
2496
+ "category": "Payload delivery"
2497
+ },
2498
+ {
2499
+ "timestamp": "1461137414",
2500
+ "value": "fslapi.dll.gui|894c251a3aad150f80a8af2539baf9d1",
2501
+ "type": "filename|md5",
2502
+ "to_ids": true,
2503
+ "object_relation": null,
2504
+ "comment": "Imported via the freetext import.",
2505
+ "uuid": "57173006-d0c4-47fc-903c-4f7f950d210f",
2506
+ "category": "Payload delivery"
2507
+ },
2508
+ {
2509
+ "timestamp": "1461138386",
2510
+ "value": "533cd66cf420e8919329ee850077319c",
2511
+ "type": "md5",
2512
+ "to_ids": true,
2513
+ "object_relation": null,
2514
+ "comment": "Imported via the freetext import.",
2515
+ "uuid": "571733d2-a0fc-4909-8c81-44ea950d210f",
2516
+ "category": "Payload delivery"
2517
+ },
2518
+ {
2519
+ "timestamp": "1461138386",
2520
+ "value": "0ba814941a0adb344cbf2a90552a66b52faa99a24d3107735da1db5a0e1f8360",
2521
+ "type": "sha256",
2522
+ "to_ids": true,
2523
+ "object_relation": null,
2524
+ "comment": "Imported via the freetext import.",
2525
+ "uuid": "571733d2-f430-45fa-b095-4a07950d210f",
2526
+ "category": "Payload delivery"
2527
+ },
2528
+ {
2529
+ "timestamp": "1461138386",
2530
+ "value": "e327abcfd09be4e8f64ef35026309747",
2531
+ "type": "md5",
2532
+ "to_ids": true,
2533
+ "object_relation": null,
2534
+ "comment": "Imported via the freetext import.",
2535
+ "uuid": "571733d2-0f0c-4b63-9c9a-4615950d210f",
2536
+ "category": "Payload delivery"
2537
+ },
2538
+ {
2539
+ "timestamp": "1461138387",
2540
+ "value": "8b6ef2f4e2af608c755b3114e98ab78ac89e089db5b0bece7f2dc68bd1026a78",
2541
+ "type": "sha256",
2542
+ "to_ids": true,
2543
+ "object_relation": null,
2544
+ "comment": "Imported via the freetext import.",
2545
+ "uuid": "571733d3-ce08-4636-9f75-41cb950d210f",
2546
+ "category": "Payload delivery"
2547
+ },
2548
+ {
2549
+ "timestamp": "1461138387",
2550
+ "value": "103873e3fa8dfc2360bb5c22761da04a",
2551
+ "type": "md5",
2552
+ "to_ids": true,
2553
+ "object_relation": null,
2554
+ "comment": "Imported via the freetext import.",
2555
+ "uuid": "571733d3-7fe4-430d-a31d-44aa950d210f",
2556
+ "category": "Payload delivery"
2557
+ },
2558
+ {
2559
+ "timestamp": "1461138387",
2560
+ "value": "40099e0f13ba47bd4ea4f3f49228ac8cffdf07700c4ef8089e3b5d8013e914a3",
2561
+ "type": "sha256",
2562
+ "to_ids": true,
2563
+ "object_relation": null,
2564
+ "comment": "Imported via the freetext import.",
2565
+ "uuid": "571733d3-a8e4-4198-aecd-4594950d210f",
2566
+ "category": "Payload delivery"
2567
+ },
2568
+ {
2569
+ "timestamp": "1461140878",
2570
+ "value": "98bcd226890c5c2694ef9a34a23c9fbf",
2571
+ "type": "md5",
2572
+ "to_ids": true,
2573
+ "object_relation": null,
2574
+ "comment": "RTF",
2575
+ "uuid": "57173d6f-0adc-4af5-b8c1-45ce950d210f",
2576
+ "category": "Payload delivery"
2577
+ },
2578
+ {
2579
+ "timestamp": "1461141045",
2580
+ "value": "e13a0357cd51795100dbce25fe846783fbb7fd22c5efe438d9059edc10492f49",
2581
+ "type": "sha256",
2582
+ "to_ids": true,
2583
+ "object_relation": null,
2584
+ "comment": "RTF",
2585
+ "uuid": "57173e35-4b34-4a16-8442-478c950d210f",
2586
+ "category": "Payload delivery"
2587
+ },
2588
+ {
2589
+ "timestamp": "1461141066",
2590
+ "value": "softinc.pw",
2591
+ "type": "domain",
2592
+ "to_ids": true,
2593
+ "object_relation": null,
2594
+ "comment": "Imported via the freetext import.",
2595
+ "uuid": "57173e4a-4b18-4646-9a26-4712950d210f",
2596
+ "category": "Network activity"
2597
+ },
2598
+ {
2599
+ "timestamp": "1461141066",
2600
+ "value": "www.tibetimes.com",
2601
+ "type": "hostname",
2602
+ "to_ids": true,
2603
+ "object_relation": null,
2604
+ "comment": "Imported via the freetext import.",
2605
+ "uuid": "57173e4a-99b8-4146-b38d-48df950d210f",
2606
+ "category": "Network activity"
2607
+ },
2608
+ {
2609
+ "timestamp": "1461141143",
2610
+ "value": "a0da9887b4c5af009a41b783db7ffedf949013abc70777c0ec539299628a51eb",
2611
+ "type": "sha256",
2612
+ "to_ids": true,
2613
+ "object_relation": null,
2614
+ "comment": "RTF",
2615
+ "uuid": "57173e97-6cd4-47eb-92ad-46c2950d210f",
2616
+ "category": "Payload delivery"
2617
+ },
2618
+ {
2619
+ "timestamp": "1461141168",
2620
+ "value": "b51dd4d5731b71c1a191294466cc8288",
2621
+ "type": "md5",
2622
+ "to_ids": true,
2623
+ "object_relation": null,
2624
+ "comment": "RTF",
2625
+ "uuid": "57173eb0-68b4-4ad0-a243-4022950d210f",
2626
+ "category": "Payload delivery"
2627
+ },
2628
+ {
2629
+ "timestamp": "1461141182",
2630
+ "value": "90t69cf82.dll|86ebcbb3bdd8af257b52daa869ddd6c1",
2631
+ "type": "filename|md5",
2632
+ "to_ids": true,
2633
+ "object_relation": null,
2634
+ "comment": "Imported via the freetext import.",
2635
+ "uuid": "57173ebe-e2f8-49b3-b75c-4275950d210f",
2636
+ "category": "Payload delivery"
2637
+ },
2638
+ {
2639
+ "timestamp": "1461141183",
2640
+ "value": "B412.tmp|111273c8cba88636a036e250c2626b12",
2641
+ "type": "filename|md5",
2642
+ "to_ids": true,
2643
+ "object_relation": null,
2644
+ "comment": "Imported via the freetext import.",
2645
+ "uuid": "57173ebf-7e30-489d-bd92-4eb3950d210f",
2646
+ "category": "Payload delivery"
2647
+ },
2648
+ {
2649
+ "timestamp": "1461141196",
2650
+ "value": "manhaton.123nat.com",
2651
+ "type": "hostname",
2652
+ "to_ids": true,
2653
+ "object_relation": null,
2654
+ "comment": "Imported via the freetext import.",
2655
+ "uuid": "57173ecc-4858-4e78-a121-4223950d210f",
2656
+ "category": "Network activity"
2657
+ },
2658
+ {
2659
+ "timestamp": "1461141197",
2660
+ "value": "122.10.112.126",
2661
+ "type": "ip-dst",
2662
+ "to_ids": true,
2663
+ "object_relation": null,
2664
+ "comment": "On port 8030",
2665
+ "uuid": "57173ecd-ff54-4b11-921f-46fb950d210f",
2666
+ "category": "Network activity"
2667
+ },
2668
+ {
2669
+ "timestamp": "1461142620",
2670
+ "value": "58f8a906b49711d2a6aaed0b59e1c1b7fcf5757666e0567fe50e996bfe0a4589",
2671
+ "type": "sha256",
2672
+ "to_ids": true,
2673
+ "object_relation": null,
2674
+ "comment": "RTF",
2675
+ "uuid": "5717445c-4344-4af2-8fe9-4151950d210f",
2676
+ "category": "Payload delivery"
2677
+ },
2678
+ {
2679
+ "timestamp": "1461142701",
2680
+ "value": "www.turkistanuyghur.top",
2681
+ "type": "url",
2682
+ "to_ids": true,
2683
+ "object_relation": null,
2684
+ "comment": "Imported via the freetext import.",
2685
+ "uuid": "571744ad-ea7c-4e0f-b713-4893950d210f",
2686
+ "category": "Network activity"
2687
+ },
2688
+ {
2689
+ "timestamp": "1461142701",
2690
+ "value": "www.yawropauyghur.top",
2691
+ "type": "url",
2692
+ "to_ids": true,
2693
+ "object_relation": null,
2694
+ "comment": "Imported via the freetext import.",
2695
+ "uuid": "571744ad-c1f8-4606-b0b2-45bc950d210f",
2696
+ "category": "Network activity"
2697
+ },
2698
+ {
2699
+ "timestamp": "1461142702",
2700
+ "value": "www.japanuyghur.top",
2701
+ "type": "url",
2702
+ "to_ids": true,
2703
+ "object_relation": null,
2704
+ "comment": "Imported via the freetext import.",
2705
+ "uuid": "571744ae-aee8-4190-98ae-426d950d210f",
2706
+ "category": "Network activity"
2707
+ },
2708
+ {
2709
+ "timestamp": "1461142702",
2710
+ "value": "www.hotansft.top",
2711
+ "type": "url",
2712
+ "to_ids": true,
2713
+ "object_relation": null,
2714
+ "comment": "Imported via the freetext import.",
2715
+ "uuid": "571744ae-7ae4-4ddc-bf3c-45ef950d210f",
2716
+ "category": "Network activity"
2717
+ },
2718
+ {
2719
+ "timestamp": "1461142702",
2720
+ "value": "www.amerikauyghur.top",
2721
+ "type": "url",
2722
+ "to_ids": true,
2723
+ "object_relation": null,
2724
+ "comment": "Imported via the freetext import.",
2725
+ "uuid": "571744ae-1af4-4757-8408-42d7950d210f",
2726
+ "category": "Network activity"
2727
+ },
2728
+ {
2729
+ "timestamp": "1461142703",
2730
+ "value": "turkiyeuyghur.com",
2731
+ "type": "domain",
2732
+ "to_ids": true,
2733
+ "object_relation": null,
2734
+ "comment": "Imported via the freetext import.",
2735
+ "uuid": "571744af-a4b8-4e3c-9228-49b4950d210f",
2736
+ "category": "Network activity"
2737
+ },
2738
+ {
2739
+ "timestamp": "1461142790",
2740
+ "value": "Micbt/BTFly.dump|f7c04e8b188fa38d0f62f620e3bf01dc",
2741
+ "type": "filename|md5",
2742
+ "to_ids": true,
2743
+ "object_relation": null,
2744
+ "comment": "Imported via the freetext import.",
2745
+ "uuid": "57174506-afbc-44f1-b90c-45d6950d210f",
2746
+ "category": "Payload delivery"
2747
+ },
2748
+ {
2749
+ "timestamp": "1461142830",
2750
+ "value": "Micbt/CltID.ini|54afa267dd5acef3858dd6dbea609cd9",
2751
+ "type": "filename|md5",
2752
+ "to_ids": true,
2753
+ "object_relation": null,
2754
+ "comment": "Imported via the freetext import.",
2755
+ "uuid": "5717452e-22d8-4278-b18b-40c3950d210f",
2756
+ "category": "Payload delivery"
2757
+ },
2758
+ {
2759
+ "timestamp": "1461142830",
2760
+ "value": "Micbt/IconConfigBt.DAT|516774cb0d5d56b300c402f63fe47523",
2761
+ "type": "filename|md5",
2762
+ "to_ids": true,
2763
+ "object_relation": null,
2764
+ "comment": "Imported via the freetext import.",
2765
+ "uuid": "5717452e-f668-4202-bc83-4fcc950d210f",
2766
+ "category": "Payload delivery"
2767
+ },
2768
+ {
2769
+ "timestamp": "1461142831",
2770
+ "value": "Micbt/MemoryLoad.dump|db0f8ba69aa71e9404b52d951458b97c",
2771
+ "type": "filename|md5",
2772
+ "to_ids": true,
2773
+ "object_relation": null,
2774
+ "comment": "Imported via the freetext import.",
2775
+ "uuid": "5717452f-e860-4d6e-be0a-412d950d210f",
2776
+ "category": "Payload delivery"
2777
+ },
2778
+ {
2779
+ "timestamp": "1461142831",
2780
+ "value": "Micbt/RasTls.dll|1e9e9ce1445a13c1ff4bf82f4a38de0d",
2781
+ "type": "filename|md5",
2782
+ "to_ids": true,
2783
+ "object_relation": null,
2784
+ "comment": "Imported via the freetext import.",
2785
+ "uuid": "5717452f-bc28-48f8-a88f-4621950d210f",
2786
+ "category": "Payload delivery"
2787
+ },
2788
+ {
2789
+ "timestamp": "1461142832",
2790
+ "value": "Micbt/RasTls.exe|62944e26b36b1dcace429ae26ba66164",
2791
+ "type": "filename|md5",
2792
+ "to_ids": true,
2793
+ "object_relation": null,
2794
+ "comment": "Imported via the freetext import.",
2795
+ "uuid": "57174530-8628-4ec1-945e-4f28950d210f",
2796
+ "category": "Payload delivery"
2797
+ },
2798
+ {
2799
+ "timestamp": "1461143026",
2800
+ "value": "fsguidll.exe|5c5e3201d6343e0536b86cb4ab0831c482a304c62cd09c01ac8bdeee5755f635",
2801
+ "type": "filename|sha256",
2802
+ "to_ids": true,
2803
+ "object_relation": null,
2804
+ "comment": "Imported via the freetext import.",
2805
+ "uuid": "571745f2-29dc-4434-8a4e-4f24950d210f",
2806
+ "category": "Payload delivery"
2807
+ },
2808
+ {
2809
+ "timestamp": "1461143027",
2810
+ "value": "fslapi.dll|2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083",
2811
+ "type": "filename|sha256",
2812
+ "to_ids": true,
2813
+ "object_relation": null,
2814
+ "comment": "Imported via the freetext import.",
2815
+ "uuid": "571745f3-0710-48a7-8a66-4f4b950d210f",
2816
+ "category": "Payload delivery"
2817
+ },
2818
+ {
2819
+ "timestamp": "1461143028",
2820
+ "value": "fslapi.dll.gui|dc4dac22d58ed7c0cadb13a621f42cb9a01851385ca0dc5b94a73c91677a0739",
2821
+ "type": "filename|sha256",
2822
+ "to_ids": true,
2823
+ "object_relation": null,
2824
+ "comment": "Imported via the freetext import.",
2825
+ "uuid": "571745f4-eab8-481e-bfbc-41b7950d210f",
2826
+ "category": "Payload delivery"
2827
+ },
2828
+ {
2829
+ "timestamp": "1461143045",
2830
+ "value": "BC29.tmp|5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c",
2831
+ "type": "filename|sha256",
2832
+ "to_ids": true,
2833
+ "object_relation": null,
2834
+ "comment": "Imported via the freetext import.",
2835
+ "uuid": "57174605-6328-49df-a999-4ad9950d210f",
2836
+ "category": "Payload delivery"
2837
+ },
2838
+ {
2839
+ "timestamp": "1461143046",
2840
+ "value": "~tmp.doc|76d54a0c8ed8d9a0b02f52d2400c8e74a9473e9bc92aeb558b2f4c894da1b88f",
2841
+ "type": "filename|sha256",
2842
+ "to_ids": true,
2843
+ "object_relation": null,
2844
+ "comment": "Imported via the freetext import.",
2845
+ "uuid": "57174606-b230-42b0-b806-47f2950d210f",
2846
+ "category": "Payload delivery"
2847
+ },
2848
+ {
2849
+ "timestamp": "1461143075",
2850
+ "value": "~tmp.doc|f0b5336b6f890e2029ac242ad2b613cad535828f7b7004a2284683f3195b7616",
2851
+ "type": "filename|sha256",
2852
+ "to_ids": true,
2853
+ "object_relation": null,
2854
+ "comment": "Imported via the freetext import.",
2855
+ "uuid": "57174623-6d50-40d8-9fb3-47c6950d210f",
2856
+ "category": "Payload delivery"
2857
+ },
2858
+ {
2859
+ "timestamp": "1461143076",
2860
+ "value": "iuso.exe|cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082",
2861
+ "type": "filename|sha256",
2862
+ "to_ids": true,
2863
+ "object_relation": null,
2864
+ "comment": "Imported via the freetext import.",
2865
+ "uuid": "57174624-8aa0-4072-bc11-4657950d210f",
2866
+ "category": "Payload delivery"
2867
+ },
2868
+ {
2869
+ "timestamp": "1461143076",
2870
+ "value": "wget.bat|9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692",
2871
+ "type": "filename|sha256",
2872
+ "to_ids": true,
2873
+ "object_relation": null,
2874
+ "comment": "Imported via the freetext import.",
2875
+ "uuid": "57174624-a420-4946-be1d-473e950d210f",
2876
+ "category": "Payload delivery"
2877
+ },
2878
+ {
2879
+ "timestamp": "1461143077",
2880
+ "value": "wget.exe|bedfbfe249b4a2be35bbfb1cf166d2119e132ee7c608909d34238e9eba6c9749",
2881
+ "type": "filename|sha256",
2882
+ "to_ids": true,
2883
+ "object_relation": null,
2884
+ "comment": "Imported via the freetext import.",
2885
+ "uuid": "57174625-257c-43c7-a6a6-4b5f950d210f",
2886
+ "category": "Payload delivery"
2887
+ },
2888
+ {
2889
+ "timestamp": "1461143078",
2890
+ "value": "wthk.txt|5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d",
2891
+ "type": "filename|sha256",
2892
+ "to_ids": true,
2893
+ "object_relation": null,
2894
+ "comment": "Imported via the freetext import.",
2895
+ "uuid": "57174626-4614-4979-b6a0-41d4950d210f",
2896
+ "category": "Payload delivery"
2897
+ },
2898
+ {
2899
+ "timestamp": "1461143078",
2900
+ "value": "conhost.exe|4849af113960f473749acf71d11d56854589cf21d623e66c7408bebd5ad0608f",
2901
+ "type": "filename|sha256",
2902
+ "to_ids": true,
2903
+ "object_relation": null,
2904
+ "comment": "Imported via the freetext import.",
2905
+ "uuid": "57174626-632c-4e4f-ad7f-42ff950d210f",
2906
+ "category": "Payload delivery"
2907
+ },
2908
+ {
2909
+ "timestamp": "1461143079",
2910
+ "value": "SbieDll.dll|2ac69633da711f244377483d99fac53089ec6614a61d8a1492a0e7228cbb8ffd",
2911
+ "type": "filename|sha256",
2912
+ "to_ids": true,
2913
+ "object_relation": null,
2914
+ "comment": "Imported via the freetext import.",
2915
+ "uuid": "57174627-93e4-4f5c-8c97-4251950d210f",
2916
+ "category": "Payload delivery"
2917
+ },
2918
+ {
2919
+ "timestamp": "1461143080",
2920
+ "value": "dll2.xor|c3fee1c7d402f144023dade4e63dc65db42fc4d6430f9885ece6aa7fa77cade0",
2921
+ "type": "filename|sha256",
2922
+ "to_ids": true,
2923
+ "object_relation": null,
2924
+ "comment": "Imported via the freetext import.",
2925
+ "uuid": "57174628-8e70-4cc8-9987-4952950d210f",
2926
+ "category": "Payload delivery"
2927
+ },
2928
+ {
2929
+ "timestamp": "1461143080",
2930
+ "value": "maindll.dll|5838582ea26312cc60b43da555189b439d3688597a705e3a52dc4d935517f69d",
2931
+ "type": "filename|sha256",
2932
+ "to_ids": true,
2933
+ "object_relation": null,
2934
+ "comment": "Imported via the freetext import.",
2935
+ "uuid": "57174628-caf4-49ba-86d9-40a2950d210f",
2936
+ "category": "Payload delivery"
2937
+ },
2938
+ {
2939
+ "timestamp": "1461143081",
2940
+ "value": "nvsvc.exe|ec05e37230e6534fa148b8e022f797ad0afe80f699fbd222a46672118663cf00",
2941
+ "type": "filename|sha256",
2942
+ "to_ids": true,
2943
+ "object_relation": null,
2944
+ "comment": "Imported via the freetext import.",
2945
+ "uuid": "57174629-38f4-4809-b539-4fd9950d210f",
2946
+ "category": "Payload delivery"
2947
+ },
2948
+ {
2949
+ "timestamp": "1461143082",
2950
+ "value": "runas.exe|5b34b3365eb6a6c700b391172849a2668d66a167669018ae3b9555bc2d1e54ab",
2951
+ "type": "filename|sha256",
2952
+ "to_ids": true,
2953
+ "object_relation": null,
2954
+ "comment": "Imported via the freetext import.",
2955
+ "uuid": "5717462a-b1b0-4b33-bf15-45c2950d210f",
2956
+ "category": "Payload delivery"
2957
+ },
2958
+ {
2959
+ "timestamp": "1461143265",
2960
+ "value": "90t69cf82.dll|afd0eae5065a689f8fc48c0cfc5b87f4caecc2fb6b1cef4c5e977fc2cc98509d",
2961
+ "type": "filename|sha256",
2962
+ "to_ids": true,
2963
+ "object_relation": null,
2964
+ "comment": "Imported via the freetext import.",
2965
+ "uuid": "571746e1-8018-47cf-8445-4d2a950d210f",
2966
+ "category": "Payload delivery"
2967
+ },
2968
+ {
2969
+ "timestamp": "1461143266",
2970
+ "value": "B512.tmp|cdb1d2f843ce797084cfc90107a2582e4861f4051aab0f6ac374468f491232a5",
2971
+ "type": "filename|sha256",
2972
+ "to_ids": true,
2973
+ "object_relation": null,
2974
+ "comment": "Imported via the freetext import.",
2975
+ "uuid": "571746e2-b3b8-4478-9c44-4c84950d210f",
2976
+ "category": "Payload delivery"
2977
+ },
2978
+ {
2979
+ "timestamp": "1461143266",
2980
+ "value": "~tmp.doc|aecd3e146632e9dfa0a92f486855144df0f87181feb67ac414a618fd52960c8c",
2981
+ "type": "filename|sha256",
2982
+ "to_ids": true,
2983
+ "object_relation": null,
2984
+ "comment": "Imported via the freetext import.",
2985
+ "uuid": "571746e2-5f40-4465-a168-4030950d210f",
2986
+ "category": "Payload delivery"
2987
+ },
2988
+ {
2989
+ "timestamp": "1461143267",
2990
+ "value": "Micbt/BTFly.dump|3b828a81ff5b0766c99284524b18fcd10d553191741bc1ed89904cdaa79baae1",
2991
+ "type": "filename|sha256",
2992
+ "to_ids": true,
2993
+ "object_relation": null,
2994
+ "comment": "Imported via the freetext import.",
2995
+ "uuid": "571746e3-9830-4503-8e36-475c950d210f",
2996
+ "category": "Payload delivery"
2997
+ },
2998
+ {
2999
+ "timestamp": "1461143267",
3000
+ "value": "Micbt/CltID.ini|1590a42e67fe02892dfeb6f29e0e6ae91c503d4ea91b550557c513e92f5ac7eb",
3001
+ "type": "filename|sha256",
3002
+ "to_ids": true,
3003
+ "object_relation": null,
3004
+ "comment": "Imported via the freetext import.",
3005
+ "uuid": "571746e3-489c-4e77-afe4-43b8950d210f",
3006
+ "category": "Payload delivery"
3007
+ },
3008
+ {
3009
+ "timestamp": "1461143268",
3010
+ "value": "Micbt/IconConfigBt.DAT|0a47bd32b83f09be1ea5a29dce6b7d307de7b3cdd69f836e0c810fd578f85c7c",
3011
+ "type": "filename|sha256",
3012
+ "to_ids": true,
3013
+ "object_relation": null,
3014
+ "comment": "Imported via the freetext import.",
3015
+ "uuid": "571746e4-9dd0-4067-8ec7-4fba950d210f",
3016
+ "category": "Payload delivery"
3017
+ },
3018
+ {
3019
+ "timestamp": "1461143269",
3020
+ "value": "Micbt/MemoryLoad.dump|aace766acea06845c29b306a9e080edcb3407635398007f3b9b5e053198b54f4",
3021
+ "type": "filename|sha256",
3022
+ "to_ids": true,
3023
+ "object_relation": null,
3024
+ "comment": "Imported via the freetext import.",
3025
+ "uuid": "571746e5-e05c-451b-9a26-4efa950d210f",
3026
+ "category": "Payload delivery"
3027
+ },
3028
+ {
3029
+ "timestamp": "1461143270",
3030
+ "value": "Micbt/RasTls.dll|bc2f7ebcad10aa48a69680f14fc57434436b821d5e7f2666a0f6d8795b0d37d1",
3031
+ "type": "filename|sha256",
3032
+ "to_ids": true,
3033
+ "object_relation": null,
3034
+ "comment": "Imported via the freetext import.",
3035
+ "uuid": "571746e6-c760-4569-96ff-4d91950d210f",
3036
+ "category": "Payload delivery"
3037
+ },
3038
+ {
3039
+ "timestamp": "1461143270",
3040
+ "value": "Micbt/RasTls.exe|f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68",
3041
+ "type": "filename|sha256",
3042
+ "to_ids": true,
3043
+ "object_relation": null,
3044
+ "comment": "Imported via the freetext import.",
3045
+ "uuid": "571746e6-e8b4-4c80-8fe4-430e950d210f",
3046
+ "category": "Payload delivery"
3047
+ },
3048
+ {
3049
+ "timestamp": "1461143400",
3050
+ "value": "~tmp.doc|e538ad13417b773714b75b5d602e4c6e",
3051
+ "type": "filename|md5",
3052
+ "to_ids": true,
3053
+ "object_relation": null,
3054
+ "comment": "recognized as Gh0stRAT",
3055
+ "uuid": "57174768-a980-4cfc-adce-4ef9950d210f",
3056
+ "category": "Payload delivery"
3057
+ },
3058
+ {
3059
+ "timestamp": "1461143448",
3060
+ "value": "~1|df50ea33616c916720c81d65563175d998a2c606360eeb3c8b727a482de3a4fc",
3061
+ "type": "filename|sha256",
3062
+ "to_ids": true,
3063
+ "object_relation": null,
3064
+ "comment": "",
3065
+ "uuid": "57174798-6d98-4b70-b485-4cca950d210f",
3066
+ "category": "Payload delivery"
3067
+ },
3068
+ {
3069
+ "timestamp": "1461143464",
3070
+ "value": "~1|b901f0b4aa6a3a6875235f96fce15839",
3071
+ "type": "filename|md5",
3072
+ "to_ids": true,
3073
+ "object_relation": null,
3074
+ "comment": "",
3075
+ "uuid": "571747a8-e860-46cd-b1b3-44c1950d210f",
3076
+ "category": "Payload delivery"
3077
+ },
3078
+ {
3079
+ "timestamp": "1461143659",
3080
+ "value": "One Tibetan Protester is Freed, Two Others Are Jailed.doc|facd2fbf26e974bdeae3e4db19753f03",
3081
+ "type": "filename|md5",
3082
+ "to_ids": true,
3083
+ "object_relation": null,
3084
+ "comment": "Imported via the freetext import.",
3085
+ "uuid": "5717486b-e948-4e87-b418-42fe950d210f",
3086
+ "category": "Payload delivery"
3087
+ },
3088
+ {
3089
+ "timestamp": "1461143659",
3090
+ "value": "One Tibetan Protester is Freed, Two Others Are Jailed.doc|1140e06fa8580cf869744b01cc037c2d2d2b5af7f26f5b3448d9a536674d681c",
3091
+ "type": "filename|sha256",
3092
+ "to_ids": true,
3093
+ "object_relation": null,
3094
+ "comment": "Imported via the freetext import.",
3095
+ "uuid": "5717486b-ac80-4461-911a-49fc950d210f",
3096
+ "category": "Payload delivery"
3097
+ },
3098
+ {
3099
+ "timestamp": "1461144013",
3100
+ "value": "41d05788d844b59f8eb79aeb2060dd5b7bdcad01e8d720f4b8b80d552e41cfe2",
3101
+ "type": "sha256",
3102
+ "to_ids": true,
3103
+ "object_relation": null,
3104
+ "comment": "RTF",
3105
+ "uuid": "571748d1-aef0-4c8b-991b-4c00950d210f",
3106
+ "category": "Payload delivery"
3107
+ },
3108
+ {
3109
+ "timestamp": "1461144007",
3110
+ "value": "ddc05b9f39f579f64742980980ca9820b83a243889bbc5baa37f5c2c1c4beb30",
3111
+ "type": "sha256",
3112
+ "to_ids": true,
3113
+ "object_relation": null,
3114
+ "comment": "RAR \r\n8EC7.tmp",
3115
+ "uuid": "571748d2-03c0-4806-a97b-4b36950d210f",
3116
+ "category": "Payload delivery"
3117
+ },
3118
+ {
3119
+ "timestamp": "1461144071",
3120
+ "value": "ffb7a38174aab4744cc4a509e34800aee9be8e57",
3121
+ "type": "pehash",
3122
+ "to_ids": true,
3123
+ "object_relation": null,
3124
+ "comment": "Imported via the freetext import.",
3125
+ "uuid": "57174a07-2508-4ee1-a57b-4894950d210f",
3126
+ "category": "Payload delivery"
3127
+ },
3128
+ {
3129
+ "timestamp": "1461144196",
3130
+ "value": "118.193.240.195",
3131
+ "type": "ip-dst",
3132
+ "to_ids": true,
3133
+ "object_relation": null,
3134
+ "comment": "Imported via the freetext import.",
3135
+ "uuid": "57174a84-d848-4ef3-8677-43fa950d210f",
3136
+ "category": "Network activity"
3137
+ },
3138
+ {
3139
+ "timestamp": "1461144196",
3140
+ "value": "http://www.whitewall.top:8080/850D3011FA326CBB6F57A965",
3141
+ "type": "url",
3142
+ "to_ids": true,
3143
+ "object_relation": null,
3144
+ "comment": "On port 8080",
3145
+ "uuid": "57174a84-7878-4c38-ac38-4c38950d210f",
3146
+ "category": "Network activity"
3147
+ },
3148
+ {
3149
+ "timestamp": "1461144197",
3150
+ "value": "http://www.whitewall.top:995/5724DD3DCC4A19E8416E5691",
3151
+ "type": "url",
3152
+ "to_ids": true,
3153
+ "object_relation": null,
3154
+ "comment": "On port 995",
3155
+ "uuid": "57174a85-8a24-41d6-bc55-4eef950d210f",
3156
+ "category": "Network activity"
3157
+ },
3158
+ {
3159
+ "timestamp": "1461144234",
3160
+ "value": "ee49bd5f35cc3012b5b606aca9b0f561",
3161
+ "type": "md5",
3162
+ "to_ids": true,
3163
+ "object_relation": null,
3164
+ "comment": "Imported via the freetext import.",
3165
+ "uuid": "57174aaa-2894-4f79-83c3-48bb950d210f",
3166
+ "category": "Payload delivery"
3167
+ },
3168
+ {
3169
+ "timestamp": "1461144424",
3170
+ "value": "6144:NwOD0nTHfnxBl7p01yDn8FJD1O6JN0MrvVburdr3QM5o1Zx0a4VgLjv9uM+yb3Hx:ZbqQM5oBfv9uMt5yGg",
3171
+ "type": "ssdeep",
3172
+ "to_ids": true,
3173
+ "object_relation": null,
3174
+ "comment": "Imported via the freetext import.",
3175
+ "uuid": "57174b68-2ef8-49f4-82fc-4e38950d210f",
3176
+ "category": "Payload delivery"
3177
+ },
3178
+ {
3179
+ "timestamp": "1461144473",
3180
+ "value": "Y:/UDPSbieDLL/Release/SBieDLL.pdb",
3181
+ "type": "pdb",
3182
+ "to_ids": false,
3183
+ "object_relation": null,
3184
+ "comment": "",
3185
+ "uuid": "57174b99-21b4-4881-8088-44f2950d210f",
3186
+ "category": "Artifacts dropped"
3187
+ },
3188
+ {
3189
+ "timestamp": "1461144549",
3190
+ "value": "2016\u7e3d\u7d71\u9078\u8209\u6c11\u60c5\u4e2d\u5fc3\u9810\u6e2c\u503c.doc",
3191
+ "type": "filename",
3192
+ "to_ids": true,
3193
+ "object_relation": null,
3194
+ "comment": "Imported via the freetext import.",
3195
+ "uuid": "57174be5-742c-456a-a9be-4030950d210f",
3196
+ "category": "Payload delivery"
3197
+ },
3198
+ {
3199
+ "timestamp": "1461144549",
3200
+ "value": "www.kcico.com.tw/data/openwebmail/doc/wthk.txt",
3201
+ "type": "url",
3202
+ "to_ids": true,
3203
+ "object_relation": null,
3204
+ "comment": "Imported via the freetext import.",
3205
+ "uuid": "57174be5-2e14-46d9-a003-4125950d210f",
3206
+ "category": "Network activity"
3207
+ },
3208
+ {
3209
+ "timestamp": "1461144549",
3210
+ "value": "\u4e2d\u56fd\u56fd\u5bb6\u5b89\u5168\u59d4\u5458\u4f1a\u673a\u6784\u8bbe\u7f6e\u548c\u4eba\u5458\u540d\u5355\u63d0\u524d\u66dd\u5149.docx",
3211
+ "type": "filename",
3212
+ "to_ids": true,
3213
+ "object_relation": null,
3214
+ "comment": "Imported via the freetext import.",
3215
+ "uuid": "57174be5-41e0-41d6-a2e5-4294950d210f",
3216
+ "category": "Payload delivery"
3217
+ },
3218
+ {
3219
+ "timestamp": "1461144573",
3220
+ "value": "One Tibetan Protester is Freed, Two Others Are Jailed.doc",
3221
+ "type": "filename",
3222
+ "to_ids": false,
3223
+ "object_relation": null,
3224
+ "comment": "",
3225
+ "uuid": "57174bfd-9390-4ea8-b4fd-4a39950d210f",
3226
+ "category": "Payload delivery"
3227
+ },
3228
+ {
3229
+ "timestamp": "1461144589",
3230
+ "value": "HUMAN RIGHTS SITUATION IN TIBET.doc",
3231
+ "type": "filename",
3232
+ "to_ids": false,
3233
+ "object_relation": null,
3234
+ "comment": "",
3235
+ "uuid": "57174c0d-7a14-496d-81b4-4e90950d210f",
3236
+ "category": "Payload delivery"
3237
+ },
3238
+ {
3239
+ "timestamp": "1461144659",
3240
+ "value": "[tibethouse] Upcoming Program Announcemet Last Week of December.doc",
3241
+ "type": "filename",
3242
+ "to_ids": false,
3243
+ "object_relation": null,
3244
+ "comment": "",
3245
+ "uuid": "57174c53-7610-4095-b503-4f52950d210f",
3246
+ "category": "Payload delivery"
3247
+ },
3248
+ {
3249
+ "timestamp": "1461144815",
3250
+ "value": "PlugX|40099e0f13ba47bd4ea4f3f49228ac8cffdf07700c4ef8089e3b5d8013e914a3",
3251
+ "type": "filename|sha256",
3252
+ "to_ids": false,
3253
+ "object_relation": null,
3254
+ "comment": "",
3255
+ "uuid": "57174cef-6628-4d5c-a692-4a51950d210f",
3256
+ "category": "Payload delivery"
3257
+ },
3258
+ {
3259
+ "timestamp": "1461144831",
3260
+ "value": "ufbidruosivibuted|a78ea84acf57e0c54d5b1e5e3bd5eec31cc5935f16d9575e049e161420736e32",
3261
+ "type": "filename|sha256",
3262
+ "to_ids": false,
3263
+ "object_relation": null,
3264
+ "comment": "",
3265
+ "uuid": "57174cff-aa9c-441c-8d64-4493950d210f",
3266
+ "category": "Payload delivery"
3267
+ },
3268
+ {
3269
+ "timestamp": "1461144850",
3270
+ "value": "PlugX|103873e3fa8dfc2360bb5c22761da04a",
3271
+ "type": "filename|md5",
3272
+ "to_ids": false,
3273
+ "object_relation": null,
3274
+ "comment": "",
3275
+ "uuid": "57174d12-942c-4080-977e-4467950d210f",
3276
+ "category": "Payload delivery"
3277
+ },
3278
+ {
3279
+ "timestamp": "1461144866",
3280
+ "value": "ufbidruosivibuted|caefdd6ca90ff791cdeff9313136972e",
3281
+ "type": "filename|md5",
3282
+ "to_ids": false,
3283
+ "object_relation": null,
3284
+ "comment": "",
3285
+ "uuid": "57174d22-fcec-4be8-9b94-44a9950d210f",
3286
+ "category": "Payload delivery"
3287
+ },
3288
+ {
3289
+ "timestamp": "1461145048",
3290
+ "value": "keylog",
3291
+ "type": "filename",
3292
+ "to_ids": false,
3293
+ "object_relation": null,
3294
+ "comment": "",
3295
+ "uuid": "57174dd8-3f30-4838-af62-400a950d210f",
3296
+ "category": "Payload delivery"
3297
+ },
3298
+ {
3299
+ "timestamp": "1461145073",
3300
+ "value": "xx6.tmp",
3301
+ "type": "filename",
3302
+ "to_ids": false,
3303
+ "object_relation": null,
3304
+ "comment": "",
3305
+ "uuid": "57174df1-3968-479d-85d5-4e03950d210f",
3306
+ "category": "Payload delivery"
3307
+ },
3308
+ {
3309
+ "timestamp": "1461145087",
3310
+ "value": "xx3.tmp",
3311
+ "type": "filename",
3312
+ "to_ids": false,
3313
+ "object_relation": null,
3314
+ "comment": "",
3315
+ "uuid": "57174dff-78ac-400f-bbd4-4c75950d210f",
3316
+ "category": "Payload delivery"
3317
+ },
3318
+ {
3319
+ "timestamp": "1461145098",
3320
+ "value": "xx1.tmp",
3321
+ "type": "filename",
3322
+ "to_ids": false,
3323
+ "object_relation": null,
3324
+ "comment": "",
3325
+ "uuid": "57174e0a-10e0-4022-9a31-4ba1950d210f",
3326
+ "category": "Payload delivery"
3327
+ },
3328
+ {
3329
+ "timestamp": "1461145117",
3330
+ "value": "srvlic.dll",
3331
+ "type": "filename",
3332
+ "to_ids": false,
3333
+ "object_relation": null,
3334
+ "comment": "",
3335
+ "uuid": "57174e1d-32dc-46d5-b717-41c3950d210f",
3336
+ "category": "Payload delivery"
3337
+ },
3338
+ {
3339
+ "timestamp": "1461145133",
3340
+ "value": "conhost.log",
3341
+ "type": "filename",
3342
+ "to_ids": false,
3343
+ "object_relation": null,
3344
+ "comment": "",
3345
+ "uuid": "57174e2d-4558-4971-aa84-4d5a950d210f",
3346
+ "category": "Payload delivery"
3347
+ },
3348
+ {
3349
+ "timestamp": "1461145146",
3350
+ "value": "xx4.tmp",
3351
+ "type": "filename",
3352
+ "to_ids": false,
3353
+ "object_relation": null,
3354
+ "comment": "",
3355
+ "uuid": "57174e3a-3abc-4d57-b5f7-449b950d210f",
3356
+ "category": "Payload delivery"
3357
+ },
3358
+ {
3359
+ "timestamp": "1461145160",
3360
+ "value": "xx2.tmp",
3361
+ "type": "filename",
3362
+ "to_ids": false,
3363
+ "object_relation": null,
3364
+ "comment": "",
3365
+ "uuid": "57174e48-e2dc-4f15-9ae2-4adb950d210f",
3366
+ "category": "Payload delivery"
3367
+ },
3368
+ {
3369
+ "timestamp": "1461145172",
3370
+ "value": "xx5.tmp",
3371
+ "type": "filename",
3372
+ "to_ids": false,
3373
+ "object_relation": null,
3374
+ "comment": "",
3375
+ "uuid": "57174e54-5018-495b-b18a-48eb950d210f",
3376
+ "category": "Payload delivery"
3377
+ },
3378
+ {
3379
+ "timestamp": "1461145194",
3380
+ "value": "up.dat",
3381
+ "type": "filename",
3382
+ "to_ids": false,
3383
+ "object_relation": null,
3384
+ "comment": "",
3385
+ "uuid": "57174e6a-c71c-4c48-a9f4-444b950d210f",
3386
+ "category": "Payload delivery"
3387
+ },
3388
+ {
3389
+ "timestamp": "1461159925",
3390
+ "value": "b3d8f4587f40a598d19ed23c552c02120fd3c0ce",
3391
+ "type": "sha1",
3392
+ "to_ids": true,
3393
+ "object_relation": null,
3394
+ "comment": "RAR \r\n8EC7.tmp - Xchecked via VT: ddc05b9f39f579f64742980980ca9820b83a243889bbc5baa37f5c2c1c4beb30",
3395
+ "uuid": "571787f5-98d0-4631-b8c7-4f0102de0b81",
3396
+ "category": "Payload delivery"
3397
+ },
3398
+ {
3399
+ "timestamp": "1461159925",
3400
+ "value": "https://www.virustotal.com/file/ddc05b9f39f579f64742980980ca9820b83a243889bbc5baa37f5c2c1c4beb30/analysis/1458560144/",
3401
+ "type": "link",
3402
+ "to_ids": false,
3403
+ "object_relation": null,
3404
+ "comment": "",
3405
+ "uuid": "571787f5-31d0-4bc2-986d-4bd102de0b81",
3406
+ "category": "External analysis"
3407
+ },
3408
+ {
3409
+ "timestamp": "1461159926",
3410
+ "value": "4782223722758b1281f31b77f1eb0f8da38af258",
3411
+ "type": "sha1",
3412
+ "to_ids": true,
3413
+ "object_relation": null,
3414
+ "comment": "RTF - Xchecked via VT: 41d05788d844b59f8eb79aeb2060dd5b7bdcad01e8d720f4b8b80d552e41cfe2",
3415
+ "uuid": "571787f6-6d58-4685-aa4c-4b1e02de0b81",
3416
+ "category": "Payload delivery"
3417
+ },
3418
+ {
3419
+ "timestamp": "1461159926",
3420
+ "value": "https://www.virustotal.com/file/41d05788d844b59f8eb79aeb2060dd5b7bdcad01e8d720f4b8b80d552e41cfe2/analysis/1458273608/",
3421
+ "type": "link",
3422
+ "to_ids": false,
3423
+ "object_relation": null,
3424
+ "comment": "",
3425
+ "uuid": "571787f6-b9e4-4e7f-812f-476102de0b81",
3426
+ "category": "External analysis"
3427
+ },
3428
+ {
3429
+ "timestamp": "1461159927",
3430
+ "value": "5ec656d194a15d41b831de750a37e40b28b19c45",
3431
+ "type": "sha1",
3432
+ "to_ids": true,
3433
+ "object_relation": null,
3434
+ "comment": "RTF - Xchecked via VT: 58f8a906b49711d2a6aaed0b59e1c1b7fcf5757666e0567fe50e996bfe0a4589",
3435
+ "uuid": "571787f7-5640-43a9-a1f8-42d202de0b81",
3436
+ "category": "Payload delivery"
3437
+ },
3438
+ {
3439
+ "timestamp": "1461159927",
3440
+ "value": "https://www.virustotal.com/file/58f8a906b49711d2a6aaed0b59e1c1b7fcf5757666e0567fe50e996bfe0a4589/analysis/1458825268/",
3441
+ "type": "link",
3442
+ "to_ids": false,
3443
+ "object_relation": null,
3444
+ "comment": "",
3445
+ "uuid": "571787f7-ed70-43ad-84b7-428702de0b81",
3446
+ "category": "External analysis"
3447
+ },
3448
+ {
3449
+ "timestamp": "1461159928",
3450
+ "value": "f44dc6b644d7534276c18d8f43420f6f9dac4ef3",
3451
+ "type": "sha1",
3452
+ "to_ids": true,
3453
+ "object_relation": null,
3454
+ "comment": "RTF - Xchecked via VT: a0da9887b4c5af009a41b783db7ffedf949013abc70777c0ec539299628a51eb",
3455
+ "uuid": "571787f8-d818-4455-aec2-4cf002de0b81",
3456
+ "category": "Payload delivery"
3457
+ },
3458
+ {
3459
+ "timestamp": "1461159928",
3460
+ "value": "https://www.virustotal.com/file/a0da9887b4c5af009a41b783db7ffedf949013abc70777c0ec539299628a51eb/analysis/1456924149/",
3461
+ "type": "link",
3462
+ "to_ids": false,
3463
+ "object_relation": null,
3464
+ "comment": "",
3465
+ "uuid": "571787f8-0bc0-4113-bd2a-446d02de0b81",
3466
+ "category": "External analysis"
3467
+ },
3468
+ {
3469
+ "timestamp": "1461159928",
3470
+ "value": "ca8fa4afeeae67ef57dcb22ff2326734f119a8d6",
3471
+ "type": "sha1",
3472
+ "to_ids": true,
3473
+ "object_relation": null,
3474
+ "comment": "RTF - Xchecked via VT: e13a0357cd51795100dbce25fe846783fbb7fd22c5efe438d9059edc10492f49",
3475
+ "uuid": "571787f8-6338-476e-8153-44af02de0b81",
3476
+ "category": "Payload delivery"
3477
+ },
3478
+ {
3479
+ "timestamp": "1461159929",
3480
+ "value": "https://www.virustotal.com/file/e13a0357cd51795100dbce25fe846783fbb7fd22c5efe438d9059edc10492f49/analysis/1452944526/",
3481
+ "type": "link",
3482
+ "to_ids": false,
3483
+ "object_relation": null,
3484
+ "comment": "",
3485
+ "uuid": "571787f9-1f18-4b3a-ac70-482102de0b81",
3486
+ "category": "External analysis"
3487
+ },
3488
+ {
3489
+ "timestamp": "1461159929",
3490
+ "value": "b8ea4d22bd988c021bc45c3a3e84362edca91e78",
3491
+ "type": "sha1",
3492
+ "to_ids": true,
3493
+ "object_relation": null,
3494
+ "comment": "Imported via the freetext import. - Xchecked via VT: 8b6ef2f4e2af608c755b3114e98ab78ac89e089db5b0bece7f2dc68bd1026a78",
3495
+ "uuid": "571787f9-5f08-4091-97a4-40e702de0b81",
3496
+ "category": "Payload delivery"
3497
+ },
3498
+ {
3499
+ "timestamp": "1461159930",
3500
+ "value": "https://www.virustotal.com/file/8b6ef2f4e2af608c755b3114e98ab78ac89e089db5b0bece7f2dc68bd1026a78/analysis/1459770897/",
3501
+ "type": "link",
3502
+ "to_ids": false,
3503
+ "object_relation": null,
3504
+ "comment": "",
3505
+ "uuid": "571787fa-074c-4412-a3f1-4c2302de0b81",
3506
+ "category": "External analysis"
3507
+ },
3508
+ {
3509
+ "timestamp": "1461159930",
3510
+ "value": "0bdd3484e69af639c3564aa7ab679defc4434def",
3511
+ "type": "sha1",
3512
+ "to_ids": true,
3513
+ "object_relation": null,
3514
+ "comment": "Imported via the freetext import. - Xchecked via VT: 0ba814941a0adb344cbf2a90552a66b52faa99a24d3107735da1db5a0e1f8360",
3515
+ "uuid": "571787fa-81e4-400a-8f49-4e9902de0b81",
3516
+ "category": "Payload delivery"
3517
+ },
3518
+ {
3519
+ "timestamp": "1461159930",
3520
+ "value": "https://www.virustotal.com/file/0ba814941a0adb344cbf2a90552a66b52faa99a24d3107735da1db5a0e1f8360/analysis/1459770252/",
3521
+ "type": "link",
3522
+ "to_ids": false,
3523
+ "object_relation": null,
3524
+ "comment": "",
3525
+ "uuid": "571787fa-e10c-4ac1-ac7d-4c5b02de0b81",
3526
+ "category": "External analysis"
3527
+ },
3528
+ {
3529
+ "timestamp": "1461159931",
3530
+ "value": "https://www.virustotal.com/file/5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d/analysis/1461148223/",
3531
+ "type": "link",
3532
+ "to_ids": false,
3533
+ "object_relation": null,
3534
+ "comment": "",
3535
+ "uuid": "571787fb-44bc-4692-b11b-4b2502de0b81",
3536
+ "category": "External analysis"
3537
+ },
3538
+ {
3539
+ "timestamp": "1461159931",
3540
+ "value": "https://www.virustotal.com/file/51c0d075067709c9f8794a25a7e3920bf69f8c755a1794e857acd818ea8a1010/analysis/1461146860/",
3541
+ "type": "link",
3542
+ "to_ids": false,
3543
+ "object_relation": null,
3544
+ "comment": "",
3545
+ "uuid": "571787fb-7fcc-4e67-bed8-429a02de0b81",
3546
+ "category": "External analysis"
3547
+ },
3548
+ {
3549
+ "timestamp": "1461159932",
3550
+ "value": "https://www.virustotal.com/file/4a5d864f69aff245793606b694bcbc5243b81e0b018596bce85ecab0e12ac849/analysis/1461147529/",
3551
+ "type": "link",
3552
+ "to_ids": false,
3553
+ "object_relation": null,
3554
+ "comment": "",
3555
+ "uuid": "571787fc-cb4c-49f7-991d-45d002de0b81",
3556
+ "category": "External analysis"
3557
+ },
3558
+ {
3559
+ "timestamp": "1461159932",
3560
+ "value": "6dd646bd56e04c6d394f87c97976ccd04ed613df",
3561
+ "type": "sha1",
3562
+ "to_ids": true,
3563
+ "object_relation": null,
3564
+ "comment": "Imported via the freetext import. - Xchecked via VT: 1140e06fa8580cf869744b01cc037c2d2d2b5af7f26f5b3448d9a536674d681c",
3565
+ "uuid": "571787fc-b710-46bc-a454-496202de0b81",
3566
+ "category": "Payload delivery"
3567
+ },
3568
+ {
3569
+ "timestamp": "1461159932",
3570
+ "value": "https://www.virustotal.com/file/1140e06fa8580cf869744b01cc037c2d2d2b5af7f26f5b3448d9a536674d681c/analysis/1452854114/",
3571
+ "type": "link",
3572
+ "to_ids": false,
3573
+ "object_relation": null,
3574
+ "comment": "",
3575
+ "uuid": "571787fc-b338-4b49-a732-473902de0b81",
3576
+ "category": "External analysis"
3577
+ },
3578
+ {
3579
+ "timestamp": "1461159933",
3580
+ "value": "2616da1697f7c764ee7fb558887a6a3279861fac",
3581
+ "type": "sha1",
3582
+ "to_ids": true,
3583
+ "object_relation": null,
3584
+ "comment": "Imported via the freetext import. - Xchecked via VT: f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68",
3585
+ "uuid": "571787fd-6dc4-4c44-82c0-43d602de0b81",
3586
+ "category": "Payload delivery"
3587
+ },
3588
+ {
3589
+ "timestamp": "1461159933",
3590
+ "value": "https://www.virustotal.com/file/f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68/analysis/1461070473/",
3591
+ "type": "link",
3592
+ "to_ids": false,
3593
+ "object_relation": null,
3594
+ "comment": "",
3595
+ "uuid": "571787fd-9b0c-4c22-98cb-41c302de0b81",
3596
+ "category": "External analysis"
3597
+ },
3598
+ {
3599
+ "timestamp": "1461159934",
3600
+ "value": "90c9b15d6f5943c515b41d7f306a7bd6eef1845a",
3601
+ "type": "sha1",
3602
+ "to_ids": true,
3603
+ "object_relation": null,
3604
+ "comment": "Imported via the freetext import. - Xchecked via VT: bc2f7ebcad10aa48a69680f14fc57434436b821d5e7f2666a0f6d8795b0d37d1",
3605
+ "uuid": "571787fe-2ed8-4e88-8cba-4b9002de0b81",
3606
+ "category": "Payload delivery"
3607
+ },
3608
+ {
3609
+ "timestamp": "1461159934",
3610
+ "value": "https://www.virustotal.com/file/bc2f7ebcad10aa48a69680f14fc57434436b821d5e7f2666a0f6d8795b0d37d1/analysis/1455192800/",
3611
+ "type": "link",
3612
+ "to_ids": false,
3613
+ "object_relation": null,
3614
+ "comment": "",
3615
+ "uuid": "571787fe-bf88-4d38-b4a9-47d702de0b81",
3616
+ "category": "External analysis"
3617
+ },
3618
+ {
3619
+ "timestamp": "1461159934",
3620
+ "value": "79cc8f5b155179360a7a2de772ed1f3945aaf49c",
3621
+ "type": "sha1",
3622
+ "to_ids": true,
3623
+ "object_relation": null,
3624
+ "comment": "Imported via the freetext import. - Xchecked via VT: aecd3e146632e9dfa0a92f486855144df0f87181feb67ac414a618fd52960c8c",
3625
+ "uuid": "571787fe-7404-450d-a9bd-415a02de0b81",
3626
+ "category": "Payload delivery"
3627
+ },
3628
+ {
3629
+ "timestamp": "1461159935",
3630
+ "value": "https://www.virustotal.com/file/aecd3e146632e9dfa0a92f486855144df0f87181feb67ac414a618fd52960c8c/analysis/1455797633/",
3631
+ "type": "link",
3632
+ "to_ids": false,
3633
+ "object_relation": null,
3634
+ "comment": "",
3635
+ "uuid": "571787ff-8ac4-41cb-bbfe-43b102de0b81",
3636
+ "category": "External analysis"
3637
+ },
3638
+ {
3639
+ "timestamp": "1461159935",
3640
+ "value": "cd8581dc95a92bab7f8025fcc5908d27c183b425",
3641
+ "type": "sha1",
3642
+ "to_ids": true,
3643
+ "object_relation": null,
3644
+ "comment": "Imported via the freetext import. - Xchecked via VT: afd0eae5065a689f8fc48c0cfc5b87f4caecc2fb6b1cef4c5e977fc2cc98509d",
3645
+ "uuid": "571787ff-3858-4bdc-bd8f-430e02de0b81",
3646
+ "category": "Payload delivery"
3647
+ },
3648
+ {
3649
+ "timestamp": "1461159935",
3650
+ "value": "https://www.virustotal.com/file/afd0eae5065a689f8fc48c0cfc5b87f4caecc2fb6b1cef4c5e977fc2cc98509d/analysis/1454375598/",
3651
+ "type": "link",
3652
+ "to_ids": false,
3653
+ "object_relation": null,
3654
+ "comment": "",
3655
+ "uuid": "571787ff-9184-46e3-bda4-460202de0b81",
3656
+ "category": "External analysis"
3657
+ },
3658
+ {
3659
+ "timestamp": "1461159936",
3660
+ "value": "c6f146def58b701f406a73958cdaacbe53860090",
3661
+ "type": "sha1",
3662
+ "to_ids": true,
3663
+ "object_relation": null,
3664
+ "comment": "Imported via the freetext import. - Xchecked via VT: 2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083",
3665
+ "uuid": "57178800-8b30-4513-b981-431902de0b81",
3666
+ "category": "Payload delivery"
3667
+ },
3668
+ {
3669
+ "timestamp": "1461159936",
3670
+ "value": "https://www.virustotal.com/file/2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083/analysis/1455406891/",
3671
+ "type": "link",
3672
+ "to_ids": false,
3673
+ "object_relation": null,
3674
+ "comment": "",
3675
+ "uuid": "57178800-8760-437a-8ecf-494b02de0b81",
3676
+ "category": "External analysis"
3677
+ },
3678
+ {
3679
+ "timestamp": "1461159937",
3680
+ "value": "f1ec39dddb224a6a1e40d55c8f6877c908f92bcf",
3681
+ "type": "sha1",
3682
+ "to_ids": true,
3683
+ "object_relation": null,
3684
+ "comment": "Imported via the freetext import. - Xchecked via VT: 5c5e3201d6343e0536b86cb4ab0831c482a304c62cd09c01ac8bdeee5755f635",
3685
+ "uuid": "57178801-c614-4982-8611-42d002de0b81",
3686
+ "category": "Payload delivery"
3687
+ },
3688
+ {
3689
+ "timestamp": "1461159937",
3690
+ "value": "https://www.virustotal.com/file/5c5e3201d6343e0536b86cb4ab0831c482a304c62cd09c01ac8bdeee5755f635/analysis/1461046907/",
3691
+ "type": "link",
3692
+ "to_ids": false,
3693
+ "object_relation": null,
3694
+ "comment": "",
3695
+ "uuid": "57178801-e5fc-46db-9b1c-41d802de0b81",
3696
+ "category": "External analysis"
3697
+ },
3698
+ {
3699
+ "timestamp": "1461159937",
3700
+ "value": "https://www.virustotal.com/file/5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39/analysis/1461146345/",
3701
+ "type": "link",
3702
+ "to_ids": false,
3703
+ "object_relation": null,
3704
+ "comment": "",
3705
+ "uuid": "57178801-90c4-4fad-b307-420c02de0b81",
3706
+ "category": "External analysis"
3707
+ },
3708
+ {
3709
+ "timestamp": "1461159938",
3710
+ "value": "https://www.virustotal.com/file/7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6/analysis/1461146164/",
3711
+ "type": "link",
3712
+ "to_ids": false,
3713
+ "object_relation": null,
3714
+ "comment": "",
3715
+ "uuid": "57178802-d774-4018-b499-4c2002de0b81",
3716
+ "category": "External analysis"
3717
+ },
3718
+ {
3719
+ "timestamp": "1467971098",
3720
+ "value": "alert udp any any -> any 53 (msg:\"NF - APT LURK0 C&C Domain - www.amerikauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|amerikauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016101; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT LURK0 C&C Domain - dge.123nat.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|dge|06|123nat|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016102; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT LURK0 C&C Domain - manhaton.123nat.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|08|manhaton|06|123nat|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016103; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - bsnl.wang\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|04|bsnl|04|wang\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016104; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.onebook.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|07|onebook|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016105; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.togolaga.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|08|togolaga|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016106; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - unisers.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|07|unisers|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016107; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.dicemention.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0b|dicemention|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016108; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.updatenewes.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0b|updatenewes|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016109; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - softinc.pw\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|07|softinc|02|pw\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016110; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.notebookhk.net\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0a|notebookhk|03|net\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016111; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX C&C Domain - www.whitewall.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|09|whitewall|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016112; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-T9000 Win32/Agent.XST Domain - www.kcico.com.tw\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|05|kcico|03|com|02|tw\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016113; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-T9000 Win32/Agent.XST Domain - www.tibetimes.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|09|tibetimes|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016114; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-T9000 Win32/Agent.XST Domain - softinc.pw\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|07|softinc|02|pw\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016115; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"NF - Win32/Agent.XST Checkin\"; flow:established,to_server; content:\"POST\"; http_method; content:!\"Referer|3a|\"; http_header; content:!\"Accept|3a|\"; http_header; content:\"Content-Type|3a 20|text/html|0d 0a|\"; http_header; content:\"this is UP\"; depth:10; http_client_body; fast_pattern; content:\"|00 00 00 00|\"; http_client_body; reference:url,asert.arbornetworks.com/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-Uncovering-the-Seven-Pointed-Dagger.pdf; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016116; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:\"NF - Win32/Agent.XST Keepalive\"; flow:established,to_server; content:\"POST|20|\"; depth:5; content:\".asp|20|HTTP/1.\"; distance:0; content:!\"Referer|3a|\"; distance:0; content:!\"Accept|3a|\"; distance:0; content:\"Content-Length|3a 20|2|0d 0a|\"; distance:0; fast_pattern; content:\"Content-Type|3a 20|text/html|0d 0a|\"; content:\"|0d 0a 0d 0a|ok\"; distance:0; threshold: type limit, count 1, seconds 60, track by_src; reference:url,asert.arbornetworks.com/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-Uncovering-the-Seven-Pointed-Dagger.pdf; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016117; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"NF - Win32/Agent.XST/UP007 Checkin 2\"; flow:established,to_server; content:\"POST\"; http_method; content:!\"Referer|3a|\"; http_header; content:!\"Accept|3a|\"; http_header; content:\"Content-Type|3a 20|text/html|0d 0a|\"; http_header; content:\"this is UP\"; depth:10; http_client_body; fast_pattern; content:\"|00 00 00 00|\"; http_client_body; reference:url,citizenlab.org/2016/04/between-hong-kong-and-burma; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016118; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:\"NF - Win32/Agent.XST/UP007 Keepalive 2\"; flow:established,to_server; content:\"POST|20|\"; depth:5; content:\".asp|20|HTTP/1.\"; distance:0; content:!\"Referer|3a|\"; distance:0; content:!\"Accept|3a|\"; distance:0; content:\"Content-Length|3a 20|5|0d 0a|\"; distance:0; fast_pattern; content:\"Content-Type|3a 20|text/html|0d 0a|\"; content:\"|0d 0a 0d 0a|READY\"; distance:0; threshold:type limit, count 1, seconds 60, track by_src; reference:url,citizenlab.org/2016/04/between-hong-kong-and-burma; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016119; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.turkistanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0F|turkistanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016120; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.yawropauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|yawropauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016121; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.japanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0b|japanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016122; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.hotansft.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|08|hotansft|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016123; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.amerikauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|amerikauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016124; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.yawropauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|yawropauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016125; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.turkistanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0f|turkistanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016126; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.turkistanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0f|turkistanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016127; rev:1;)",
3721
+ "type": "snort",
3722
+ "to_ids": false,
3723
+ "object_relation": null,
3724
+ "comment": "Some SNORT IDS Rule.",
3725
+ "uuid": "577f761a-5ec4-4532-9e7b-093bc0a8f687",
3726
+ "category": "Network activity"
3727
+ }
3728
+ ]
3729
+ }
3730
+ }