pymisp 2.5.7__py3-none-any.whl → 2.5.7.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (72) hide show
  1. CHANGELOG.txt +13 -0
  2. pymisp/data/misp-objects/objects/rmm/definition.json +1 -1
  3. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/METADATA +2 -2
  4. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/RECORD +6 -72
  5. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +0 -1
  6. tests/__init__.py +0 -0
  7. tests/csv_testfiles/invalid_fieldnames.csv +0 -11
  8. tests/csv_testfiles/valid_fieldnames.csv +0 -4
  9. tests/email_testfiles/mail_1.eml.zip +0 -0
  10. tests/email_testfiles/mail_1.msg +0 -0
  11. tests/email_testfiles/mail_1_bom.eml +0 -858
  12. tests/email_testfiles/mail_1_headers_only.eml +0 -28
  13. tests/email_testfiles/mail_2.eml +0 -32
  14. tests/email_testfiles/mail_3.eml +0 -170
  15. tests/email_testfiles/mail_3.msg +0 -0
  16. tests/email_testfiles/mail_4.msg +0 -0
  17. tests/email_testfiles/mail_5.msg +0 -0
  18. tests/email_testfiles/mail_multiple_to.eml +0 -15
  19. tests/email_testfiles/source +0 -1
  20. tests/git-vuln-finder-quagga.json +0 -1493
  21. tests/misp_event.json +0 -76
  22. tests/mispevent_testfiles/attribute.json +0 -21
  23. tests/mispevent_testfiles/attribute_del.json +0 -23
  24. tests/mispevent_testfiles/def_param.json +0 -53
  25. tests/mispevent_testfiles/event.json +0 -8
  26. tests/mispevent_testfiles/event_obj_attr_tag.json +0 -57
  27. tests/mispevent_testfiles/event_obj_def_param.json +0 -62
  28. tests/mispevent_testfiles/event_obj_tag.json +0 -29
  29. tests/mispevent_testfiles/event_tags.json +0 -18
  30. tests/mispevent_testfiles/existing_event.json +0 -4599
  31. tests/mispevent_testfiles/existing_event_edited.json +0 -4601
  32. tests/mispevent_testfiles/galaxy.json +0 -25
  33. tests/mispevent_testfiles/malware.json +0 -19
  34. tests/mispevent_testfiles/malware_exist.json +0 -163
  35. tests/mispevent_testfiles/misp_custom_obj.json +0 -38
  36. tests/mispevent_testfiles/overwrite_file/definition.json +0 -457
  37. tests/mispevent_testfiles/proposals.json +0 -35
  38. tests/mispevent_testfiles/shadow.json +0 -148
  39. tests/mispevent_testfiles/sighting.json +0 -5
  40. tests/mispevent_testfiles/simple.json +0 -2
  41. tests/mispevent_testfiles/test_object_template/definition.json +0 -29
  42. tests/new_misp_event.json +0 -34
  43. tests/reportlab_testfiles/HTML_event.json +0 -1
  44. tests/reportlab_testfiles/galaxy_1.json +0 -1250
  45. tests/reportlab_testfiles/image_event.json +0 -2490
  46. tests/reportlab_testfiles/japanese_test.json +0 -156
  47. tests/reportlab_testfiles/japanese_test_heavy.json +0 -318
  48. tests/reportlab_testfiles/long_event.json +0 -3730
  49. tests/reportlab_testfiles/mainly_objects_1.json +0 -1092
  50. tests/reportlab_testfiles/mainly_objects_2.json +0 -977
  51. tests/reportlab_testfiles/sighting_1.json +0 -305
  52. tests/reportlab_testfiles/sighting_2.json +0 -221
  53. tests/reportlab_testfiles/to_delete1.json +0 -804
  54. tests/reportlab_testfiles/to_delete2.json +0 -1
  55. tests/reportlab_testfiles/to_delete3.json +0 -1
  56. tests/reportlab_testfiles/very_long_event.json +0 -1006
  57. tests/reportlab_testoutputs/to_delete1.json.pdf +0 -391
  58. tests/reportlab_testoutputs/to_delete2.json.pdf +0 -506
  59. tests/reportlab_testoutputs/to_delete3.json.pdf +0 -277
  60. tests/search_index_result.json +0 -69
  61. tests/sharing_groups.json +0 -98
  62. tests/stix1.xml-utf8 +0 -110
  63. tests/stix2.json +0 -1
  64. tests/test_analyst_data.py +0 -123
  65. tests/test_emailobject.py +0 -157
  66. tests/test_fileobject.py +0 -20
  67. tests/test_mispevent.py +0 -473
  68. tests/test_reportlab.py +0 -431
  69. tests/testlive_comprehensive.py +0 -3734
  70. tests/testlive_sync.py +0 -474
  71. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/LICENSE +0 -0
  72. {pymisp-2.5.7.dist-info → pymisp-2.5.7.1.dist-info}/WHEEL +0 -0
tests/reportlab_testfiles/long_event.json DELETED
@@ -1,3730 +0,0 @@
1
- {
2
- "Event": {
3
- "threat_level_id": "2",
4
- "timestamp": "1467971098",
5
- "info": "OSINT - ASERT Threat Intelligence Report 2016-03 The Four-Element Sword Engagement",
6
- "published": true,
7
- "date": "2016-04-18",
8
- "analysis": "2",
9
- "uuid": "57153590-f73c-49fa-be4b-4737950d210f",
10
- "publish_timestamp": "1550654767",
11
- "Orgc": {
12
- "name": "CIRCL",
13
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
14
- },
15
- "Tag": [
16
- {
17
- "name": "tlp:white",
18
- "exportable": true,
19
- "colour": "#ffffff"
20
- },
21
- {
22
- "name": "type:OSINT",
23
- "exportable": true,
24
- "colour": "#004646"
25
- }
26
- ],
27
- "Attribute": [
28
- {
29
- "timestamp": "1461067952",
30
- "value": "107.183.86",
31
- "type": "url",
32
- "to_ids": true,
33
- "object_relation": null,
34
- "comment": "Imported via the freetext import.",
35
- "uuid": "571620b0-5e38-4e8c-9c29-416d950d210f",
36
- "category": "Network activity"
37
- },
38
- {
39
- "timestamp": "1461067794",
40
- "value": "a0dc5723d3e20e93b48a960b31c984c0",
41
- "type": "md5",
42
- "to_ids": true,
43
- "object_relation": null,
44
- "comment": "Imported via the freetext import.",
45
- "uuid": "57162012-72b8-433b-b5e2-4651950d210f",
46
- "category": "Payload delivery"
47
- },
48
- {
49
- "timestamp": "1461067795",
50
- "value": "185fc01ec8adbaa94da741c4c1cf1b83185ae63899f14ce9949553c5dac3ecf6",
51
- "type": "sha256",
52
- "to_ids": true,
53
- "object_relation": null,
54
- "comment": "Imported via the freetext import.",
55
- "uuid": "57162013-7804-4691-ac9e-4a15950d210f",
56
- "category": "Payload delivery"
57
- },
58
- {
59
- "timestamp": "1461067951",
60
- "value": "akm.epac.to",
61
- "type": "hostname",
62
- "to_ids": true,
63
- "object_relation": null,
64
- "comment": "Imported via the freetext import.",
65
- "uuid": "571620af-e57c-4008-80f2-4933950d210f",
66
- "category": "Network activity"
67
- },
68
- {
69
- "timestamp": "1461067952",
70
- "value": "gugehotel.cn",
71
- "type": "domain",
72
- "to_ids": true,
73
- "object_relation": null,
74
- "comment": "Imported via the freetext import.",
75
- "uuid": "571620b0-7c50-43ef-9724-4c76950d210f",
76
- "category": "Network activity"
77
- },
78
- {
79
- "timestamp": "1461070490",
80
- "value": "905d1cd328c8cfc378fb00bfa38f0427",
81
- "type": "md5",
82
- "to_ids": true,
83
- "object_relation": null,
84
- "comment": "Imported via the freetext import.",
85
- "uuid": "57162a9a-7fd8-4e15-91ac-4ad5950d210f",
86
- "category": "Payload delivery"
87
- },
88
- {
89
- "timestamp": "1461067457",
90
- "value": "uhfx.dat",
91
- "type": "filename",
92
- "to_ids": true,
93
- "object_relation": null,
94
- "comment": "",
95
- "uuid": "57161ec1-1d00-4ab1-b71d-4cd4950d210f",
96
- "category": "Payload delivery"
97
- },
98
- {
99
- "timestamp": "1461071212",
100
- "value": "fea5902afa6e504a798c73a09b83df5e",
101
- "type": "imphash",
102
- "to_ids": true,
103
- "object_relation": null,
104
- "comment": "Imported via the freetext import.",
105
- "uuid": "57162a9b-e1e0-444f-bab2-46e3950d210f",
106
- "category": "Payload delivery"
107
- },
108
- {
109
- "timestamp": "1461067503",
110
- "value": "yxsrhsxhxdbldkc.dat",
111
- "type": "filename",
112
- "to_ids": false,
113
- "object_relation": null,
114
- "comment": "",
115
- "uuid": "57161eef-6108-4bf2-9029-4966950d210f",
116
- "category": "Payload delivery"
117
- },
118
- {
119
- "timestamp": "1461067697",
120
- "value": "Q:\\Projects\\Br2012\\Release\\svc.pdb",
121
- "type": "pdb",
122
- "to_ids": false,
123
- "object_relation": null,
124
- "comment": "",
125
- "uuid": "57161f87-c9ec-4f8f-a2ee-48ef950d210f",
126
- "category": "Artifacts dropped"
127
- },
128
- {
129
- "timestamp": "1461066519",
130
- "value": "bill_clay6801@yahoo.com",
131
- "type": "email-src",
132
- "to_ids": false,
133
- "object_relation": null,
134
- "comment": "",
135
- "uuid": "57161b17-23b8-4631-96fd-4bad950d210f",
136
- "category": "Payload delivery"
137
- },
138
- {
139
- "timestamp": "1461066538",
140
- "value": "[BULK] TIBET, OUR BELOVED NATION AND WILL NEVER FORGET IT.",
141
- "type": "email-subject",
142
- "to_ids": false,
143
- "object_relation": null,
144
- "comment": "",
145
- "uuid": "57161b2a-89a0-4f7c-9258-4f93950d210f",
146
- "category": "Payload delivery"
147
- },
148
- {
149
- "timestamp": "1461066559",
150
- "value": "brochure .rar",
151
- "type": "email-attachment",
152
- "to_ids": false,
153
- "object_relation": null,
154
- "comment": "",
155
- "uuid": "57161b3f-f344-447f-804d-4be4950d210f",
156
- "category": "Payload delivery"
157
- },
158
- {
159
- "timestamp": "1461069222",
160
- "value": "brochure .doc",
161
- "type": "filename",
162
- "to_ids": true,
163
- "object_relation": null,
164
- "comment": "",
165
- "uuid": "57161c89-443c-40bb-a5f8-4cbb950d210f",
166
- "category": "Payload delivery"
167
- },
168
- {
169
- "timestamp": "1461067319",
170
- "value": "103.240.203.232",
171
- "type": "ip-dst",
172
- "to_ids": true,
173
- "object_relation": null,
174
- "comment": "On port 8080; Located in Honk Kong",
175
- "uuid": "57161e37-fe5c-4f2a-b9ec-4eea950d210f",
176
- "category": "Network activity"
177
- },
178
- {
179
- "timestamp": "1461067666",
180
- "value": "webmonder.gicp.net",
181
- "type": "hostname",
182
- "to_ids": true,
183
- "object_relation": null,
184
- "comment": "",
185
- "uuid": "571610cd-4774-4e4e-bd0a-4407950d210f",
186
- "category": "Network activity"
187
- },
188
- {
189
- "timestamp": "1461064617",
190
- "value": "hkhumanrights.asia@gmail.com",
191
- "type": "email-src",
192
- "to_ids": false,
193
- "object_relation": null,
194
- "comment": "",
195
- "uuid": "571613a9-3a2c-478a-a180-43a1950d210f",
196
- "category": "Payload delivery"
197
- },
198
- {
199
- "timestamp": "1461064643",
200
- "value": "US Congress sanctions $6 million fund for Tibetans in Nepal anf India",
201
- "type": "email-subject",
202
- "to_ids": false,
203
- "object_relation": null,
204
- "comment": "",
205
- "uuid": "571613c3-5d04-4eea-9690-4b95950d210f",
206
- "category": "Payload delivery"
207
- },
208
- {
209
- "timestamp": "1461064661",
210
- "value": "US Congress sanctions $6 million fund for Tibetans in Nepal anf India.doc",
211
- "type": "email-attachment",
212
- "to_ids": false,
213
- "object_relation": null,
214
- "comment": "",
215
- "uuid": "571613d5-dc64-43bc-9481-42d0950d210f",
216
- "category": "Payload delivery"
217
- },
218
- {
219
- "timestamp": "1461059772",
220
- "value": "60ef10cce9974cdc8a453d8fdd8ddf0cad49c6f07d2c4d095ff483998685b421",
221
- "type": "sha256",
222
- "to_ids": true,
223
- "object_relation": null,
224
- "comment": "~tmp.doc",
225
- "uuid": "571600bc-8178-4d6f-b5fd-47a4950d210f",
226
- "category": "Payload delivery"
227
- },
228
- {
229
- "timestamp": "1461059770",
230
- "value": "b6e22968461bfb2934c556fc44d0baf0",
231
- "type": "md5",
232
- "to_ids": true,
233
- "object_relation": null,
234
- "comment": "spearfish",
235
- "uuid": "571600ba-b0b0-4adb-bd01-43ef950d210f",
236
- "category": "Payload delivery"
237
- },
238
- {
239
- "timestamp": "1461059771",
240
- "value": "74a4fe17dc7101dbb2bb8f0c41069057",
241
- "type": "md5",
242
- "to_ids": true,
243
- "object_relation": null,
244
- "comment": "RTF",
245
- "uuid": "571600bb-a9b4-4883-ac7d-4d5a950d210f",
246
- "category": "Payload delivery"
247
- },
248
- {
249
- "timestamp": "1461059771",
250
- "value": "fcfe3867e4fa17d52c51235cf68a86c2",
251
- "type": "md5",
252
- "to_ids": true,
253
- "object_relation": null,
254
- "comment": "~tmp.doc",
255
- "uuid": "571600bb-045c-4cbc-b0d6-43da950d210f",
256
- "category": "Payload delivery"
257
- },
258
- {
259
- "timestamp": "1461059771",
260
- "value": "4f52292a2136eb7f9538230ae54a323c518fa44cf6de5d10ca7a04ecb6a77872",
261
- "type": "sha256",
262
- "to_ids": true,
263
- "object_relation": null,
264
- "comment": "spearfish",
265
- "uuid": "571600bb-54f0-43d7-83cb-4b3c950d210f",
266
- "category": "Payload delivery"
267
- },
268
- {
269
- "timestamp": "1461059772",
270
- "value": "0683fac0b564fe5d2096e207b374a238a811e67b87856fc19bdf8eb3d6f76b49",
271
- "type": "sha256",
272
- "to_ids": true,
273
- "object_relation": null,
274
- "comment": "RTF",
275
- "uuid": "571600bc-6348-4e1e-b96d-4cf2950d210f",
276
- "category": "Payload delivery"
277
- },
278
- {
279
- "timestamp": "1461064172",
280
- "value": "\u8207\u5929\u7a7a\u6709\u7d04!12\u500b2016\u5e74\u4e0d\u53ef\u932f\u904e\u7684\u5929\u6587\u73fe\u8c61mm.doc",
281
- "type": "email-attachment",
282
- "to_ids": true,
283
- "object_relation": null,
284
- "comment": "",
285
- "uuid": "5715feb0-6a48-44c4-b1ba-4a57950d210f",
286
- "category": "Payload delivery"
287
- },
288
- {
289
- "timestamp": "1461058335",
290
- "value": "114.60.106.156",
291
- "type": "ip-dst",
292
- "to_ids": false,
293
- "object_relation": null,
294
- "comment": "Imported via the freetext import.",
295
- "uuid": "5715fb1f-18ec-4ed6-8a25-4abd950d210f",
296
- "category": "Network activity"
297
- },
298
- {
299
- "timestamp": "1461058711",
300
- "value": "14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4",
301
- "type": "sha256",
302
- "to_ids": true,
303
- "object_relation": null,
304
- "comment": "malicious RTF targeting CVE-\u00ad2010\u20103333",
305
- "uuid": "5715fc97-a5a4-4538-bf86-4bcc950d210f",
306
- "category": "Payload delivery"
307
- },
308
- {
309
- "timestamp": "1461067672",
310
- "value": "humanbeing2009.gicp.net",
311
- "type": "hostname",
312
- "to_ids": true,
313
- "object_relation": null,
314
- "comment": "",
315
- "uuid": "5715fd00-807c-4ce8-8f27-437d950d210f",
316
- "category": "Network activity"
317
- },
318
- {
319
- "timestamp": "1461058035",
320
- "value": "uyguhr1.webhop.net",
321
- "type": "hostname",
322
- "to_ids": false,
323
- "object_relation": null,
324
- "comment": "Associated with 180.169.28.58 TCP/8080",
325
- "uuid": "5715f9f3-61e4-431c-96da-426e950d210f",
326
- "category": "Network activity"
327
- },
328
- {
329
- "timestamp": "1461058036",
330
- "value": "uygur.51vip.biz",
331
- "type": "hostname",
332
- "to_ids": false,
333
- "object_relation": null,
334
- "comment": "Associated with 180.169.28.58 TCP/8080",
335
- "uuid": "5715f9f4-3954-463f-8012-48a4950d210f",
336
- "category": "Network activity"
337
- },
338
- {
339
- "timestamp": "1461058036",
340
- "value": "uyguhr.epac.to",
341
- "type": "hostname",
342
- "to_ids": false,
343
- "object_relation": null,
344
- "comment": "Associated with 180.169.28.58 TCP/8080",
345
- "uuid": "5715f9f4-1008-435d-b573-431d950d210f",
346
- "category": "Network activity"
347
- },
348
- {
349
- "timestamp": "1461058036",
350
- "value": "xinxin20080628.gicp.net",
351
- "type": "hostname",
352
- "to_ids": false,
353
- "object_relation": null,
354
- "comment": "Associated with 180.169.28.58 TCP/8080",
355
- "uuid": "5715f9f4-2cd0-4d29-827e-40fc950d210f",
356
- "category": "Network activity"
357
- },
358
- {
359
- "timestamp": "1461058034",
360
- "value": "oyghur.yebhio.net",
361
- "type": "hostname",
362
- "to_ids": false,
363
- "object_relation": null,
364
- "comment": "Associated with 180.169.28.58 TCP/8080",
365
- "uuid": "5715f9f2-de84-4c91-8d98-4f9c950d210f",
366
- "category": "Network activity"
367
- },
368
- {
369
- "timestamp": "1461058035",
370
- "value": "www.uyghuri.mrface.com",
371
- "type": "hostname",
372
- "to_ids": false,
373
- "object_relation": null,
374
- "comment": "Associated with 180.169.28.58 TCP/8080",
375
- "uuid": "5715f9f3-44bc-457b-90cb-40a1950d210f",
376
- "category": "Network activity"
377
- },
378
- {
379
- "timestamp": "1461058035",
380
- "value": "uyghuri.mrface.com",
381
- "type": "hostname",
382
- "to_ids": false,
383
- "object_relation": null,
384
- "comment": "Associated with 180.169.28.58 TCP/8080",
385
- "uuid": "5715f9f3-f55c-4519-b36f-4547950d210f",
386
- "category": "Network activity"
387
- },
388
- {
389
- "timestamp": "1461058035",
390
- "value": "uygur.elcp.net",
391
- "type": "hostname",
392
- "to_ids": false,
393
- "object_relation": null,
394
- "comment": "Associated with 180.169.28.58 TCP/8080",
395
- "uuid": "5715f9f3-818c-4fdd-bd6f-45a4950d210f",
396
- "category": "Network activity"
397
- },
398
- {
399
- "timestamp": "1461057398",
400
- "value": "bacc4edb5e775d2c957022ad8360946c19f9f75ef2709c1db2d6708d53ec2cd1",
401
- "type": "sha256",
402
- "to_ids": true,
403
- "object_relation": null,
404
- "comment": "spearfish",
405
- "uuid": "5715f3b3-6998-40e7-9235-4b3e950d210f",
406
- "category": "Payload delivery"
407
- },
408
- {
409
- "timestamp": "1461056715",
410
- "value": "IEChecker.exe|7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6",
411
- "type": "filename|sha256",
412
- "to_ids": true,
413
- "object_relation": null,
414
- "comment": "",
415
- "uuid": "5715f3b4-c4f0-4b6b-8661-494f950d210f",
416
- "category": "Payload delivery"
417
- },
418
- {
419
- "timestamp": "1461057157",
420
- "value": "goodnewspaper.gicp.net",
421
- "type": "hostname",
422
- "to_ids": false,
423
- "object_relation": null,
424
- "comment": "Associated with 180.169.28.58 TCP/8080",
425
- "uuid": "5715f659-3464-4c20-9622-489c950d210f",
426
- "category": "Network activity"
427
- },
428
- {
429
- "timestamp": "1461058034",
430
- "value": "uyguhr.sov.te",
431
- "type": "hostname",
432
- "to_ids": false,
433
- "object_relation": null,
434
- "comment": "Associated with 180.169.28.58 TCP/8080",
435
- "uuid": "5715f9f2-4e18-46a8-a304-4aaf950d210f",
436
- "category": "Network activity"
437
- },
438
- {
439
- "timestamp": "1461056523",
440
- "value": "af2cc5bb8d97bf019280c80e2891103a8a1d5e5f8c6305b6f6c4dd83ec245a7d",
441
- "type": "sha256",
442
- "to_ids": false,
443
- "object_relation": null,
444
- "comment": "RTF",
445
- "uuid": "5715f40b-36e0-4bcc-935b-4c64950d210f",
446
- "category": "Payload delivery"
447
- },
448
- {
449
- "timestamp": "1461057163",
450
- "value": "goodnewspaper.f3322.org",
451
- "type": "hostname",
452
- "to_ids": false,
453
- "object_relation": null,
454
- "comment": "Associated with 180.169.28.58 TCP/8080",
455
- "uuid": "5715f500-cff4-42db-a2d9-44b1950d210f",
456
- "category": "Network activity"
457
- },
458
- {
459
- "timestamp": "1461057168",
460
- "value": "20080628.3322.org",
461
- "type": "hostname",
462
- "to_ids": false,
463
- "object_relation": null,
464
- "comment": "Associated with 180.169.28.58 TCP/8080",
465
- "uuid": "5715f500-5c34-42da-bd1f-497f950d210f",
466
- "category": "Network activity"
467
- },
468
- {
469
- "timestamp": "1461057112",
470
- "value": "goodnewspaper.3322.org",
471
- "type": "hostname",
472
- "to_ids": true,
473
- "object_relation": null,
474
- "comment": "Associated with 180.169.28.58 TCP/8080",
475
- "uuid": "5715f658-9c1c-4a06-9273-4785950d210f",
476
- "category": "Network activity"
477
- },
478
- {
479
- "timestamp": "1461070838",
480
- "value": "https://www.virustotal.com/file/4a5d864f69aff245793606b694bcbc5243b81e0b018596bce85ecab0e12ac849/analysis/1414340059/",
481
- "type": "link",
482
- "to_ids": false,
483
- "object_relation": null,
484
- "comment": "",
485
- "uuid": "57162bf6-0ef8-4188-9ac9-45d202de0b81",
486
- "category": "External analysis"
487
- },
488
- {
489
- "timestamp": "1461070837",
490
- "value": "08d7b5b8c9375e6d8ed7201dcb40d741d4d7866c",
491
- "type": "sha1",
492
- "to_ids": true,
493
- "object_relation": null,
494
- "comment": "Imported via the freetext import. - Xchecked via VT: b2ae8c02163dcee142afe71188914321",
495
- "uuid": "57162bf5-af2c-4d7f-8068-4c6402de0b81",
496
- "category": "Payload delivery"
497
- },
498
- {
499
- "timestamp": "1461070837",
500
- "value": "4a5d864f69aff245793606b694bcbc5243b81e0b018596bce85ecab0e12ac849",
501
- "type": "sha256",
502
- "to_ids": true,
503
- "object_relation": null,
504
- "comment": "Imported via the freetext import. - Xchecked via VT: b2ae8c02163dcee142afe71188914321",
505
- "uuid": "57162bf5-f478-4079-b265-40bc02de0b81",
506
- "category": "Payload delivery"
507
- },
508
- {
509
- "timestamp": "1461070837",
510
- "value": "https://www.virustotal.com/file/51c0d075067709c9f8794a25a7e3920bf69f8c755a1794e857acd818ea8a1010/analysis/1458152391/",
511
- "type": "link",
512
- "to_ids": false,
513
- "object_relation": null,
514
- "comment": "",
515
- "uuid": "57162bf5-7020-440e-94b6-4d4f02de0b81",
516
- "category": "External analysis"
517
- },
518
- {
519
- "timestamp": "1461070836",
520
- "value": "2a09888223879b1c44ed1780edf48d089a9925f7",
521
- "type": "sha1",
522
- "to_ids": true,
523
- "object_relation": null,
524
- "comment": "Imported via the freetext import. - Xchecked via VT: 937c13f5915a103aec8d28bdec7cc769",
525
- "uuid": "57162bf4-a518-4dd7-8c8b-4b6902de0b81",
526
- "category": "Payload delivery"
527
- },
528
- {
529
- "timestamp": "1461070836",
530
- "value": "51c0d075067709c9f8794a25a7e3920bf69f8c755a1794e857acd818ea8a1010",
531
- "type": "sha256",
532
- "to_ids": true,
533
- "object_relation": null,
534
- "comment": "Imported via the freetext import. - Xchecked via VT: 937c13f5915a103aec8d28bdec7cc769",
535
- "uuid": "57162bf4-6bf4-435d-92cc-493902de0b81",
536
- "category": "Payload delivery"
537
- },
538
- {
539
- "timestamp": "1461070836",
540
- "value": "https://www.virustotal.com/file/7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6/analysis/1452693896/",
541
- "type": "link",
542
- "to_ids": false,
543
- "object_relation": null,
544
- "comment": "",
545
- "uuid": "57162bf4-0c00-4b36-ad3d-4a8802de0b81",
546
- "category": "External analysis"
547
- },
548
- {
549
- "timestamp": "1461070835",
550
- "value": "c6fe39647f6e902ed7737f4ed057fdda419d5bb3",
551
- "type": "sha1",
552
- "to_ids": true,
553
- "object_relation": null,
554
- "comment": "- Xchecked via VT: 7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6",
555
- "uuid": "57162bf3-5e1c-4c4a-a19e-424002de0b81",
556
- "category": "Payload delivery"
557
- },
558
- {
559
- "timestamp": "1461070835",
560
- "value": "https://www.virustotal.com/file/5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39/analysis/1456612300/",
561
- "type": "link",
562
- "to_ids": false,
563
- "object_relation": null,
564
- "comment": "",
565
- "uuid": "57162bf3-afb4-4ac7-b466-4e8902de0b81",
566
- "category": "External analysis"
567
- },
568
- {
569
- "timestamp": "1461070835",
570
- "value": "09b7e38aa3279eab002f8528c9cae52601bb1038",
571
- "type": "sha1",
572
- "to_ids": true,
573
- "object_relation": null,
574
- "comment": "- Xchecked via VT: 5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39",
575
- "uuid": "57162bf3-3e24-4b6c-997e-498202de0b81",
576
- "category": "Payload delivery"
577
- },
578
- {
579
- "timestamp": "1461070834",
580
- "value": "https://www.virustotal.com/file/185fc01ec8adbaa94da741c4c1cf1b83185ae63899f14ce9949553c5dac3ecf6/analysis/1453280584/",
581
- "type": "link",
582
- "to_ids": false,
583
- "object_relation": null,
584
- "comment": "",
585
- "uuid": "57162bf2-f18c-491d-8c87-475102de0b81",
586
- "category": "External analysis"
587
- },
588
- {
589
- "timestamp": "1461070834",
590
- "value": "6fdd47a2a9dcddd93d9b8ee8a9bb2a28632df58b",
591
- "type": "sha1",
592
- "to_ids": true,
593
- "object_relation": null,
594
- "comment": "Imported via the freetext import. - Xchecked via VT: 185fc01ec8adbaa94da741c4c1cf1b83185ae63899f14ce9949553c5dac3ecf6",
595
- "uuid": "57162bf2-96bc-4f65-8358-454502de0b81",
596
- "category": "Payload delivery"
597
- },
598
- {
599
- "timestamp": "1461070834",
600
- "value": "https://www.virustotal.com/file/4f52292a2136eb7f9538230ae54a323c518fa44cf6de5d10ca7a04ecb6a77872/analysis/1455729543/",
601
- "type": "link",
602
- "to_ids": false,
603
- "object_relation": null,
604
- "comment": "",
605
- "uuid": "57162bf2-324c-4447-9a59-4ed702de0b81",
606
- "category": "External analysis"
607
- },
608
- {
609
- "timestamp": "1461070833",
610
- "value": "9a794b18a1452269adfcc8315520959b512d1c37",
611
- "type": "sha1",
612
- "to_ids": true,
613
- "object_relation": null,
614
- "comment": "spearfish - Xchecked via VT: 4f52292a2136eb7f9538230ae54a323c518fa44cf6de5d10ca7a04ecb6a77872",
615
- "uuid": "57162bf1-b520-4634-bdc0-4bd202de0b81",
616
- "category": "Payload delivery"
617
- },
618
- {
619
- "timestamp": "1461070833",
620
- "value": "https://www.virustotal.com/file/0683fac0b564fe5d2096e207b374a238a811e67b87856fc19bdf8eb3d6f76b49/analysis/1453026661/",
621
- "type": "link",
622
- "to_ids": false,
623
- "object_relation": null,
624
- "comment": "",
625
- "uuid": "57162bf1-1d44-4294-9d0e-412b02de0b81",
626
- "category": "External analysis"
627
- },
628
- {
629
- "timestamp": "1461070833",
630
- "value": "133f5b9bb5d344109c9c628f5dce248b838c257b",
631
- "type": "sha1",
632
- "to_ids": true,
633
- "object_relation": null,
634
- "comment": "RTF - Xchecked via VT: 0683fac0b564fe5d2096e207b374a238a811e67b87856fc19bdf8eb3d6f76b49",
635
- "uuid": "57162bf1-6a38-4c76-89ec-441502de0b81",
636
- "category": "Payload delivery"
637
- },
638
- {
639
- "timestamp": "1461070833",
640
- "value": "https://www.virustotal.com/file/14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4/analysis/1457552893/",
641
- "type": "link",
642
- "to_ids": false,
643
- "object_relation": null,
644
- "comment": "",
645
- "uuid": "57162bf1-3924-4392-ab1e-48a302de0b81",
646
- "category": "External analysis"
647
- },
648
- {
649
- "timestamp": "1461070832",
650
- "value": "c7c4a469ddf4bef2daf9bacc7711f0ae",
651
- "type": "md5",
652
- "to_ids": true,
653
- "object_relation": null,
654
- "comment": "malicious RTF targeting CVE-\u00ad2010\u20103333 - Xchecked via VT: 14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4",
655
- "uuid": "57162bf0-fb5c-4756-810e-4a9f02de0b81",
656
- "category": "Payload delivery"
657
- },
658
- {
659
- "timestamp": "1461070832",
660
- "value": "256ede6a7bff266589aaf996a47bf3eedcd8b980",
661
- "type": "sha1",
662
- "to_ids": true,
663
- "object_relation": null,
664
- "comment": "malicious RTF targeting CVE-\u00ad2010\u20103333 - Xchecked via VT: 14fcfccb0ae8988f95924256a38477fcc5c2c213d8a55e5a83c8c1bb67a4b6d4",
665
- "uuid": "57162bf0-b654-42a6-92c0-4cb202de0b81",
666
- "category": "Payload delivery"
667
- },
668
- {
669
- "timestamp": "1461070832",
670
- "value": "https://www.virustotal.com/file/bacc4edb5e775d2c957022ad8360946c19f9f75ef2709c1db2d6708d53ec2cd1/analysis/1455727175/",
671
- "type": "link",
672
- "to_ids": false,
673
- "object_relation": null,
674
- "comment": "",
675
- "uuid": "57162bf0-8618-4bdb-9e83-4d3102de0b81",
676
- "category": "External analysis"
677
- },
678
- {
679
- "timestamp": "1461070831",
680
- "value": "c1e63556e2bb088b15d2ccb1c0fe6c9ce29cf4e6",
681
- "type": "sha1",
682
- "to_ids": true,
683
- "object_relation": null,
684
- "comment": "spearfish - Xchecked via VT: bacc4edb5e775d2c957022ad8360946c19f9f75ef2709c1db2d6708d53ec2cd1",
685
- "uuid": "57162bef-6e34-4ad3-964f-40aa02de0b81",
686
- "category": "Payload delivery"
687
- },
688
- {
689
- "timestamp": "1461070831",
690
- "value": "https://www.virustotal.com/file/af2cc5bb8d97bf019280c80e2891103a8a1d5e5f8c6305b6f6c4dd83ec245a7d/analysis/1453438981/",
691
- "type": "link",
692
- "to_ids": false,
693
- "object_relation": null,
694
- "comment": "",
695
- "uuid": "57162bef-6dcc-4dc2-9a86-419402de0b81",
696
- "category": "External analysis"
697
- },
698
- {
699
- "timestamp": "1461070831",
700
- "value": "26f1e48f5e05f6d1f923e3a74219ca7bfa7c0995",
701
- "type": "sha1",
702
- "to_ids": false,
703
- "object_relation": null,
704
- "comment": "RTF - Xchecked via VT: af2cc5bb8d97bf019280c80e2891103a8a1d5e5f8c6305b6f6c4dd83ec245a7d",
705
- "uuid": "57162bef-5094-438d-b933-46c902de0b81",
706
- "category": "Payload delivery"
707
- },
708
- {
709
- "timestamp": "1461070830",
710
- "value": "https://www.virustotal.com/file/766e0c75bb13986f6a18f9f6af422dbda8c6717becc9b02cc4046943a960d21f/analysis/1457068422/",
711
- "type": "link",
712
- "to_ids": false,
713
- "object_relation": null,
714
- "comment": "",
715
- "uuid": "57162bee-05b0-4a80-af98-436002de0b81",
716
- "category": "External analysis"
717
- },
718
- {
719
- "timestamp": "1461070830",
720
- "value": "83d3bb544e0542dd9c4168350adef928e4205e69",
721
- "type": "sha1",
722
- "to_ids": true,
723
- "object_relation": null,
724
- "comment": "Imported via the freetext import. - Xchecked via VT: 766e0c75bb13986f6a18f9f6af422dbda8c6717becc9b02cc4046943a960d21f",
725
- "uuid": "57162bee-44f4-423e-9c17-4a6202de0b81",
726
- "category": "Payload delivery"
727
- },
728
- {
729
- "timestamp": "1461070830",
730
- "value": "https://www.virustotal.com/file/9d69221584a5c6f8147479282eae3017c2884ae5138d3b910c36a2a38039c776/analysis/1436830597/",
731
- "type": "link",
732
- "to_ids": false,
733
- "object_relation": null,
734
- "comment": "",
735
- "uuid": "57162bee-b524-49ab-9591-43a702de0b81",
736
- "category": "External analysis"
737
- },
738
- {
739
- "timestamp": "1461071176",
740
- "value": "ba77d50870756d247a580b8a3a56722c",
741
- "type": "md5",
742
- "to_ids": true,
743
- "object_relation": null,
744
- "comment": "Imported via the freetext import.",
745
- "uuid": "57162d48-9f6c-4250-b463-4c73950d210f",
746
- "category": "Payload delivery"
747
- },
748
- {
749
- "timestamp": "1461070829",
750
- "value": "c3a1b57a062bfd27ea9a56f6439193369970e336",
751
- "type": "sha1",
752
- "to_ids": true,
753
- "object_relation": null,
754
- "comment": "Imported via the freetext import. - Xchecked via VT: 9d69221584a5c6f8147479282eae3017c2884ae5138d3b910c36a2a38039c776",
755
- "uuid": "57162bed-1bfc-4f65-bb04-4e8a02de0b81",
756
- "category": "Payload delivery"
757
- },
758
- {
759
- "timestamp": "1461070939",
760
- "value": "brochure .doc|0ed325b841a2beb446c5e9a6825deaa021651c8b627aa7147d89edde05af6598",
761
- "type": "filename|sha256",
762
- "to_ids": true,
763
- "object_relation": null,
764
- "comment": "",
765
- "uuid": "57162be0-b2b0-4a8d-83be-4446950d210f",
766
- "category": "Payload delivery"
767
- },
768
- {
769
- "timestamp": "1461070890",
770
- "value": "brochure .rar|e8af4f3504b0e1cf165dfd1070342b831fd7b5b45da94c6f2a25c28dd6eb3c4a",
771
- "type": "filename|sha256",
772
- "to_ids": true,
773
- "object_relation": null,
774
- "comment": "Imported via the freetext import.",
775
- "uuid": "57162be0-4da4-41ff-a407-440d950d210f",
776
- "category": "Payload delivery"
777
- },
778
- {
779
- "timestamp": "1461070743",
780
- "value": "brochure .doc|835fee42132feebe9b3231297e5e71a8",
781
- "type": "filename|md5",
782
- "to_ids": true,
783
- "object_relation": null,
784
- "comment": "Imported via the freetext import.",
785
- "uuid": "57162b63-ecd8-4688-aa03-45bc950d210f",
786
- "category": "Payload delivery"
787
- },
788
- {
789
- "timestamp": "1461070729",
790
- "value": "brochure .rar|c8c6365bf21d947e8e986d4766a9fc16",
791
- "type": "filename|md5",
792
- "to_ids": true,
793
- "object_relation": null,
794
- "comment": "Imported via the freetext import.",
795
- "uuid": "57162b62-5d5c-4a71-a20b-458b950d210f",
796
- "category": "Payload delivery"
797
- },
798
- {
799
- "timestamp": "1461070650",
800
- "value": "uhfx.dll|a46905252567ed2fe17a407d8ae14036fde180f0a42756304109f34d1e8ad872",
801
- "type": "filename|sha256",
802
- "to_ids": true,
803
- "object_relation": null,
804
- "comment": "",
805
- "uuid": "57162b3a-443c-40f1-9f45-40cb950d210f",
806
- "category": "Payload delivery"
807
- },
808
- {
809
- "timestamp": "1461070619",
810
- "value": "tnyjs.dll|5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39",
811
- "type": "filename|sha256",
812
- "to_ids": true,
813
- "object_relation": null,
814
- "comment": "",
815
- "uuid": "57162b1b-f190-45e8-a60c-4b3d950d210f",
816
- "category": "Payload delivery"
817
- },
818
- {
819
- "timestamp": "1461070493",
820
- "value": "18219708781208889af05842ea6d563e56910424ec97ef8f695c0c7a82610a23",
821
- "type": "sha256",
822
- "to_ids": true,
823
- "object_relation": null,
824
- "comment": "Imported via the freetext import.",
825
- "uuid": "57162a9d-6488-4e2c-852c-4ec9950d210f",
826
- "category": "Payload delivery"
827
- },
828
- {
829
- "timestamp": "1461070492",
830
- "value": "uhfx.dll|6db7ad23186f445c410f59a41e7f8ac5",
831
- "type": "filename|md5",
832
- "to_ids": true,
833
- "object_relation": null,
834
- "comment": "Imported via the freetext import.",
835
- "uuid": "57162a9c-162c-42a2-b2aa-4af9950d210f",
836
- "category": "Payload delivery"
837
- },
838
- {
839
- "timestamp": "1461070491",
840
- "value": "tnyjs.dll|5bc954d76342d2860192398f186f3310",
841
- "type": "filename|md5",
842
- "to_ids": true,
843
- "object_relation": null,
844
- "comment": "Imported via the freetext import.",
845
- "uuid": "57162a9b-3828-4d68-8917-4d4f950d210f",
846
- "category": "Payload delivery"
847
- },
848
- {
849
- "timestamp": "1461069906",
850
- "value": "rule kivars_service {\r\n\r\nmeta:\r\n\r\n\tdescription = \"Detects instances of Kivars malware when installed as a service\"\r\n\tauthor = \"cwilson@arbor.net\"\r\n\tSHA\u2010256 = \"443d24d719dec79a2e1be682943795b617064d86f2ebaec7975978f0b1f6950d\"\r\n\tSHA-256 = \"44439e2ae675c548ad193aa67baa8e6abff5cc60c8a4c843a5c9f0c13ffec2d8\"\r\n\tSHA\u00ad-256 = \"74ed059519573a393aa7562e2a2afaf046cf872ea51f708a22b58b85c98718a8\"\r\n\tSHA\u00ad\u2010256 = \"80748362762996d4b23f8d4e55d2ef8ca2689b84cc0b5984f420afbb73acad1f\"\r\n\tSHA\u2010256 = \"9ba14273bfdd4a4b192c625d900b29e1fc3c8673154d3b4c4c3202109e918c8d\"\r\n\tSHA-256 = \"fba3cd920165b47cb39f3c970b8157b4e776cc062c74579a252d8dd2874b2e6b\"\r\n\r\nstrings:\r\n\r\n\t$s1 = \"\\\\Projects\\\\Br2012\\\\Release\\\\svc.pdb\"\r\n\t$s2 = \"This is a flag\"\r\n\t$s3 = \"svc.dll\"\r\n\t$s4 = \"ServiceMain\"\r\n\t$s5 = \"winsta0\"\r\n\r\ncondition:\r\n\r\n\tuint16(0) == 0x5A4D and < 1000000 and (all of ($s*))\r\n\r\n}",
851
- "type": "yara",
852
- "to_ids": false,
853
- "object_relation": null,
854
- "comment": "",
855
- "uuid": "57162852-bbe8-4aa9-a420-4f3a950d210f",
856
- "category": "Payload delivery"
857
- },
858
- {
859
- "timestamp": "1461068924",
860
- "value": "122.10.9.121",
861
- "type": "ip-dst",
862
- "to_ids": true,
863
- "object_relation": null,
864
- "comment": "Imported via the freetext import.",
865
- "uuid": "5716247c-22d4-421d-9e0e-4f80950d210f",
866
- "category": "Network activity"
867
- },
868
- {
869
- "timestamp": "1461068923",
870
- "value": "adc.microsoftmse.com",
871
- "type": "hostname",
872
- "to_ids": true,
873
- "object_relation": null,
874
- "comment": "Imported via the freetext import.",
875
- "uuid": "5716247b-2390-4de2-951c-4bc2950d210f",
876
- "category": "Network activity"
877
- },
878
- {
879
- "timestamp": "1461068866",
880
- "value": "766e0c75bb13986f6a18f9f6af422dbda8c6717becc9b02cc4046943a960d21f",
881
- "type": "sha256",
882
- "to_ids": true,
883
- "object_relation": null,
884
- "comment": "Imported via the freetext import.",
885
- "uuid": "57162442-3070-40ac-8735-4c27950d210f",
886
- "category": "Payload delivery"
887
- },
888
- {
889
- "timestamp": "1461068866",
890
- "value": "0566703ccda6c60816ef1d8d917aa7b0",
891
- "type": "md5",
892
- "to_ids": true,
893
- "object_relation": null,
894
- "comment": "Imported via the freetext import.",
895
- "uuid": "57162442-63f4-4891-9148-4876950d210f",
896
- "category": "Payload delivery"
897
- },
898
- {
899
- "timestamp": "1461068770",
900
- "value": "wins.microsoftmse.com",
901
- "type": "hostname",
902
- "to_ids": true,
903
- "object_relation": null,
904
- "comment": "Imported via the freetext import.",
905
- "uuid": "571623e2-0aa4-44a7-9198-4cc1950d210f",
906
- "category": "Network activity"
907
- },
908
- {
909
- "timestamp": "1461068770",
910
- "value": "b2ae8c02163dcee142afe71188914321",
911
- "type": "md5",
912
- "to_ids": true,
913
- "object_relation": null,
914
- "comment": "Imported via the freetext import.",
915
- "uuid": "571623e2-80e4-4864-a72c-4ca1950d210f",
916
- "category": "Payload delivery"
917
- },
918
- {
919
- "timestamp": "1461068770",
920
- "value": "9d69221584a5c6f8147479282eae3017c2884ae5138d3b910c36a2a38039c776",
921
- "type": "sha256",
922
- "to_ids": true,
923
- "object_relation": null,
924
- "comment": "Imported via the freetext import.",
925
- "uuid": "571623e2-1a50-4035-927b-4453950d210f",
926
- "category": "Payload delivery"
927
- },
928
- {
929
- "timestamp": "1461068769",
930
- "value": "19b2ed8ab09a43151c9951ff0432a861",
931
- "type": "md5",
932
- "to_ids": true,
933
- "object_relation": null,
934
- "comment": "Imported via the freetext import.",
935
- "uuid": "571623e1-44e0-4808-9333-4c60950d210f",
936
- "category": "Payload delivery"
937
- },
938
- {
939
- "timestamp": "1461068769",
940
- "value": "203.160.247.21",
941
- "type": "ip-dst",
942
- "to_ids": true,
943
- "object_relation": null,
944
- "comment": "On port 443",
945
- "uuid": "571623e1-3bb0-4f0b-8543-4483950d210f",
946
- "category": "Network activity"
947
- },
948
- {
949
- "timestamp": "1461068769",
950
- "value": "937c13f5915a103aec8d28bdec7cc769",
951
- "type": "md5",
952
- "to_ids": true,
953
- "object_relation": null,
954
- "comment": "Imported via the freetext import.",
955
- "uuid": "571623e1-aaf8-4d39-a018-4a6e950d210f",
956
- "category": "Payload delivery"
957
- },
958
- {
959
- "timestamp": "1461056735",
960
- "value": "IEChecker.exe|46c7d064a34c4e02bb2df56e0f8470c0",
961
- "type": "filename|md5",
962
- "to_ids": true,
963
- "object_relation": null,
964
- "comment": "",
965
- "uuid": "5715f2cf-8de8-4475-a716-4de1950d210f",
966
- "category": "Payload delivery"
967
- },
968
- {
969
- "timestamp": "1461056207",
970
- "value": "c674ae90f686d831cffc223a55782a93",
971
- "type": "md5",
972
- "to_ids": true,
973
- "object_relation": null,
974
- "comment": "RTF",
975
- "uuid": "5715f2cf-ee4c-4585-a40e-4d6c950d210f",
976
- "category": "Payload delivery"
977
- },
978
- {
979
- "timestamp": "1461056206",
980
- "value": "7d4f8341b58602a17184bc5c07311e8b",
981
- "type": "md5",
982
- "to_ids": true,
983
- "object_relation": null,
984
- "comment": "spearfish",
985
- "uuid": "5715f2ce-b55c-4357-bdfe-43d5950d210f",
986
- "category": "Payload delivery"
987
- },
988
- {
989
- "timestamp": "1461067343",
990
- "value": "180.169.28.58",
991
- "type": "ip-dst",
992
- "to_ids": true,
993
- "object_relation": null,
994
- "comment": "On port 8080",
995
- "uuid": "5715eae1-b6f0-46c6-af87-40de950d210f",
996
- "category": "Network activity"
997
- },
998
- {
999
- "timestamp": "1461007906",
1000
- "value": "198.55.120.143",
1001
- "type": "ip-dst",
1002
- "to_ids": true,
1003
- "object_relation": null,
1004
- "comment": "On port 7386",
1005
- "uuid": "57153622-b0fc-4002-ae3c-3e3c950d210f",
1006
- "category": "Network activity"
1007
- },
1008
- {
1009
- "timestamp": "1461007824",
1010
- "value": "CVE-2015-1770",
1011
- "type": "vulnerability",
1012
- "to_ids": false,
1013
- "object_relation": null,
1014
- "comment": "",
1015
- "uuid": "571535d0-c074-4f8b-b2dc-4fb9950d210f",
1016
- "category": "Payload delivery"
1017
- },
1018
- {
1019
- "timestamp": "1461007824",
1020
- "value": "CVE-2015-1641",
1021
- "type": "vulnerability",
1022
- "to_ids": false,
1023
- "object_relation": null,
1024
- "comment": "",
1025
- "uuid": "571535d0-b898-4ab7-80f4-4555950d210f",
1026
- "category": "Payload delivery"
1027
- },
1028
- {
1029
- "timestamp": "1461007824",
1030
- "value": "CVE-2012-1856",
1031
- "type": "vulnerability",
1032
- "to_ids": false,
1033
- "object_relation": null,
1034
- "comment": "",
1035
- "uuid": "571535d0-ee34-47e6-8ae9-4c82950d210f",
1036
- "category": "Payload delivery"
1037
- },
1038
- {
1039
- "timestamp": "1461007824",
1040
- "value": "CVE-2012-0158",
1041
- "type": "vulnerability",
1042
- "to_ids": false,
1043
- "object_relation": null,
1044
- "comment": "",
1045
- "uuid": "571535d0-050c-4c6f-9eee-4b3c950d210f",
1046
- "category": "Payload delivery"
1047
- },
1048
- {
1049
- "timestamp": "1461007775",
1050
- "value": "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/04/ASERT-Threat-Intelligence-Report-2016-03-The-Four-Element-Sword-Engagement.pdf",
1051
- "type": "link",
1052
- "to_ids": false,
1053
- "object_relation": null,
1054
- "comment": "",
1055
- "uuid": "5715359f-6c3c-49f6-9447-4a6b950d210f",
1056
- "category": "External analysis"
1057
- },
1058
- {
1059
- "timestamp": "1461070838",
1060
- "value": "e12e06f42cbdf05e91b89e364ed4319dd257fc71",
1061
- "type": "sha1",
1062
- "to_ids": true,
1063
- "object_relation": null,
1064
- "comment": "Imported via the freetext import. - Xchecked via VT: c8c6365bf21d947e8e986d4766a9fc16",
1065
- "uuid": "57162bf6-6068-46fd-a2fe-49ef02de0b81",
1066
- "category": "Payload delivery"
1067
- },
1068
- {
1069
- "timestamp": "1461070838",
1070
- "value": "https://www.virustotal.com/file/e8af4f3504b0e1cf165dfd1070342b831fd7b5b45da94c6f2a25c28dd6eb3c4a/analysis/1451715280/",
1071
- "type": "link",
1072
- "to_ids": false,
1073
- "object_relation": null,
1074
- "comment": "",
1075
- "uuid": "57162bf6-8e08-4388-865b-42b102de0b81",
1076
- "category": "External analysis"
1077
- },
1078
- {
1079
- "timestamp": "1461070839",
1080
- "value": "3370ec0c71056a6fc6860c54dee96675ffb85b92",
1081
- "type": "sha1",
1082
- "to_ids": true,
1083
- "object_relation": null,
1084
- "comment": "Imported via the freetext import. - Xchecked via VT: 835fee42132feebe9b3231297e5e71a8",
1085
- "uuid": "57162bf7-00c0-407d-bd0a-48c102de0b81",
1086
- "category": "Payload delivery"
1087
- },
1088
- {
1089
- "timestamp": "1461070839",
1090
- "value": "https://www.virustotal.com/file/0ed325b841a2beb446c5e9a6825deaa021651c8b627aa7147d89edde05af6598/analysis/1456325644/",
1091
- "type": "link",
1092
- "to_ids": false,
1093
- "object_relation": null,
1094
- "comment": "",
1095
- "uuid": "57162bf7-3248-4844-84a2-44aa02de0b81",
1096
- "category": "External analysis"
1097
- },
1098
- {
1099
- "timestamp": "1461071177",
1100
- "value": "1c4e3c4df094c32faf0c30f6a613c63e",
1101
- "type": "md5",
1102
- "to_ids": true,
1103
- "object_relation": null,
1104
- "comment": "Imported via the freetext import.",
1105
- "uuid": "57162d49-a7fc-4dc4-9fc7-46a4950d210f",
1106
- "category": "Payload delivery"
1107
- },
1108
- {
1109
- "timestamp": "1461071177",
1110
- "value": "89e4cff1496aafa0776619729a75d4ab",
1111
- "type": "md5",
1112
- "to_ids": true,
1113
- "object_relation": null,
1114
- "comment": "Imported via the freetext import.",
1115
- "uuid": "57162d49-fa0c-4103-ab37-4905950d210f",
1116
- "category": "Payload delivery"
1117
- },
1118
- {
1119
- "timestamp": "1461071178",
1120
- "value": "f25634becd08d5298db1f3014e477e00",
1121
- "type": "md5",
1122
- "to_ids": true,
1123
- "object_relation": null,
1124
- "comment": "Imported via the freetext import.",
1125
- "uuid": "57162d4a-afa8-4668-812a-4191950d210f",
1126
- "category": "Payload delivery"
1127
- },
1128
- {
1129
- "timestamp": "1461071178",
1130
- "value": "ad251fd7427c0334f34aabe100a216b4af48b1ab4a01705f44b3421edd0be6ae",
1131
- "type": "sha256",
1132
- "to_ids": true,
1133
- "object_relation": null,
1134
- "comment": "Imported via the freetext import.",
1135
- "uuid": "57162d4a-fbac-4e6d-9bce-427e950d210f",
1136
- "category": "Payload delivery"
1137
- },
1138
- {
1139
- "timestamp": "1461071178",
1140
- "value": "f6bc895b36446d172c4a99be2587376b48fa3b1b0f6150eb8ab83f649f7b8bc6",
1141
- "type": "sha256",
1142
- "to_ids": true,
1143
- "object_relation": null,
1144
- "comment": "Imported via the freetext import.",
1145
- "uuid": "57162d4a-ffc8-4fe8-ae07-4722950d210f",
1146
- "category": "Payload delivery"
1147
- },
1148
- {
1149
- "timestamp": "1461071179",
1150
- "value": "8dfcae0eb358f48fc30163e58c75823117f6fd501a48f3dfeb19a06d1c21aa51",
1151
- "type": "sha256",
1152
- "to_ids": true,
1153
- "object_relation": null,
1154
- "comment": "Imported via the freetext import.",
1155
- "uuid": "57162d4b-fea8-47c9-b704-447a950d210f",
1156
- "category": "Payload delivery"
1157
- },
1158
- {
1159
- "timestamp": "1461071179",
1160
- "value": "f8a18e8b8e6606617e3a63ee5a3050a1b30361703c9a7d9e2d5cc94090c9907b",
1161
- "type": "sha256",
1162
- "to_ids": true,
1163
- "object_relation": null,
1164
- "comment": "Imported via the freetext import.",
1165
- "uuid": "57162d4b-cb90-49de-8706-4258950d210f",
1166
- "category": "Payload delivery"
1167
- },
1168
- {
1169
- "timestamp": "1461071840",
1170
- "value": "D:\\WORK\\T9000\\N_Inst_User_M1\\Release\\N_Inst_User32.pdb",
1171
- "type": "pdb",
1172
- "to_ids": false,
1173
- "object_relation": null,
1174
- "comment": "",
1175
- "uuid": "57162fe0-9dd8-4d4b-b5db-4511950d210f",
1176
- "category": "Artifacts dropped"
1177
- },
1178
- {
1179
- "timestamp": "1461074339",
1180
- "value": "4f1784a4e4181b4c80f8d77675a267cbdd0e35ea1756c9fdb82294251bef1d28",
1181
- "type": "sha256",
1182
- "to_ids": true,
1183
- "object_relation": null,
1184
- "comment": "bait file",
1185
- "uuid": "5716393a-9718-4575-b267-4c6d950d210f",
1186
- "category": "Payload delivery"
1187
- },
1188
- {
1189
- "timestamp": "1461074368",
1190
- "value": "E804.tmp|5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c",
1191
- "type": "filename|sha256",
1192
- "to_ids": true,
1193
- "object_relation": null,
1194
- "comment": "",
1195
- "uuid": "571639c0-0f48-454b-b4f5-4f8e950d210f",
1196
- "category": "Payload delivery"
1197
- },
1198
- {
1199
- "timestamp": "1461074314",
1200
- "value": "647b443ecaa38d2834e5681f20540fa84a5cf2b7e1bee6a2524ce59783cb8d1b",
1201
- "type": "sha256",
1202
- "to_ids": true,
1203
- "object_relation": null,
1204
- "comment": "RTF",
1205
- "uuid": "5716393a-59ec-46a8-be9f-4729950d210f",
1206
- "category": "Payload delivery"
1207
- },
1208
- {
1209
- "timestamp": "1461074289",
1210
- "value": "9ae498307da6c2e677a97a458bff1aea",
1211
- "type": "md5",
1212
- "to_ids": true,
1213
- "object_relation": null,
1214
- "comment": "bait file",
1215
- "uuid": "5716393a-be40-4cea-860e-4198950d210f",
1216
- "category": "Payload delivery"
1217
- },
1218
- {
1219
- "timestamp": "1461074233",
1220
- "value": "E804.tmp|e4e8493898d94f737ff4dc8fab743a4a",
1221
- "type": "filename|md5",
1222
- "to_ids": true,
1223
- "object_relation": null,
1224
- "comment": "Imported via the freetext import.",
1225
- "uuid": "57163939-db08-4130-8859-4246950d210f",
1226
- "category": "Payload delivery"
1227
- },
1228
- {
1229
- "timestamp": "1461074276",
1230
- "value": "da97c88858214242374f27d32e27d957",
1231
- "type": "md5",
1232
- "to_ids": true,
1233
- "object_relation": null,
1234
- "comment": "RTF",
1235
- "uuid": "57163938-0878-4bcb-a764-4f47950d210f",
1236
- "category": "Payload delivery"
1237
- },
1238
- {
1239
- "timestamp": "1461073849",
1240
- "value": "d5fa43be20aa94baf1737289c5034e2235f1393890fb6f4e8d4104565be52d8c",
1241
- "type": "sha256",
1242
- "to_ids": true,
1243
- "object_relation": null,
1244
- "comment": "Imported via the freetext import.",
1245
- "uuid": "571637b9-a1d4-47e7-924c-478d950d210f",
1246
- "category": "Payload delivery"
1247
- },
1248
- {
1249
- "timestamp": "1461073848",
1250
- "value": "fb1e8c42d11e3a2de97814e451ee3375",
1251
- "type": "md5",
1252
- "to_ids": true,
1253
- "object_relation": null,
1254
- "comment": "Imported via the freetext import.",
1255
- "uuid": "571637b8-b8a0-472d-982f-49ac950d210f",
1256
- "category": "Payload delivery"
1257
- },
1258
- {
1259
- "timestamp": "1461072137",
1260
- "value": "igfxtray.exe",
1261
- "type": "url",
1262
- "to_ids": true,
1263
- "object_relation": null,
1264
- "comment": "Imported via the freetext import.",
1265
- "uuid": "57163109-be58-4cc7-89c1-4446950d210f",
1266
- "category": "Network activity"
1267
- },
1268
- {
1269
- "timestamp": "1461072137",
1270
- "value": "Data/dtl.dat",
1271
- "type": "url",
1272
- "to_ids": true,
1273
- "object_relation": null,
1274
- "comment": "Imported via the freetext import.",
1275
- "uuid": "57163109-6304-413e-9884-4a42950d210f",
1276
- "category": "Network activity"
1277
- },
1278
- {
1279
- "timestamp": "1461072137",
1280
- "value": "Data/glp.uin",
1281
- "type": "url",
1282
- "to_ids": true,
1283
- "object_relation": null,
1284
- "comment": "Imported via the freetext import.",
1285
- "uuid": "57163109-1e04-4ef4-bf92-480b950d210f",
1286
- "category": "Network activity"
1287
- },
1288
- {
1289
- "timestamp": "1461072625",
1290
- "value": "http://198.55.120.143:7386/B/ResN32.dll",
1291
- "type": "url",
1292
- "to_ids": true,
1293
- "object_relation": null,
1294
- "comment": "Imported via the freetext import.",
1295
- "uuid": "571632f1-d2f8-4e0c-9322-4370950d210f",
1296
- "category": "Network activity"
1297
- },
1298
- {
1299
- "timestamp": "1461072625",
1300
- "value": "fdb6543bfb77aa6ddff0f4dfe07e442f",
1301
- "type": "md5",
1302
- "to_ids": true,
1303
- "object_relation": null,
1304
- "comment": "RTF",
1305
- "uuid": "571632f1-9d80-4532-9288-4598950d210f",
1306
- "category": "Payload delivery"
1307
- },
1308
- {
1309
- "timestamp": "1461072626",
1310
- "value": "d8d70851641efbdfce8d561e6b1a2f29",
1311
- "type": "md5",
1312
- "to_ids": true,
1313
- "object_relation": null,
1314
- "comment": "T9000 main binary",
1315
- "uuid": "571632f2-4d40-4809-af5e-411a950d210f",
1316
- "category": "Payload delivery"
1317
- },
1318
- {
1319
- "timestamp": "1461072626",
1320
- "value": "Elevate.dll|1d335f6a58cb9fab503a9b9cb371f57b",
1321
- "type": "filename|md5",
1322
- "to_ids": true,
1323
- "object_relation": null,
1324
- "comment": "Imported via the freetext import.",
1325
- "uuid": "571632f2-5290-46c4-bd6b-48d3950d210f",
1326
- "category": "Payload delivery"
1327
- },
1328
- {
1329
- "timestamp": "1461072627",
1330
- "value": "QQMgr.dll|b9c584c7c34d14599de8cd3b72f2074b",
1331
- "type": "filename|md5",
1332
- "to_ids": true,
1333
- "object_relation": null,
1334
- "comment": "Imported via the freetext import.",
1335
- "uuid": "571632f3-f5b8-4fe6-bff3-4e11950d210f",
1336
- "category": "Payload delivery"
1337
- },
1338
- {
1339
- "timestamp": "1461072627",
1340
- "value": "QQMgr.inf|8ac933be588f49560179c26ddbc6a753",
1341
- "type": "filename|md5",
1342
- "to_ids": true,
1343
- "object_relation": null,
1344
- "comment": "Imported via the freetext import.",
1345
- "uuid": "571632f3-63a8-43a2-9260-43b9950d210f",
1346
- "category": "Payload delivery"
1347
- },
1348
- {
1349
- "timestamp": "1461072628",
1350
- "value": "ResN32.dat|50753c28878ce10a748fbd7b831ecbe1",
1351
- "type": "filename|md5",
1352
- "to_ids": true,
1353
- "object_relation": null,
1354
- "comment": "Imported via the freetext import.",
1355
- "uuid": "571632f4-d0a0-4595-9c2d-46fa950d210f",
1356
- "category": "Payload delivery"
1357
- },
1358
- {
1359
- "timestamp": "1461072629",
1360
- "value": "ResN32.dll|a45e5c32fc2bc7be9d6e4bba8b2807bf",
1361
- "type": "filename|md5",
1362
- "to_ids": true,
1363
- "object_relation": null,
1364
- "comment": "Imported via the freetext import.",
1365
- "uuid": "571632f5-2e3c-4637-95ce-46db950d210f",
1366
- "category": "Payload delivery"
1367
- },
1368
- {
1369
- "timestamp": "1461072629",
1370
- "value": "hccutils.dll|2299fb8268f47294eb2b18282540a955",
1371
- "type": "filename|md5",
1372
- "to_ids": true,
1373
- "object_relation": null,
1374
- "comment": "Imported via the freetext import.",
1375
- "uuid": "571632f5-6a74-4bfc-bb34-499a950d210f",
1376
- "category": "Payload delivery"
1377
- },
1378
- {
1379
- "timestamp": "1461072630",
1380
- "value": "hccutils.inf|2f31ef1a8fca047ed0d623010d569857",
1381
- "type": "filename|md5",
1382
- "to_ids": true,
1383
- "object_relation": null,
1384
- "comment": "Imported via the freetext import.",
1385
- "uuid": "571632f6-743c-4e90-8619-4c5a950d210f",
1386
- "category": "Payload delivery"
1387
- },
1388
- {
1389
- "timestamp": "1461072631",
1390
- "value": "hjwe.dat|d3601a5160b8d122261989d147221eb7",
1391
- "type": "filename|md5",
1392
- "to_ids": true,
1393
- "object_relation": null,
1394
- "comment": "Imported via the freetext import.",
1395
- "uuid": "571632f7-b1dc-4a7e-98d1-43c3950d210f",
1396
- "category": "Payload delivery"
1397
- },
1398
- {
1399
- "timestamp": "1461072631",
1400
- "value": "qhnj.dat|a9de62186cb8d0e23b0dc75e1ae373ac",
1401
- "type": "filename|md5",
1402
- "to_ids": true,
1403
- "object_relation": null,
1404
- "comment": "Imported via the freetext import.",
1405
- "uuid": "571632f7-ba34-4fde-b022-499e950d210f",
1406
- "category": "Payload delivery"
1407
- },
1408
- {
1409
- "timestamp": "1461072632",
1410
- "value": "tyeu.dat|29ec20f5fa1817dc9250c434e61420ea",
1411
- "type": "filename|md5",
1412
- "to_ids": true,
1413
- "object_relation": null,
1414
- "comment": "Imported via the freetext import.",
1415
- "uuid": "571632f8-ba50-40d4-b668-40b6950d210f",
1416
- "category": "Payload delivery"
1417
- },
1418
- {
1419
- "timestamp": "1461072632",
1420
- "value": "vnkd.dat|35f4ce864c3a3dc016fea3459d6402a9",
1421
- "type": "filename|md5",
1422
- "to_ids": true,
1423
- "object_relation": null,
1424
- "comment": "Imported via the freetext import.",
1425
- "uuid": "571632f8-b0ac-45b2-b300-4acd950d210f",
1426
- "category": "Payload delivery"
1427
- },
1428
- {
1429
- "timestamp": "1461072966",
1430
- "value": "8e4de6fb35ce4cd47e06b48fb86b7da3eba02031cfd8ae714e25f8f7903f0141",
1431
- "type": "sha256",
1432
- "to_ids": true,
1433
- "object_relation": null,
1434
- "comment": "RTF",
1435
- "uuid": "571633f1-ceac-4898-af6f-4077950d210f",
1436
- "category": "Payload delivery"
1437
- },
1438
- {
1439
- "timestamp": "1461072994",
1440
- "value": "7c04286734718300e2c0691be9b6622f2d2525ca07ab27102a424af6f8cc3aec",
1441
- "type": "sha256",
1442
- "to_ids": true,
1443
- "object_relation": null,
1444
- "comment": "T9000 man binary",
1445
- "uuid": "571633f2-853c-4d2a-99c0-4157950d210f",
1446
- "category": "Payload delivery"
1447
- },
1448
- {
1449
- "timestamp": "1461073261",
1450
- "value": "Elevate.dll|9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95",
1451
- "type": "filename|sha256",
1452
- "to_ids": true,
1453
- "object_relation": null,
1454
- "comment": "",
1455
- "uuid": "5716356d-8e44-44e0-bdbe-43e8950d210f",
1456
- "category": "Payload delivery"
1457
- },
1458
- {
1459
- "timestamp": "1461073285",
1460
- "value": "QQMgr.dll|bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f",
1461
- "type": "filename|sha256",
1462
- "to_ids": true,
1463
- "object_relation": null,
1464
- "comment": "",
1465
- "uuid": "57163585-4fa0-4a17-9aab-46c2950d210f",
1466
- "category": "Payload delivery"
1467
- },
1468
- {
1469
- "timestamp": "1461073322",
1470
- "value": "ResN32.dat|5b90fa081e3ac29a7339995f9b087dab9981409ff62e3215eb558908c6b96b14",
1471
- "type": "filename|sha256",
1472
- "to_ids": true,
1473
- "object_relation": null,
1474
- "comment": "",
1475
- "uuid": "571635aa-1d00-4b7f-b330-4030950d210f",
1476
- "category": "Payload delivery"
1477
- },
1478
- {
1479
- "timestamp": "1461073346",
1480
- "value": "QQMgr.inf|ace7e3535f2f1fe32e693920a9f411eea21682c87a8e6661d3b67330cd221a2a",
1481
- "type": "filename|sha256",
1482
- "to_ids": true,
1483
- "object_relation": null,
1484
- "comment": "",
1485
- "uuid": "571635c2-8fb0-46d1-ba3d-4861950d210f",
1486
- "category": "Payload delivery"
1487
- },
1488
- {
1489
- "timestamp": "1461073418",
1490
- "value": "ResN32.dll|1cea4e49bd785378d8beb863bb8eb662042dffd18c85b8c14c74a0367071d9a7",
1491
- "type": "filename|sha256",
1492
- "to_ids": true,
1493
- "object_relation": null,
1494
- "comment": "",
1495
- "uuid": "5716360a-2a3c-429e-82dd-49d2950d210f",
1496
- "category": "Payload delivery"
1497
- },
1498
- {
1499
- "timestamp": "1461073467",
1500
- "value": "hccutils.dll|3dfc94605daf51ebd7bbccbb3a9049999f8d555db0999a6a7e6265a7e458cab9",
1501
- "type": "filename|sha256",
1502
- "to_ids": true,
1503
- "object_relation": null,
1504
- "comment": "",
1505
- "uuid": "5716363b-7a90-44eb-92d5-46e3950d210f",
1506
- "category": "Payload delivery"
1507
- },
1508
- {
1509
- "timestamp": "1461073483",
1510
- "value": "hccutils.inf|f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27",
1511
- "type": "filename|sha256",
1512
- "to_ids": true,
1513
- "object_relation": null,
1514
- "comment": "",
1515
- "uuid": "5716364b-1940-4d7c-a2ee-4ba3950d210f",
1516
- "category": "Payload delivery"
1517
- },
1518
- {
1519
- "timestamp": "1461073500",
1520
- "value": "hjwe.dat|bb73261072d2ef220b8f87c6bb7488ad2da736790898d61f33a5fb7747abf48b",
1521
- "type": "filename|sha256",
1522
- "to_ids": true,
1523
- "object_relation": null,
1524
- "comment": "",
1525
- "uuid": "5716365c-65b4-4d71-9618-4d3c950d210f",
1526
- "category": "Payload delivery"
1527
- },
1528
- {
1529
- "timestamp": "1461073515",
1530
- "value": "vnkd.dat|c22b40db7f9f8ebdbde4e5fc3a44e15449f75c40830c88932f9abd541cc78465",
1531
- "type": "filename|sha256",
1532
- "to_ids": true,
1533
- "object_relation": null,
1534
- "comment": "",
1535
- "uuid": "5716366b-7980-4c53-a04c-44ae950d210f",
1536
- "category": "Payload delivery"
1537
- },
1538
- {
1539
- "timestamp": "1461073533",
1540
- "value": "tyeu.dat|e52b5ed63719a2798314a9c49c42c0ed4eb22a1ac4a2ad30e8bfc899edcea926",
1541
- "type": "filename|sha256",
1542
- "to_ids": true,
1543
- "object_relation": null,
1544
- "comment": "",
1545
- "uuid": "5716367d-2b88-45b5-a3bb-4915950d210f",
1546
- "category": "Payload delivery"
1547
- },
1548
- {
1549
- "timestamp": "1461073550",
1550
- "value": "qhnj.dat|c61dbc7b51caab1d0353cbba9a8f51f65ef167459277c1c16f15eb6c7025cfe3",
1551
- "type": "filename|sha256",
1552
- "to_ids": true,
1553
- "object_relation": null,
1554
- "comment": "",
1555
- "uuid": "5716368e-b1b0-4184-aa05-445c950d210f",
1556
- "category": "Payload delivery"
1557
- },
1558
- {
1559
- "timestamp": "1461074701",
1560
- "value": "e1269c22ad1e057b9c91523498b4b04d",
1561
- "type": "md5",
1562
- "to_ids": true,
1563
- "object_relation": null,
1564
- "comment": "Imported via the freetext import.",
1565
- "uuid": "57163b0d-9214-43d4-9c9f-4d5f950d210f",
1566
- "category": "Payload delivery"
1567
- },
1568
- {
1569
- "timestamp": "1461074701",
1570
- "value": "b9914fb8c645e0c41d497db303c1ffa594da709686252fccb8d28dffac86275b",
1571
- "type": "sha256",
1572
- "to_ids": true,
1573
- "object_relation": null,
1574
- "comment": "Imported via the freetext import.",
1575
- "uuid": "57163b0d-3c58-4378-b036-4eea950d210f",
1576
- "category": "Payload delivery"
1577
- },
1578
- {
1579
- "timestamp": "1461134495",
1580
- "value": "yeaton.xicp.net",
1581
- "type": "hostname",
1582
- "to_ids": true,
1583
- "object_relation": null,
1584
- "comment": "Imported via the freetext import.",
1585
- "uuid": "5717249f-c33c-4b52-926b-4475950d210f",
1586
- "category": "Network activity"
1587
- },
1588
- {
1589
- "timestamp": "1461134866",
1590
- "value": "BC29.tmp|e4e8493898d94f737ff4dc8fab743a4a",
1591
- "type": "filename|md5",
1592
- "to_ids": true,
1593
- "object_relation": null,
1594
- "comment": "Imported via the freetext import.",
1595
- "uuid": "57172612-830c-44ef-8b61-4f00950d210f",
1596
- "category": "Payload delivery"
1597
- },
1598
- {
1599
- "timestamp": "1461134867",
1600
- "value": "~tmp.doc|751196ce79dacd906eec9b5a1c92890b",
1601
- "type": "filename|md5",
1602
- "to_ids": true,
1603
- "object_relation": null,
1604
- "comment": "Imported via the freetext import.",
1605
- "uuid": "57172613-bf60-445b-b242-4473950d210f",
1606
- "category": "Payload delivery"
1607
- },
1608
- {
1609
- "timestamp": "1461135278",
1610
- "value": "~tmp.doc|e6ad959a18725954a56a7954d3f47671",
1611
- "type": "filename|md5",
1612
- "to_ids": true,
1613
- "object_relation": null,
1614
- "comment": "Imported via the freetext import.",
1615
- "uuid": "571727ae-9478-46db-87bb-4241950d210f",
1616
- "category": "Payload delivery"
1617
- },
1618
- {
1619
- "timestamp": "1461135278",
1620
- "value": "iuso.exe|07eb4867e436bbef759a9877402af994",
1621
- "type": "filename|md5",
1622
- "to_ids": true,
1623
- "object_relation": null,
1624
- "comment": "Imported via the freetext import.",
1625
- "uuid": "571727ae-ef9c-4de4-af85-4e73950d210f",
1626
- "category": "Payload delivery"
1627
- },
1628
- {
1629
- "timestamp": "1461135279",
1630
- "value": "wget.bat|47e60e347b5791d5f17939f9c97fee01",
1631
- "type": "filename|md5",
1632
- "to_ids": true,
1633
- "object_relation": null,
1634
- "comment": "Imported via the freetext import.",
1635
- "uuid": "571727af-0e74-4f10-9b4c-4965950d210f",
1636
- "category": "Payload delivery"
1637
- },
1638
- {
1639
- "timestamp": "1461135280",
1640
- "value": "wget.exe|f9f8d1c53d312f17c6f830e7b4e6651d",
1641
- "type": "filename|md5",
1642
- "to_ids": true,
1643
- "object_relation": null,
1644
- "comment": "Imported via the freetext import.",
1645
- "uuid": "571727b0-16e0-45d6-a286-4a06950d210f",
1646
- "category": "Payload delivery"
1647
- },
1648
- {
1649
- "timestamp": "1461135280",
1650
- "value": "wthk.txt|d579d7a42ff140952da57264614c37bc",
1651
- "type": "filename|md5",
1652
- "to_ids": true,
1653
- "object_relation": null,
1654
- "comment": "Imported via the freetext import.",
1655
- "uuid": "571727b0-e65c-469d-a368-4a7f950d210f",
1656
- "category": "Payload delivery"
1657
- },
1658
- {
1659
- "timestamp": "1461135281",
1660
- "value": "conhost.exe|f70b295c6a5121b918682310ce0c2165",
1661
- "type": "filename|md5",
1662
- "to_ids": true,
1663
- "object_relation": null,
1664
- "comment": "Imported via the freetext import.",
1665
- "uuid": "571727b1-66c8-4be7-8ee1-43c3950d210f",
1666
- "category": "Payload delivery"
1667
- },
1668
- {
1669
- "timestamp": "1461135282",
1670
- "value": "SBieDll.dll|f80edbb0fcfe7cec17592f61a06e4df2",
1671
- "type": "filename|md5",
1672
- "to_ids": true,
1673
- "object_relation": null,
1674
- "comment": "Imported via the freetext import.",
1675
- "uuid": "571727b2-5eb0-4dce-98b8-4dba950d210f",
1676
- "category": "Payload delivery"
1677
- },
1678
- {
1679
- "timestamp": "1461135282",
1680
- "value": "dll2.xor|ce8ec932be16b69ffa06626b3b423395",
1681
- "type": "filename|md5",
1682
- "to_ids": true,
1683
- "object_relation": null,
1684
- "comment": "Imported via the freetext import.",
1685
- "uuid": "571727b2-c0ec-413f-abe2-467c950d210f",
1686
- "category": "Payload delivery"
1687
- },
1688
- {
1689
- "timestamp": "1461135283",
1690
- "value": "maindll.dll|d8ede9e6c3a1a30398b0b98130ee3b38",
1691
- "type": "filename|md5",
1692
- "to_ids": true,
1693
- "object_relation": null,
1694
- "comment": "Imported via the freetext import.",
1695
- "uuid": "571727b3-cc50-4e24-8329-49c8950d210f",
1696
- "category": "Payload delivery"
1697
- },
1698
- {
1699
- "timestamp": "1461135284",
1700
- "value": "nvsvc.exe|e0eb981ad6be0bd16246d5d442028687",
1701
- "type": "filename|md5",
1702
- "to_ids": true,
1703
- "object_relation": null,
1704
- "comment": "Imported via the freetext import.",
1705
- "uuid": "571727b4-a3b8-4cbc-be4a-4ebc950d210f",
1706
- "category": "Payload delivery"
1707
- },
1708
- {
1709
- "timestamp": "1461135285",
1710
- "value": "runas.exe|6a541de84074a2c4ff99eb43252d9030",
1711
- "type": "filename|md5",
1712
- "to_ids": true,
1713
- "object_relation": null,
1714
- "comment": "Imported via the freetext import.",
1715
- "uuid": "571727b5-f7e8-45ce-b313-4df9950d210f",
1716
- "category": "Payload delivery"
1717
- },
1718
- {
1719
- "timestamp": "1461135892",
1720
- "value": "983333e2c878a62d95747c36748198f0",
1721
- "type": "md5",
1722
- "to_ids": true,
1723
- "object_relation": null,
1724
- "comment": "Imported via the freetext import.",
1725
- "uuid": "57172a14-7bd8-4080-9f8a-4167950d210f",
1726
- "category": "Payload delivery"
1727
- },
1728
- {
1729
- "timestamp": "1461136137",
1730
- "value": "5ff7e8bd99466159e0285a2029cd3bdd3fed220b",
1731
- "type": "sha1",
1732
- "to_ids": true,
1733
- "object_relation": null,
1734
- "comment": "Imported via the freetext import. - Xchecked via VT: b9914fb8c645e0c41d497db303c1ffa594da709686252fccb8d28dffac86275b",
1735
- "uuid": "57172b09-ec08-4253-84d9-497402de0b81",
1736
- "category": "Payload delivery"
1737
- },
1738
- {
1739
- "timestamp": "1461136138",
1740
- "value": "https://www.virustotal.com/file/b9914fb8c645e0c41d497db303c1ffa594da709686252fccb8d28dffac86275b/analysis/1395781579/",
1741
- "type": "link",
1742
- "to_ids": false,
1743
- "object_relation": null,
1744
- "comment": "",
1745
- "uuid": "57172b0a-fb18-45f2-8f9d-4ac102de0b81",
1746
- "category": "External analysis"
1747
- },
1748
- {
1749
- "timestamp": "1461136138",
1750
- "value": "94be2b286a5b0bfe1a0aa575153f919cb3e1d4d9",
1751
- "type": "sha1",
1752
- "to_ids": true,
1753
- "object_relation": null,
1754
- "comment": "T9000 man binary - Xchecked via VT: 7c04286734718300e2c0691be9b6622f2d2525ca07ab27102a424af6f8cc3aec",
1755
- "uuid": "57172b0a-c39c-4fb0-ad04-437302de0b81",
1756
- "category": "Payload delivery"
1757
- },
1758
- {
1759
- "timestamp": "1461136138",
1760
- "value": "https://www.virustotal.com/file/7c04286734718300e2c0691be9b6622f2d2525ca07ab27102a424af6f8cc3aec/analysis/1456141482/",
1761
- "type": "link",
1762
- "to_ids": false,
1763
- "object_relation": null,
1764
- "comment": "",
1765
- "uuid": "57172b0a-3154-4f7c-9b4a-473702de0b81",
1766
- "category": "External analysis"
1767
- },
1768
- {
1769
- "timestamp": "1461136139",
1770
- "value": "e4007951cfbc27216e9c81eb75bff9ddac9d6f7c",
1771
- "type": "sha1",
1772
- "to_ids": true,
1773
- "object_relation": null,
1774
- "comment": "RTF - Xchecked via VT: 8e4de6fb35ce4cd47e06b48fb86b7da3eba02031cfd8ae714e25f8f7903f0141",
1775
- "uuid": "57172b0b-c0ac-4958-9e53-420a02de0b81",
1776
- "category": "Payload delivery"
1777
- },
1778
- {
1779
- "timestamp": "1461136139",
1780
- "value": "https://www.virustotal.com/file/8e4de6fb35ce4cd47e06b48fb86b7da3eba02031cfd8ae714e25f8f7903f0141/analysis/1457170420/",
1781
- "type": "link",
1782
- "to_ids": false,
1783
- "object_relation": null,
1784
- "comment": "",
1785
- "uuid": "57172b0b-1d78-4aae-939a-4a6d02de0b81",
1786
- "category": "External analysis"
1787
- },
1788
- {
1789
- "timestamp": "1461136139",
1790
- "value": "2552c92922e2391246e761dcfc1e4b930fc4ae2f",
1791
- "type": "sha1",
1792
- "to_ids": true,
1793
- "object_relation": null,
1794
- "comment": "Imported via the freetext import. - Xchecked via VT: d5fa43be20aa94baf1737289c5034e2235f1393890fb6f4e8d4104565be52d8c",
1795
- "uuid": "57172b0b-0a64-4adf-bf72-441802de0b81",
1796
- "category": "Payload delivery"
1797
- },
1798
- {
1799
- "timestamp": "1461136140",
1800
- "value": "https://www.virustotal.com/file/d5fa43be20aa94baf1737289c5034e2235f1393890fb6f4e8d4104565be52d8c/analysis/1455281121/",
1801
- "type": "link",
1802
- "to_ids": false,
1803
- "object_relation": null,
1804
- "comment": "",
1805
- "uuid": "57172b0c-83d0-4f34-9174-4a5e02de0b81",
1806
- "category": "External analysis"
1807
- },
1808
- {
1809
- "timestamp": "1461136140",
1810
- "value": "b57c11f3f3b272d3ac49cc6ef684ccebe48ebf15",
1811
- "type": "sha1",
1812
- "to_ids": true,
1813
- "object_relation": null,
1814
- "comment": "RTF - Xchecked via VT: 647b443ecaa38d2834e5681f20540fa84a5cf2b7e1bee6a2524ce59783cb8d1b",
1815
- "uuid": "57172b0c-8a80-4cb3-a81d-44ed02de0b81",
1816
- "category": "Payload delivery"
1817
- },
1818
- {
1819
- "timestamp": "1461136140",
1820
- "value": "https://www.virustotal.com/file/647b443ecaa38d2834e5681f20540fa84a5cf2b7e1bee6a2524ce59783cb8d1b/analysis/1453199270/",
1821
- "type": "link",
1822
- "to_ids": false,
1823
- "object_relation": null,
1824
- "comment": "",
1825
- "uuid": "57172b0c-49a0-4108-813f-4ef302de0b81",
1826
- "category": "External analysis"
1827
- },
1828
- {
1829
- "timestamp": "1461136141",
1830
- "value": "a44f10783544927137fe94d998523c4ac9a45b92",
1831
- "type": "sha1",
1832
- "to_ids": true,
1833
- "object_relation": null,
1834
- "comment": "Imported via the freetext import. - Xchecked via VT: f6bc895b36446d172c4a99be2587376b48fa3b1b0f6150eb8ab83f649f7b8bc6",
1835
- "uuid": "57172b0d-b1fc-4e7a-af10-416702de0b81",
1836
- "category": "Payload delivery"
1837
- },
1838
- {
1839
- "timestamp": "1461136141",
1840
- "value": "https://www.virustotal.com/file/f6bc895b36446d172c4a99be2587376b48fa3b1b0f6150eb8ab83f649f7b8bc6/analysis/1452679497/",
1841
- "type": "link",
1842
- "to_ids": false,
1843
- "object_relation": null,
1844
- "comment": "",
1845
- "uuid": "57172b0d-78a8-457f-af6d-446f02de0b81",
1846
- "category": "External analysis"
1847
- },
1848
- {
1849
- "timestamp": "1461136142",
1850
- "value": "2dcb8061c8473c48a6877b26a8704d1b764e7ece",
1851
- "type": "sha1",
1852
- "to_ids": true,
1853
- "object_relation": null,
1854
- "comment": "Imported via the freetext import. - Xchecked via VT: ad251fd7427c0334f34aabe100a216b4af48b1ab4a01705f44b3421edd0be6ae",
1855
- "uuid": "57172b0e-7aa4-49ce-aeb6-43b002de0b81",
1856
- "category": "Payload delivery"
1857
- },
1858
- {
1859
- "timestamp": "1461136142",
1860
- "value": "https://www.virustotal.com/file/ad251fd7427c0334f34aabe100a216b4af48b1ab4a01705f44b3421edd0be6ae/analysis/1453200173/",
1861
- "type": "link",
1862
- "to_ids": false,
1863
- "object_relation": null,
1864
- "comment": "",
1865
- "uuid": "57172b0e-2518-42b2-a3f1-40e902de0b81",
1866
- "category": "External analysis"
1867
- },
1868
- {
1869
- "timestamp": "1461136142",
1870
- "value": "cbac437a51f5b0942ddd4999eeee83dabd8f4304",
1871
- "type": "sha1",
1872
- "to_ids": true,
1873
- "object_relation": null,
1874
- "comment": "- Xchecked via VT: c61dbc7b51caab1d0353cbba9a8f51f65ef167459277c1c16f15eb6c7025cfe3",
1875
- "uuid": "57172b0e-0ba8-4133-bb81-4bf902de0b81",
1876
- "category": "Payload delivery"
1877
- },
1878
- {
1879
- "timestamp": "1461136143",
1880
- "value": "https://www.virustotal.com/file/c61dbc7b51caab1d0353cbba9a8f51f65ef167459277c1c16f15eb6c7025cfe3/analysis/1458792067/",
1881
- "type": "link",
1882
- "to_ids": false,
1883
- "object_relation": null,
1884
- "comment": "",
1885
- "uuid": "57172b0f-0068-4f9d-8aa1-414002de0b81",
1886
- "category": "External analysis"
1887
- },
1888
- {
1889
- "timestamp": "1461136143",
1890
- "value": "9f99c171532faec90ac1371ff077423b3cb64613",
1891
- "type": "sha1",
1892
- "to_ids": true,
1893
- "object_relation": null,
1894
- "comment": "- Xchecked via VT: e52b5ed63719a2798314a9c49c42c0ed4eb22a1ac4a2ad30e8bfc899edcea926",
1895
- "uuid": "57172b0f-cc1c-49b9-8bae-4bf302de0b81",
1896
- "category": "Payload delivery"
1897
- },
1898
- {
1899
- "timestamp": "1461136143",
1900
- "value": "https://www.virustotal.com/file/e52b5ed63719a2798314a9c49c42c0ed4eb22a1ac4a2ad30e8bfc899edcea926/analysis/1459253251/",
1901
- "type": "link",
1902
- "to_ids": false,
1903
- "object_relation": null,
1904
- "comment": "",
1905
- "uuid": "57172b0f-e398-420a-a136-49d302de0b81",
1906
- "category": "External analysis"
1907
- },
1908
- {
1909
- "timestamp": "1461136144",
1910
- "value": "c25ac5e3c7739cb404d38437933539d082ed0919",
1911
- "type": "sha1",
1912
- "to_ids": true,
1913
- "object_relation": null,
1914
- "comment": "- Xchecked via VT: c22b40db7f9f8ebdbde4e5fc3a44e15449f75c40830c88932f9abd541cc78465",
1915
- "uuid": "57172b10-07e0-4001-a6d8-4fac02de0b81",
1916
- "category": "Payload delivery"
1917
- },
1918
- {
1919
- "timestamp": "1461136144",
1920
- "value": "https://www.virustotal.com/file/c22b40db7f9f8ebdbde4e5fc3a44e15449f75c40830c88932f9abd541cc78465/analysis/1457523266/",
1921
- "type": "link",
1922
- "to_ids": false,
1923
- "object_relation": null,
1924
- "comment": "",
1925
- "uuid": "57172b10-30a4-4633-9876-46b902de0b81",
1926
- "category": "External analysis"
1927
- },
1928
- {
1929
- "timestamp": "1461136145",
1930
- "value": "5842ba2f51517d3276f5662398d6d3f19e44a345",
1931
- "type": "sha1",
1932
- "to_ids": true,
1933
- "object_relation": null,
1934
- "comment": "- Xchecked via VT: bb73261072d2ef220b8f87c6bb7488ad2da736790898d61f33a5fb7747abf48b",
1935
- "uuid": "57172b11-b8f4-4ba3-8482-4f6e02de0b81",
1936
- "category": "Payload delivery"
1937
- },
1938
- {
1939
- "timestamp": "1461136145",
1940
- "value": "https://www.virustotal.com/file/bb73261072d2ef220b8f87c6bb7488ad2da736790898d61f33a5fb7747abf48b/analysis/1454685259/",
1941
- "type": "link",
1942
- "to_ids": false,
1943
- "object_relation": null,
1944
- "comment": "",
1945
- "uuid": "57172b11-45b0-42ab-9d84-41a302de0b81",
1946
- "category": "External analysis"
1947
- },
1948
- {
1949
- "timestamp": "1461136145",
1950
- "value": "c2c49007a99b79f6e74382fa22ed595602a24130",
1951
- "type": "sha1",
1952
- "to_ids": true,
1953
- "object_relation": null,
1954
- "comment": "- Xchecked via VT: f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27",
1955
- "uuid": "57172b11-b554-4a57-9917-474502de0b81",
1956
- "category": "Payload delivery"
1957
- },
1958
- {
1959
- "timestamp": "1461136146",
1960
- "value": "https://www.virustotal.com/file/f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27/analysis/1461046893/",
1961
- "type": "link",
1962
- "to_ids": false,
1963
- "object_relation": null,
1964
- "comment": "",
1965
- "uuid": "57172b12-f8e0-43a0-b10f-469802de0b81",
1966
- "category": "External analysis"
1967
- },
1968
- {
1969
- "timestamp": "1461136146",
1970
- "value": "cb57196bde3f520e87c948b4676bf487c0fd513e",
1971
- "type": "sha1",
1972
- "to_ids": true,
1973
- "object_relation": null,
1974
- "comment": "- Xchecked via VT: 3dfc94605daf51ebd7bbccbb3a9049999f8d555db0999a6a7e6265a7e458cab9",
1975
- "uuid": "57172b12-ccb4-414a-892f-4d1602de0b81",
1976
- "category": "Payload delivery"
1977
- },
1978
- {
1979
- "timestamp": "1461136146",
1980
- "value": "https://www.virustotal.com/file/3dfc94605daf51ebd7bbccbb3a9049999f8d555db0999a6a7e6265a7e458cab9/analysis/1459165746/",
1981
- "type": "link",
1982
- "to_ids": false,
1983
- "object_relation": null,
1984
- "comment": "",
1985
- "uuid": "57172b12-b1d4-4cb1-a6d8-48ee02de0b81",
1986
- "category": "External analysis"
1987
- },
1988
- {
1989
- "timestamp": "1461136147",
1990
- "value": "fb7eba5de0304aa81711e645d6f3f203a1092613",
1991
- "type": "sha1",
1992
- "to_ids": true,
1993
- "object_relation": null,
1994
- "comment": "- Xchecked via VT: 1cea4e49bd785378d8beb863bb8eb662042dffd18c85b8c14c74a0367071d9a7",
1995
- "uuid": "57172b13-c430-4759-beca-4a0e02de0b81",
1996
- "category": "Payload delivery"
1997
- },
1998
- {
1999
- "timestamp": "1461136147",
2000
- "value": "https://www.virustotal.com/file/1cea4e49bd785378d8beb863bb8eb662042dffd18c85b8c14c74a0367071d9a7/analysis/1455281133/",
2001
- "type": "link",
2002
- "to_ids": false,
2003
- "object_relation": null,
2004
- "comment": "",
2005
- "uuid": "57172b13-f4b0-42e3-94e1-4fa402de0b81",
2006
- "category": "External analysis"
2007
- },
2008
- {
2009
- "timestamp": "1461136148",
2010
- "value": "d9296175d7894bdbd5db1b7b477bdd39b8652ac6",
2011
- "type": "sha1",
2012
- "to_ids": true,
2013
- "object_relation": null,
2014
- "comment": "- Xchecked via VT: ace7e3535f2f1fe32e693920a9f411eea21682c87a8e6661d3b67330cd221a2a",
2015
- "uuid": "57172b14-295c-4018-8c0b-4ff702de0b81",
2016
- "category": "Payload delivery"
2017
- },
2018
- {
2019
- "timestamp": "1461136148",
2020
- "value": "https://www.virustotal.com/file/ace7e3535f2f1fe32e693920a9f411eea21682c87a8e6661d3b67330cd221a2a/analysis/1461046904/",
2021
- "type": "link",
2022
- "to_ids": false,
2023
- "object_relation": null,
2024
- "comment": "",
2025
- "uuid": "57172b14-4674-4191-94f8-4a8802de0b81",
2026
- "category": "External analysis"
2027
- },
2028
- {
2029
- "timestamp": "1461136148",
2030
- "value": "6f3c21da298db324b7d2c299c219bd75c49d9dfd",
2031
- "type": "sha1",
2032
- "to_ids": true,
2033
- "object_relation": null,
2034
- "comment": "- Xchecked via VT: 5b90fa081e3ac29a7339995f9b087dab9981409ff62e3215eb558908c6b96b14",
2035
- "uuid": "57172b14-6408-4a0d-83f5-4e9b02de0b81",
2036
- "category": "Payload delivery"
2037
- },
2038
- {
2039
- "timestamp": "1461136149",
2040
- "value": "https://www.virustotal.com/file/5b90fa081e3ac29a7339995f9b087dab9981409ff62e3215eb558908c6b96b14/analysis/1461046903/",
2041
- "type": "link",
2042
- "to_ids": false,
2043
- "object_relation": null,
2044
- "comment": "",
2045
- "uuid": "57172b15-8988-4d9e-a32e-420602de0b81",
2046
- "category": "External analysis"
2047
- },
2048
- {
2049
- "timestamp": "1461136149",
2050
- "value": "73160d3a59db4a5858cd51ef7428a444caaf7cc4",
2051
- "type": "sha1",
2052
- "to_ids": true,
2053
- "object_relation": null,
2054
- "comment": "- Xchecked via VT: bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f",
2055
- "uuid": "57172b15-ae10-4a05-a760-470702de0b81",
2056
- "category": "Payload delivery"
2057
- },
2058
- {
2059
- "timestamp": "1461136149",
2060
- "value": "https://www.virustotal.com/file/bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f/analysis/1456141391/",
2061
- "type": "link",
2062
- "to_ids": false,
2063
- "object_relation": null,
2064
- "comment": "",
2065
- "uuid": "57172b15-61e4-481c-be10-44b702de0b81",
2066
- "category": "External analysis"
2067
- },
2068
- {
2069
- "timestamp": "1461136150",
2070
- "value": "b8f03d78c139faee34293a727e7be74ad0a511d9",
2071
- "type": "sha1",
2072
- "to_ids": true,
2073
- "object_relation": null,
2074
- "comment": "- Xchecked via VT: 9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95",
2075
- "uuid": "57172b16-3340-4e35-97a0-4bd902de0b81",
2076
- "category": "Payload delivery"
2077
- },
2078
- {
2079
- "timestamp": "1461136150",
2080
- "value": "https://www.virustotal.com/file/9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95/analysis/1456962260/",
2081
- "type": "link",
2082
- "to_ids": false,
2083
- "object_relation": null,
2084
- "comment": "",
2085
- "uuid": "57172b16-0ce0-4c6f-b784-454502de0b81",
2086
- "category": "External analysis"
2087
- },
2088
- {
2089
- "timestamp": "1461136151",
2090
- "value": "d22394046ee36dce7ca64ff95d095cdb02c88629",
2091
- "type": "sha1",
2092
- "to_ids": true,
2093
- "object_relation": null,
2094
- "comment": "- Xchecked via VT: 5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c",
2095
- "uuid": "57172b17-5f24-4f62-b72b-4c2002de0b81",
2096
- "category": "Payload delivery"
2097
- },
2098
- {
2099
- "timestamp": "1461136151",
2100
- "value": "https://www.virustotal.com/file/5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c/analysis/1454953266/",
2101
- "type": "link",
2102
- "to_ids": false,
2103
- "object_relation": null,
2104
- "comment": "",
2105
- "uuid": "57172b17-4414-4f3f-8fc8-49ea02de0b81",
2106
- "category": "External analysis"
2107
- },
2108
- {
2109
- "timestamp": "1461136151",
2110
- "value": "ef97f13f49266a170f4d334482376bb31335fc323ed80917b9943207ff75f750",
2111
- "type": "sha256",
2112
- "to_ids": true,
2113
- "object_relation": null,
2114
- "comment": "Imported via the freetext import. - Xchecked via VT: 983333e2c878a62d95747c36748198f0",
2115
- "uuid": "57172b17-868c-4c3b-b79d-45aa02de0b81",
2116
- "category": "Payload delivery"
2117
- },
2118
- {
2119
- "timestamp": "1461136152",
2120
- "value": "b27957884d6506b24751b3d81fb243fb4d97afe5",
2121
- "type": "sha1",
2122
- "to_ids": true,
2123
- "object_relation": null,
2124
- "comment": "Imported via the freetext import. - Xchecked via VT: 983333e2c878a62d95747c36748198f0",
2125
- "uuid": "57172b18-fe4c-41b3-abfe-4c5602de0b81",
2126
- "category": "Payload delivery"
2127
- },
2128
- {
2129
- "timestamp": "1461136152",
2130
- "value": "https://www.virustotal.com/file/ef97f13f49266a170f4d334482376bb31335fc323ed80917b9943207ff75f750/analysis/1385566211/",
2131
- "type": "link",
2132
- "to_ids": false,
2133
- "object_relation": null,
2134
- "comment": "",
2135
- "uuid": "57172b18-ec7c-4e74-b032-49e302de0b81",
2136
- "category": "External analysis"
2137
- },
2138
- {
2139
- "timestamp": "1461136152",
2140
- "value": "5b34b3365eb6a6c700b391172849a2668d66a167669018ae3b9555bc2d1e54ab",
2141
- "type": "sha256",
2142
- "to_ids": true,
2143
- "object_relation": null,
2144
- "comment": "Imported via the freetext import. - Xchecked via VT: 6a541de84074a2c4ff99eb43252d9030",
2145
- "uuid": "57172b18-d2dc-423c-ba45-49a002de0b81",
2146
- "category": "Payload delivery"
2147
- },
2148
- {
2149
- "timestamp": "1461136153",
2150
- "value": "c2ffd2f81a33e962b48df1b39c296a163e34aeea",
2151
- "type": "sha1",
2152
- "to_ids": true,
2153
- "object_relation": null,
2154
- "comment": "Imported via the freetext import. - Xchecked via VT: 6a541de84074a2c4ff99eb43252d9030",
2155
- "uuid": "57172b19-ab98-403b-bea6-44ce02de0b81",
2156
- "category": "Payload delivery"
2157
- },
2158
- {
2159
- "timestamp": "1461136153",
2160
- "value": "https://www.virustotal.com/file/5b34b3365eb6a6c700b391172849a2668d66a167669018ae3b9555bc2d1e54ab/analysis/1456856209/",
2161
- "type": "link",
2162
- "to_ids": false,
2163
- "object_relation": null,
2164
- "comment": "",
2165
- "uuid": "57172b19-c660-45a5-8c0d-4d5802de0b81",
2166
- "category": "External analysis"
2167
- },
2168
- {
2169
- "timestamp": "1461136153",
2170
- "value": "ec05e37230e6534fa148b8e022f797ad0afe80f699fbd222a46672118663cf00",
2171
- "type": "sha256",
2172
- "to_ids": true,
2173
- "object_relation": null,
2174
- "comment": "Imported via the freetext import. - Xchecked via VT: e0eb981ad6be0bd16246d5d442028687",
2175
- "uuid": "57172b19-bd24-4c48-9f17-44cb02de0b81",
2176
- "category": "Payload delivery"
2177
- },
2178
- {
2179
- "timestamp": "1461136154",
2180
- "value": "cbeffef7965a081490171ad36e3001bd74e4123b",
2181
- "type": "sha1",
2182
- "to_ids": true,
2183
- "object_relation": null,
2184
- "comment": "Imported via the freetext import. - Xchecked via VT: e0eb981ad6be0bd16246d5d442028687",
2185
- "uuid": "57172b1a-48e0-4588-acb3-48fa02de0b81",
2186
- "category": "Payload delivery"
2187
- },
2188
- {
2189
- "timestamp": "1461136154",
2190
- "value": "https://www.virustotal.com/file/ec05e37230e6534fa148b8e022f797ad0afe80f699fbd222a46672118663cf00/analysis/1456856205/",
2191
- "type": "link",
2192
- "to_ids": false,
2193
- "object_relation": null,
2194
- "comment": "",
2195
- "uuid": "57172b1a-3d00-4a32-a155-4a8f02de0b81",
2196
- "category": "External analysis"
2197
- },
2198
- {
2199
- "timestamp": "1461136155",
2200
- "value": "5838582ea26312cc60b43da555189b439d3688597a705e3a52dc4d935517f69d",
2201
- "type": "sha256",
2202
- "to_ids": true,
2203
- "object_relation": null,
2204
- "comment": "Imported via the freetext import. - Xchecked via VT: d8ede9e6c3a1a30398b0b98130ee3b38",
2205
- "uuid": "57172b1b-bda4-481e-91aa-4f1a02de0b81",
2206
- "category": "Payload delivery"
2207
- },
2208
- {
2209
- "timestamp": "1461136155",
2210
- "value": "7536c344b450af882910ce8c9620d0254aff294c",
2211
- "type": "sha1",
2212
- "to_ids": true,
2213
- "object_relation": null,
2214
- "comment": "Imported via the freetext import. - Xchecked via VT: d8ede9e6c3a1a30398b0b98130ee3b38",
2215
- "uuid": "57172b1b-dc30-447b-898a-458202de0b81",
2216
- "category": "Payload delivery"
2217
- },
2218
- {
2219
- "timestamp": "1461136155",
2220
- "value": "https://www.virustotal.com/file/5838582ea26312cc60b43da555189b439d3688597a705e3a52dc4d935517f69d/analysis/1461075979/",
2221
- "type": "link",
2222
- "to_ids": false,
2223
- "object_relation": null,
2224
- "comment": "",
2225
- "uuid": "57172b1b-43d4-40b6-baac-41e702de0b81",
2226
- "category": "External analysis"
2227
- },
2228
- {
2229
- "timestamp": "1461136156",
2230
- "value": "2ac69633da711f244377483d99fac53089ec6614a61d8a1492a0e7228cbb8ffd",
2231
- "type": "sha256",
2232
- "to_ids": true,
2233
- "object_relation": null,
2234
- "comment": "Imported via the freetext import. - Xchecked via VT: f80edbb0fcfe7cec17592f61a06e4df2",
2235
- "uuid": "57172b1c-b8d0-4a48-bb1d-46da02de0b81",
2236
- "category": "Payload delivery"
2237
- },
2238
- {
2239
- "timestamp": "1461136156",
2240
- "value": "e11c82def33edf7162c6b3b24546af341069f4f4",
2241
- "type": "sha1",
2242
- "to_ids": true,
2243
- "object_relation": null,
2244
- "comment": "Imported via the freetext import. - Xchecked via VT: f80edbb0fcfe7cec17592f61a06e4df2",
2245
- "uuid": "57172b1c-4444-48d9-b21d-408b02de0b81",
2246
- "category": "Payload delivery"
2247
- },
2248
- {
2249
- "timestamp": "1461136156",
2250
- "value": "https://www.virustotal.com/file/2ac69633da711f244377483d99fac53089ec6614a61d8a1492a0e7228cbb8ffd/analysis/1461089261/",
2251
- "type": "link",
2252
- "to_ids": false,
2253
- "object_relation": null,
2254
- "comment": "",
2255
- "uuid": "57172b1c-dfbc-4ceb-af43-40ed02de0b81",
2256
- "category": "External analysis"
2257
- },
2258
- {
2259
- "timestamp": "1461136157",
2260
- "value": "4849af113960f473749acf71d11d56854589cf21d623e66c7408bebd5ad0608f",
2261
- "type": "sha256",
2262
- "to_ids": true,
2263
- "object_relation": null,
2264
- "comment": "Imported via the freetext import. - Xchecked via VT: f70b295c6a5121b918682310ce0c2165",
2265
- "uuid": "57172b1d-edf0-4761-baab-4b6902de0b81",
2266
- "category": "Payload delivery"
2267
- },
2268
- {
2269
- "timestamp": "1461136157",
2270
- "value": "367c0e93dc97478e2f0101e23cae084467932cb2",
2271
- "type": "sha1",
2272
- "to_ids": true,
2273
- "object_relation": null,
2274
- "comment": "Imported via the freetext import. - Xchecked via VT: f70b295c6a5121b918682310ce0c2165",
2275
- "uuid": "57172b1d-add4-4872-8f43-46aa02de0b81",
2276
- "category": "Payload delivery"
2277
- },
2278
- {
2279
- "timestamp": "1461136157",
2280
- "value": "https://www.virustotal.com/file/4849af113960f473749acf71d11d56854589cf21d623e66c7408bebd5ad0608f/analysis/1461046897/",
2281
- "type": "link",
2282
- "to_ids": false,
2283
- "object_relation": null,
2284
- "comment": "",
2285
- "uuid": "57172b1d-0d80-4dbf-80b8-4b8202de0b81",
2286
- "category": "External analysis"
2287
- },
2288
- {
2289
- "timestamp": "1461136158",
2290
- "value": "5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d",
2291
- "type": "sha256",
2292
- "to_ids": true,
2293
- "object_relation": null,
2294
- "comment": "Imported via the freetext import. - Xchecked via VT: d579d7a42ff140952da57264614c37bc",
2295
- "uuid": "57172b1e-faac-4a67-a2ff-472802de0b81",
2296
- "category": "Payload delivery"
2297
- },
2298
- {
2299
- "timestamp": "1461136158",
2300
- "value": "62d16dc7335729e2d3508335b12787865f4f6035",
2301
- "type": "sha1",
2302
- "to_ids": true,
2303
- "object_relation": null,
2304
- "comment": "Imported via the freetext import. - Xchecked via VT: d579d7a42ff140952da57264614c37bc",
2305
- "uuid": "57172b1e-d608-4814-bd1c-4a7502de0b81",
2306
- "category": "Payload delivery"
2307
- },
2308
- {
2309
- "timestamp": "1461136158",
2310
- "value": "https://www.virustotal.com/file/5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d/analysis/1452527131/",
2311
- "type": "link",
2312
- "to_ids": false,
2313
- "object_relation": null,
2314
- "comment": "",
2315
- "uuid": "57172b1e-dd84-43fe-b7c0-4adf02de0b81",
2316
- "category": "External analysis"
2317
- },
2318
- {
2319
- "timestamp": "1461136159",
2320
- "value": "bedfbfe249b4a2be35bbfb1cf166d2119e132ee7c608909d34238e9eba6c9749",
2321
- "type": "sha256",
2322
- "to_ids": true,
2323
- "object_relation": null,
2324
- "comment": "Imported via the freetext import. - Xchecked via VT: f9f8d1c53d312f17c6f830e7b4e6651d",
2325
- "uuid": "57172b1f-add0-49b0-adfa-4e4e02de0b81",
2326
- "category": "Payload delivery"
2327
- },
2328
- {
2329
- "timestamp": "1461136159",
2330
- "value": "6b3eb6069b69fbcfa6e1e9c231ce95674d698f51",
2331
- "type": "sha1",
2332
- "to_ids": true,
2333
- "object_relation": null,
2334
- "comment": "Imported via the freetext import. - Xchecked via VT: f9f8d1c53d312f17c6f830e7b4e6651d",
2335
- "uuid": "57172b1f-3090-4011-a9e9-444902de0b81",
2336
- "category": "Payload delivery"
2337
- },
2338
- {
2339
- "timestamp": "1461136160",
2340
- "value": "https://www.virustotal.com/file/bedfbfe249b4a2be35bbfb1cf166d2119e132ee7c608909d34238e9eba6c9749/analysis/1461046900/",
2341
- "type": "link",
2342
- "to_ids": false,
2343
- "object_relation": null,
2344
- "comment": "",
2345
- "uuid": "57172b20-0268-42e0-9264-4cd902de0b81",
2346
- "category": "External analysis"
2347
- },
2348
- {
2349
- "timestamp": "1461136160",
2350
- "value": "9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692",
2351
- "type": "sha256",
2352
- "to_ids": true,
2353
- "object_relation": null,
2354
- "comment": "Imported via the freetext import. - Xchecked via VT: 47e60e347b5791d5f17939f9c97fee01",
2355
- "uuid": "57172b20-9494-4e9e-9e67-40e902de0b81",
2356
- "category": "Payload delivery"
2357
- },
2358
- {
2359
- "timestamp": "1461136160",
2360
- "value": "86ba123a6c28df4a470de09c5fdc5ac5ae3d24ce",
2361
- "type": "sha1",
2362
- "to_ids": true,
2363
- "object_relation": null,
2364
- "comment": "Imported via the freetext import. - Xchecked via VT: 47e60e347b5791d5f17939f9c97fee01",
2365
- "uuid": "57172b20-f1b0-4c9a-b746-484102de0b81",
2366
- "category": "Payload delivery"
2367
- },
2368
- {
2369
- "timestamp": "1461136161",
2370
- "value": "https://www.virustotal.com/file/9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692/analysis/1461046910/",
2371
- "type": "link",
2372
- "to_ids": false,
2373
- "object_relation": null,
2374
- "comment": "",
2375
- "uuid": "57172b21-3880-4218-9131-437a02de0b81",
2376
- "category": "External analysis"
2377
- },
2378
- {
2379
- "timestamp": "1461136161",
2380
- "value": "cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082",
2381
- "type": "sha256",
2382
- "to_ids": true,
2383
- "object_relation": null,
2384
- "comment": "Imported via the freetext import. - Xchecked via VT: 07eb4867e436bbef759a9877402af994",
2385
- "uuid": "57172b21-5834-47e6-a2c7-41f402de0b81",
2386
- "category": "Payload delivery"
2387
- },
2388
- {
2389
- "timestamp": "1461136161",
2390
- "value": "4d758a60b57d2f693fc4a87cbc74ec1744a644ce",
2391
- "type": "sha1",
2392
- "to_ids": true,
2393
- "object_relation": null,
2394
- "comment": "Imported via the freetext import. - Xchecked via VT: 07eb4867e436bbef759a9877402af994",
2395
- "uuid": "57172b21-2738-44d4-857b-426e02de0b81",
2396
- "category": "Payload delivery"
2397
- },
2398
- {
2399
- "timestamp": "1461136162",
2400
- "value": "https://www.virustotal.com/file/cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082/analysis/1452794663/",
2401
- "type": "link",
2402
- "to_ids": false,
2403
- "object_relation": null,
2404
- "comment": "",
2405
- "uuid": "57172b22-3068-4484-8cfd-444602de0b81",
2406
- "category": "External analysis"
2407
- },
2408
- {
2409
- "timestamp": "1461136162",
2410
- "value": "f0b5336b6f890e2029ac242ad2b613cad535828f7b7004a2284683f3195b7616",
2411
- "type": "sha256",
2412
- "to_ids": true,
2413
- "object_relation": null,
2414
- "comment": "Imported via the freetext import. - Xchecked via VT: e6ad959a18725954a56a7954d3f47671",
2415
- "uuid": "57172b22-7284-4c9d-a29e-49e902de0b81",
2416
- "category": "Payload delivery"
2417
- },
2418
- {
2419
- "timestamp": "1461136162",
2420
- "value": "62fbb1ed89888cbe7ffa7d01537545574c244bfd",
2421
- "type": "sha1",
2422
- "to_ids": true,
2423
- "object_relation": null,
2424
- "comment": "Imported via the freetext import. - Xchecked via VT: e6ad959a18725954a56a7954d3f47671",
2425
- "uuid": "57172b22-8e80-4eab-ae04-417102de0b81",
2426
- "category": "Payload delivery"
2427
- },
2428
- {
2429
- "timestamp": "1461136163",
2430
- "value": "https://www.virustotal.com/file/f0b5336b6f890e2029ac242ad2b613cad535828f7b7004a2284683f3195b7616/analysis/1461046885/",
2431
- "type": "link",
2432
- "to_ids": false,
2433
- "object_relation": null,
2434
- "comment": "",
2435
- "uuid": "57172b23-045c-4ba6-8d54-41c502de0b81",
2436
- "category": "External analysis"
2437
- },
2438
- {
2439
- "timestamp": "1461136212",
2440
- "value": "59.188.12.123",
2441
- "type": "ip-dst",
2442
- "to_ids": true,
2443
- "object_relation": null,
2444
- "comment": "On port 8008",
2445
- "uuid": "57172b54-6d44-460d-ac20-40a7950d210f",
2446
- "category": "Network activity"
2447
- },
2448
- {
2449
- "timestamp": "1461136297",
2450
- "value": "09ddd70517cb48a46d9f93644b29c72f",
2451
- "type": "md5",
2452
- "to_ids": true,
2453
- "object_relation": null,
2454
- "comment": "RTF",
2455
- "uuid": "57172ba9-9b28-4af8-91e6-44e4950d210f",
2456
- "category": "Payload delivery"
2457
- },
2458
- {
2459
- "timestamp": "1461136298",
2460
- "value": "d8becbd6f188e3fb2c4d23a2d36d137b",
2461
- "type": "md5",
2462
- "to_ids": true,
2463
- "object_relation": null,
2464
- "comment": "RAR",
2465
- "uuid": "57172baa-a0c4-40e6-8de2-4c99950d210f",
2466
- "category": "Payload delivery"
2467
- },
2468
- {
2469
- "timestamp": "1461137412",
2470
- "value": "www.whitewall.top",
2471
- "type": "url",
2472
- "to_ids": true,
2473
- "object_relation": null,
2474
- "comment": "On port 8080",
2475
- "uuid": "57173004-40c8-44cc-a582-464a950d210f",
2476
- "category": "Network activity"
2477
- },
2478
- {
2479
- "timestamp": "1461137413",
2480
- "value": "fsguidll.exe|2d7a648ebe64e536944c011c8dcbb375",
2481
- "type": "filename|md5",
2482
- "to_ids": true,
2483
- "object_relation": null,
2484
- "comment": "Imported via the freetext import.",
2485
- "uuid": "57173005-f2dc-43f4-bd30-48b8950d210f",
2486
- "category": "Payload delivery"
2487
- },
2488
- {
2489
- "timestamp": "1461137414",
2490
- "value": "fslapi.dll|13d3d0699562a57cf575dd7f969b3141",
2491
- "type": "filename|md5",
2492
- "to_ids": true,
2493
- "object_relation": null,
2494
- "comment": "Imported via the freetext import.",
2495
- "uuid": "57173006-1804-4885-b572-44a9950d210f",
2496
- "category": "Payload delivery"
2497
- },
2498
- {
2499
- "timestamp": "1461137414",
2500
- "value": "fslapi.dll.gui|894c251a3aad150f80a8af2539baf9d1",
2501
- "type": "filename|md5",
2502
- "to_ids": true,
2503
- "object_relation": null,
2504
- "comment": "Imported via the freetext import.",
2505
- "uuid": "57173006-d0c4-47fc-903c-4f7f950d210f",
2506
- "category": "Payload delivery"
2507
- },
2508
- {
2509
- "timestamp": "1461138386",
2510
- "value": "533cd66cf420e8919329ee850077319c",
2511
- "type": "md5",
2512
- "to_ids": true,
2513
- "object_relation": null,
2514
- "comment": "Imported via the freetext import.",
2515
- "uuid": "571733d2-a0fc-4909-8c81-44ea950d210f",
2516
- "category": "Payload delivery"
2517
- },
2518
- {
2519
- "timestamp": "1461138386",
2520
- "value": "0ba814941a0adb344cbf2a90552a66b52faa99a24d3107735da1db5a0e1f8360",
2521
- "type": "sha256",
2522
- "to_ids": true,
2523
- "object_relation": null,
2524
- "comment": "Imported via the freetext import.",
2525
- "uuid": "571733d2-f430-45fa-b095-4a07950d210f",
2526
- "category": "Payload delivery"
2527
- },
2528
- {
2529
- "timestamp": "1461138386",
2530
- "value": "e327abcfd09be4e8f64ef35026309747",
2531
- "type": "md5",
2532
- "to_ids": true,
2533
- "object_relation": null,
2534
- "comment": "Imported via the freetext import.",
2535
- "uuid": "571733d2-0f0c-4b63-9c9a-4615950d210f",
2536
- "category": "Payload delivery"
2537
- },
2538
- {
2539
- "timestamp": "1461138387",
2540
- "value": "8b6ef2f4e2af608c755b3114e98ab78ac89e089db5b0bece7f2dc68bd1026a78",
2541
- "type": "sha256",
2542
- "to_ids": true,
2543
- "object_relation": null,
2544
- "comment": "Imported via the freetext import.",
2545
- "uuid": "571733d3-ce08-4636-9f75-41cb950d210f",
2546
- "category": "Payload delivery"
2547
- },
2548
- {
2549
- "timestamp": "1461138387",
2550
- "value": "103873e3fa8dfc2360bb5c22761da04a",
2551
- "type": "md5",
2552
- "to_ids": true,
2553
- "object_relation": null,
2554
- "comment": "Imported via the freetext import.",
2555
- "uuid": "571733d3-7fe4-430d-a31d-44aa950d210f",
2556
- "category": "Payload delivery"
2557
- },
2558
- {
2559
- "timestamp": "1461138387",
2560
- "value": "40099e0f13ba47bd4ea4f3f49228ac8cffdf07700c4ef8089e3b5d8013e914a3",
2561
- "type": "sha256",
2562
- "to_ids": true,
2563
- "object_relation": null,
2564
- "comment": "Imported via the freetext import.",
2565
- "uuid": "571733d3-a8e4-4198-aecd-4594950d210f",
2566
- "category": "Payload delivery"
2567
- },
2568
- {
2569
- "timestamp": "1461140878",
2570
- "value": "98bcd226890c5c2694ef9a34a23c9fbf",
2571
- "type": "md5",
2572
- "to_ids": true,
2573
- "object_relation": null,
2574
- "comment": "RTF",
2575
- "uuid": "57173d6f-0adc-4af5-b8c1-45ce950d210f",
2576
- "category": "Payload delivery"
2577
- },
2578
- {
2579
- "timestamp": "1461141045",
2580
- "value": "e13a0357cd51795100dbce25fe846783fbb7fd22c5efe438d9059edc10492f49",
2581
- "type": "sha256",
2582
- "to_ids": true,
2583
- "object_relation": null,
2584
- "comment": "RTF",
2585
- "uuid": "57173e35-4b34-4a16-8442-478c950d210f",
2586
- "category": "Payload delivery"
2587
- },
2588
- {
2589
- "timestamp": "1461141066",
2590
- "value": "softinc.pw",
2591
- "type": "domain",
2592
- "to_ids": true,
2593
- "object_relation": null,
2594
- "comment": "Imported via the freetext import.",
2595
- "uuid": "57173e4a-4b18-4646-9a26-4712950d210f",
2596
- "category": "Network activity"
2597
- },
2598
- {
2599
- "timestamp": "1461141066",
2600
- "value": "www.tibetimes.com",
2601
- "type": "hostname",
2602
- "to_ids": true,
2603
- "object_relation": null,
2604
- "comment": "Imported via the freetext import.",
2605
- "uuid": "57173e4a-99b8-4146-b38d-48df950d210f",
2606
- "category": "Network activity"
2607
- },
2608
- {
2609
- "timestamp": "1461141143",
2610
- "value": "a0da9887b4c5af009a41b783db7ffedf949013abc70777c0ec539299628a51eb",
2611
- "type": "sha256",
2612
- "to_ids": true,
2613
- "object_relation": null,
2614
- "comment": "RTF",
2615
- "uuid": "57173e97-6cd4-47eb-92ad-46c2950d210f",
2616
- "category": "Payload delivery"
2617
- },
2618
- {
2619
- "timestamp": "1461141168",
2620
- "value": "b51dd4d5731b71c1a191294466cc8288",
2621
- "type": "md5",
2622
- "to_ids": true,
2623
- "object_relation": null,
2624
- "comment": "RTF",
2625
- "uuid": "57173eb0-68b4-4ad0-a243-4022950d210f",
2626
- "category": "Payload delivery"
2627
- },
2628
- {
2629
- "timestamp": "1461141182",
2630
- "value": "90t69cf82.dll|86ebcbb3bdd8af257b52daa869ddd6c1",
2631
- "type": "filename|md5",
2632
- "to_ids": true,
2633
- "object_relation": null,
2634
- "comment": "Imported via the freetext import.",
2635
- "uuid": "57173ebe-e2f8-49b3-b75c-4275950d210f",
2636
- "category": "Payload delivery"
2637
- },
2638
- {
2639
- "timestamp": "1461141183",
2640
- "value": "B412.tmp|111273c8cba88636a036e250c2626b12",
2641
- "type": "filename|md5",
2642
- "to_ids": true,
2643
- "object_relation": null,
2644
- "comment": "Imported via the freetext import.",
2645
- "uuid": "57173ebf-7e30-489d-bd92-4eb3950d210f",
2646
- "category": "Payload delivery"
2647
- },
2648
- {
2649
- "timestamp": "1461141196",
2650
- "value": "manhaton.123nat.com",
2651
- "type": "hostname",
2652
- "to_ids": true,
2653
- "object_relation": null,
2654
- "comment": "Imported via the freetext import.",
2655
- "uuid": "57173ecc-4858-4e78-a121-4223950d210f",
2656
- "category": "Network activity"
2657
- },
2658
- {
2659
- "timestamp": "1461141197",
2660
- "value": "122.10.112.126",
2661
- "type": "ip-dst",
2662
- "to_ids": true,
2663
- "object_relation": null,
2664
- "comment": "On port 8030",
2665
- "uuid": "57173ecd-ff54-4b11-921f-46fb950d210f",
2666
- "category": "Network activity"
2667
- },
2668
- {
2669
- "timestamp": "1461142620",
2670
- "value": "58f8a906b49711d2a6aaed0b59e1c1b7fcf5757666e0567fe50e996bfe0a4589",
2671
- "type": "sha256",
2672
- "to_ids": true,
2673
- "object_relation": null,
2674
- "comment": "RTF",
2675
- "uuid": "5717445c-4344-4af2-8fe9-4151950d210f",
2676
- "category": "Payload delivery"
2677
- },
2678
- {
2679
- "timestamp": "1461142701",
2680
- "value": "www.turkistanuyghur.top",
2681
- "type": "url",
2682
- "to_ids": true,
2683
- "object_relation": null,
2684
- "comment": "Imported via the freetext import.",
2685
- "uuid": "571744ad-ea7c-4e0f-b713-4893950d210f",
2686
- "category": "Network activity"
2687
- },
2688
- {
2689
- "timestamp": "1461142701",
2690
- "value": "www.yawropauyghur.top",
2691
- "type": "url",
2692
- "to_ids": true,
2693
- "object_relation": null,
2694
- "comment": "Imported via the freetext import.",
2695
- "uuid": "571744ad-c1f8-4606-b0b2-45bc950d210f",
2696
- "category": "Network activity"
2697
- },
2698
- {
2699
- "timestamp": "1461142702",
2700
- "value": "www.japanuyghur.top",
2701
- "type": "url",
2702
- "to_ids": true,
2703
- "object_relation": null,
2704
- "comment": "Imported via the freetext import.",
2705
- "uuid": "571744ae-aee8-4190-98ae-426d950d210f",
2706
- "category": "Network activity"
2707
- },
2708
- {
2709
- "timestamp": "1461142702",
2710
- "value": "www.hotansft.top",
2711
- "type": "url",
2712
- "to_ids": true,
2713
- "object_relation": null,
2714
- "comment": "Imported via the freetext import.",
2715
- "uuid": "571744ae-7ae4-4ddc-bf3c-45ef950d210f",
2716
- "category": "Network activity"
2717
- },
2718
- {
2719
- "timestamp": "1461142702",
2720
- "value": "www.amerikauyghur.top",
2721
- "type": "url",
2722
- "to_ids": true,
2723
- "object_relation": null,
2724
- "comment": "Imported via the freetext import.",
2725
- "uuid": "571744ae-1af4-4757-8408-42d7950d210f",
2726
- "category": "Network activity"
2727
- },
2728
- {
2729
- "timestamp": "1461142703",
2730
- "value": "turkiyeuyghur.com",
2731
- "type": "domain",
2732
- "to_ids": true,
2733
- "object_relation": null,
2734
- "comment": "Imported via the freetext import.",
2735
- "uuid": "571744af-a4b8-4e3c-9228-49b4950d210f",
2736
- "category": "Network activity"
2737
- },
2738
- {
2739
- "timestamp": "1461142790",
2740
- "value": "Micbt/BTFly.dump|f7c04e8b188fa38d0f62f620e3bf01dc",
2741
- "type": "filename|md5",
2742
- "to_ids": true,
2743
- "object_relation": null,
2744
- "comment": "Imported via the freetext import.",
2745
- "uuid": "57174506-afbc-44f1-b90c-45d6950d210f",
2746
- "category": "Payload delivery"
2747
- },
2748
- {
2749
- "timestamp": "1461142830",
2750
- "value": "Micbt/CltID.ini|54afa267dd5acef3858dd6dbea609cd9",
2751
- "type": "filename|md5",
2752
- "to_ids": true,
2753
- "object_relation": null,
2754
- "comment": "Imported via the freetext import.",
2755
- "uuid": "5717452e-22d8-4278-b18b-40c3950d210f",
2756
- "category": "Payload delivery"
2757
- },
2758
- {
2759
- "timestamp": "1461142830",
2760
- "value": "Micbt/IconConfigBt.DAT|516774cb0d5d56b300c402f63fe47523",
2761
- "type": "filename|md5",
2762
- "to_ids": true,
2763
- "object_relation": null,
2764
- "comment": "Imported via the freetext import.",
2765
- "uuid": "5717452e-f668-4202-bc83-4fcc950d210f",
2766
- "category": "Payload delivery"
2767
- },
2768
- {
2769
- "timestamp": "1461142831",
2770
- "value": "Micbt/MemoryLoad.dump|db0f8ba69aa71e9404b52d951458b97c",
2771
- "type": "filename|md5",
2772
- "to_ids": true,
2773
- "object_relation": null,
2774
- "comment": "Imported via the freetext import.",
2775
- "uuid": "5717452f-e860-4d6e-be0a-412d950d210f",
2776
- "category": "Payload delivery"
2777
- },
2778
- {
2779
- "timestamp": "1461142831",
2780
- "value": "Micbt/RasTls.dll|1e9e9ce1445a13c1ff4bf82f4a38de0d",
2781
- "type": "filename|md5",
2782
- "to_ids": true,
2783
- "object_relation": null,
2784
- "comment": "Imported via the freetext import.",
2785
- "uuid": "5717452f-bc28-48f8-a88f-4621950d210f",
2786
- "category": "Payload delivery"
2787
- },
2788
- {
2789
- "timestamp": "1461142832",
2790
- "value": "Micbt/RasTls.exe|62944e26b36b1dcace429ae26ba66164",
2791
- "type": "filename|md5",
2792
- "to_ids": true,
2793
- "object_relation": null,
2794
- "comment": "Imported via the freetext import.",
2795
- "uuid": "57174530-8628-4ec1-945e-4f28950d210f",
2796
- "category": "Payload delivery"
2797
- },
2798
- {
2799
- "timestamp": "1461143026",
2800
- "value": "fsguidll.exe|5c5e3201d6343e0536b86cb4ab0831c482a304c62cd09c01ac8bdeee5755f635",
2801
- "type": "filename|sha256",
2802
- "to_ids": true,
2803
- "object_relation": null,
2804
- "comment": "Imported via the freetext import.",
2805
- "uuid": "571745f2-29dc-4434-8a4e-4f24950d210f",
2806
- "category": "Payload delivery"
2807
- },
2808
- {
2809
- "timestamp": "1461143027",
2810
- "value": "fslapi.dll|2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083",
2811
- "type": "filename|sha256",
2812
- "to_ids": true,
2813
- "object_relation": null,
2814
- "comment": "Imported via the freetext import.",
2815
- "uuid": "571745f3-0710-48a7-8a66-4f4b950d210f",
2816
- "category": "Payload delivery"
2817
- },
2818
- {
2819
- "timestamp": "1461143028",
2820
- "value": "fslapi.dll.gui|dc4dac22d58ed7c0cadb13a621f42cb9a01851385ca0dc5b94a73c91677a0739",
2821
- "type": "filename|sha256",
2822
- "to_ids": true,
2823
- "object_relation": null,
2824
- "comment": "Imported via the freetext import.",
2825
- "uuid": "571745f4-eab8-481e-bfbc-41b7950d210f",
2826
- "category": "Payload delivery"
2827
- },
2828
- {
2829
- "timestamp": "1461143045",
2830
- "value": "BC29.tmp|5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c",
2831
- "type": "filename|sha256",
2832
- "to_ids": true,
2833
- "object_relation": null,
2834
- "comment": "Imported via the freetext import.",
2835
- "uuid": "57174605-6328-49df-a999-4ad9950d210f",
2836
- "category": "Payload delivery"
2837
- },
2838
- {
2839
- "timestamp": "1461143046",
2840
- "value": "~tmp.doc|76d54a0c8ed8d9a0b02f52d2400c8e74a9473e9bc92aeb558b2f4c894da1b88f",
2841
- "type": "filename|sha256",
2842
- "to_ids": true,
2843
- "object_relation": null,
2844
- "comment": "Imported via the freetext import.",
2845
- "uuid": "57174606-b230-42b0-b806-47f2950d210f",
2846
- "category": "Payload delivery"
2847
- },
2848
- {
2849
- "timestamp": "1461143075",
2850
- "value": "~tmp.doc|f0b5336b6f890e2029ac242ad2b613cad535828f7b7004a2284683f3195b7616",
2851
- "type": "filename|sha256",
2852
- "to_ids": true,
2853
- "object_relation": null,
2854
- "comment": "Imported via the freetext import.",
2855
- "uuid": "57174623-6d50-40d8-9fb3-47c6950d210f",
2856
- "category": "Payload delivery"
2857
- },
2858
- {
2859
- "timestamp": "1461143076",
2860
- "value": "iuso.exe|cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082",
2861
- "type": "filename|sha256",
2862
- "to_ids": true,
2863
- "object_relation": null,
2864
- "comment": "Imported via the freetext import.",
2865
- "uuid": "57174624-8aa0-4072-bc11-4657950d210f",
2866
- "category": "Payload delivery"
2867
- },
2868
- {
2869
- "timestamp": "1461143076",
2870
- "value": "wget.bat|9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692",
2871
- "type": "filename|sha256",
2872
- "to_ids": true,
2873
- "object_relation": null,
2874
- "comment": "Imported via the freetext import.",
2875
- "uuid": "57174624-a420-4946-be1d-473e950d210f",
2876
- "category": "Payload delivery"
2877
- },
2878
- {
2879
- "timestamp": "1461143077",
2880
- "value": "wget.exe|bedfbfe249b4a2be35bbfb1cf166d2119e132ee7c608909d34238e9eba6c9749",
2881
- "type": "filename|sha256",
2882
- "to_ids": true,
2883
- "object_relation": null,
2884
- "comment": "Imported via the freetext import.",
2885
- "uuid": "57174625-257c-43c7-a6a6-4b5f950d210f",
2886
- "category": "Payload delivery"
2887
- },
2888
- {
2889
- "timestamp": "1461143078",
2890
- "value": "wthk.txt|5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d",
2891
- "type": "filename|sha256",
2892
- "to_ids": true,
2893
- "object_relation": null,
2894
- "comment": "Imported via the freetext import.",
2895
- "uuid": "57174626-4614-4979-b6a0-41d4950d210f",
2896
- "category": "Payload delivery"
2897
- },
2898
- {
2899
- "timestamp": "1461143078",
2900
- "value": "conhost.exe|4849af113960f473749acf71d11d56854589cf21d623e66c7408bebd5ad0608f",
2901
- "type": "filename|sha256",
2902
- "to_ids": true,
2903
- "object_relation": null,
2904
- "comment": "Imported via the freetext import.",
2905
- "uuid": "57174626-632c-4e4f-ad7f-42ff950d210f",
2906
- "category": "Payload delivery"
2907
- },
2908
- {
2909
- "timestamp": "1461143079",
2910
- "value": "SbieDll.dll|2ac69633da711f244377483d99fac53089ec6614a61d8a1492a0e7228cbb8ffd",
2911
- "type": "filename|sha256",
2912
- "to_ids": true,
2913
- "object_relation": null,
2914
- "comment": "Imported via the freetext import.",
2915
- "uuid": "57174627-93e4-4f5c-8c97-4251950d210f",
2916
- "category": "Payload delivery"
2917
- },
2918
- {
2919
- "timestamp": "1461143080",
2920
- "value": "dll2.xor|c3fee1c7d402f144023dade4e63dc65db42fc4d6430f9885ece6aa7fa77cade0",
2921
- "type": "filename|sha256",
2922
- "to_ids": true,
2923
- "object_relation": null,
2924
- "comment": "Imported via the freetext import.",
2925
- "uuid": "57174628-8e70-4cc8-9987-4952950d210f",
2926
- "category": "Payload delivery"
2927
- },
2928
- {
2929
- "timestamp": "1461143080",
2930
- "value": "maindll.dll|5838582ea26312cc60b43da555189b439d3688597a705e3a52dc4d935517f69d",
2931
- "type": "filename|sha256",
2932
- "to_ids": true,
2933
- "object_relation": null,
2934
- "comment": "Imported via the freetext import.",
2935
- "uuid": "57174628-caf4-49ba-86d9-40a2950d210f",
2936
- "category": "Payload delivery"
2937
- },
2938
- {
2939
- "timestamp": "1461143081",
2940
- "value": "nvsvc.exe|ec05e37230e6534fa148b8e022f797ad0afe80f699fbd222a46672118663cf00",
2941
- "type": "filename|sha256",
2942
- "to_ids": true,
2943
- "object_relation": null,
2944
- "comment": "Imported via the freetext import.",
2945
- "uuid": "57174629-38f4-4809-b539-4fd9950d210f",
2946
- "category": "Payload delivery"
2947
- },
2948
- {
2949
- "timestamp": "1461143082",
2950
- "value": "runas.exe|5b34b3365eb6a6c700b391172849a2668d66a167669018ae3b9555bc2d1e54ab",
2951
- "type": "filename|sha256",
2952
- "to_ids": true,
2953
- "object_relation": null,
2954
- "comment": "Imported via the freetext import.",
2955
- "uuid": "5717462a-b1b0-4b33-bf15-45c2950d210f",
2956
- "category": "Payload delivery"
2957
- },
2958
- {
2959
- "timestamp": "1461143265",
2960
- "value": "90t69cf82.dll|afd0eae5065a689f8fc48c0cfc5b87f4caecc2fb6b1cef4c5e977fc2cc98509d",
2961
- "type": "filename|sha256",
2962
- "to_ids": true,
2963
- "object_relation": null,
2964
- "comment": "Imported via the freetext import.",
2965
- "uuid": "571746e1-8018-47cf-8445-4d2a950d210f",
2966
- "category": "Payload delivery"
2967
- },
2968
- {
2969
- "timestamp": "1461143266",
2970
- "value": "B512.tmp|cdb1d2f843ce797084cfc90107a2582e4861f4051aab0f6ac374468f491232a5",
2971
- "type": "filename|sha256",
2972
- "to_ids": true,
2973
- "object_relation": null,
2974
- "comment": "Imported via the freetext import.",
2975
- "uuid": "571746e2-b3b8-4478-9c44-4c84950d210f",
2976
- "category": "Payload delivery"
2977
- },
2978
- {
2979
- "timestamp": "1461143266",
2980
- "value": "~tmp.doc|aecd3e146632e9dfa0a92f486855144df0f87181feb67ac414a618fd52960c8c",
2981
- "type": "filename|sha256",
2982
- "to_ids": true,
2983
- "object_relation": null,
2984
- "comment": "Imported via the freetext import.",
2985
- "uuid": "571746e2-5f40-4465-a168-4030950d210f",
2986
- "category": "Payload delivery"
2987
- },
2988
- {
2989
- "timestamp": "1461143267",
2990
- "value": "Micbt/BTFly.dump|3b828a81ff5b0766c99284524b18fcd10d553191741bc1ed89904cdaa79baae1",
2991
- "type": "filename|sha256",
2992
- "to_ids": true,
2993
- "object_relation": null,
2994
- "comment": "Imported via the freetext import.",
2995
- "uuid": "571746e3-9830-4503-8e36-475c950d210f",
2996
- "category": "Payload delivery"
2997
- },
2998
- {
2999
- "timestamp": "1461143267",
3000
- "value": "Micbt/CltID.ini|1590a42e67fe02892dfeb6f29e0e6ae91c503d4ea91b550557c513e92f5ac7eb",
3001
- "type": "filename|sha256",
3002
- "to_ids": true,
3003
- "object_relation": null,
3004
- "comment": "Imported via the freetext import.",
3005
- "uuid": "571746e3-489c-4e77-afe4-43b8950d210f",
3006
- "category": "Payload delivery"
3007
- },
3008
- {
3009
- "timestamp": "1461143268",
3010
- "value": "Micbt/IconConfigBt.DAT|0a47bd32b83f09be1ea5a29dce6b7d307de7b3cdd69f836e0c810fd578f85c7c",
3011
- "type": "filename|sha256",
3012
- "to_ids": true,
3013
- "object_relation": null,
3014
- "comment": "Imported via the freetext import.",
3015
- "uuid": "571746e4-9dd0-4067-8ec7-4fba950d210f",
3016
- "category": "Payload delivery"
3017
- },
3018
- {
3019
- "timestamp": "1461143269",
3020
- "value": "Micbt/MemoryLoad.dump|aace766acea06845c29b306a9e080edcb3407635398007f3b9b5e053198b54f4",
3021
- "type": "filename|sha256",
3022
- "to_ids": true,
3023
- "object_relation": null,
3024
- "comment": "Imported via the freetext import.",
3025
- "uuid": "571746e5-e05c-451b-9a26-4efa950d210f",
3026
- "category": "Payload delivery"
3027
- },
3028
- {
3029
- "timestamp": "1461143270",
3030
- "value": "Micbt/RasTls.dll|bc2f7ebcad10aa48a69680f14fc57434436b821d5e7f2666a0f6d8795b0d37d1",
3031
- "type": "filename|sha256",
3032
- "to_ids": true,
3033
- "object_relation": null,
3034
- "comment": "Imported via the freetext import.",
3035
- "uuid": "571746e6-c760-4569-96ff-4d91950d210f",
3036
- "category": "Payload delivery"
3037
- },
3038
- {
3039
- "timestamp": "1461143270",
3040
- "value": "Micbt/RasTls.exe|f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68",
3041
- "type": "filename|sha256",
3042
- "to_ids": true,
3043
- "object_relation": null,
3044
- "comment": "Imported via the freetext import.",
3045
- "uuid": "571746e6-e8b4-4c80-8fe4-430e950d210f",
3046
- "category": "Payload delivery"
3047
- },
3048
- {
3049
- "timestamp": "1461143400",
3050
- "value": "~tmp.doc|e538ad13417b773714b75b5d602e4c6e",
3051
- "type": "filename|md5",
3052
- "to_ids": true,
3053
- "object_relation": null,
3054
- "comment": "recognized as Gh0stRAT",
3055
- "uuid": "57174768-a980-4cfc-adce-4ef9950d210f",
3056
- "category": "Payload delivery"
3057
- },
3058
- {
3059
- "timestamp": "1461143448",
3060
- "value": "~1|df50ea33616c916720c81d65563175d998a2c606360eeb3c8b727a482de3a4fc",
3061
- "type": "filename|sha256",
3062
- "to_ids": true,
3063
- "object_relation": null,
3064
- "comment": "",
3065
- "uuid": "57174798-6d98-4b70-b485-4cca950d210f",
3066
- "category": "Payload delivery"
3067
- },
3068
- {
3069
- "timestamp": "1461143464",
3070
- "value": "~1|b901f0b4aa6a3a6875235f96fce15839",
3071
- "type": "filename|md5",
3072
- "to_ids": true,
3073
- "object_relation": null,
3074
- "comment": "",
3075
- "uuid": "571747a8-e860-46cd-b1b3-44c1950d210f",
3076
- "category": "Payload delivery"
3077
- },
3078
- {
3079
- "timestamp": "1461143659",
3080
- "value": "One Tibetan Protester is Freed, Two Others Are Jailed.doc|facd2fbf26e974bdeae3e4db19753f03",
3081
- "type": "filename|md5",
3082
- "to_ids": true,
3083
- "object_relation": null,
3084
- "comment": "Imported via the freetext import.",
3085
- "uuid": "5717486b-e948-4e87-b418-42fe950d210f",
3086
- "category": "Payload delivery"
3087
- },
3088
- {
3089
- "timestamp": "1461143659",
3090
- "value": "One Tibetan Protester is Freed, Two Others Are Jailed.doc|1140e06fa8580cf869744b01cc037c2d2d2b5af7f26f5b3448d9a536674d681c",
3091
- "type": "filename|sha256",
3092
- "to_ids": true,
3093
- "object_relation": null,
3094
- "comment": "Imported via the freetext import.",
3095
- "uuid": "5717486b-ac80-4461-911a-49fc950d210f",
3096
- "category": "Payload delivery"
3097
- },
3098
- {
3099
- "timestamp": "1461144013",
3100
- "value": "41d05788d844b59f8eb79aeb2060dd5b7bdcad01e8d720f4b8b80d552e41cfe2",
3101
- "type": "sha256",
3102
- "to_ids": true,
3103
- "object_relation": null,
3104
- "comment": "RTF",
3105
- "uuid": "571748d1-aef0-4c8b-991b-4c00950d210f",
3106
- "category": "Payload delivery"
3107
- },
3108
- {
3109
- "timestamp": "1461144007",
3110
- "value": "ddc05b9f39f579f64742980980ca9820b83a243889bbc5baa37f5c2c1c4beb30",
3111
- "type": "sha256",
3112
- "to_ids": true,
3113
- "object_relation": null,
3114
- "comment": "RAR \r\n8EC7.tmp",
3115
- "uuid": "571748d2-03c0-4806-a97b-4b36950d210f",
3116
- "category": "Payload delivery"
3117
- },
3118
- {
3119
- "timestamp": "1461144071",
3120
- "value": "ffb7a38174aab4744cc4a509e34800aee9be8e57",
3121
- "type": "pehash",
3122
- "to_ids": true,
3123
- "object_relation": null,
3124
- "comment": "Imported via the freetext import.",
3125
- "uuid": "57174a07-2508-4ee1-a57b-4894950d210f",
3126
- "category": "Payload delivery"
3127
- },
3128
- {
3129
- "timestamp": "1461144196",
3130
- "value": "118.193.240.195",
3131
- "type": "ip-dst",
3132
- "to_ids": true,
3133
- "object_relation": null,
3134
- "comment": "Imported via the freetext import.",
3135
- "uuid": "57174a84-d848-4ef3-8677-43fa950d210f",
3136
- "category": "Network activity"
3137
- },
3138
- {
3139
- "timestamp": "1461144196",
3140
- "value": "http://www.whitewall.top:8080/850D3011FA326CBB6F57A965",
3141
- "type": "url",
3142
- "to_ids": true,
3143
- "object_relation": null,
3144
- "comment": "On port 8080",
3145
- "uuid": "57174a84-7878-4c38-ac38-4c38950d210f",
3146
- "category": "Network activity"
3147
- },
3148
- {
3149
- "timestamp": "1461144197",
3150
- "value": "http://www.whitewall.top:995/5724DD3DCC4A19E8416E5691",
3151
- "type": "url",
3152
- "to_ids": true,
3153
- "object_relation": null,
3154
- "comment": "On port 995",
3155
- "uuid": "57174a85-8a24-41d6-bc55-4eef950d210f",
3156
- "category": "Network activity"
3157
- },
3158
- {
3159
- "timestamp": "1461144234",
3160
- "value": "ee49bd5f35cc3012b5b606aca9b0f561",
3161
- "type": "md5",
3162
- "to_ids": true,
3163
- "object_relation": null,
3164
- "comment": "Imported via the freetext import.",
3165
- "uuid": "57174aaa-2894-4f79-83c3-48bb950d210f",
3166
- "category": "Payload delivery"
3167
- },
3168
- {
3169
- "timestamp": "1461144424",
3170
- "value": "6144:NwOD0nTHfnxBl7p01yDn8FJD1O6JN0MrvVburdr3QM5o1Zx0a4VgLjv9uM+yb3Hx:ZbqQM5oBfv9uMt5yGg",
3171
- "type": "ssdeep",
3172
- "to_ids": true,
3173
- "object_relation": null,
3174
- "comment": "Imported via the freetext import.",
3175
- "uuid": "57174b68-2ef8-49f4-82fc-4e38950d210f",
3176
- "category": "Payload delivery"
3177
- },
3178
- {
3179
- "timestamp": "1461144473",
3180
- "value": "Y:/UDPSbieDLL/Release/SBieDLL.pdb",
3181
- "type": "pdb",
3182
- "to_ids": false,
3183
- "object_relation": null,
3184
- "comment": "",
3185
- "uuid": "57174b99-21b4-4881-8088-44f2950d210f",
3186
- "category": "Artifacts dropped"
3187
- },
3188
- {
3189
- "timestamp": "1461144549",
3190
- "value": "2016\u7e3d\u7d71\u9078\u8209\u6c11\u60c5\u4e2d\u5fc3\u9810\u6e2c\u503c.doc",
3191
- "type": "filename",
3192
- "to_ids": true,
3193
- "object_relation": null,
3194
- "comment": "Imported via the freetext import.",
3195
- "uuid": "57174be5-742c-456a-a9be-4030950d210f",
3196
- "category": "Payload delivery"
3197
- },
3198
- {
3199
- "timestamp": "1461144549",
3200
- "value": "www.kcico.com.tw/data/openwebmail/doc/wthk.txt",
3201
- "type": "url",
3202
- "to_ids": true,
3203
- "object_relation": null,
3204
- "comment": "Imported via the freetext import.",
3205
- "uuid": "57174be5-2e14-46d9-a003-4125950d210f",
3206
- "category": "Network activity"
3207
- },
3208
- {
3209
- "timestamp": "1461144549",
3210
- "value": "\u4e2d\u56fd\u56fd\u5bb6\u5b89\u5168\u59d4\u5458\u4f1a\u673a\u6784\u8bbe\u7f6e\u548c\u4eba\u5458\u540d\u5355\u63d0\u524d\u66dd\u5149.docx",
3211
- "type": "filename",
3212
- "to_ids": true,
3213
- "object_relation": null,
3214
- "comment": "Imported via the freetext import.",
3215
- "uuid": "57174be5-41e0-41d6-a2e5-4294950d210f",
3216
- "category": "Payload delivery"
3217
- },
3218
- {
3219
- "timestamp": "1461144573",
3220
- "value": "One Tibetan Protester is Freed, Two Others Are Jailed.doc",
3221
- "type": "filename",
3222
- "to_ids": false,
3223
- "object_relation": null,
3224
- "comment": "",
3225
- "uuid": "57174bfd-9390-4ea8-b4fd-4a39950d210f",
3226
- "category": "Payload delivery"
3227
- },
3228
- {
3229
- "timestamp": "1461144589",
3230
- "value": "HUMAN RIGHTS SITUATION IN TIBET.doc",
3231
- "type": "filename",
3232
- "to_ids": false,
3233
- "object_relation": null,
3234
- "comment": "",
3235
- "uuid": "57174c0d-7a14-496d-81b4-4e90950d210f",
3236
- "category": "Payload delivery"
3237
- },
3238
- {
3239
- "timestamp": "1461144659",
3240
- "value": "[tibethouse] Upcoming Program Announcemet Last Week of December.doc",
3241
- "type": "filename",
3242
- "to_ids": false,
3243
- "object_relation": null,
3244
- "comment": "",
3245
- "uuid": "57174c53-7610-4095-b503-4f52950d210f",
3246
- "category": "Payload delivery"
3247
- },
3248
- {
3249
- "timestamp": "1461144815",
3250
- "value": "PlugX|40099e0f13ba47bd4ea4f3f49228ac8cffdf07700c4ef8089e3b5d8013e914a3",
3251
- "type": "filename|sha256",
3252
- "to_ids": false,
3253
- "object_relation": null,
3254
- "comment": "",
3255
- "uuid": "57174cef-6628-4d5c-a692-4a51950d210f",
3256
- "category": "Payload delivery"
3257
- },
3258
- {
3259
- "timestamp": "1461144831",
3260
- "value": "ufbidruosivibuted|a78ea84acf57e0c54d5b1e5e3bd5eec31cc5935f16d9575e049e161420736e32",
3261
- "type": "filename|sha256",
3262
- "to_ids": false,
3263
- "object_relation": null,
3264
- "comment": "",
3265
- "uuid": "57174cff-aa9c-441c-8d64-4493950d210f",
3266
- "category": "Payload delivery"
3267
- },
3268
- {
3269
- "timestamp": "1461144850",
3270
- "value": "PlugX|103873e3fa8dfc2360bb5c22761da04a",
3271
- "type": "filename|md5",
3272
- "to_ids": false,
3273
- "object_relation": null,
3274
- "comment": "",
3275
- "uuid": "57174d12-942c-4080-977e-4467950d210f",
3276
- "category": "Payload delivery"
3277
- },
3278
- {
3279
- "timestamp": "1461144866",
3280
- "value": "ufbidruosivibuted|caefdd6ca90ff791cdeff9313136972e",
3281
- "type": "filename|md5",
3282
- "to_ids": false,
3283
- "object_relation": null,
3284
- "comment": "",
3285
- "uuid": "57174d22-fcec-4be8-9b94-44a9950d210f",
3286
- "category": "Payload delivery"
3287
- },
3288
- {
3289
- "timestamp": "1461145048",
3290
- "value": "keylog",
3291
- "type": "filename",
3292
- "to_ids": false,
3293
- "object_relation": null,
3294
- "comment": "",
3295
- "uuid": "57174dd8-3f30-4838-af62-400a950d210f",
3296
- "category": "Payload delivery"
3297
- },
3298
- {
3299
- "timestamp": "1461145073",
3300
- "value": "xx6.tmp",
3301
- "type": "filename",
3302
- "to_ids": false,
3303
- "object_relation": null,
3304
- "comment": "",
3305
- "uuid": "57174df1-3968-479d-85d5-4e03950d210f",
3306
- "category": "Payload delivery"
3307
- },
3308
- {
3309
- "timestamp": "1461145087",
3310
- "value": "xx3.tmp",
3311
- "type": "filename",
3312
- "to_ids": false,
3313
- "object_relation": null,
3314
- "comment": "",
3315
- "uuid": "57174dff-78ac-400f-bbd4-4c75950d210f",
3316
- "category": "Payload delivery"
3317
- },
3318
- {
3319
- "timestamp": "1461145098",
3320
- "value": "xx1.tmp",
3321
- "type": "filename",
3322
- "to_ids": false,
3323
- "object_relation": null,
3324
- "comment": "",
3325
- "uuid": "57174e0a-10e0-4022-9a31-4ba1950d210f",
3326
- "category": "Payload delivery"
3327
- },
3328
- {
3329
- "timestamp": "1461145117",
3330
- "value": "srvlic.dll",
3331
- "type": "filename",
3332
- "to_ids": false,
3333
- "object_relation": null,
3334
- "comment": "",
3335
- "uuid": "57174e1d-32dc-46d5-b717-41c3950d210f",
3336
- "category": "Payload delivery"
3337
- },
3338
- {
3339
- "timestamp": "1461145133",
3340
- "value": "conhost.log",
3341
- "type": "filename",
3342
- "to_ids": false,
3343
- "object_relation": null,
3344
- "comment": "",
3345
- "uuid": "57174e2d-4558-4971-aa84-4d5a950d210f",
3346
- "category": "Payload delivery"
3347
- },
3348
- {
3349
- "timestamp": "1461145146",
3350
- "value": "xx4.tmp",
3351
- "type": "filename",
3352
- "to_ids": false,
3353
- "object_relation": null,
3354
- "comment": "",
3355
- "uuid": "57174e3a-3abc-4d57-b5f7-449b950d210f",
3356
- "category": "Payload delivery"
3357
- },
3358
- {
3359
- "timestamp": "1461145160",
3360
- "value": "xx2.tmp",
3361
- "type": "filename",
3362
- "to_ids": false,
3363
- "object_relation": null,
3364
- "comment": "",
3365
- "uuid": "57174e48-e2dc-4f15-9ae2-4adb950d210f",
3366
- "category": "Payload delivery"
3367
- },
3368
- {
3369
- "timestamp": "1461145172",
3370
- "value": "xx5.tmp",
3371
- "type": "filename",
3372
- "to_ids": false,
3373
- "object_relation": null,
3374
- "comment": "",
3375
- "uuid": "57174e54-5018-495b-b18a-48eb950d210f",
3376
- "category": "Payload delivery"
3377
- },
3378
- {
3379
- "timestamp": "1461145194",
3380
- "value": "up.dat",
3381
- "type": "filename",
3382
- "to_ids": false,
3383
- "object_relation": null,
3384
- "comment": "",
3385
- "uuid": "57174e6a-c71c-4c48-a9f4-444b950d210f",
3386
- "category": "Payload delivery"
3387
- },
3388
- {
3389
- "timestamp": "1461159925",
3390
- "value": "b3d8f4587f40a598d19ed23c552c02120fd3c0ce",
3391
- "type": "sha1",
3392
- "to_ids": true,
3393
- "object_relation": null,
3394
- "comment": "RAR \r\n8EC7.tmp - Xchecked via VT: ddc05b9f39f579f64742980980ca9820b83a243889bbc5baa37f5c2c1c4beb30",
3395
- "uuid": "571787f5-98d0-4631-b8c7-4f0102de0b81",
3396
- "category": "Payload delivery"
3397
- },
3398
- {
3399
- "timestamp": "1461159925",
3400
- "value": "https://www.virustotal.com/file/ddc05b9f39f579f64742980980ca9820b83a243889bbc5baa37f5c2c1c4beb30/analysis/1458560144/",
3401
- "type": "link",
3402
- "to_ids": false,
3403
- "object_relation": null,
3404
- "comment": "",
3405
- "uuid": "571787f5-31d0-4bc2-986d-4bd102de0b81",
3406
- "category": "External analysis"
3407
- },
3408
- {
3409
- "timestamp": "1461159926",
3410
- "value": "4782223722758b1281f31b77f1eb0f8da38af258",
3411
- "type": "sha1",
3412
- "to_ids": true,
3413
- "object_relation": null,
3414
- "comment": "RTF - Xchecked via VT: 41d05788d844b59f8eb79aeb2060dd5b7bdcad01e8d720f4b8b80d552e41cfe2",
3415
- "uuid": "571787f6-6d58-4685-aa4c-4b1e02de0b81",
3416
- "category": "Payload delivery"
3417
- },
3418
- {
3419
- "timestamp": "1461159926",
3420
- "value": "https://www.virustotal.com/file/41d05788d844b59f8eb79aeb2060dd5b7bdcad01e8d720f4b8b80d552e41cfe2/analysis/1458273608/",
3421
- "type": "link",
3422
- "to_ids": false,
3423
- "object_relation": null,
3424
- "comment": "",
3425
- "uuid": "571787f6-b9e4-4e7f-812f-476102de0b81",
3426
- "category": "External analysis"
3427
- },
3428
- {
3429
- "timestamp": "1461159927",
3430
- "value": "5ec656d194a15d41b831de750a37e40b28b19c45",
3431
- "type": "sha1",
3432
- "to_ids": true,
3433
- "object_relation": null,
3434
- "comment": "RTF - Xchecked via VT: 58f8a906b49711d2a6aaed0b59e1c1b7fcf5757666e0567fe50e996bfe0a4589",
3435
- "uuid": "571787f7-5640-43a9-a1f8-42d202de0b81",
3436
- "category": "Payload delivery"
3437
- },
3438
- {
3439
- "timestamp": "1461159927",
3440
- "value": "https://www.virustotal.com/file/58f8a906b49711d2a6aaed0b59e1c1b7fcf5757666e0567fe50e996bfe0a4589/analysis/1458825268/",
3441
- "type": "link",
3442
- "to_ids": false,
3443
- "object_relation": null,
3444
- "comment": "",
3445
- "uuid": "571787f7-ed70-43ad-84b7-428702de0b81",
3446
- "category": "External analysis"
3447
- },
3448
- {
3449
- "timestamp": "1461159928",
3450
- "value": "f44dc6b644d7534276c18d8f43420f6f9dac4ef3",
3451
- "type": "sha1",
3452
- "to_ids": true,
3453
- "object_relation": null,
3454
- "comment": "RTF - Xchecked via VT: a0da9887b4c5af009a41b783db7ffedf949013abc70777c0ec539299628a51eb",
3455
- "uuid": "571787f8-d818-4455-aec2-4cf002de0b81",
3456
- "category": "Payload delivery"
3457
- },
3458
- {
3459
- "timestamp": "1461159928",
3460
- "value": "https://www.virustotal.com/file/a0da9887b4c5af009a41b783db7ffedf949013abc70777c0ec539299628a51eb/analysis/1456924149/",
3461
- "type": "link",
3462
- "to_ids": false,
3463
- "object_relation": null,
3464
- "comment": "",
3465
- "uuid": "571787f8-0bc0-4113-bd2a-446d02de0b81",
3466
- "category": "External analysis"
3467
- },
3468
- {
3469
- "timestamp": "1461159928",
3470
- "value": "ca8fa4afeeae67ef57dcb22ff2326734f119a8d6",
3471
- "type": "sha1",
3472
- "to_ids": true,
3473
- "object_relation": null,
3474
- "comment": "RTF - Xchecked via VT: e13a0357cd51795100dbce25fe846783fbb7fd22c5efe438d9059edc10492f49",
3475
- "uuid": "571787f8-6338-476e-8153-44af02de0b81",
3476
- "category": "Payload delivery"
3477
- },
3478
- {
3479
- "timestamp": "1461159929",
3480
- "value": "https://www.virustotal.com/file/e13a0357cd51795100dbce25fe846783fbb7fd22c5efe438d9059edc10492f49/analysis/1452944526/",
3481
- "type": "link",
3482
- "to_ids": false,
3483
- "object_relation": null,
3484
- "comment": "",
3485
- "uuid": "571787f9-1f18-4b3a-ac70-482102de0b81",
3486
- "category": "External analysis"
3487
- },
3488
- {
3489
- "timestamp": "1461159929",
3490
- "value": "b8ea4d22bd988c021bc45c3a3e84362edca91e78",
3491
- "type": "sha1",
3492
- "to_ids": true,
3493
- "object_relation": null,
3494
- "comment": "Imported via the freetext import. - Xchecked via VT: 8b6ef2f4e2af608c755b3114e98ab78ac89e089db5b0bece7f2dc68bd1026a78",
3495
- "uuid": "571787f9-5f08-4091-97a4-40e702de0b81",
3496
- "category": "Payload delivery"
3497
- },
3498
- {
3499
- "timestamp": "1461159930",
3500
- "value": "https://www.virustotal.com/file/8b6ef2f4e2af608c755b3114e98ab78ac89e089db5b0bece7f2dc68bd1026a78/analysis/1459770897/",
3501
- "type": "link",
3502
- "to_ids": false,
3503
- "object_relation": null,
3504
- "comment": "",
3505
- "uuid": "571787fa-074c-4412-a3f1-4c2302de0b81",
3506
- "category": "External analysis"
3507
- },
3508
- {
3509
- "timestamp": "1461159930",
3510
- "value": "0bdd3484e69af639c3564aa7ab679defc4434def",
3511
- "type": "sha1",
3512
- "to_ids": true,
3513
- "object_relation": null,
3514
- "comment": "Imported via the freetext import. - Xchecked via VT: 0ba814941a0adb344cbf2a90552a66b52faa99a24d3107735da1db5a0e1f8360",
3515
- "uuid": "571787fa-81e4-400a-8f49-4e9902de0b81",
3516
- "category": "Payload delivery"
3517
- },
3518
- {
3519
- "timestamp": "1461159930",
3520
- "value": "https://www.virustotal.com/file/0ba814941a0adb344cbf2a90552a66b52faa99a24d3107735da1db5a0e1f8360/analysis/1459770252/",
3521
- "type": "link",
3522
- "to_ids": false,
3523
- "object_relation": null,
3524
- "comment": "",
3525
- "uuid": "571787fa-e10c-4ac1-ac7d-4c5b02de0b81",
3526
- "category": "External analysis"
3527
- },
3528
- {
3529
- "timestamp": "1461159931",
3530
- "value": "https://www.virustotal.com/file/5b875ecf0b7f67a4429aeaa841eddf8e6b58771e16dbdb43ad6918aa7a5b582d/analysis/1461148223/",
3531
- "type": "link",
3532
- "to_ids": false,
3533
- "object_relation": null,
3534
- "comment": "",
3535
- "uuid": "571787fb-44bc-4692-b11b-4b2502de0b81",
3536
- "category": "External analysis"
3537
- },
3538
- {
3539
- "timestamp": "1461159931",
3540
- "value": "https://www.virustotal.com/file/51c0d075067709c9f8794a25a7e3920bf69f8c755a1794e857acd818ea8a1010/analysis/1461146860/",
3541
- "type": "link",
3542
- "to_ids": false,
3543
- "object_relation": null,
3544
- "comment": "",
3545
- "uuid": "571787fb-7fcc-4e67-bed8-429a02de0b81",
3546
- "category": "External analysis"
3547
- },
3548
- {
3549
- "timestamp": "1461159932",
3550
- "value": "https://www.virustotal.com/file/4a5d864f69aff245793606b694bcbc5243b81e0b018596bce85ecab0e12ac849/analysis/1461147529/",
3551
- "type": "link",
3552
- "to_ids": false,
3553
- "object_relation": null,
3554
- "comment": "",
3555
- "uuid": "571787fc-cb4c-49f7-991d-45d002de0b81",
3556
- "category": "External analysis"
3557
- },
3558
- {
3559
- "timestamp": "1461159932",
3560
- "value": "6dd646bd56e04c6d394f87c97976ccd04ed613df",
3561
- "type": "sha1",
3562
- "to_ids": true,
3563
- "object_relation": null,
3564
- "comment": "Imported via the freetext import. - Xchecked via VT: 1140e06fa8580cf869744b01cc037c2d2d2b5af7f26f5b3448d9a536674d681c",
3565
- "uuid": "571787fc-b710-46bc-a454-496202de0b81",
3566
- "category": "Payload delivery"
3567
- },
3568
- {
3569
- "timestamp": "1461159932",
3570
- "value": "https://www.virustotal.com/file/1140e06fa8580cf869744b01cc037c2d2d2b5af7f26f5b3448d9a536674d681c/analysis/1452854114/",
3571
- "type": "link",
3572
- "to_ids": false,
3573
- "object_relation": null,
3574
- "comment": "",
3575
- "uuid": "571787fc-b338-4b49-a732-473902de0b81",
3576
- "category": "External analysis"
3577
- },
3578
- {
3579
- "timestamp": "1461159933",
3580
- "value": "2616da1697f7c764ee7fb558887a6a3279861fac",
3581
- "type": "sha1",
3582
- "to_ids": true,
3583
- "object_relation": null,
3584
- "comment": "Imported via the freetext import. - Xchecked via VT: f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68",
3585
- "uuid": "571787fd-6dc4-4c44-82c0-43d602de0b81",
3586
- "category": "Payload delivery"
3587
- },
3588
- {
3589
- "timestamp": "1461159933",
3590
- "value": "https://www.virustotal.com/file/f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68/analysis/1461070473/",
3591
- "type": "link",
3592
- "to_ids": false,
3593
- "object_relation": null,
3594
- "comment": "",
3595
- "uuid": "571787fd-9b0c-4c22-98cb-41c302de0b81",
3596
- "category": "External analysis"
3597
- },
3598
- {
3599
- "timestamp": "1461159934",
3600
- "value": "90c9b15d6f5943c515b41d7f306a7bd6eef1845a",
3601
- "type": "sha1",
3602
- "to_ids": true,
3603
- "object_relation": null,
3604
- "comment": "Imported via the freetext import. - Xchecked via VT: bc2f7ebcad10aa48a69680f14fc57434436b821d5e7f2666a0f6d8795b0d37d1",
3605
- "uuid": "571787fe-2ed8-4e88-8cba-4b9002de0b81",
3606
- "category": "Payload delivery"
3607
- },
3608
- {
3609
- "timestamp": "1461159934",
3610
- "value": "https://www.virustotal.com/file/bc2f7ebcad10aa48a69680f14fc57434436b821d5e7f2666a0f6d8795b0d37d1/analysis/1455192800/",
3611
- "type": "link",
3612
- "to_ids": false,
3613
- "object_relation": null,
3614
- "comment": "",
3615
- "uuid": "571787fe-bf88-4d38-b4a9-47d702de0b81",
3616
- "category": "External analysis"
3617
- },
3618
- {
3619
- "timestamp": "1461159934",
3620
- "value": "79cc8f5b155179360a7a2de772ed1f3945aaf49c",
3621
- "type": "sha1",
3622
- "to_ids": true,
3623
- "object_relation": null,
3624
- "comment": "Imported via the freetext import. - Xchecked via VT: aecd3e146632e9dfa0a92f486855144df0f87181feb67ac414a618fd52960c8c",
3625
- "uuid": "571787fe-7404-450d-a9bd-415a02de0b81",
3626
- "category": "Payload delivery"
3627
- },
3628
- {
3629
- "timestamp": "1461159935",
3630
- "value": "https://www.virustotal.com/file/aecd3e146632e9dfa0a92f486855144df0f87181feb67ac414a618fd52960c8c/analysis/1455797633/",
3631
- "type": "link",
3632
- "to_ids": false,
3633
- "object_relation": null,
3634
- "comment": "",
3635
- "uuid": "571787ff-8ac4-41cb-bbfe-43b102de0b81",
3636
- "category": "External analysis"
3637
- },
3638
- {
3639
- "timestamp": "1461159935",
3640
- "value": "cd8581dc95a92bab7f8025fcc5908d27c183b425",
3641
- "type": "sha1",
3642
- "to_ids": true,
3643
- "object_relation": null,
3644
- "comment": "Imported via the freetext import. - Xchecked via VT: afd0eae5065a689f8fc48c0cfc5b87f4caecc2fb6b1cef4c5e977fc2cc98509d",
3645
- "uuid": "571787ff-3858-4bdc-bd8f-430e02de0b81",
3646
- "category": "Payload delivery"
3647
- },
3648
- {
3649
- "timestamp": "1461159935",
3650
- "value": "https://www.virustotal.com/file/afd0eae5065a689f8fc48c0cfc5b87f4caecc2fb6b1cef4c5e977fc2cc98509d/analysis/1454375598/",
3651
- "type": "link",
3652
- "to_ids": false,
3653
- "object_relation": null,
3654
- "comment": "",
3655
- "uuid": "571787ff-9184-46e3-bda4-460202de0b81",
3656
- "category": "External analysis"
3657
- },
3658
- {
3659
- "timestamp": "1461159936",
3660
- "value": "c6f146def58b701f406a73958cdaacbe53860090",
3661
- "type": "sha1",
3662
- "to_ids": true,
3663
- "object_relation": null,
3664
- "comment": "Imported via the freetext import. - Xchecked via VT: 2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083",
3665
- "uuid": "57178800-8b30-4513-b981-431902de0b81",
3666
- "category": "Payload delivery"
3667
- },
3668
- {
3669
- "timestamp": "1461159936",
3670
- "value": "https://www.virustotal.com/file/2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083/analysis/1455406891/",
3671
- "type": "link",
3672
- "to_ids": false,
3673
- "object_relation": null,
3674
- "comment": "",
3675
- "uuid": "57178800-8760-437a-8ecf-494b02de0b81",
3676
- "category": "External analysis"
3677
- },
3678
- {
3679
- "timestamp": "1461159937",
3680
- "value": "f1ec39dddb224a6a1e40d55c8f6877c908f92bcf",
3681
- "type": "sha1",
3682
- "to_ids": true,
3683
- "object_relation": null,
3684
- "comment": "Imported via the freetext import. - Xchecked via VT: 5c5e3201d6343e0536b86cb4ab0831c482a304c62cd09c01ac8bdeee5755f635",
3685
- "uuid": "57178801-c614-4982-8611-42d002de0b81",
3686
- "category": "Payload delivery"
3687
- },
3688
- {
3689
- "timestamp": "1461159937",
3690
- "value": "https://www.virustotal.com/file/5c5e3201d6343e0536b86cb4ab0831c482a304c62cd09c01ac8bdeee5755f635/analysis/1461046907/",
3691
- "type": "link",
3692
- "to_ids": false,
3693
- "object_relation": null,
3694
- "comment": "",
3695
- "uuid": "57178801-e5fc-46db-9b1c-41d802de0b81",
3696
- "category": "External analysis"
3697
- },
3698
- {
3699
- "timestamp": "1461159937",
3700
- "value": "https://www.virustotal.com/file/5676c0b2d3c139dbef5bafa0184576bd1a4ccbd3f7d40b4a6a099a1e61bc2a39/analysis/1461146345/",
3701
- "type": "link",
3702
- "to_ids": false,
3703
- "object_relation": null,
3704
- "comment": "",
3705
- "uuid": "57178801-90c4-4fad-b307-420c02de0b81",
3706
- "category": "External analysis"
3707
- },
3708
- {
3709
- "timestamp": "1461159938",
3710
- "value": "https://www.virustotal.com/file/7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6/analysis/1461146164/",
3711
- "type": "link",
3712
- "to_ids": false,
3713
- "object_relation": null,
3714
- "comment": "",
3715
- "uuid": "57178802-d774-4018-b499-4c2002de0b81",
3716
- "category": "External analysis"
3717
- },
3718
- {
3719
- "timestamp": "1467971098",
3720
- "value": "alert udp any any -> any 53 (msg:\"NF - APT LURK0 C&C Domain - www.amerikauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|amerikauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016101; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT LURK0 C&C Domain - dge.123nat.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|dge|06|123nat|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016102; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT LURK0 C&C Domain - manhaton.123nat.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|08|manhaton|06|123nat|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016103; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - bsnl.wang\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|04|bsnl|04|wang\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016104; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.onebook.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|07|onebook|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016105; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.togolaga.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|08|togolaga|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016106; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - unisers.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|07|unisers|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016107; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.dicemention.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0b|dicemention|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016108; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.updatenewes.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0b|updatenewes|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016109; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - softinc.pw\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|07|softinc|02|pw\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016110; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT Saker C&C Domain - www.notebookhk.net\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0a|notebookhk|03|net\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016111; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX C&C Domain - www.whitewall.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|09|whitewall|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016112; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-T9000 Win32/Agent.XST Domain - www.kcico.com.tw\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|05|kcico|03|com|02|tw\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016113; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-T9000 Win32/Agent.XST Domain - www.tibetimes.com\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|09|tibetimes|03|com\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016114; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-T9000 Win32/Agent.XST Domain - softinc.pw\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|07|softinc|02|pw\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016115; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"NF - Win32/Agent.XST Checkin\"; flow:established,to_server; content:\"POST\"; http_method; content:!\"Referer|3a|\"; http_header; content:!\"Accept|3a|\"; http_header; content:\"Content-Type|3a 20|text/html|0d 0a|\"; http_header; content:\"this is UP\"; depth:10; http_client_body; fast_pattern; content:\"|00 00 00 00|\"; http_client_body; reference:url,asert.arbornetworks.com/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-Uncovering-the-Seven-Pointed-Dagger.pdf; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016116; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:\"NF - Win32/Agent.XST Keepalive\"; flow:established,to_server; content:\"POST|20|\"; depth:5; content:\".asp|20|HTTP/1.\"; distance:0; content:!\"Referer|3a|\"; distance:0; content:!\"Accept|3a|\"; distance:0; content:\"Content-Length|3a 20|2|0d 0a|\"; distance:0; fast_pattern; content:\"Content-Type|3a 20|text/html|0d 0a|\"; content:\"|0d 0a 0d 0a|ok\"; distance:0; threshold: type limit, count 1, seconds 60, track by_src; reference:url,asert.arbornetworks.com/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-Uncovering-the-Seven-Pointed-Dagger.pdf; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016117; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"NF - Win32/Agent.XST/UP007 Checkin 2\"; flow:established,to_server; content:\"POST\"; http_method; content:!\"Referer|3a|\"; http_header; content:!\"Accept|3a|\"; http_header; content:\"Content-Type|3a 20|text/html|0d 0a|\"; http_header; content:\"this is UP\"; depth:10; http_client_body; fast_pattern; content:\"|00 00 00 00|\"; http_client_body; reference:url,citizenlab.org/2016/04/between-hong-kong-and-burma; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016118; rev:1;)\r\n\r\nalert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:\"NF - Win32/Agent.XST/UP007 Keepalive 2\"; flow:established,to_server; content:\"POST|20|\"; depth:5; content:\".asp|20|HTTP/1.\"; distance:0; content:!\"Referer|3a|\"; distance:0; content:!\"Accept|3a|\"; distance:0; content:\"Content-Length|3a 20|5|0d 0a|\"; distance:0; fast_pattern; content:\"Content-Type|3a 20|text/html|0d 0a|\"; content:\"|0d 0a 0d 0a|READY\"; distance:0; threshold:type limit, count 1, seconds 60, track by_src; reference:url,citizenlab.org/2016/04/between-hong-kong-and-burma; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016119; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.turkistanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0F|turkistanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016120; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.yawropauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|yawropauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016121; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.japanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0b|japanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016122; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.hotansft.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|08|hotansft|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016123; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.amerikauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|amerikauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016124; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.yawropauyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0d|yawropauyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016125; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.turkistanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0f|turkistanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016126; rev:1;)\r\n\r\nalert udp any any -> any 53 (msg:\"NF - APT-PlugX Related Domain - www.turkistanuyghur.top\"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth:10; offset:2; content:\"|03|www|0f|turkistanuyghur|03|top\"; fast_pattern; nocase; distance:0; reference:url,researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-activity-reveals-some-common-threads/#more-15097; reference:url,networkforensic.dk; metadata:06072016; priority:1; sid:888016127; rev:1;)",
3721
- "type": "snort",
3722
- "to_ids": false,
3723
- "object_relation": null,
3724
- "comment": "Some SNORT IDS Rule.",
3725
- "uuid": "577f761a-5ec4-4532-9e7b-093bc0a8f687",
3726
- "category": "Network activity"
3727
- }
3728
- ]
3729
- }
3730
- }