pymisp 2.5.7__py3-none-any.whl → 2.5.8__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (135) hide show
  1. pymisp/api.py +1 -0
  2. pymisp/data/misp-objects/objects/rmm/definition.json +1 -1
  3. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/METADATA +4 -4
  4. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/RECORD +6 -135
  5. CHANGELOG.txt +0 -5380
  6. examples/__init__.py +0 -0
  7. examples/add_attributes_from_csv.py +0 -74
  8. examples/add_email_object.py +0 -29
  9. examples/add_fail2ban_object.py +0 -86
  10. examples/add_feed.py +0 -25
  11. examples/add_file_object.py +0 -47
  12. examples/add_filetype_object_from_csv.py +0 -53
  13. examples/add_generic_object.py +0 -26
  14. examples/add_github_user.py +0 -65
  15. examples/add_gitlab_user.py +0 -56
  16. examples/add_named_attribute.py +0 -25
  17. examples/add_organisations.py +0 -57
  18. examples/add_ssh_authorized_keys.py +0 -29
  19. examples/add_user.py +0 -22
  20. examples/add_vehicle_object.py +0 -22
  21. examples/addtag2.py +0 -45
  22. examples/asciidoc_generator.py +0 -114
  23. examples/cache_all.py +0 -10
  24. examples/copyTagsFromAttributesToEvent.py +0 -68
  25. examples/copy_list.py +0 -93
  26. examples/create_events.py +0 -26
  27. examples/cytomic_orion.py +0 -549
  28. examples/del.py +0 -22
  29. examples/delete_user.py +0 -16
  30. examples/edit_organisation.py +0 -20
  31. examples/edit_user.py +0 -20
  32. examples/falsepositive_disabletoids.py +0 -136
  33. examples/fetch_events_feed.py +0 -15
  34. examples/fetch_warninglist_hits.py +0 -38
  35. examples/freetext.py +0 -22
  36. examples/generate_file_objects.py +0 -78
  37. examples/generate_meta_feed.py +0 -15
  38. examples/get.py +0 -37
  39. examples/get_csv.py +0 -37
  40. examples/get_network_activity.py +0 -187
  41. examples/last.py +0 -48
  42. examples/load_csv.py +0 -94
  43. examples/lookup.py +0 -28
  44. examples/misp2cef.py +0 -71
  45. examples/misp2clamav.py +0 -52
  46. examples/openioc_to_misp.py +0 -27
  47. examples/proofpoint_tap.py +0 -203
  48. examples/proofpoint_vap.py +0 -65
  49. examples/search.py +0 -48
  50. examples/search_attributes_yara.py +0 -40
  51. examples/search_sighting.py +0 -42
  52. examples/server_sync_check_conn.py +0 -32
  53. examples/sharing_groups.py +0 -15
  54. examples/show_sightings.py +0 -168
  55. examples/stats_report.py +0 -405
  56. examples/sync_sighting.py +0 -171
  57. examples/tags.py +0 -25
  58. examples/test_sign.py +0 -19
  59. examples/trustar_misp.py +0 -59
  60. examples/up.py +0 -21
  61. examples/upload.py +0 -60
  62. examples/users_list.py +0 -15
  63. examples/vmray_automation.py +0 -281
  64. examples/vt_to_misp.py +0 -182
  65. examples/warninglists.py +0 -22
  66. examples/yara.py +0 -38
  67. examples/yara_dump.py +0 -98
  68. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +0 -1
  69. tests/__init__.py +0 -0
  70. tests/csv_testfiles/invalid_fieldnames.csv +0 -11
  71. tests/csv_testfiles/valid_fieldnames.csv +0 -4
  72. tests/email_testfiles/mail_1.eml.zip +0 -0
  73. tests/email_testfiles/mail_1.msg +0 -0
  74. tests/email_testfiles/mail_1_bom.eml +0 -858
  75. tests/email_testfiles/mail_1_headers_only.eml +0 -28
  76. tests/email_testfiles/mail_2.eml +0 -32
  77. tests/email_testfiles/mail_3.eml +0 -170
  78. tests/email_testfiles/mail_3.msg +0 -0
  79. tests/email_testfiles/mail_4.msg +0 -0
  80. tests/email_testfiles/mail_5.msg +0 -0
  81. tests/email_testfiles/mail_multiple_to.eml +0 -15
  82. tests/email_testfiles/source +0 -1
  83. tests/git-vuln-finder-quagga.json +0 -1493
  84. tests/misp_event.json +0 -76
  85. tests/mispevent_testfiles/attribute.json +0 -21
  86. tests/mispevent_testfiles/attribute_del.json +0 -23
  87. tests/mispevent_testfiles/def_param.json +0 -53
  88. tests/mispevent_testfiles/event.json +0 -8
  89. tests/mispevent_testfiles/event_obj_attr_tag.json +0 -57
  90. tests/mispevent_testfiles/event_obj_def_param.json +0 -62
  91. tests/mispevent_testfiles/event_obj_tag.json +0 -29
  92. tests/mispevent_testfiles/event_tags.json +0 -18
  93. tests/mispevent_testfiles/existing_event.json +0 -4599
  94. tests/mispevent_testfiles/existing_event_edited.json +0 -4601
  95. tests/mispevent_testfiles/galaxy.json +0 -25
  96. tests/mispevent_testfiles/malware.json +0 -19
  97. tests/mispevent_testfiles/malware_exist.json +0 -163
  98. tests/mispevent_testfiles/misp_custom_obj.json +0 -38
  99. tests/mispevent_testfiles/overwrite_file/definition.json +0 -457
  100. tests/mispevent_testfiles/proposals.json +0 -35
  101. tests/mispevent_testfiles/shadow.json +0 -148
  102. tests/mispevent_testfiles/sighting.json +0 -5
  103. tests/mispevent_testfiles/simple.json +0 -2
  104. tests/mispevent_testfiles/test_object_template/definition.json +0 -29
  105. tests/new_misp_event.json +0 -34
  106. tests/reportlab_testfiles/HTML_event.json +0 -1
  107. tests/reportlab_testfiles/galaxy_1.json +0 -1250
  108. tests/reportlab_testfiles/image_event.json +0 -2490
  109. tests/reportlab_testfiles/japanese_test.json +0 -156
  110. tests/reportlab_testfiles/japanese_test_heavy.json +0 -318
  111. tests/reportlab_testfiles/long_event.json +0 -3730
  112. tests/reportlab_testfiles/mainly_objects_1.json +0 -1092
  113. tests/reportlab_testfiles/mainly_objects_2.json +0 -977
  114. tests/reportlab_testfiles/sighting_1.json +0 -305
  115. tests/reportlab_testfiles/sighting_2.json +0 -221
  116. tests/reportlab_testfiles/to_delete1.json +0 -804
  117. tests/reportlab_testfiles/to_delete2.json +0 -1
  118. tests/reportlab_testfiles/to_delete3.json +0 -1
  119. tests/reportlab_testfiles/very_long_event.json +0 -1006
  120. tests/reportlab_testoutputs/to_delete1.json.pdf +0 -391
  121. tests/reportlab_testoutputs/to_delete2.json.pdf +0 -506
  122. tests/reportlab_testoutputs/to_delete3.json.pdf +0 -277
  123. tests/search_index_result.json +0 -69
  124. tests/sharing_groups.json +0 -98
  125. tests/stix1.xml-utf8 +0 -110
  126. tests/stix2.json +0 -1
  127. tests/test_analyst_data.py +0 -123
  128. tests/test_emailobject.py +0 -157
  129. tests/test_fileobject.py +0 -20
  130. tests/test_mispevent.py +0 -473
  131. tests/test_reportlab.py +0 -431
  132. tests/testlive_comprehensive.py +0 -3734
  133. tests/testlive_sync.py +0 -474
  134. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/LICENSE +0 -0
  135. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/WHEEL +0 -0
tests/mispevent_testfiles/existing_event.json DELETED
@@ -1,4599 +0,0 @@
1
- {
2
- "Attribute": [
3
- {
4
- "Tag": [
5
- {
6
- "colour": "#00223b",
7
- "exportable": true,
8
- "hide_tag": false,
9
- "id": "101",
10
- "name": "osint:source-type=\"blog-post\"",
11
- "user_id": "0"
12
- },
13
- {
14
- "colour": "#007cd6",
15
- "exportable": true,
16
- "hide_tag": false,
17
- "id": "618",
18
- "name": "osint:certainty=\"93\"",
19
- "user_id": "0"
20
- }
21
- ],
22
- "category": "External analysis",
23
- "comment": "",
24
- "deleted": false,
25
- "disable_correlation": false,
26
- "distribution": "5",
27
- "event_id": "9747",
28
- "id": "1188757",
29
- "object_id": "0",
30
- "sharing_group_id": "0",
31
- "timestamp": "1513893921",
32
- "to_ids": false,
33
- "type": "link",
34
- "uuid": "5a3c2fda-78f4-44b7-8366-46da02de0b81",
35
- "value": "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
36
- },
37
- {
38
- "Tag": [
39
- {
40
- "colour": "#00223b",
41
- "exportable": true,
42
- "hide_tag": false,
43
- "id": "101",
44
- "name": "osint:source-type=\"blog-post\"",
45
- "user_id": "0"
46
- },
47
- {
48
- "colour": "#007cd6",
49
- "exportable": true,
50
- "hide_tag": false,
51
- "id": "618",
52
- "name": "osint:certainty=\"93\"",
53
- "user_id": "0"
54
- }
55
- ],
56
- "category": "External analysis",
57
- "comment": "",
58
- "deleted": false,
59
- "disable_correlation": false,
60
- "distribution": "5",
61
- "event_id": "9747",
62
- "id": "1188758",
63
- "object_id": "0",
64
- "sharing_group_id": "0",
65
- "timestamp": "1513893921",
66
- "to_ids": false,
67
- "type": "text",
68
- "uuid": "5a3c2fee-7c8c-438a-8f7f-465402de0b81",
69
- "value": "The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET’s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit’s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group’s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
70
- },
71
- {
72
- "category": "Network activity",
73
- "comment": "Xagent Samples",
74
- "deleted": false,
75
- "disable_correlation": false,
76
- "distribution": "5",
77
- "event_id": "9747",
78
- "id": "1188759",
79
- "object_id": "0",
80
- "sharing_group_id": "0",
81
- "timestamp": "1513893957",
82
- "to_ids": true,
83
- "type": "domain",
84
- "uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
85
- "value": "movieultimate.com"
86
- },
87
- {
88
- "category": "Network activity",
89
- "comment": "Xagent Samples",
90
- "deleted": false,
91
- "disable_correlation": false,
92
- "distribution": "5",
93
- "event_id": "9747",
94
- "id": "1188760",
95
- "object_id": "0",
96
- "sharing_group_id": "0",
97
- "timestamp": "1513893957",
98
- "to_ids": true,
99
- "type": "domain",
100
- "uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
101
- "value": "meteost.com"
102
- },
103
- {
104
- "category": "Network activity",
105
- "comment": "Xagent Samples",
106
- "deleted": false,
107
- "disable_correlation": false,
108
- "distribution": "5",
109
- "event_id": "9747",
110
- "id": "1188761",
111
- "object_id": "0",
112
- "sharing_group_id": "0",
113
- "timestamp": "1513893957",
114
- "to_ids": true,
115
- "type": "domain",
116
- "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
117
- "value": "faststoragefiles.org"
118
- },
119
- {
120
- "category": "Network activity",
121
- "comment": "Xagent Samples",
122
- "deleted": false,
123
- "disable_correlation": false,
124
- "distribution": "5",
125
- "event_id": "9747",
126
- "id": "1188762",
127
- "object_id": "0",
128
- "sharing_group_id": "0",
129
- "timestamp": "1513893957",
130
- "to_ids": true,
131
- "type": "domain",
132
- "uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
133
- "value": "nethostnet.com"
134
- },
135
- {
136
- "category": "Network activity",
137
- "comment": "Xagent Samples",
138
- "deleted": false,
139
- "disable_correlation": false,
140
- "distribution": "5",
141
- "event_id": "9747",
142
- "id": "1188763",
143
- "object_id": "0",
144
- "sharing_group_id": "0",
145
- "timestamp": "1513893957",
146
- "to_ids": true,
147
- "type": "domain",
148
- "uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
149
- "value": "fsportal.net"
150
- },
151
- {
152
- "category": "Network activity",
153
- "comment": "Xagent Samples",
154
- "deleted": false,
155
- "disable_correlation": false,
156
- "distribution": "5",
157
- "event_id": "9747",
158
- "id": "1188764",
159
- "object_id": "0",
160
- "sharing_group_id": "0",
161
- "timestamp": "1513893957",
162
- "to_ids": true,
163
- "type": "domain",
164
- "uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
165
- "value": "fastdataexchange.org"
166
- },
167
- {
168
- "category": "Network activity",
169
- "comment": "Xagent Samples",
170
- "deleted": false,
171
- "disable_correlation": false,
172
- "distribution": "5",
173
- "event_id": "9747",
174
- "id": "1188765",
175
- "object_id": "0",
176
- "sharing_group_id": "0",
177
- "timestamp": "1513893957",
178
- "to_ids": true,
179
- "type": "domain",
180
- "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
181
- "value": "newfilmts.com"
182
- }
183
- ],
184
- "Galaxy": [
185
- {
186
- "GalaxyCluster": [
187
- {
188
- "authors": [
189
- "Alexandre Dulaunoy",
190
- "Florian Roth",
191
- "Thomas Schreck",
192
- "Timo Steffens",
193
- "Various"
194
- ],
195
- "default": false,
196
- "description": "The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.",
197
- "distribution": "0",
198
- "galaxy_id": "366",
199
- "id": "45563",
200
- "meta": {
201
- "country": [
202
- "RU"
203
- ],
204
- "refs": [
205
- "https://en.wikipedia.org/wiki/Sofacy_Group",
206
- "https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf",
207
- "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf",
208
- "https://www2.fireeye.com/rs/848-DID-242/images/wp-mandiant-matryoshka-mining.pdf",
209
- "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
210
- "http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/"
211
- ],
212
- "synonyms": [
213
- "APT 28",
214
- "APT28",
215
- "Pawn Storm",
216
- "Fancy Bear",
217
- "Sednit",
218
- "TsarTeam",
219
- "TG-4127",
220
- "Group-4127",
221
- "STRONTIUM",
222
- "TAG_0700",
223
- "Swallowtail",
224
- "IRON TWILIGHT",
225
- "Group 74"
226
- ]
227
- },
228
- "source": "MISP Project",
229
- "tag_id": "1100",
230
- "tag_name": "misp-galaxy:threat-actor=\"Sofacy\"",
231
- "type": "threat-actor",
232
- "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
233
- "value": "Sofacy",
234
- "version": "30"
235
- }
236
- ],
237
- "description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
238
- "icon": "user-secret",
239
- "id": "366",
240
- "name": "Threat Actor",
241
- "type": "threat-actor",
242
- "uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3",
243
- "version": "2"
244
- },
245
- {
246
- "GalaxyCluster": [
247
- {
248
- "authors": [
249
- "Kafeine",
250
- "Will Metcalf",
251
- "KahuSecurity"
252
- ],
253
- "default": false,
254
- "description": "Sednit EK is the exploit kit used by APT28",
255
- "distribution": "0",
256
- "galaxy_id": "370",
257
- "id": "38813",
258
- "meta": {
259
- "refs": [
260
- "http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/",
261
- "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
262
- ],
263
- "status": [
264
- "Active"
265
- ]
266
- },
267
- "source": "MISP Project",
268
- "tag_id": "3007",
269
- "tag_name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
270
- "type": "exploit-kit",
271
- "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
272
- "value": "Sednit EK",
273
- "version": "5"
274
- },
275
- {
276
- "authors": [
277
- "Kafeine",
278
- "Will Metcalf",
279
- "KahuSecurity"
280
- ],
281
- "default": false,
282
- "description": "DealersChoice is a Flash Player Exploit platform triggered by RTF",
283
- "distribution": "0",
284
- "galaxy_id": "370",
285
- "id": "38805",
286
- "meta": {
287
- "refs": [
288
- "http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/",
289
- "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/"
290
- ],
291
- "status": [
292
- "Active"
293
- ],
294
- "synonyms": [
295
- "Sednit RTF EK"
296
- ]
297
- },
298
- "source": "MISP Project",
299
- "tag_id": "3015",
300
- "tag_name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
301
- "type": "exploit-kit",
302
- "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
303
- "value": "DealersChoice",
304
- "version": "5"
305
- }
306
- ],
307
- "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
308
- "icon": "internet-explorer",
309
- "id": "370",
310
- "name": "Exploit-Kit",
311
- "type": "exploit-kit",
312
- "uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01",
313
- "version": "3"
314
- },
315
- {
316
- "GalaxyCluster": [
317
- {
318
- "authors": [
319
- "Alexandre Dulaunoy",
320
- "Florian Roth",
321
- "Timo Steffens",
322
- "Christophe Vandeplas"
323
- ],
324
- "default": false,
325
- "description": "backdoor",
326
- "distribution": "0",
327
- "galaxy_id": "367",
328
- "id": "46592",
329
- "meta": {
330
- "refs": [
331
- "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
332
- ],
333
- "synonyms": [
334
- "Sednit",
335
- "Seduploader",
336
- "JHUHUGIT",
337
- "Sofacy"
338
- ],
339
- "type": [
340
- "Backdoor"
341
- ]
342
- },
343
- "source": "MISP Project",
344
- "tag_id": "2215",
345
- "tag_name": "misp-galaxy:tool=\"GAMEFISH\"",
346
- "type": "tool",
347
- "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
348
- "value": "GAMEFISH",
349
- "version": "45"
350
- },
351
- {
352
- "authors": [
353
- "Alexandre Dulaunoy",
354
- "Florian Roth",
355
- "Timo Steffens",
356
- "Christophe Vandeplas"
357
- ],
358
- "default": false,
359
- "description": "",
360
- "distribution": "0",
361
- "galaxy_id": "367",
362
- "id": "46670",
363
- "meta": {
364
- "synonyms": [
365
- "XTunnel"
366
- ]
367
- },
368
- "source": "MISP Project",
369
- "tag_id": "1012",
370
- "tag_name": "misp-galaxy:tool=\"X-Tunnel\"",
371
- "type": "tool",
372
- "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
373
- "value": "X-Tunnel",
374
- "version": "45"
375
- },
376
- {
377
- "authors": [
378
- "Alexandre Dulaunoy",
379
- "Florian Roth",
380
- "Timo Steffens",
381
- "Christophe Vandeplas"
382
- ],
383
- "default": false,
384
- "description": "backdoor used by apt28\n\nSedreco serves as a spying backdoor; its functionalities can be extended with dynamically loaded plugins. It is made up of two distinct components: a dropper and the persistent payload installed by this dropper. We have not seen this component since April 2016.",
385
- "distribution": "0",
386
- "galaxy_id": "367",
387
- "id": "46591",
388
- "meta": {
389
- "possible_issues": [
390
- "Report tells that is could be Xagent alias (Java Rat)"
391
- ],
392
- "refs": [
393
- "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
394
- ],
395
- "synonyms": [
396
- "Sedreco",
397
- "AZZY",
398
- "ADVSTORESHELL",
399
- "NETUI"
400
- ],
401
- "type": [
402
- "Backdoor"
403
- ]
404
- },
405
- "source": "MISP Project",
406
- "tag_id": "3011",
407
- "tag_name": "misp-galaxy:tool=\"EVILTOSS\"",
408
- "type": "tool",
409
- "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
410
- "value": "EVILTOSS",
411
- "version": "45"
412
- },
413
- {
414
- "authors": [
415
- "Alexandre Dulaunoy",
416
- "Florian Roth",
417
- "Timo Steffens",
418
- "Christophe Vandeplas"
419
- ],
420
- "default": false,
421
- "description": "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.\n\nXagent is a modular backdoor with spying functionalities such as keystroke logging and file exfiltration. Xagent is the group’s flagship backdoor and heavily used in their operations. Early versions for Linux and Windows were seen years ago, then in 2015 an iOS version came out. One year later, an Android version was discovered and finally, in the beginning of 2017, an Xagent sample for OS X was described.",
422
- "distribution": "0",
423
- "galaxy_id": "367",
424
- "id": "46669",
425
- "meta": {
426
- "refs": [
427
- "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/",
428
- "https://app.box.com/s/l7n781ig6n8wlf1aff5hgwbh4qoi5jqq",
429
- "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
430
- ],
431
- "synonyms": [
432
- "XAgent"
433
- ],
434
- "type": [
435
- "Backdoor"
436
- ]
437
- },
438
- "source": "MISP Project",
439
- "tag_id": "1011",
440
- "tag_name": "misp-galaxy:tool=\"X-Agent\"",
441
- "type": "tool",
442
- "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
443
- "value": "X-Agent",
444
- "version": "45"
445
- }
446
- ],
447
- "description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
448
- "icon": "optin-monster",
449
- "id": "367",
450
- "name": "Tool",
451
- "type": "tool",
452
- "uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b",
453
- "version": "2"
454
- },
455
- {
456
- "GalaxyCluster": [
457
- {
458
- "authors": [
459
- "MITRE"
460
- ],
461
- "default": false,
462
- "description": "JHUHUGIT is malware used by APT28. It is based on Carberp source code and serves as reconnaissance malware.[[Citation: Kaspersky Sofacy]][[Citation: F-Secure Sofacy 2015]][[Citation: ESET Sednit Part 1]][[Citation: FireEye APT28 January 2017]]\n\nAliases: JHUHUGIT, Seduploader, JKEYSKW, Sednit, GAMEFISH",
463
- "distribution": "0",
464
- "galaxy_id": "365",
465
- "id": "41618",
466
- "meta": {
467
- "refs": [
468
- "https://attack.mitre.org/wiki/Software/S0044",
469
- "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf",
470
- "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
471
- "https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/",
472
- "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
473
- ],
474
- "synonyms": [
475
- "JHUHUGIT",
476
- "Seduploader",
477
- "JKEYSKW",
478
- "Sednit",
479
- "GAMEFISH"
480
- ],
481
- "uuid": [
482
- "8ae43c46-57ef-47d5-a77a-eebb35628db2"
483
- ]
484
- },
485
- "source": "https://github.com/mitre/cti",
486
- "tag_id": "3008",
487
- "tag_name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
488
- "type": "mitre-malware",
489
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
490
- "value": "JHUHUGIT",
491
- "version": "4"
492
- },
493
- {
494
- "authors": [
495
- "MITRE"
496
- ],
497
- "default": false,
498
- "description": "XTunnel a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.[[Citation: Crowdstrike DNC June 2016]][[Citation: Invincea XTunnel]][[Citation: ESET Sednit Part 2]]\n\nAliases: XTunnel, X-Tunnel, XAPS",
499
- "distribution": "0",
500
- "galaxy_id": "365",
501
- "id": "41543",
502
- "meta": {
503
- "refs": [
504
- "https://attack.mitre.org/wiki/Software/S0117",
505
- "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
506
- "https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/",
507
- "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
508
- ],
509
- "synonyms": [
510
- "XTunnel",
511
- "X-Tunnel",
512
- "XAPS"
513
- ],
514
- "uuid": [
515
- "7343e208-7cab-45f2-a47b-41ba5e2f0fab"
516
- ]
517
- },
518
- "source": "https://github.com/mitre/cti",
519
- "tag_id": "3009",
520
- "tag_name": "misp-galaxy:mitre-malware=\"XTunnel\"",
521
- "type": "mitre-malware",
522
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
523
- "value": "XTunnel",
524
- "version": "4"
525
- },
526
- {
527
- "authors": [
528
- "MITRE"
529
- ],
530
- "default": false,
531
- "description": "ADVSTORESHELL is a spying backdoor that has been used by APT28 from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase.[[Citation: Kaspersky Sofacy]][[Citation: ESET Sednit Part 2]]\n\nAliases: ADVSTORESHELL, NETUI, EVILTOSS, AZZY, Sedreco",
532
- "distribution": "0",
533
- "galaxy_id": "365",
534
- "id": "41582",
535
- "meta": {
536
- "refs": [
537
- "https://attack.mitre.org/wiki/Software/S0045",
538
- "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
539
- "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
540
- ],
541
- "synonyms": [
542
- "ADVSTORESHELL",
543
- "NETUI",
544
- "EVILTOSS",
545
- "AZZY",
546
- "Sedreco"
547
- ],
548
- "uuid": [
549
- "fb575479-14ef-41e9-bfab-0b7cf10bec73"
550
- ]
551
- },
552
- "source": "https://github.com/mitre/cti",
553
- "tag_id": "3010",
554
- "tag_name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
555
- "type": "mitre-malware",
556
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
557
- "value": "ADVSTORESHELL",
558
- "version": "4"
559
- },
560
- {
561
- "authors": [
562
- "MITRE"
563
- ],
564
- "default": false,
565
- "description": "USBStealer is malware that has used by APT28 since at least 2005 to extract information from air-gapped networks. It does not have the capability to communicate over the Internet and has been used in conjunction with ADVSTORESHELL.[[Citation: ESET Sednit USBStealer 2014]][[Citation: Kaspersky Sofacy]]\n\nAliases: USBStealer, USB Stealer, Win32/USBStealer",
566
- "distribution": "0",
567
- "galaxy_id": "365",
568
- "id": "41549",
569
- "meta": {
570
- "refs": [
571
- "https://attack.mitre.org/wiki/Software/S0136",
572
- "http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/",
573
- "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
574
- ],
575
- "synonyms": [
576
- "USBStealer",
577
- "USB Stealer",
578
- "Win32/USBStealer"
579
- ],
580
- "uuid": [
581
- "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb"
582
- ]
583
- },
584
- "source": "https://github.com/mitre/cti",
585
- "tag_id": "3012",
586
- "tag_name": "misp-galaxy:mitre-malware=\"USBStealer\"",
587
- "type": "mitre-malware",
588
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
589
- "value": "USBStealer",
590
- "version": "4"
591
- },
592
- {
593
- "authors": [
594
- "MITRE"
595
- ],
596
- "default": false,
597
- "description": "is a trojan that has been used by APT28 on OS X and appears to be a port of their standard CHOPSTICK or XAgent trojan.[[Citation: XAgentOSX]]",
598
- "distribution": "0",
599
- "galaxy_id": "365",
600
- "id": "41551",
601
- "meta": {
602
- "refs": [
603
- "https://attack.mitre.org/wiki/Software/S0161",
604
- "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/"
605
- ],
606
- "uuid": [
607
- "5930509b-7793-4db9-bdfc-4edda7709d0d"
608
- ]
609
- },
610
- "source": "https://github.com/mitre/cti",
611
- "tag_id": "3013",
612
- "tag_name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
613
- "type": "mitre-malware",
614
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
615
- "value": "XAgentOSX",
616
- "version": "4"
617
- },
618
- {
619
- "authors": [
620
- "MITRE"
621
- ],
622
- "default": false,
623
- "description": "CHOPSTICK is malware family of modular backdoors used by APT28. It has been used from at least November 2012 to August 2016 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases.[[Citation: FireEye APT28]][[Citation: ESET Sednit Part 2]][[Citation: FireEye APT28 January 2017]]\n\nAliases: CHOPSTICK, SPLM, Xagent, X-Agent, webhp",
624
- "distribution": "0",
625
- "galaxy_id": "365",
626
- "id": "41559",
627
- "meta": {
628
- "refs": [
629
- "https://attack.mitre.org/wiki/Software/S0023",
630
- "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
631
- "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf",
632
- "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf"
633
- ],
634
- "synonyms": [
635
- "CHOPSTICK",
636
- "SPLM",
637
- "Xagent",
638
- "X-Agent",
639
- "webhp"
640
- ],
641
- "uuid": [
642
- "ccd61dfc-b03f-4689-8c18-7c97eab08472"
643
- ]
644
- },
645
- "source": "https://github.com/mitre/cti",
646
- "tag_id": "3014",
647
- "tag_name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
648
- "type": "mitre-malware",
649
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
650
- "value": "CHOPSTICK",
651
- "version": "4"
652
- },
653
- {
654
- "authors": [
655
- "MITRE"
656
- ],
657
- "default": false,
658
- "description": "Downdelph is a first-stage downloader written in Delphi that has been used by APT28 in rare instances between 2013 and 2015.[[Citation: ESET Sednit Part 3]]\n\nAliases: Downdelph, Delphacy",
659
- "distribution": "0",
660
- "galaxy_id": "365",
661
- "id": "41504",
662
- "meta": {
663
- "refs": [
664
- "https://attack.mitre.org/wiki/Software/S0134",
665
- "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf"
666
- ],
667
- "synonyms": [
668
- "Downdelph",
669
- "Delphacy"
670
- ],
671
- "uuid": [
672
- "08d20cd2-f084-45ee-8558-fa6ef5a18519"
673
- ]
674
- },
675
- "source": "https://github.com/mitre/cti",
676
- "tag_id": "3016",
677
- "tag_name": "misp-galaxy:mitre-malware=\"Downdelph\"",
678
- "type": "mitre-malware",
679
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
680
- "value": "Downdelph",
681
- "version": "4"
682
- }
683
- ],
684
- "description": "Name of ATT&CK software",
685
- "icon": "optin-monster",
686
- "id": "365",
687
- "name": "Malware",
688
- "type": "mitre-malware",
689
- "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4",
690
- "version": "4"
691
- }
692
- ],
693
- "Object": [
694
- {
695
- "Attribute": [
696
- {
697
- "category": "Payload delivery",
698
- "comment": "",
699
- "deleted": false,
700
- "disable_correlation": false,
701
- "distribution": "5",
702
- "event_id": "9747",
703
- "id": "1188944",
704
- "object_id": "1555",
705
- "object_relation": "filename",
706
- "sharing_group_id": "0",
707
- "timestamp": "1513936310",
708
- "to_ids": true,
709
- "type": "filename",
710
- "uuid": "5a3cd5b6-2850-435f-bd0d-4c62950d210f",
711
- "value": "Bulletin.doc"
712
- },
713
- {
714
- "category": "Payload delivery",
715
- "comment": "",
716
- "deleted": false,
717
- "disable_correlation": false,
718
- "distribution": "5",
719
- "event_id": "9747",
720
- "id": "1188945",
721
- "object_id": "1555",
722
- "object_relation": "sha1",
723
- "sharing_group_id": "0",
724
- "timestamp": "1513936310",
725
- "to_ids": true,
726
- "type": "sha1",
727
- "uuid": "5a3cd5b6-78a8-4e47-8333-4c62950d210f",
728
- "value": "68064fc152e23d56e541714af52651cb4ba81aaf"
729
- },
730
- {
731
- "category": "Other",
732
- "comment": "",
733
- "deleted": false,
734
- "disable_correlation": true,
735
- "distribution": "5",
736
- "event_id": "9747",
737
- "id": "1188946",
738
- "object_id": "1555",
739
- "object_relation": "state",
740
- "sharing_group_id": "0",
741
- "timestamp": "1513936310",
742
- "to_ids": false,
743
- "type": "text",
744
- "uuid": "5a3cd5b6-23d8-43ba-8518-4c62950d210f",
745
- "value": "Malicious"
746
- }
747
- ],
748
- "comment": "Win32/Sednit.AX",
749
- "deleted": false,
750
- "description": "File object describing a file with meta-information",
751
- "distribution": "5",
752
- "event_id": "9747",
753
- "id": "1555",
754
- "meta-category": "file",
755
- "name": "file",
756
- "sharing_group_id": "0",
757
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
758
- "template_version": "8",
759
- "timestamp": "1513936310",
760
- "uuid": "5a3cd5b6-9568-4342-b2ab-4c62950d210f"
761
- },
762
- {
763
- "Attribute": [
764
- {
765
- "category": "Payload delivery",
766
- "comment": "",
767
- "deleted": false,
768
- "disable_correlation": false,
769
- "distribution": "5",
770
- "event_id": "9747",
771
- "id": "1188947",
772
- "object_id": "1556",
773
- "object_relation": "sha1",
774
- "sharing_group_id": "0",
775
- "timestamp": "1513936388",
776
- "to_ids": true,
777
- "type": "sha1",
778
- "uuid": "5a3cd604-748c-4fc0-88bf-c170950d210f",
779
- "value": "f3805382ae2e23ff1147301d131a06e00e4ff75f"
780
- },
781
- {
782
- "category": "Other",
783
- "comment": "",
784
- "deleted": false,
785
- "disable_correlation": true,
786
- "distribution": "5",
787
- "event_id": "9747",
788
- "id": "1188948",
789
- "object_id": "1556",
790
- "object_relation": "state",
791
- "sharing_group_id": "0",
792
- "timestamp": "1513936388",
793
- "to_ids": false,
794
- "type": "text",
795
- "uuid": "5a3cd604-6668-4469-a1c0-c170950d210f",
796
- "value": "Malicious"
797
- }
798
- ],
799
- "comment": "Win32/Exploit.CVE-2016-4117.A",
800
- "deleted": false,
801
- "description": "File object describing a file with meta-information",
802
- "distribution": "5",
803
- "event_id": "9747",
804
- "id": "1556",
805
- "meta-category": "file",
806
- "name": "file",
807
- "sharing_group_id": "0",
808
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
809
- "template_version": "8",
810
- "timestamp": "1513936388",
811
- "uuid": "5a3cd604-e11c-4de5-bbbf-c170950d210f"
812
- },
813
- {
814
- "Attribute": [
815
- {
816
- "category": "Payload delivery",
817
- "comment": "",
818
- "deleted": false,
819
- "disable_correlation": false,
820
- "distribution": "5",
821
- "event_id": "9747",
822
- "id": "1188949",
823
- "object_id": "1557",
824
- "object_relation": "filename",
825
- "sharing_group_id": "0",
826
- "timestamp": "1513936531",
827
- "to_ids": true,
828
- "type": "filename",
829
- "uuid": "5a3cd693-dc40-445d-a4d7-4ae0950d210f",
830
- "value": "OC_PSO_2017.doc"
831
- },
832
- {
833
- "category": "Payload delivery",
834
- "comment": "",
835
- "deleted": false,
836
- "disable_correlation": false,
837
- "distribution": "5",
838
- "event_id": "9747",
839
- "id": "1188950",
840
- "object_id": "1557",
841
- "object_relation": "sha1",
842
- "sharing_group_id": "0",
843
- "timestamp": "1513936531",
844
- "to_ids": true,
845
- "type": "sha1",
846
- "uuid": "5a3cd693-8ffc-4d95-b522-4e84950d210f",
847
- "value": "512bdfe937314ac3f195c462c395feeb36932971"
848
- },
849
- {
850
- "category": "Other",
851
- "comment": "",
852
- "deleted": false,
853
- "disable_correlation": true,
854
- "distribution": "5",
855
- "event_id": "9747",
856
- "id": "1188951",
857
- "object_id": "1557",
858
- "object_relation": "state",
859
- "sharing_group_id": "0",
860
- "timestamp": "1513936531",
861
- "to_ids": false,
862
- "type": "text",
863
- "uuid": "5a3cd693-a8f0-4aea-a834-4097950d210f",
864
- "value": "Malicious"
865
- }
866
- ],
867
- "comment": "Win32/Exploit.Agent.NUB",
868
- "deleted": false,
869
- "description": "File object describing a file with meta-information",
870
- "distribution": "5",
871
- "event_id": "9747",
872
- "id": "1557",
873
- "meta-category": "file",
874
- "name": "file",
875
- "sharing_group_id": "0",
876
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
877
- "template_version": "8",
878
- "timestamp": "1513936531",
879
- "uuid": "5a3cd693-fd9c-4fcf-b69a-439c950d210f"
880
- },
881
- {
882
- "Attribute": [
883
- {
884
- "category": "Payload delivery",
885
- "comment": "",
886
- "deleted": false,
887
- "disable_correlation": false,
888
- "distribution": "5",
889
- "event_id": "9747",
890
- "id": "1188952",
891
- "object_id": "1558",
892
- "object_relation": "filename",
893
- "sharing_group_id": "0",
894
- "timestamp": "1513936578",
895
- "to_ids": true,
896
- "type": "filename",
897
- "uuid": "5a3cd6c2-d31c-40cc-bcc1-4458950d210f",
898
- "value": "NASAMS.doc"
899
- },
900
- {
901
- "category": "Payload delivery",
902
- "comment": "",
903
- "deleted": false,
904
- "disable_correlation": false,
905
- "distribution": "5",
906
- "event_id": "9747",
907
- "id": "1188953",
908
- "object_id": "1558",
909
- "object_relation": "sha1",
910
- "sharing_group_id": "0",
911
- "timestamp": "1513936578",
912
- "to_ids": true,
913
- "type": "sha1",
914
- "uuid": "5a3cd6c2-6a54-4b4c-8748-4c84950d210f",
915
- "value": "30b3e8c0f3f3cf200daa21c267ffab3cad64e68b"
916
- },
917
- {
918
- "category": "Other",
919
- "comment": "",
920
- "deleted": false,
921
- "disable_correlation": true,
922
- "distribution": "5",
923
- "event_id": "9747",
924
- "id": "1188954",
925
- "object_id": "1558",
926
- "object_relation": "state",
927
- "sharing_group_id": "0",
928
- "timestamp": "1513936578",
929
- "to_ids": false,
930
- "type": "text",
931
- "uuid": "5a3cd6c2-1c68-45de-8325-464a950d210f",
932
- "value": "Malicious"
933
- }
934
- ],
935
- "comment": "Win32/Exploit.Agent.NTR",
936
- "deleted": false,
937
- "description": "File object describing a file with meta-information",
938
- "distribution": "5",
939
- "event_id": "9747",
940
- "id": "1558",
941
- "meta-category": "file",
942
- "name": "file",
943
- "sharing_group_id": "0",
944
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
945
- "template_version": "8",
946
- "timestamp": "1513936578",
947
- "uuid": "5a3cd6c2-d290-4787-910f-4e6d950d210f"
948
- },
949
- {
950
- "Attribute": [
951
- {
952
- "category": "Payload delivery",
953
- "comment": "",
954
- "deleted": false,
955
- "disable_correlation": false,
956
- "distribution": "5",
957
- "event_id": "9747",
958
- "id": "1188955",
959
- "object_id": "1559",
960
- "object_relation": "filename",
961
- "sharing_group_id": "0",
962
- "timestamp": "1513936718",
963
- "to_ids": true,
964
- "type": "filename",
965
- "uuid": "5a3cd74e-584c-45b9-8557-486d950d210f",
966
- "value": "Programm_Details.doc"
967
- },
968
- {
969
- "category": "Payload delivery",
970
- "comment": "",
971
- "deleted": false,
972
- "disable_correlation": false,
973
- "distribution": "5",
974
- "event_id": "9747",
975
- "id": "1188956",
976
- "object_id": "1559",
977
- "object_relation": "sha1",
978
- "sharing_group_id": "0",
979
- "timestamp": "1513936718",
980
- "to_ids": true,
981
- "type": "sha1",
982
- "uuid": "5a3cd74e-f334-4e6b-b37f-462f950d210f",
983
- "value": "4173b29a251cd9c1cab135f67cb60acab4ace0c5"
984
- },
985
- {
986
- "category": "Other",
987
- "comment": "",
988
- "deleted": false,
989
- "disable_correlation": true,
990
- "distribution": "5",
991
- "event_id": "9747",
992
- "id": "1188957",
993
- "object_id": "1559",
994
- "object_relation": "state",
995
- "sharing_group_id": "0",
996
- "timestamp": "1513936718",
997
- "to_ids": false,
998
- "type": "text",
999
- "uuid": "5a3cd74e-5900-4fbf-85c6-4c81950d210f",
1000
- "value": "Malicious"
1001
- }
1002
- ],
1003
- "comment": "Win32/Exploit.Agent.NTO",
1004
- "deleted": false,
1005
- "description": "File object describing a file with meta-information",
1006
- "distribution": "5",
1007
- "event_id": "9747",
1008
- "id": "1559",
1009
- "meta-category": "file",
1010
- "name": "file",
1011
- "sharing_group_id": "0",
1012
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1013
- "template_version": "8",
1014
- "timestamp": "1513936718",
1015
- "uuid": "5a3cd74e-1504-40ff-9a28-4501950d210f"
1016
- },
1017
- {
1018
- "Attribute": [
1019
- {
1020
- "category": "Payload delivery",
1021
- "comment": "",
1022
- "deleted": false,
1023
- "disable_correlation": false,
1024
- "distribution": "5",
1025
- "event_id": "9747",
1026
- "id": "1188958",
1027
- "object_id": "1560",
1028
- "object_relation": "filename",
1029
- "sharing_group_id": "0",
1030
- "timestamp": "1513936757",
1031
- "to_ids": true,
1032
- "type": "filename",
1033
- "uuid": "5a3cd775-e8f4-465a-aca2-4c5a950d210f",
1034
- "value": "Operation_in_Mosul.rtf"
1035
- },
1036
- {
1037
- "category": "Payload delivery",
1038
- "comment": "",
1039
- "deleted": false,
1040
- "disable_correlation": false,
1041
- "distribution": "5",
1042
- "event_id": "9747",
1043
- "id": "1188959",
1044
- "object_id": "1560",
1045
- "object_relation": "sha1",
1046
- "sharing_group_id": "0",
1047
- "timestamp": "1513936757",
1048
- "to_ids": true,
1049
- "type": "sha1",
1050
- "uuid": "5a3cd775-1190-4db7-961a-4c5a950d210f",
1051
- "value": "12a37cfdd3f3671074dd5b0f354269cec028fb52"
1052
- },
1053
- {
1054
- "category": "Other",
1055
- "comment": "",
1056
- "deleted": false,
1057
- "disable_correlation": true,
1058
- "distribution": "5",
1059
- "event_id": "9747",
1060
- "id": "1188960",
1061
- "object_id": "1560",
1062
- "object_relation": "state",
1063
- "sharing_group_id": "0",
1064
- "timestamp": "1513936757",
1065
- "to_ids": false,
1066
- "type": "text",
1067
- "uuid": "5a3cd775-fa5c-4453-bcb0-4c5a950d210f",
1068
- "value": "Malicious"
1069
- }
1070
- ],
1071
- "comment": "Win32/Exploit.Agent.NTR",
1072
- "deleted": false,
1073
- "description": "File object describing a file with meta-information",
1074
- "distribution": "5",
1075
- "event_id": "9747",
1076
- "id": "1560",
1077
- "meta-category": "file",
1078
- "name": "file",
1079
- "sharing_group_id": "0",
1080
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1081
- "template_version": "8",
1082
- "timestamp": "1513936757",
1083
- "uuid": "5a3cd775-e4cc-44bb-89b6-4c5a950d210f"
1084
- },
1085
- {
1086
- "Attribute": [
1087
- {
1088
- "category": "Payload delivery",
1089
- "comment": "",
1090
- "deleted": false,
1091
- "disable_correlation": false,
1092
- "distribution": "5",
1093
- "event_id": "9747",
1094
- "id": "1188961",
1095
- "object_id": "1561",
1096
- "object_relation": "filename",
1097
- "sharing_group_id": "0",
1098
- "timestamp": "1513936943",
1099
- "to_ids": true,
1100
- "type": "filename",
1101
- "uuid": "5a3cd82f-b918-4520-ba8b-5165950d210f",
1102
- "value": "ARM-NATO_ENGLISH_30_NOV_2016.doc"
1103
- },
1104
- {
1105
- "category": "Payload delivery",
1106
- "comment": "",
1107
- "deleted": false,
1108
- "disable_correlation": false,
1109
- "distribution": "5",
1110
- "event_id": "9747",
1111
- "id": "1188962",
1112
- "object_id": "1561",
1113
- "object_relation": "sha1",
1114
- "sharing_group_id": "0",
1115
- "timestamp": "1513936943",
1116
- "to_ids": true,
1117
- "type": "sha1",
1118
- "uuid": "5a3cd82f-cae4-4209-9338-5165950d210f",
1119
- "value": "15201766bd964b7c405aeb11db81457220c31e46"
1120
- },
1121
- {
1122
- "category": "Other",
1123
- "comment": "",
1124
- "deleted": false,
1125
- "disable_correlation": true,
1126
- "distribution": "5",
1127
- "event_id": "9747",
1128
- "id": "1188963",
1129
- "object_id": "1561",
1130
- "object_relation": "state",
1131
- "sharing_group_id": "0",
1132
- "timestamp": "1513936943",
1133
- "to_ids": false,
1134
- "type": "text",
1135
- "uuid": "5a3cd82f-d91c-43af-8262-5165950d210f",
1136
- "value": "Malicious"
1137
- }
1138
- ],
1139
- "comment": "SWF/Agent.L",
1140
- "deleted": false,
1141
- "description": "File object describing a file with meta-information",
1142
- "distribution": "5",
1143
- "event_id": "9747",
1144
- "id": "1561",
1145
- "meta-category": "file",
1146
- "name": "file",
1147
- "sharing_group_id": "0",
1148
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1149
- "template_version": "8",
1150
- "timestamp": "1513936943",
1151
- "uuid": "5a3cd82f-2788-4561-bbeb-5165950d210f"
1152
- },
1153
- {
1154
- "Attribute": [
1155
- {
1156
- "category": "Payload delivery",
1157
- "comment": "",
1158
- "deleted": false,
1159
- "disable_correlation": false,
1160
- "distribution": "5",
1161
- "event_id": "9747",
1162
- "id": "1188964",
1163
- "object_id": "1562",
1164
- "object_relation": "filename",
1165
- "sharing_group_id": "0",
1166
- "timestamp": "1513936967",
1167
- "to_ids": true,
1168
- "type": "filename",
1169
- "uuid": "5a3cd847-0aa0-4b5c-aa30-5165950d210f",
1170
- "value": "Olympic-Agenda-2020-20-20-Recommendations.doc"
1171
- },
1172
- {
1173
- "category": "Payload delivery",
1174
- "comment": "",
1175
- "deleted": false,
1176
- "disable_correlation": false,
1177
- "distribution": "5",
1178
- "event_id": "9747",
1179
- "id": "1188965",
1180
- "object_id": "1562",
1181
- "object_relation": "sha1",
1182
- "sharing_group_id": "0",
1183
- "timestamp": "1513936967",
1184
- "to_ids": true,
1185
- "type": "sha1",
1186
- "uuid": "5a3cd847-593c-4985-8756-5165950d210f",
1187
- "value": "8078e411fbe33864dfd8f87ad5105cc1fd26d62e"
1188
- },
1189
- {
1190
- "category": "Other",
1191
- "comment": "",
1192
- "deleted": false,
1193
- "disable_correlation": true,
1194
- "distribution": "5",
1195
- "event_id": "9747",
1196
- "id": "1188966",
1197
- "object_id": "1562",
1198
- "object_relation": "state",
1199
- "sharing_group_id": "0",
1200
- "timestamp": "1513936967",
1201
- "to_ids": false,
1202
- "type": "text",
1203
- "uuid": "5a3cd847-1324-4fad-af60-5165950d210f",
1204
- "value": "Malicious"
1205
- }
1206
- ],
1207
- "comment": "Win32/Exploit.Agent.BL",
1208
- "deleted": false,
1209
- "description": "File object describing a file with meta-information",
1210
- "distribution": "5",
1211
- "event_id": "9747",
1212
- "id": "1562",
1213
- "meta-category": "file",
1214
- "name": "file",
1215
- "sharing_group_id": "0",
1216
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1217
- "template_version": "8",
1218
- "timestamp": "1513936967",
1219
- "uuid": "5a3cd847-b5a0-42f7-ac4b-5165950d210f"
1220
- },
1221
- {
1222
- "Attribute": [
1223
- {
1224
- "category": "Payload delivery",
1225
- "comment": "",
1226
- "deleted": false,
1227
- "disable_correlation": false,
1228
- "distribution": "5",
1229
- "event_id": "9747",
1230
- "id": "1188967",
1231
- "object_id": "1563",
1232
- "object_relation": "filename",
1233
- "sharing_group_id": "0",
1234
- "timestamp": "1513936993",
1235
- "to_ids": true,
1236
- "type": "filename",
1237
- "uuid": "5a3cd861-9350-40c1-ac29-4771950d210f",
1238
- "value": "Merry_Christmas!.docx"
1239
- },
1240
- {
1241
- "category": "Payload delivery",
1242
- "comment": "",
1243
- "deleted": false,
1244
- "disable_correlation": false,
1245
- "distribution": "5",
1246
- "event_id": "9747",
1247
- "id": "1188968",
1248
- "object_id": "1563",
1249
- "object_relation": "sha1",
1250
- "sharing_group_id": "0",
1251
- "timestamp": "1513936993",
1252
- "to_ids": true,
1253
- "type": "sha1",
1254
- "uuid": "5a3cd861-18ac-4cf0-b96f-4986950d210f",
1255
- "value": "33447383379ca99083442b852589111296f0c603"
1256
- },
1257
- {
1258
- "category": "Other",
1259
- "comment": "",
1260
- "deleted": false,
1261
- "disable_correlation": true,
1262
- "distribution": "5",
1263
- "event_id": "9747",
1264
- "id": "1188969",
1265
- "object_id": "1563",
1266
- "object_relation": "state",
1267
- "sharing_group_id": "0",
1268
- "timestamp": "1513936993",
1269
- "to_ids": false,
1270
- "type": "text",
1271
- "uuid": "5a3cd861-cfbc-4096-baae-40e2950d210f",
1272
- "value": "Malicious"
1273
- }
1274
- ],
1275
- "comment": "Win32/Exploit.Agent.NUG",
1276
- "deleted": false,
1277
- "description": "File object describing a file with meta-information",
1278
- "distribution": "5",
1279
- "event_id": "9747",
1280
- "id": "1563",
1281
- "meta-category": "file",
1282
- "name": "file",
1283
- "sharing_group_id": "0",
1284
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1285
- "template_version": "8",
1286
- "timestamp": "1513936993",
1287
- "uuid": "5a3cd861-65c0-4b69-9429-4f37950d210f"
1288
- },
1289
- {
1290
- "Attribute": [
1291
- {
1292
- "category": "Payload delivery",
1293
- "comment": "",
1294
- "deleted": false,
1295
- "disable_correlation": false,
1296
- "distribution": "5",
1297
- "event_id": "9747",
1298
- "id": "1188970",
1299
- "object_id": "1564",
1300
- "object_relation": "filename",
1301
- "sharing_group_id": "0",
1302
- "timestamp": "1513937021",
1303
- "to_ids": true,
1304
- "type": "filename",
1305
- "uuid": "5a3cd87d-fa9c-41aa-897f-49a5950d210f",
1306
- "value": "Trump’s_Attack_on_Syria_English.docx"
1307
- },
1308
- {
1309
- "category": "Payload delivery",
1310
- "comment": "",
1311
- "deleted": false,
1312
- "disable_correlation": false,
1313
- "distribution": "5",
1314
- "event_id": "9747",
1315
- "id": "1188971",
1316
- "object_id": "1564",
1317
- "object_relation": "sha1",
1318
- "sharing_group_id": "0",
1319
- "timestamp": "1513937021",
1320
- "to_ids": true,
1321
- "type": "sha1",
1322
- "uuid": "5a3cd87d-c630-4487-8336-4615950d210f",
1323
- "value": "d5235d136cfcadbef431eea7253d80bde414db9d"
1324
- },
1325
- {
1326
- "category": "Other",
1327
- "comment": "",
1328
- "deleted": false,
1329
- "disable_correlation": true,
1330
- "distribution": "5",
1331
- "event_id": "9747",
1332
- "id": "1188972",
1333
- "object_id": "1564",
1334
- "object_relation": "state",
1335
- "sharing_group_id": "0",
1336
- "timestamp": "1513937021",
1337
- "to_ids": false,
1338
- "type": "text",
1339
- "uuid": "5a3cd87d-8c98-4660-9026-44de950d210f",
1340
- "value": "Malicious"
1341
- }
1342
- ],
1343
- "comment": "Win32/Exploit.Agent.NWZ",
1344
- "deleted": false,
1345
- "description": "File object describing a file with meta-information",
1346
- "distribution": "5",
1347
- "event_id": "9747",
1348
- "id": "1564",
1349
- "meta-category": "file",
1350
- "name": "file",
1351
- "sharing_group_id": "0",
1352
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1353
- "template_version": "8",
1354
- "timestamp": "1513937021",
1355
- "uuid": "5a3cd87d-f514-4071-a5f7-4ec2950d210f"
1356
- },
1357
- {
1358
- "Attribute": [
1359
- {
1360
- "category": "Payload delivery",
1361
- "comment": "",
1362
- "deleted": false,
1363
- "disable_correlation": false,
1364
- "distribution": "5",
1365
- "event_id": "9747",
1366
- "id": "1188973",
1367
- "object_id": "1565",
1368
- "object_relation": "filename",
1369
- "sharing_group_id": "0",
1370
- "timestamp": "1513937047",
1371
- "to_ids": true,
1372
- "type": "filename",
1373
- "uuid": "5a3cd897-4cc0-48b0-bb2c-461f950d210f",
1374
- "value": "Hotel_Reservation_Form.doc"
1375
- },
1376
- {
1377
- "category": "Payload delivery",
1378
- "comment": "",
1379
- "deleted": false,
1380
- "disable_correlation": false,
1381
- "distribution": "5",
1382
- "event_id": "9747",
1383
- "id": "1188974",
1384
- "object_id": "1565",
1385
- "object_relation": "sha1",
1386
- "sharing_group_id": "0",
1387
- "timestamp": "1513937047",
1388
- "to_ids": true,
1389
- "type": "sha1",
1390
- "uuid": "5a3cd897-fa64-466c-9421-49c5950d210f",
1391
- "value": "f293a2bfb728060c54efeeb03c5323893b5c80df"
1392
- },
1393
- {
1394
- "category": "Other",
1395
- "comment": "",
1396
- "deleted": false,
1397
- "disable_correlation": true,
1398
- "distribution": "5",
1399
- "event_id": "9747",
1400
- "id": "1188975",
1401
- "object_id": "1565",
1402
- "object_relation": "state",
1403
- "sharing_group_id": "0",
1404
- "timestamp": "1513937047",
1405
- "to_ids": false,
1406
- "type": "text",
1407
- "uuid": "5a3cd897-f020-44cf-8dfc-4225950d210f",
1408
- "value": "Malicious"
1409
- }
1410
- ],
1411
- "comment": "Win32/Sednit.BN",
1412
- "deleted": false,
1413
- "description": "File object describing a file with meta-information",
1414
- "distribution": "5",
1415
- "event_id": "9747",
1416
- "id": "1565",
1417
- "meta-category": "file",
1418
- "name": "file",
1419
- "sharing_group_id": "0",
1420
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1421
- "template_version": "8",
1422
- "timestamp": "1513937046",
1423
- "uuid": "5a3cd896-f6cc-4e52-bcb2-442c950d210f"
1424
- },
1425
- {
1426
- "Attribute": [
1427
- {
1428
- "category": "Payload delivery",
1429
- "comment": "",
1430
- "deleted": false,
1431
- "disable_correlation": false,
1432
- "distribution": "5",
1433
- "event_id": "9747",
1434
- "id": "1188976",
1435
- "object_id": "1566",
1436
- "object_relation": "filename",
1437
- "sharing_group_id": "0",
1438
- "timestamp": "1513937070",
1439
- "to_ids": true,
1440
- "type": "filename",
1441
- "uuid": "5a3cd8ae-7194-48fd-810e-4c5a950d210f",
1442
- "value": "SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc"
1443
- },
1444
- {
1445
- "category": "Payload delivery",
1446
- "comment": "",
1447
- "deleted": false,
1448
- "disable_correlation": false,
1449
- "distribution": "5",
1450
- "event_id": "9747",
1451
- "id": "1188977",
1452
- "object_id": "1566",
1453
- "object_relation": "sha1",
1454
- "sharing_group_id": "0",
1455
- "timestamp": "1513937071",
1456
- "to_ids": true,
1457
- "type": "sha1",
1458
- "uuid": "5a3cd8af-f39c-443c-bcf1-4c5a950d210f",
1459
- "value": "bb10ed5d59672fbc6178e35d0feac0562513e9f0"
1460
- },
1461
- {
1462
- "category": "Other",
1463
- "comment": "",
1464
- "deleted": false,
1465
- "disable_correlation": true,
1466
- "distribution": "5",
1467
- "event_id": "9747",
1468
- "id": "1188978",
1469
- "object_id": "1566",
1470
- "object_relation": "state",
1471
- "sharing_group_id": "0",
1472
- "timestamp": "1513937071",
1473
- "to_ids": false,
1474
- "type": "text",
1475
- "uuid": "5a3cd8af-b3ec-478a-b585-4c5a950d210f",
1476
- "value": "Malicious"
1477
- }
1478
- ],
1479
- "comment": "Win32/Sednit.BN",
1480
- "deleted": false,
1481
- "description": "File object describing a file with meta-information",
1482
- "distribution": "5",
1483
- "event_id": "9747",
1484
- "id": "1566",
1485
- "meta-category": "file",
1486
- "name": "file",
1487
- "sharing_group_id": "0",
1488
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1489
- "template_version": "8",
1490
- "timestamp": "1513937070",
1491
- "uuid": "5a3cd8ae-54d0-46bb-adbb-4c5a950d210f"
1492
- },
1493
- {
1494
- "Attribute": [
1495
- {
1496
- "category": "Payload delivery",
1497
- "comment": "",
1498
- "deleted": false,
1499
- "disable_correlation": false,
1500
- "distribution": "5",
1501
- "event_id": "9747",
1502
- "id": "1188979",
1503
- "object_id": "1567",
1504
- "object_relation": "sha1",
1505
- "sharing_group_id": "0",
1506
- "timestamp": "1513937083",
1507
- "to_ids": true,
1508
- "type": "sha1",
1509
- "uuid": "5a3cd8bb-74d8-4d19-ae08-4043950d210f",
1510
- "value": "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9"
1511
- },
1512
- {
1513
- "category": "Other",
1514
- "comment": "",
1515
- "deleted": false,
1516
- "disable_correlation": true,
1517
- "distribution": "5",
1518
- "event_id": "9747",
1519
- "id": "1188980",
1520
- "object_id": "1567",
1521
- "object_relation": "state",
1522
- "sharing_group_id": "0",
1523
- "timestamp": "1513937083",
1524
- "to_ids": false,
1525
- "type": "text",
1526
- "uuid": "5a3cd8bb-77bc-4cc4-887f-429d950d210f",
1527
- "value": "Malicious"
1528
- }
1529
- ],
1530
- "comment": "",
1531
- "deleted": false,
1532
- "description": "File object describing a file with meta-information",
1533
- "distribution": "5",
1534
- "event_id": "9747",
1535
- "id": "1567",
1536
- "meta-category": "file",
1537
- "name": "file",
1538
- "sharing_group_id": "0",
1539
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1540
- "template_version": "8",
1541
- "timestamp": "1513937083",
1542
- "uuid": "5a3cd8bb-a704-4f1d-a235-444e950d210f"
1543
- },
1544
- {
1545
- "Attribute": [
1546
- {
1547
- "category": "Payload delivery",
1548
- "comment": "",
1549
- "deleted": false,
1550
- "disable_correlation": false,
1551
- "distribution": "5",
1552
- "event_id": "9747",
1553
- "id": "1188981",
1554
- "object_id": "1568",
1555
- "object_relation": "sha1",
1556
- "sharing_group_id": "0",
1557
- "timestamp": "1513937097",
1558
- "to_ids": true,
1559
- "type": "sha1",
1560
- "uuid": "5a3cd8c9-4d2c-4145-a637-4f13950d210f",
1561
- "value": "169c8f3e3d22e192c108bc95164d362ce5437465"
1562
- },
1563
- {
1564
- "category": "Other",
1565
- "comment": "",
1566
- "deleted": false,
1567
- "disable_correlation": true,
1568
- "distribution": "5",
1569
- "event_id": "9747",
1570
- "id": "1188982",
1571
- "object_id": "1568",
1572
- "object_relation": "state",
1573
- "sharing_group_id": "0",
1574
- "timestamp": "1513937097",
1575
- "to_ids": false,
1576
- "type": "text",
1577
- "uuid": "5a3cd8c9-7ff0-42f7-ae80-4eb6950d210f",
1578
- "value": "Malicious"
1579
- }
1580
- ],
1581
- "comment": "",
1582
- "deleted": false,
1583
- "description": "File object describing a file with meta-information",
1584
- "distribution": "5",
1585
- "event_id": "9747",
1586
- "id": "1568",
1587
- "meta-category": "file",
1588
- "name": "file",
1589
- "sharing_group_id": "0",
1590
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1591
- "template_version": "8",
1592
- "timestamp": "1513937097",
1593
- "uuid": "5a3cd8c9-6568-406a-853c-4862950d210f"
1594
- },
1595
- {
1596
- "Attribute": [
1597
- {
1598
- "category": "Payload delivery",
1599
- "comment": "",
1600
- "deleted": false,
1601
- "disable_correlation": false,
1602
- "distribution": "5",
1603
- "event_id": "9747",
1604
- "id": "1188983",
1605
- "object_id": "1569",
1606
- "object_relation": "sha1",
1607
- "sharing_group_id": "0",
1608
- "timestamp": "1513937116",
1609
- "to_ids": true,
1610
- "type": "sha1",
1611
- "uuid": "5a3cd8dc-48c0-4ea0-a67d-4734950d210f",
1612
- "value": "cc7607015cd7a1a4452acd3d87adabdd7e005bd7"
1613
- },
1614
- {
1615
- "category": "Other",
1616
- "comment": "",
1617
- "deleted": false,
1618
- "disable_correlation": true,
1619
- "distribution": "5",
1620
- "event_id": "9747",
1621
- "id": "1188984",
1622
- "object_id": "1569",
1623
- "object_relation": "state",
1624
- "sharing_group_id": "0",
1625
- "timestamp": "1513937116",
1626
- "to_ids": false,
1627
- "type": "text",
1628
- "uuid": "5a3cd8dc-9ed8-4a4d-9ceb-4daa950d210f",
1629
- "value": "Malicious"
1630
- }
1631
- ],
1632
- "comment": "Win32/Sednit.BN",
1633
- "deleted": false,
1634
- "description": "File object describing a file with meta-information",
1635
- "distribution": "5",
1636
- "event_id": "9747",
1637
- "id": "1569",
1638
- "meta-category": "file",
1639
- "name": "file",
1640
- "sharing_group_id": "0",
1641
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1642
- "template_version": "8",
1643
- "timestamp": "1513937115",
1644
- "uuid": "5a3cd8db-2838-4466-a986-4afb950d210f"
1645
- },
1646
- {
1647
- "Attribute": [
1648
- {
1649
- "category": "Payload delivery",
1650
- "comment": "",
1651
- "deleted": false,
1652
- "disable_correlation": false,
1653
- "distribution": "5",
1654
- "event_id": "9747",
1655
- "id": "1188985",
1656
- "object_id": "1570",
1657
- "object_relation": "filename",
1658
- "sharing_group_id": "0",
1659
- "timestamp": "1513937147",
1660
- "to_ids": true,
1661
- "type": "filename",
1662
- "uuid": "5a3cd8fb-1efc-4059-ae7a-42f5950d210f",
1663
- "value": "Caucasian_Eagle_ENG.docx"
1664
- },
1665
- {
1666
- "category": "Payload delivery",
1667
- "comment": "",
1668
- "deleted": false,
1669
- "disable_correlation": false,
1670
- "distribution": "5",
1671
- "event_id": "9747",
1672
- "id": "1188986",
1673
- "object_id": "1570",
1674
- "object_relation": "sha1",
1675
- "sharing_group_id": "0",
1676
- "timestamp": "1513937147",
1677
- "to_ids": true,
1678
- "type": "sha1",
1679
- "uuid": "5a3cd8fb-9cec-4a30-8b2f-4441950d210f",
1680
- "value": "5d2c7d87995cc5b8184baba2c7a1900a48b2f42d"
1681
- },
1682
- {
1683
- "category": "Other",
1684
- "comment": "",
1685
- "deleted": false,
1686
- "disable_correlation": true,
1687
- "distribution": "5",
1688
- "event_id": "9747",
1689
- "id": "1188987",
1690
- "object_id": "1570",
1691
- "object_relation": "state",
1692
- "sharing_group_id": "0",
1693
- "timestamp": "1513937147",
1694
- "to_ids": false,
1695
- "type": "text",
1696
- "uuid": "5a3cd8fb-e52c-489b-8da5-43d1950d210f",
1697
- "value": "Malicious"
1698
- }
1699
- ],
1700
- "comment": "Win32/Exploit.Agent.NTM",
1701
- "deleted": false,
1702
- "description": "File object describing a file with meta-information",
1703
- "distribution": "5",
1704
- "event_id": "9747",
1705
- "id": "1570",
1706
- "meta-category": "file",
1707
- "name": "file",
1708
- "sharing_group_id": "0",
1709
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1710
- "template_version": "8",
1711
- "timestamp": "1513937147",
1712
- "uuid": "5a3cd8fb-cd14-4b00-9710-430c950d210f"
1713
- },
1714
- {
1715
- "Attribute": [
1716
- {
1717
- "category": "Payload delivery",
1718
- "comment": "",
1719
- "deleted": false,
1720
- "disable_correlation": false,
1721
- "distribution": "5",
1722
- "event_id": "9747",
1723
- "id": "1188988",
1724
- "object_id": "1571",
1725
- "object_relation": "filename",
1726
- "sharing_group_id": "0",
1727
- "timestamp": "1513937166",
1728
- "to_ids": true,
1729
- "type": "filename",
1730
- "uuid": "5a3cd90e-5eb4-4069-b160-5276950d210f",
1731
- "value": "World War3.docx"
1732
- },
1733
- {
1734
- "category": "Payload delivery",
1735
- "comment": "",
1736
- "deleted": false,
1737
- "disable_correlation": false,
1738
- "distribution": "5",
1739
- "event_id": "9747",
1740
- "id": "1188989",
1741
- "object_id": "1571",
1742
- "object_relation": "sha1",
1743
- "sharing_group_id": "0",
1744
- "timestamp": "1513937166",
1745
- "to_ids": true,
1746
- "type": "sha1",
1747
- "uuid": "5a3cd90e-6d2c-4ffc-a699-5276950d210f",
1748
- "value": "7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3"
1749
- },
1750
- {
1751
- "category": "Other",
1752
- "comment": "",
1753
- "deleted": false,
1754
- "disable_correlation": true,
1755
- "distribution": "5",
1756
- "event_id": "9747",
1757
- "id": "1188990",
1758
- "object_id": "1571",
1759
- "object_relation": "state",
1760
- "sharing_group_id": "0",
1761
- "timestamp": "1513937166",
1762
- "to_ids": false,
1763
- "type": "text",
1764
- "uuid": "5a3cd90e-28e8-410e-8033-5276950d210f",
1765
- "value": "Malicious"
1766
- }
1767
- ],
1768
- "comment": "SWF/Exploit.CVE-2017-11292.A",
1769
- "deleted": false,
1770
- "description": "File object describing a file with meta-information",
1771
- "distribution": "5",
1772
- "event_id": "9747",
1773
- "id": "1571",
1774
- "meta-category": "file",
1775
- "name": "file",
1776
- "sharing_group_id": "0",
1777
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1778
- "template_version": "8",
1779
- "timestamp": "1513937166",
1780
- "uuid": "5a3cd90e-538c-4b7e-95dc-5276950d210f"
1781
- },
1782
- {
1783
- "Attribute": [
1784
- {
1785
- "category": "Payload delivery",
1786
- "comment": "",
1787
- "deleted": false,
1788
- "disable_correlation": false,
1789
- "distribution": "5",
1790
- "event_id": "9747",
1791
- "id": "1188991",
1792
- "object_id": "1572",
1793
- "object_relation": "filename",
1794
- "sharing_group_id": "0",
1795
- "timestamp": "1513937191",
1796
- "to_ids": true,
1797
- "type": "filename",
1798
- "uuid": "5a3cd927-e810-4d22-a0e4-4057950d210f",
1799
- "value": "SaberGuardian2017.docx"
1800
- },
1801
- {
1802
- "category": "Payload delivery",
1803
- "comment": "",
1804
- "deleted": false,
1805
- "disable_correlation": false,
1806
- "distribution": "5",
1807
- "event_id": "9747",
1808
- "id": "1188992",
1809
- "object_id": "1572",
1810
- "object_relation": "sha1",
1811
- "sharing_group_id": "0",
1812
- "timestamp": "1513937191",
1813
- "to_ids": true,
1814
- "type": "sha1",
1815
- "uuid": "5a3cd927-f284-43b9-83d1-473b950d210f",
1816
- "value": "68c2809560c7623d2307d8797691abf3eafe319a"
1817
- },
1818
- {
1819
- "category": "Other",
1820
- "comment": "",
1821
- "deleted": false,
1822
- "disable_correlation": true,
1823
- "distribution": "5",
1824
- "event_id": "9747",
1825
- "id": "1188993",
1826
- "object_id": "1572",
1827
- "object_relation": "state",
1828
- "sharing_group_id": "0",
1829
- "timestamp": "1513937191",
1830
- "to_ids": false,
1831
- "type": "text",
1832
- "uuid": "5a3cd927-b844-49f2-a1a9-4c85950d210f",
1833
- "value": "Malicious"
1834
- }
1835
- ],
1836
- "comment": "VBA/DDE.E",
1837
- "deleted": false,
1838
- "description": "File object describing a file with meta-information",
1839
- "distribution": "5",
1840
- "event_id": "9747",
1841
- "id": "1572",
1842
- "meta-category": "file",
1843
- "name": "file",
1844
- "sharing_group_id": "0",
1845
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1846
- "template_version": "8",
1847
- "timestamp": "1513937191",
1848
- "uuid": "5a3cd927-e410-489c-abfc-4b63950d210f"
1849
- },
1850
- {
1851
- "Attribute": [
1852
- {
1853
- "category": "Payload delivery",
1854
- "comment": "",
1855
- "deleted": false,
1856
- "disable_correlation": false,
1857
- "distribution": "5",
1858
- "event_id": "9747",
1859
- "id": "1188994",
1860
- "object_id": "1573",
1861
- "object_relation": "filename",
1862
- "sharing_group_id": "0",
1863
- "timestamp": "1513937212",
1864
- "to_ids": true,
1865
- "type": "filename",
1866
- "uuid": "5a3cd93c-2438-4dda-823e-463d950d210f",
1867
- "value": "IsisAttackInNewYork.docx"
1868
- },
1869
- {
1870
- "category": "Payload delivery",
1871
- "comment": "",
1872
- "deleted": false,
1873
- "disable_correlation": false,
1874
- "distribution": "5",
1875
- "event_id": "9747",
1876
- "id": "1188995",
1877
- "object_id": "1573",
1878
- "object_relation": "sha1",
1879
- "sharing_group_id": "0",
1880
- "timestamp": "1513937212",
1881
- "to_ids": true,
1882
- "type": "sha1",
1883
- "uuid": "5a3cd93c-1ef0-4d81-9476-4655950d210f",
1884
- "value": "1c6c700ceebfbe799e115582665105caa03c5c9e"
1885
- },
1886
- {
1887
- "category": "Other",
1888
- "comment": "",
1889
- "deleted": false,
1890
- "disable_correlation": true,
1891
- "distribution": "5",
1892
- "event_id": "9747",
1893
- "id": "1188996",
1894
- "object_id": "1573",
1895
- "object_relation": "state",
1896
- "sharing_group_id": "0",
1897
- "timestamp": "1513937212",
1898
- "to_ids": false,
1899
- "type": "text",
1900
- "uuid": "5a3cd93c-949c-40ac-9094-4a4a950d210f",
1901
- "value": "Malicious"
1902
- }
1903
- ],
1904
- "comment": "VBA/DDE.L",
1905
- "deleted": false,
1906
- "description": "File object describing a file with meta-information",
1907
- "distribution": "5",
1908
- "event_id": "9747",
1909
- "id": "1573",
1910
- "meta-category": "file",
1911
- "name": "file",
1912
- "sharing_group_id": "0",
1913
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1914
- "template_version": "8",
1915
- "timestamp": "1513937212",
1916
- "uuid": "5a3cd93c-716c-4918-a00f-4671950d210f"
1917
- },
1918
- {
1919
- "Attribute": [
1920
- {
1921
- "category": "Payload delivery",
1922
- "comment": "",
1923
- "deleted": false,
1924
- "disable_correlation": false,
1925
- "distribution": "5",
1926
- "event_id": "9747",
1927
- "id": "1188997",
1928
- "object_id": "1574",
1929
- "object_relation": "sha1",
1930
- "sharing_group_id": "0",
1931
- "timestamp": "1513937559",
1932
- "to_ids": true,
1933
- "type": "sha1",
1934
- "uuid": "5a3cda97-7e58-4642-aaf5-c5ed950d210f",
1935
- "value": "6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb"
1936
- },
1937
- {
1938
- "category": "Other",
1939
- "comment": "",
1940
- "deleted": false,
1941
- "disable_correlation": true,
1942
- "distribution": "5",
1943
- "event_id": "9747",
1944
- "id": "1188998",
1945
- "object_id": "1574",
1946
- "object_relation": "state",
1947
- "sharing_group_id": "0",
1948
- "timestamp": "1513937559",
1949
- "to_ids": false,
1950
- "type": "text",
1951
- "uuid": "5a3cda97-6020-423d-9d23-c5ed950d210f",
1952
- "value": "Malicious"
1953
- }
1954
- ],
1955
- "ObjectReference": [
1956
- {
1957
- "Attribute": {
1958
- "category": "Network activity",
1959
- "distribution": "5",
1960
- "sharing_group_id": "0",
1961
- "to_ids": true,
1962
- "type": "domain",
1963
- "uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
1964
- "value": "movieultimate.com"
1965
- },
1966
- "comment": "",
1967
- "deleted": false,
1968
- "event_id": "9747",
1969
- "id": "159",
1970
- "object_id": "1574",
1971
- "object_uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f",
1972
- "referenced_id": "1188759",
1973
- "referenced_type": "0",
1974
- "referenced_uuid": "5a3c3045-ab0c-4d38-8efe-459002de0b81",
1975
- "relationship_type": "communicates-with",
1976
- "timestamp": "1513937826",
1977
- "uuid": "5a3cdba2-2fdc-4f9a-a4eb-4dae950d210f"
1978
- }
1979
- ],
1980
- "comment": "Win64/Sednit.Z",
1981
- "deleted": false,
1982
- "description": "File object describing a file with meta-information",
1983
- "distribution": "5",
1984
- "event_id": "9747",
1985
- "id": "1574",
1986
- "meta-category": "file",
1987
- "name": "file",
1988
- "sharing_group_id": "0",
1989
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
1990
- "template_version": "8",
1991
- "timestamp": "1513937826",
1992
- "uuid": "5a3cda96-85c4-45a1-82ea-c5ed950d210f"
1993
- },
1994
- {
1995
- "Attribute": [
1996
- {
1997
- "category": "Payload delivery",
1998
- "comment": "",
1999
- "deleted": false,
2000
- "disable_correlation": false,
2001
- "distribution": "5",
2002
- "event_id": "9747",
2003
- "id": "1188999",
2004
- "object_id": "1575",
2005
- "object_relation": "sha1",
2006
- "sharing_group_id": "0",
2007
- "timestamp": "1513937864",
2008
- "to_ids": true,
2009
- "type": "sha1",
2010
- "uuid": "5a3cdbc8-0aac-4d8a-8c1f-4c5a950d210f",
2011
- "value": "e19f753e514f6adec8f81bcdefb9117979e69627"
2012
- },
2013
- {
2014
- "category": "Other",
2015
- "comment": "",
2016
- "deleted": false,
2017
- "disable_correlation": true,
2018
- "distribution": "5",
2019
- "event_id": "9747",
2020
- "id": "1189000",
2021
- "object_id": "1575",
2022
- "object_relation": "state",
2023
- "sharing_group_id": "0",
2024
- "timestamp": "1513937864",
2025
- "to_ids": false,
2026
- "type": "text",
2027
- "uuid": "5a3cdbc8-e204-4606-b9ea-4c5a950d210f",
2028
- "value": "Malicious"
2029
- }
2030
- ],
2031
- "ObjectReference": [
2032
- {
2033
- "Attribute": {
2034
- "category": "Network activity",
2035
- "distribution": "5",
2036
- "sharing_group_id": "0",
2037
- "to_ids": true,
2038
- "type": "domain",
2039
- "uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
2040
- "value": "meteost.com"
2041
- },
2042
- "comment": "",
2043
- "deleted": false,
2044
- "event_id": "9747",
2045
- "id": "160",
2046
- "object_id": "1575",
2047
- "object_uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
2048
- "referenced_id": "1188760",
2049
- "referenced_type": "0",
2050
- "referenced_uuid": "5a3c3045-61dc-495c-ae8a-471e02de0b81",
2051
- "relationship_type": "communicates-with",
2052
- "timestamp": "1513938091",
2053
- "uuid": "5a3cdcab-8200-4c65-868e-42a9950d210f"
2054
- }
2055
- ],
2056
- "comment": "Win64/Sednit.Z",
2057
- "deleted": false,
2058
- "description": "File object describing a file with meta-information",
2059
- "distribution": "5",
2060
- "event_id": "9747",
2061
- "id": "1575",
2062
- "meta-category": "file",
2063
- "name": "file",
2064
- "sharing_group_id": "0",
2065
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2066
- "template_version": "8",
2067
- "timestamp": "1513938091",
2068
- "uuid": "5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f"
2069
- },
2070
- {
2071
- "Attribute": [
2072
- {
2073
- "category": "Payload delivery",
2074
- "comment": "",
2075
- "deleted": false,
2076
- "disable_correlation": false,
2077
- "distribution": "5",
2078
- "event_id": "9747",
2079
- "id": "1189001",
2080
- "object_id": "1576",
2081
- "object_relation": "sha1",
2082
- "sharing_group_id": "0",
2083
- "timestamp": "1513937910",
2084
- "to_ids": true,
2085
- "type": "sha1",
2086
- "uuid": "5a3cdbf6-eca0-4c09-9bd0-4c59950d210f",
2087
- "value": "961468ddd3d0fa25beb8210c81ba620f9170ed30"
2088
- },
2089
- {
2090
- "category": "Other",
2091
- "comment": "",
2092
- "deleted": false,
2093
- "disable_correlation": true,
2094
- "distribution": "5",
2095
- "event_id": "9747",
2096
- "id": "1189002",
2097
- "object_id": "1576",
2098
- "object_relation": "state",
2099
- "sharing_group_id": "0",
2100
- "timestamp": "1513937910",
2101
- "to_ids": false,
2102
- "type": "text",
2103
- "uuid": "5a3cdbf6-acd8-4a36-a028-4c59950d210f",
2104
- "value": "Malicious"
2105
- }
2106
- ],
2107
- "ObjectReference": [
2108
- {
2109
- "Attribute": {
2110
- "category": "Network activity",
2111
- "distribution": "5",
2112
- "sharing_group_id": "0",
2113
- "to_ids": true,
2114
- "type": "domain",
2115
- "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2116
- "value": "faststoragefiles.org"
2117
- },
2118
- "comment": "",
2119
- "deleted": false,
2120
- "event_id": "9747",
2121
- "id": "164",
2122
- "object_id": "1576",
2123
- "object_uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f",
2124
- "referenced_id": "1188761",
2125
- "referenced_type": "0",
2126
- "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2127
- "relationship_type": "communicates-with",
2128
- "timestamp": "1513938210",
2129
- "uuid": "5a3cdd22-b7d8-4754-a108-4742950d210f"
2130
- }
2131
- ],
2132
- "comment": "Win32/Sednit.BO",
2133
- "deleted": false,
2134
- "description": "File object describing a file with meta-information",
2135
- "distribution": "5",
2136
- "event_id": "9747",
2137
- "id": "1576",
2138
- "meta-category": "file",
2139
- "name": "file",
2140
- "sharing_group_id": "0",
2141
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2142
- "template_version": "8",
2143
- "timestamp": "1513938210",
2144
- "uuid": "5a3cdbf6-f814-491f-9f93-4c59950d210f"
2145
- },
2146
- {
2147
- "Attribute": [
2148
- {
2149
- "category": "Payload delivery",
2150
- "comment": "",
2151
- "deleted": false,
2152
- "disable_correlation": false,
2153
- "distribution": "5",
2154
- "event_id": "9747",
2155
- "id": "1189003",
2156
- "object_id": "1577",
2157
- "object_relation": "sha1",
2158
- "sharing_group_id": "0",
2159
- "timestamp": "1513937929",
2160
- "to_ids": true,
2161
- "type": "sha1",
2162
- "uuid": "5a3cdc09-b428-4c0b-9969-c5ed950d210f",
2163
- "value": "a0719b50265505c8432616c0a4e14ed206981e95"
2164
- },
2165
- {
2166
- "category": "Other",
2167
- "comment": "",
2168
- "deleted": false,
2169
- "disable_correlation": true,
2170
- "distribution": "5",
2171
- "event_id": "9747",
2172
- "id": "1189004",
2173
- "object_id": "1577",
2174
- "object_relation": "state",
2175
- "sharing_group_id": "0",
2176
- "timestamp": "1513937929",
2177
- "to_ids": false,
2178
- "type": "text",
2179
- "uuid": "5a3cdc09-05d8-4356-ba52-c5ed950d210f",
2180
- "value": "Malicious"
2181
- }
2182
- ],
2183
- "ObjectReference": [
2184
- {
2185
- "Attribute": {
2186
- "category": "Network activity",
2187
- "distribution": "5",
2188
- "sharing_group_id": "0",
2189
- "to_ids": true,
2190
- "type": "domain",
2191
- "uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
2192
- "value": "nethostnet.com"
2193
- },
2194
- "comment": "",
2195
- "deleted": false,
2196
- "event_id": "9747",
2197
- "id": "162",
2198
- "object_id": "1577",
2199
- "object_uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
2200
- "referenced_id": "1188762",
2201
- "referenced_type": "0",
2202
- "referenced_uuid": "5a3c3045-968c-4572-9f64-491502de0b81",
2203
- "relationship_type": "communicates-with",
2204
- "timestamp": "1513938169",
2205
- "uuid": "5a3cdcf9-d5a4-4c8e-a201-45b1950d210f"
2206
- }
2207
- ],
2208
- "comment": "Win32/Sednit.BO",
2209
- "deleted": false,
2210
- "description": "File object describing a file with meta-information",
2211
- "distribution": "5",
2212
- "event_id": "9747",
2213
- "id": "1577",
2214
- "meta-category": "file",
2215
- "name": "file",
2216
- "sharing_group_id": "0",
2217
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2218
- "template_version": "8",
2219
- "timestamp": "1513938169",
2220
- "uuid": "5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f"
2221
- },
2222
- {
2223
- "Attribute": [
2224
- {
2225
- "category": "Payload delivery",
2226
- "comment": "",
2227
- "deleted": false,
2228
- "disable_correlation": false,
2229
- "distribution": "5",
2230
- "event_id": "9747",
2231
- "id": "1189005",
2232
- "object_id": "1578",
2233
- "object_relation": "sha1",
2234
- "sharing_group_id": "0",
2235
- "timestamp": "1513937953",
2236
- "to_ids": true,
2237
- "type": "sha1",
2238
- "uuid": "5a3cdc21-a170-4637-b139-4812950d210f",
2239
- "value": "2cf6436b99d11d9d1e0c488af518e35162ecbc9c"
2240
- },
2241
- {
2242
- "category": "Other",
2243
- "comment": "",
2244
- "deleted": false,
2245
- "disable_correlation": true,
2246
- "distribution": "5",
2247
- "event_id": "9747",
2248
- "id": "1189006",
2249
- "object_id": "1578",
2250
- "object_relation": "state",
2251
- "sharing_group_id": "0",
2252
- "timestamp": "1513937953",
2253
- "to_ids": false,
2254
- "type": "text",
2255
- "uuid": "5a3cdc21-3274-4800-9e91-41e2950d210f",
2256
- "value": "Malicious"
2257
- }
2258
- ],
2259
- "ObjectReference": [
2260
- {
2261
- "Attribute": {
2262
- "category": "Network activity",
2263
- "distribution": "5",
2264
- "sharing_group_id": "0",
2265
- "to_ids": true,
2266
- "type": "domain",
2267
- "uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2268
- "value": "faststoragefiles.org"
2269
- },
2270
- "comment": "",
2271
- "deleted": false,
2272
- "event_id": "9747",
2273
- "id": "165",
2274
- "object_id": "1578",
2275
- "object_uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f",
2276
- "referenced_id": "1188761",
2277
- "referenced_type": "0",
2278
- "referenced_uuid": "5a3c3045-e354-4978-a6b4-49ad02de0b81",
2279
- "relationship_type": "communicates-with",
2280
- "timestamp": "1513938226",
2281
- "uuid": "5a3cdd32-3044-4895-8f18-4d06950d210f"
2282
- }
2283
- ],
2284
- "comment": "Win64/Sednit.Y",
2285
- "deleted": false,
2286
- "description": "File object describing a file with meta-information",
2287
- "distribution": "5",
2288
- "event_id": "9747",
2289
- "id": "1578",
2290
- "meta-category": "file",
2291
- "name": "file",
2292
- "sharing_group_id": "0",
2293
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2294
- "template_version": "8",
2295
- "timestamp": "1513938226",
2296
- "uuid": "5a3cdc21-856c-48bd-a757-4f4b950d210f"
2297
- },
2298
- {
2299
- "Attribute": [
2300
- {
2301
- "category": "Payload delivery",
2302
- "comment": "",
2303
- "deleted": false,
2304
- "disable_correlation": false,
2305
- "distribution": "5",
2306
- "event_id": "9747",
2307
- "id": "1189007",
2308
- "object_id": "1579",
2309
- "object_relation": "sha1",
2310
- "sharing_group_id": "0",
2311
- "timestamp": "1513937975",
2312
- "to_ids": true,
2313
- "type": "sha1",
2314
- "uuid": "5a3cdc37-cee0-43d0-9e20-4db6950d210f",
2315
- "value": "fec29b4f4dccc59770c65c128dfe4564d7c13d33"
2316
- },
2317
- {
2318
- "category": "Other",
2319
- "comment": "",
2320
- "deleted": false,
2321
- "disable_correlation": true,
2322
- "distribution": "5",
2323
- "event_id": "9747",
2324
- "id": "1189008",
2325
- "object_id": "1579",
2326
- "object_relation": "state",
2327
- "sharing_group_id": "0",
2328
- "timestamp": "1513937976",
2329
- "to_ids": false,
2330
- "type": "text",
2331
- "uuid": "5a3cdc38-ac24-44be-a1ed-4935950d210f",
2332
- "value": "Malicious"
2333
- }
2334
- ],
2335
- "ObjectReference": [
2336
- {
2337
- "Attribute": {
2338
- "category": "Network activity",
2339
- "distribution": "5",
2340
- "sharing_group_id": "0",
2341
- "to_ids": true,
2342
- "type": "domain",
2343
- "uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
2344
- "value": "fsportal.net"
2345
- },
2346
- "comment": "",
2347
- "deleted": false,
2348
- "event_id": "9747",
2349
- "id": "163",
2350
- "object_id": "1579",
2351
- "object_uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f",
2352
- "referenced_id": "1188763",
2353
- "referenced_type": "0",
2354
- "referenced_uuid": "5a3c3045-eb44-433f-a13a-44b902de0b81",
2355
- "relationship_type": "communicates-with",
2356
- "timestamp": "1513938189",
2357
- "uuid": "5a3cdd0d-d990-42ba-830d-5156950d210f"
2358
- }
2359
- ],
2360
- "comment": "Win64/Sednit.Y",
2361
- "deleted": false,
2362
- "description": "File object describing a file with meta-information",
2363
- "distribution": "5",
2364
- "event_id": "9747",
2365
- "id": "1579",
2366
- "meta-category": "file",
2367
- "name": "file",
2368
- "sharing_group_id": "0",
2369
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2370
- "template_version": "8",
2371
- "timestamp": "1513938190",
2372
- "uuid": "5a3cdc37-89e8-4a2d-823a-4af8950d210f"
2373
- },
2374
- {
2375
- "Attribute": [
2376
- {
2377
- "category": "Payload delivery",
2378
- "comment": "",
2379
- "deleted": false,
2380
- "disable_correlation": false,
2381
- "distribution": "5",
2382
- "event_id": "9747",
2383
- "id": "1189009",
2384
- "object_id": "1580",
2385
- "object_relation": "sha1",
2386
- "sharing_group_id": "0",
2387
- "timestamp": "1513937992",
2388
- "to_ids": true,
2389
- "type": "sha1",
2390
- "uuid": "5a3cdc48-c74c-4b6e-8202-5156950d210f",
2391
- "value": "57d7f3d31c491f8aef4665ca4dd905c3c8a98795"
2392
- },
2393
- {
2394
- "category": "Other",
2395
- "comment": "",
2396
- "deleted": false,
2397
- "disable_correlation": true,
2398
- "distribution": "5",
2399
- "event_id": "9747",
2400
- "id": "1189010",
2401
- "object_id": "1580",
2402
- "object_relation": "state",
2403
- "sharing_group_id": "0",
2404
- "timestamp": "1513937992",
2405
- "to_ids": false,
2406
- "type": "text",
2407
- "uuid": "5a3cdc48-55dc-420e-9b5d-5156950d210f",
2408
- "value": "Malicious"
2409
- }
2410
- ],
2411
- "ObjectReference": [
2412
- {
2413
- "Attribute": {
2414
- "category": "Network activity",
2415
- "distribution": "5",
2416
- "sharing_group_id": "0",
2417
- "to_ids": true,
2418
- "type": "domain",
2419
- "uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
2420
- "value": "fastdataexchange.org"
2421
- },
2422
- "comment": "",
2423
- "deleted": false,
2424
- "event_id": "9747",
2425
- "id": "161",
2426
- "object_id": "1580",
2427
- "object_uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f",
2428
- "referenced_id": "1188764",
2429
- "referenced_type": "0",
2430
- "referenced_uuid": "5a3c3045-6a88-479d-b799-4d3d02de0b81",
2431
- "relationship_type": "communicates-with",
2432
- "timestamp": "1513938129",
2433
- "uuid": "5a3cdcd1-c6cc-43d8-a2f4-4681950d210f"
2434
- }
2435
- ],
2436
- "comment": "Win64/Sednit.Z",
2437
- "deleted": false,
2438
- "description": "File object describing a file with meta-information",
2439
- "distribution": "5",
2440
- "event_id": "9747",
2441
- "id": "1580",
2442
- "meta-category": "file",
2443
- "name": "file",
2444
- "sharing_group_id": "0",
2445
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2446
- "template_version": "8",
2447
- "timestamp": "1513938129",
2448
- "uuid": "5a3cdc48-b9a0-4775-a03f-5156950d210f"
2449
- },
2450
- {
2451
- "Attribute": [
2452
- {
2453
- "category": "Payload delivery",
2454
- "comment": "",
2455
- "deleted": false,
2456
- "disable_correlation": false,
2457
- "distribution": "5",
2458
- "event_id": "9747",
2459
- "id": "1189011",
2460
- "object_id": "1581",
2461
- "object_relation": "sha1",
2462
- "sharing_group_id": "0",
2463
- "timestamp": "1513938011",
2464
- "to_ids": true,
2465
- "type": "sha1",
2466
- "uuid": "5a3cdc5b-54a8-4e60-bc67-4c5a950d210f",
2467
- "value": "a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138"
2468
- },
2469
- {
2470
- "category": "Other",
2471
- "comment": "",
2472
- "deleted": false,
2473
- "disable_correlation": true,
2474
- "distribution": "5",
2475
- "event_id": "9747",
2476
- "id": "1189012",
2477
- "object_id": "1581",
2478
- "object_relation": "state",
2479
- "sharing_group_id": "0",
2480
- "timestamp": "1513938011",
2481
- "to_ids": false,
2482
- "type": "text",
2483
- "uuid": "5a3cdc5b-b390-4183-aec7-4c5a950d210f",
2484
- "value": "Malicious"
2485
- }
2486
- ],
2487
- "ObjectReference": [
2488
- {
2489
- "Attribute": {
2490
- "category": "Network activity",
2491
- "distribution": "5",
2492
- "sharing_group_id": "0",
2493
- "to_ids": true,
2494
- "type": "domain",
2495
- "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2496
- "value": "newfilmts.com"
2497
- },
2498
- "comment": "",
2499
- "deleted": false,
2500
- "event_id": "9747",
2501
- "id": "168",
2502
- "object_id": "1581",
2503
- "object_uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f",
2504
- "referenced_id": "1188765",
2505
- "referenced_type": "0",
2506
- "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2507
- "relationship_type": "communicates-with",
2508
- "timestamp": "1513938280",
2509
- "uuid": "5a3cdd68-7968-40d1-a0a9-5156950d210f"
2510
- }
2511
- ],
2512
- "comment": "Win32/Sednit.BO",
2513
- "deleted": false,
2514
- "description": "File object describing a file with meta-information",
2515
- "distribution": "5",
2516
- "event_id": "9747",
2517
- "id": "1581",
2518
- "meta-category": "file",
2519
- "name": "file",
2520
- "sharing_group_id": "0",
2521
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2522
- "template_version": "8",
2523
- "timestamp": "1513938280",
2524
- "uuid": "5a3cdc5a-8760-4efa-949a-4c5a950d210f"
2525
- },
2526
- {
2527
- "Attribute": [
2528
- {
2529
- "category": "Payload delivery",
2530
- "comment": "",
2531
- "deleted": false,
2532
- "disable_correlation": false,
2533
- "distribution": "5",
2534
- "event_id": "9747",
2535
- "id": "1189013",
2536
- "object_id": "1582",
2537
- "object_relation": "sha1",
2538
- "sharing_group_id": "0",
2539
- "timestamp": "1513938034",
2540
- "to_ids": true,
2541
- "type": "sha1",
2542
- "uuid": "5a3cdc72-ba30-4ecd-9d21-4654950d210f",
2543
- "value": "1958e722afd0dba266576922abc98aa505cf5f9a"
2544
- },
2545
- {
2546
- "category": "Other",
2547
- "comment": "",
2548
- "deleted": false,
2549
- "disable_correlation": true,
2550
- "distribution": "5",
2551
- "event_id": "9747",
2552
- "id": "1189014",
2553
- "object_id": "1582",
2554
- "object_relation": "state",
2555
- "sharing_group_id": "0",
2556
- "timestamp": "1513938034",
2557
- "to_ids": false,
2558
- "type": "text",
2559
- "uuid": "5a3cdc72-0804-42c4-acfa-4ac5950d210f",
2560
- "value": "Malicious"
2561
- }
2562
- ],
2563
- "ObjectReference": [
2564
- {
2565
- "Attribute": {
2566
- "category": "Network activity",
2567
- "distribution": "5",
2568
- "sharing_group_id": "0",
2569
- "to_ids": true,
2570
- "type": "domain",
2571
- "uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2572
- "value": "newfilmts.com"
2573
- },
2574
- "comment": "",
2575
- "deleted": false,
2576
- "event_id": "9747",
2577
- "id": "167",
2578
- "object_id": "1582",
2579
- "object_uuid": "5a3cdc72-1538-4c66-af46-427b950d210f",
2580
- "referenced_id": "1188765",
2581
- "referenced_type": "0",
2582
- "referenced_uuid": "5a3c3045-7480-4831-a5c4-48c802de0b81",
2583
- "relationship_type": "communicates-with",
2584
- "timestamp": "1513938264",
2585
- "uuid": "5a3cdd58-9800-4bae-837c-4f20950d210f"
2586
- }
2587
- ],
2588
- "comment": "Win32/Sednit.BO",
2589
- "deleted": false,
2590
- "description": "File object describing a file with meta-information",
2591
- "distribution": "5",
2592
- "event_id": "9747",
2593
- "id": "1582",
2594
- "meta-category": "file",
2595
- "name": "file",
2596
- "sharing_group_id": "0",
2597
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2598
- "template_version": "8",
2599
- "timestamp": "1513938264",
2600
- "uuid": "5a3cdc72-1538-4c66-af46-427b950d210f"
2601
- },
2602
- {
2603
- "Attribute": [
2604
- {
2605
- "category": "Payload delivery",
2606
- "comment": "",
2607
- "deleted": false,
2608
- "disable_correlation": false,
2609
- "distribution": "5",
2610
- "event_id": "9747",
2611
- "id": "1189015",
2612
- "object_id": "1583",
2613
- "object_relation": "sha1",
2614
- "sharing_group_id": "0",
2615
- "timestamp": "1513939882",
2616
- "to_ids": true,
2617
- "type": "sha1",
2618
- "uuid": "5a3ce3aa-e104-481e-a7f4-4bc1950d210f",
2619
- "value": "9f6bed7d7f4728490117cbc85819c2e6c494251b"
2620
- },
2621
- {
2622
- "category": "Other",
2623
- "comment": "",
2624
- "deleted": false,
2625
- "disable_correlation": true,
2626
- "distribution": "5",
2627
- "event_id": "9747",
2628
- "id": "1189016",
2629
- "object_id": "1583",
2630
- "object_relation": "state",
2631
- "sharing_group_id": "0",
2632
- "timestamp": "1513939882",
2633
- "to_ids": false,
2634
- "type": "text",
2635
- "uuid": "5a3ce3aa-74fc-48c7-af40-4c6a950d210f",
2636
- "value": "Malicious"
2637
- }
2638
- ],
2639
- "ObjectReference": [
2640
- {
2641
- "Object": {
2642
- "distribution": "5",
2643
- "meta-category": "network",
2644
- "name": "domain-ip",
2645
- "sharing_group_id": "0",
2646
- "uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
2647
- },
2648
- "comment": "",
2649
- "deleted": false,
2650
- "event_id": "9747",
2651
- "id": "173",
2652
- "object_id": "1583",
2653
- "object_uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
2654
- "referenced_id": "1592",
2655
- "referenced_type": "1",
2656
- "referenced_uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f",
2657
- "relationship_type": "communicates-with",
2658
- "timestamp": "1513947459",
2659
- "uuid": "5a3d0143-c300-4118-8afe-4a2d950d210f"
2660
- }
2661
- ],
2662
- "comment": "Win32/Sednit.AX",
2663
- "deleted": false,
2664
- "description": "File object describing a file with meta-information",
2665
- "distribution": "5",
2666
- "event_id": "9747",
2667
- "id": "1583",
2668
- "meta-category": "file",
2669
- "name": "file",
2670
- "sharing_group_id": "0",
2671
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2672
- "template_version": "8",
2673
- "timestamp": "1513948642",
2674
- "uuid": "5a3ce3a9-f070-4403-a1f6-4b8c950d210f"
2675
- },
2676
- {
2677
- "Attribute": [
2678
- {
2679
- "category": "Payload delivery",
2680
- "comment": "",
2681
- "deleted": false,
2682
- "disable_correlation": false,
2683
- "distribution": "5",
2684
- "event_id": "9747",
2685
- "id": "1189017",
2686
- "object_id": "1584",
2687
- "object_relation": "sha1",
2688
- "sharing_group_id": "0",
2689
- "timestamp": "1513939907",
2690
- "to_ids": true,
2691
- "type": "sha1",
2692
- "uuid": "5a3ce3c3-6d9c-48f4-93db-4a61950d210f",
2693
- "value": "4bc722a9b0492a50bd86a1341f02c74c0d773db7"
2694
- },
2695
- {
2696
- "category": "Other",
2697
- "comment": "",
2698
- "deleted": false,
2699
- "disable_correlation": true,
2700
- "distribution": "5",
2701
- "event_id": "9747",
2702
- "id": "1189018",
2703
- "object_id": "1584",
2704
- "object_relation": "state",
2705
- "sharing_group_id": "0",
2706
- "timestamp": "1513939907",
2707
- "to_ids": false,
2708
- "type": "text",
2709
- "uuid": "5a3ce3c3-c38c-4e30-a904-4c8f950d210f",
2710
- "value": "Malicious"
2711
- }
2712
- ],
2713
- "ObjectReference": [
2714
- {
2715
- "Object": {
2716
- "distribution": "5",
2717
- "meta-category": "network",
2718
- "name": "domain-ip",
2719
- "sharing_group_id": "0",
2720
- "uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
2721
- },
2722
- "comment": "",
2723
- "deleted": false,
2724
- "event_id": "9747",
2725
- "id": "188",
2726
- "object_id": "1584",
2727
- "object_uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f",
2728
- "referenced_id": "1603",
2729
- "referenced_type": "1",
2730
- "referenced_uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f",
2731
- "relationship_type": "communicates-with",
2732
- "timestamp": "1513948518",
2733
- "uuid": "5a3d0566-34fc-4a62-b2a5-4f91950d210f"
2734
- }
2735
- ],
2736
- "comment": "Win32/Sednit.BS",
2737
- "deleted": false,
2738
- "description": "File object describing a file with meta-information",
2739
- "distribution": "5",
2740
- "event_id": "9747",
2741
- "id": "1584",
2742
- "meta-category": "file",
2743
- "name": "file",
2744
- "sharing_group_id": "0",
2745
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2746
- "template_version": "8",
2747
- "timestamp": "1513948535",
2748
- "uuid": "5a3ce3c3-34b4-4e1f-b238-4399950d210f"
2749
- },
2750
- {
2751
- "Attribute": [
2752
- {
2753
- "category": "Payload delivery",
2754
- "comment": "",
2755
- "deleted": false,
2756
- "disable_correlation": false,
2757
- "distribution": "5",
2758
- "event_id": "9747",
2759
- "id": "1189019",
2760
- "object_id": "1585",
2761
- "object_relation": "sha1",
2762
- "sharing_group_id": "0",
2763
- "timestamp": "1513939924",
2764
- "to_ids": true,
2765
- "type": "sha1",
2766
- "uuid": "5a3ce3d4-9168-4e23-8b64-485a950d210f",
2767
- "value": "ab354807e687993fbeb1b325eb6e4ab38d428a1e"
2768
- },
2769
- {
2770
- "category": "Other",
2771
- "comment": "",
2772
- "deleted": false,
2773
- "disable_correlation": true,
2774
- "distribution": "5",
2775
- "event_id": "9747",
2776
- "id": "1189020",
2777
- "object_id": "1585",
2778
- "object_relation": "state",
2779
- "sharing_group_id": "0",
2780
- "timestamp": "1513939924",
2781
- "to_ids": false,
2782
- "type": "text",
2783
- "uuid": "5a3ce3d4-27e0-4366-943f-4b9a950d210f",
2784
- "value": "Malicious"
2785
- }
2786
- ],
2787
- "ObjectReference": [
2788
- {
2789
- "Object": {
2790
- "distribution": "5",
2791
- "meta-category": "network",
2792
- "name": "domain-ip",
2793
- "sharing_group_id": "0",
2794
- "uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
2795
- },
2796
- "comment": "",
2797
- "deleted": false,
2798
- "event_id": "9747",
2799
- "id": "189",
2800
- "object_id": "1585",
2801
- "object_uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f",
2802
- "referenced_id": "1602",
2803
- "referenced_type": "1",
2804
- "referenced_uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
2805
- "relationship_type": "communicates-with",
2806
- "timestamp": "1513948528",
2807
- "uuid": "5a3d0570-a86c-4264-a43a-4125950d210f"
2808
- }
2809
- ],
2810
- "comment": "Win32/Sednit.BS",
2811
- "deleted": false,
2812
- "description": "File object describing a file with meta-information",
2813
- "distribution": "5",
2814
- "event_id": "9747",
2815
- "id": "1585",
2816
- "meta-category": "file",
2817
- "name": "file",
2818
- "sharing_group_id": "0",
2819
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2820
- "template_version": "8",
2821
- "timestamp": "1513948597",
2822
- "uuid": "5a3ce3d4-07bc-4af3-90fc-4798950d210f"
2823
- },
2824
- {
2825
- "Attribute": [
2826
- {
2827
- "category": "Payload delivery",
2828
- "comment": "",
2829
- "deleted": false,
2830
- "disable_correlation": false,
2831
- "distribution": "5",
2832
- "event_id": "9747",
2833
- "id": "1189021",
2834
- "object_id": "1586",
2835
- "object_relation": "sha1",
2836
- "sharing_group_id": "0",
2837
- "timestamp": "1513939946",
2838
- "to_ids": true,
2839
- "type": "sha1",
2840
- "uuid": "5a3ce3ea-8dbc-4cf4-997f-448b950d210f",
2841
- "value": "9c47ca3883196b3a84d67676a804ff50e22b0a9f"
2842
- },
2843
- {
2844
- "category": "Other",
2845
- "comment": "",
2846
- "deleted": false,
2847
- "disable_correlation": true,
2848
- "distribution": "5",
2849
- "event_id": "9747",
2850
- "id": "1189022",
2851
- "object_id": "1586",
2852
- "object_relation": "state",
2853
- "sharing_group_id": "0",
2854
- "timestamp": "1513939946",
2855
- "to_ids": false,
2856
- "type": "text",
2857
- "uuid": "5a3ce3ea-e714-444e-ad9b-40b0950d210f",
2858
- "value": "Malicious"
2859
- }
2860
- ],
2861
- "ObjectReference": [
2862
- {
2863
- "Object": {
2864
- "distribution": "5",
2865
- "meta-category": "network",
2866
- "name": "domain-ip",
2867
- "sharing_group_id": "0",
2868
- "uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
2869
- },
2870
- "comment": "",
2871
- "deleted": false,
2872
- "event_id": "9747",
2873
- "id": "190",
2874
- "object_id": "1586",
2875
- "object_uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f",
2876
- "referenced_id": "1601",
2877
- "referenced_type": "1",
2878
- "referenced_uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f",
2879
- "relationship_type": "communicates-with",
2880
- "timestamp": "1513948614",
2881
- "uuid": "5a3d05c6-0618-4520-9549-48a0950d210f"
2882
- }
2883
- ],
2884
- "comment": "Win32/Sednit.BR",
2885
- "deleted": false,
2886
- "description": "File object describing a file with meta-information",
2887
- "distribution": "5",
2888
- "event_id": "9747",
2889
- "id": "1586",
2890
- "meta-category": "file",
2891
- "name": "file",
2892
- "sharing_group_id": "0",
2893
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2894
- "template_version": "8",
2895
- "timestamp": "1513948626",
2896
- "uuid": "5a3ce3ea-580c-477c-9b73-4e57950d210f"
2897
- },
2898
- {
2899
- "Attribute": [
2900
- {
2901
- "category": "Payload delivery",
2902
- "comment": "",
2903
- "deleted": false,
2904
- "disable_correlation": false,
2905
- "distribution": "5",
2906
- "event_id": "9747",
2907
- "id": "1189023",
2908
- "object_id": "1587",
2909
- "object_relation": "sha1",
2910
- "sharing_group_id": "0",
2911
- "timestamp": "1513939972",
2912
- "to_ids": true,
2913
- "type": "sha1",
2914
- "uuid": "5a3ce404-7bfc-4316-bd32-55ea950d210f",
2915
- "value": "8a68f26d01372114f660e32ac4c9117e5d0577f1"
2916
- },
2917
- {
2918
- "category": "Other",
2919
- "comment": "",
2920
- "deleted": false,
2921
- "disable_correlation": true,
2922
- "distribution": "5",
2923
- "event_id": "9747",
2924
- "id": "1189024",
2925
- "object_id": "1587",
2926
- "object_relation": "state",
2927
- "sharing_group_id": "0",
2928
- "timestamp": "1513939972",
2929
- "to_ids": false,
2930
- "type": "text",
2931
- "uuid": "5a3ce404-7224-4525-922a-55ea950d210f",
2932
- "value": "Malicious"
2933
- }
2934
- ],
2935
- "ObjectReference": [
2936
- {
2937
- "Object": {
2938
- "distribution": "5",
2939
- "meta-category": "network",
2940
- "name": "domain-ip",
2941
- "sharing_group_id": "0",
2942
- "uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
2943
- },
2944
- "comment": "",
2945
- "deleted": false,
2946
- "event_id": "9747",
2947
- "id": "182",
2948
- "object_id": "1587",
2949
- "object_uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f",
2950
- "referenced_id": "1600",
2951
- "referenced_type": "1",
2952
- "referenced_uuid": "5a3ce680-90d4-478d-95db-48a6950d210f",
2953
- "relationship_type": "communicates-with",
2954
- "timestamp": "1513948044",
2955
- "uuid": "5a3d038c-1cc8-4d9c-87ab-c5ed950d210f"
2956
- }
2957
- ],
2958
- "comment": "Win32/Sednit.BN",
2959
- "deleted": false,
2960
- "description": "File object describing a file with meta-information",
2961
- "distribution": "5",
2962
- "event_id": "9747",
2963
- "id": "1587",
2964
- "meta-category": "file",
2965
- "name": "file",
2966
- "sharing_group_id": "0",
2967
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
2968
- "template_version": "8",
2969
- "timestamp": "1513948073",
2970
- "uuid": "5a3ce404-efc0-4f15-864e-55ea950d210f"
2971
- },
2972
- {
2973
- "Attribute": [
2974
- {
2975
- "category": "Payload delivery",
2976
- "comment": "",
2977
- "deleted": false,
2978
- "disable_correlation": false,
2979
- "distribution": "5",
2980
- "event_id": "9747",
2981
- "id": "1189025",
2982
- "object_id": "1588",
2983
- "object_relation": "sha1",
2984
- "sharing_group_id": "0",
2985
- "timestamp": "1513939991",
2986
- "to_ids": true,
2987
- "type": "sha1",
2988
- "uuid": "5a3ce417-62a4-4d46-9a87-55ea950d210f",
2989
- "value": "476fc1d31722ac26b46154cbf0c631d60268b28a"
2990
- },
2991
- {
2992
- "category": "Other",
2993
- "comment": "",
2994
- "deleted": false,
2995
- "disable_correlation": true,
2996
- "distribution": "5",
2997
- "event_id": "9747",
2998
- "id": "1189026",
2999
- "object_id": "1588",
3000
- "object_relation": "state",
3001
- "sharing_group_id": "0",
3002
- "timestamp": "1513939991",
3003
- "to_ids": false,
3004
- "type": "text",
3005
- "uuid": "5a3ce417-43f0-494d-ac2e-55ea950d210f",
3006
- "value": "Malicious"
3007
- }
3008
- ],
3009
- "ObjectReference": [
3010
- {
3011
- "Object": {
3012
- "distribution": "5",
3013
- "meta-category": "network",
3014
- "name": "domain-ip",
3015
- "sharing_group_id": "0",
3016
- "uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
3017
- },
3018
- "comment": "",
3019
- "deleted": false,
3020
- "event_id": "9747",
3021
- "id": "187",
3022
- "object_id": "1588",
3023
- "object_uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f",
3024
- "referenced_id": "1599",
3025
- "referenced_type": "1",
3026
- "referenced_uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f",
3027
- "relationship_type": "communicates-with",
3028
- "timestamp": "1513948483",
3029
- "uuid": "5a3d0543-8f74-4086-aafc-418a950d210f"
3030
- }
3031
- ],
3032
- "comment": "Win32/Sednit.BN",
3033
- "deleted": false,
3034
- "description": "File object describing a file with meta-information",
3035
- "distribution": "5",
3036
- "event_id": "9747",
3037
- "id": "1588",
3038
- "meta-category": "file",
3039
- "name": "file",
3040
- "sharing_group_id": "0",
3041
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3042
- "template_version": "8",
3043
- "timestamp": "1513948498",
3044
- "uuid": "5a3ce417-7cd4-4c36-8a73-55ea950d210f"
3045
- },
3046
- {
3047
- "Attribute": [
3048
- {
3049
- "category": "Payload delivery",
3050
- "comment": "",
3051
- "deleted": false,
3052
- "disable_correlation": false,
3053
- "distribution": "5",
3054
- "event_id": "9747",
3055
- "id": "1189027",
3056
- "object_id": "1589",
3057
- "object_relation": "sha1",
3058
- "sharing_group_id": "0",
3059
- "timestamp": "1513940012",
3060
- "to_ids": true,
3061
- "type": "sha1",
3062
- "uuid": "5a3ce42c-836c-49e7-a9f3-4a5f950d210f",
3063
- "value": "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1"
3064
- },
3065
- {
3066
- "category": "Other",
3067
- "comment": "",
3068
- "deleted": false,
3069
- "disable_correlation": true,
3070
- "distribution": "5",
3071
- "event_id": "9747",
3072
- "id": "1189028",
3073
- "object_id": "1589",
3074
- "object_relation": "state",
3075
- "sharing_group_id": "0",
3076
- "timestamp": "1513940012",
3077
- "to_ids": false,
3078
- "type": "text",
3079
- "uuid": "5a3ce42c-4c88-4940-94b8-4084950d210f",
3080
- "value": "Malicious"
3081
- }
3082
- ],
3083
- "ObjectReference": [
3084
- {
3085
- "Object": {
3086
- "distribution": "5",
3087
- "meta-category": "network",
3088
- "name": "domain-ip",
3089
- "sharing_group_id": "0",
3090
- "uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
3091
- },
3092
- "comment": "",
3093
- "deleted": false,
3094
- "event_id": "9747",
3095
- "id": "183",
3096
- "object_id": "1589",
3097
- "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
3098
- "referenced_id": "1594",
3099
- "referenced_type": "1",
3100
- "referenced_uuid": "5a3ce60a-6db8-4212-b194-4339950d210f",
3101
- "relationship_type": "communicates-with",
3102
- "timestamp": "1513948106",
3103
- "uuid": "5a3d03ca-2398-4060-b13c-404a950d210f"
3104
- },
3105
- {
3106
- "Object": {
3107
- "distribution": "5",
3108
- "meta-category": "network",
3109
- "name": "domain-ip",
3110
- "sharing_group_id": "0",
3111
- "uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
3112
- },
3113
- "comment": "",
3114
- "deleted": false,
3115
- "event_id": "9747",
3116
- "id": "184",
3117
- "object_id": "1589",
3118
- "object_uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
3119
- "referenced_id": "1595",
3120
- "referenced_type": "1",
3121
- "referenced_uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
3122
- "relationship_type": "communicates-with",
3123
- "timestamp": "1513948117",
3124
- "uuid": "5a3d03d5-6d8c-4dfb-b193-4002950d210f"
3125
- }
3126
- ],
3127
- "comment": "Win32/Sednit.BN",
3128
- "deleted": false,
3129
- "description": "File object describing a file with meta-information",
3130
- "distribution": "5",
3131
- "event_id": "9747",
3132
- "id": "1589",
3133
- "meta-category": "file",
3134
- "name": "file",
3135
- "sharing_group_id": "0",
3136
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3137
- "template_version": "8",
3138
- "timestamp": "1513948128",
3139
- "uuid": "5a3ce42b-2e0c-4a26-b6c8-47a3950d210f"
3140
- },
3141
- {
3142
- "Attribute": [
3143
- {
3144
- "category": "Payload delivery",
3145
- "comment": "",
3146
- "deleted": false,
3147
- "disable_correlation": false,
3148
- "distribution": "5",
3149
- "event_id": "9747",
3150
- "id": "1189029",
3151
- "object_id": "1590",
3152
- "object_relation": "sha1",
3153
- "sharing_group_id": "0",
3154
- "timestamp": "1513940027",
3155
- "to_ids": true,
3156
- "type": "sha1",
3157
- "uuid": "5a3ce43b-6738-4a14-a318-4d65950d210f",
3158
- "value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9"
3159
- },
3160
- {
3161
- "category": "Other",
3162
- "comment": "",
3163
- "deleted": false,
3164
- "disable_correlation": true,
3165
- "distribution": "5",
3166
- "event_id": "9747",
3167
- "id": "1189030",
3168
- "object_id": "1590",
3169
- "object_relation": "state",
3170
- "sharing_group_id": "0",
3171
- "timestamp": "1513940027",
3172
- "to_ids": false,
3173
- "type": "text",
3174
- "uuid": "5a3ce43b-3a10-4d78-9ee2-485c950d210f",
3175
- "value": "Malicious"
3176
- }
3177
- ],
3178
- "ObjectReference": [
3179
- {
3180
- "Object": {
3181
- "distribution": "5",
3182
- "meta-category": "network",
3183
- "name": "domain-ip",
3184
- "sharing_group_id": "0",
3185
- "uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
3186
- },
3187
- "comment": "",
3188
- "deleted": false,
3189
- "event_id": "9747",
3190
- "id": "186",
3191
- "object_id": "1590",
3192
- "object_uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f",
3193
- "referenced_id": "1593",
3194
- "referenced_type": "1",
3195
- "referenced_uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
3196
- "relationship_type": "communicates-with",
3197
- "timestamp": "1513948320",
3198
- "uuid": "5a3d04a0-9d28-47c3-a12c-465b950d210f"
3199
- }
3200
- ],
3201
- "comment": "Win32/Sednit.BG",
3202
- "deleted": false,
3203
- "description": "File object describing a file with meta-information",
3204
- "distribution": "5",
3205
- "event_id": "9747",
3206
- "id": "1590",
3207
- "meta-category": "file",
3208
- "name": "file",
3209
- "sharing_group_id": "0",
3210
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3211
- "template_version": "8",
3212
- "timestamp": "1513948339",
3213
- "uuid": "5a3ce43a-5478-4f65-95b2-4e1e950d210f"
3214
- },
3215
- {
3216
- "Attribute": [
3217
- {
3218
- "category": "Payload delivery",
3219
- "comment": "",
3220
- "deleted": false,
3221
- "disable_correlation": false,
3222
- "distribution": "5",
3223
- "event_id": "9747",
3224
- "id": "1189031",
3225
- "object_id": "1591",
3226
- "object_relation": "sha1",
3227
- "sharing_group_id": "0",
3228
- "timestamp": "1513940042",
3229
- "to_ids": true,
3230
- "type": "sha1",
3231
- "uuid": "5a3ce44a-2ea4-4526-8bbc-c328950d210f",
3232
- "value": "6e167da3c5d887fa2e58da848a2245d11b6c5ad6"
3233
- },
3234
- {
3235
- "category": "Other",
3236
- "comment": "",
3237
- "deleted": false,
3238
- "disable_correlation": true,
3239
- "distribution": "5",
3240
- "event_id": "9747",
3241
- "id": "1189032",
3242
- "object_id": "1591",
3243
- "object_relation": "state",
3244
- "sharing_group_id": "0",
3245
- "timestamp": "1513940042",
3246
- "to_ids": false,
3247
- "type": "text",
3248
- "uuid": "5a3ce44a-5118-4142-97f0-c328950d210f",
3249
- "value": "Malicious"
3250
- }
3251
- ],
3252
- "ObjectReference": [
3253
- {
3254
- "Object": {
3255
- "distribution": "5",
3256
- "meta-category": "network",
3257
- "name": "domain-ip",
3258
- "sharing_group_id": "0",
3259
- "uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
3260
- },
3261
- "comment": "",
3262
- "deleted": false,
3263
- "event_id": "9747",
3264
- "id": "170",
3265
- "object_id": "1591",
3266
- "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
3267
- "referenced_id": "1597",
3268
- "referenced_type": "1",
3269
- "referenced_uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f",
3270
- "relationship_type": "communicates-with",
3271
- "timestamp": "1513940734",
3272
- "uuid": "5a3ce6fe-b0c4-44df-a609-419a950d210f"
3273
- },
3274
- {
3275
- "Object": {
3276
- "distribution": "5",
3277
- "meta-category": "network",
3278
- "name": "domain-ip",
3279
- "sharing_group_id": "0",
3280
- "uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
3281
- },
3282
- "comment": "",
3283
- "deleted": false,
3284
- "event_id": "9747",
3285
- "id": "171",
3286
- "object_id": "1591",
3287
- "object_uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f",
3288
- "referenced_id": "1598",
3289
- "referenced_type": "1",
3290
- "referenced_uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f",
3291
- "relationship_type": "communicates-with",
3292
- "timestamp": "1513940753",
3293
- "uuid": "5a3ce711-a0dc-4dbe-b59e-495a950d210f"
3294
- }
3295
- ],
3296
- "comment": "Win32/Sednit.BG",
3297
- "deleted": false,
3298
- "description": "File object describing a file with meta-information",
3299
- "distribution": "5",
3300
- "event_id": "9747",
3301
- "id": "1591",
3302
- "meta-category": "file",
3303
- "name": "file",
3304
- "sharing_group_id": "0",
3305
- "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
3306
- "template_version": "8",
3307
- "timestamp": "1513940753",
3308
- "uuid": "5a3ce44a-ce70-42b7-80b8-c328950d210f"
3309
- },
3310
- {
3311
- "Attribute": [
3312
- {
3313
- "category": "Network activity",
3314
- "comment": "",
3315
- "deleted": false,
3316
- "disable_correlation": false,
3317
- "distribution": "5",
3318
- "event_id": "9747",
3319
- "id": "1189033",
3320
- "object_id": "1592",
3321
- "object_relation": "ip",
3322
- "sharing_group_id": "0",
3323
- "timestamp": "1513940362",
3324
- "to_ids": true,
3325
- "type": "ip-dst",
3326
- "uuid": "5a3ce58a-fcd8-48d5-8b4a-4fd9950d210f",
3327
- "value": "87.236.211.182"
3328
- },
3329
- {
3330
- "category": "Network activity",
3331
- "comment": "",
3332
- "deleted": false,
3333
- "disable_correlation": false,
3334
- "distribution": "5",
3335
- "event_id": "9747",
3336
- "id": "1189034",
3337
- "object_id": "1592",
3338
- "object_relation": "domain",
3339
- "sharing_group_id": "0",
3340
- "timestamp": "1513940362",
3341
- "to_ids": true,
3342
- "type": "domain",
3343
- "uuid": "5a3ce58a-6e14-48ea-9746-48f2950d210f",
3344
- "value": "servicecdp.com"
3345
- }
3346
- ],
3347
- "comment": "",
3348
- "deleted": false,
3349
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3350
- "distribution": "5",
3351
- "event_id": "9747",
3352
- "id": "1592",
3353
- "meta-category": "network",
3354
- "name": "domain-ip",
3355
- "sharing_group_id": "0",
3356
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3357
- "template_version": "5",
3358
- "timestamp": "1513940362",
3359
- "uuid": "5a3ce58a-3198-4cb8-9d51-44e5950d210f"
3360
- },
3361
- {
3362
- "Attribute": [
3363
- {
3364
- "category": "Network activity",
3365
- "comment": "",
3366
- "deleted": false,
3367
- "disable_correlation": false,
3368
- "distribution": "5",
3369
- "event_id": "9747",
3370
- "id": "1189035",
3371
- "object_id": "1593",
3372
- "object_relation": "ip",
3373
- "sharing_group_id": "0",
3374
- "timestamp": "1513940472",
3375
- "to_ids": true,
3376
- "type": "ip-dst",
3377
- "uuid": "5a3ce5f8-99b4-41a2-915a-4bf8950d210f",
3378
- "value": "95.215.45.43"
3379
- },
3380
- {
3381
- "category": "Network activity",
3382
- "comment": "",
3383
- "deleted": false,
3384
- "disable_correlation": false,
3385
- "distribution": "5",
3386
- "event_id": "9747",
3387
- "id": "1189036",
3388
- "object_id": "1593",
3389
- "object_relation": "domain",
3390
- "sharing_group_id": "0",
3391
- "timestamp": "1513940472",
3392
- "to_ids": true,
3393
- "type": "domain",
3394
- "uuid": "5a3ce5f8-62c8-4f04-89c2-4aeb950d210f",
3395
- "value": "wmdmediacodecs.com"
3396
- }
3397
- ],
3398
- "comment": "",
3399
- "deleted": false,
3400
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3401
- "distribution": "5",
3402
- "event_id": "9747",
3403
- "id": "1593",
3404
- "meta-category": "network",
3405
- "name": "domain-ip",
3406
- "sharing_group_id": "0",
3407
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3408
- "template_version": "5",
3409
- "timestamp": "1513940472",
3410
- "uuid": "5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
3411
- },
3412
- {
3413
- "Attribute": [
3414
- {
3415
- "category": "Network activity",
3416
- "comment": "",
3417
- "deleted": false,
3418
- "disable_correlation": false,
3419
- "distribution": "5",
3420
- "event_id": "9747",
3421
- "id": "1189037",
3422
- "object_id": "1594",
3423
- "object_relation": "ip",
3424
- "sharing_group_id": "0",
3425
- "timestamp": "1513940490",
3426
- "to_ids": true,
3427
- "type": "ip-dst",
3428
- "uuid": "5a3ce60a-cc50-4553-bfff-4ea9950d210f",
3429
- "value": "89.45.67.144"
3430
- },
3431
- {
3432
- "category": "Network activity",
3433
- "comment": "",
3434
- "deleted": false,
3435
- "disable_correlation": false,
3436
- "distribution": "5",
3437
- "event_id": "9747",
3438
- "id": "1189038",
3439
- "object_id": "1594",
3440
- "object_relation": "domain",
3441
- "sharing_group_id": "0",
3442
- "timestamp": "1513940491",
3443
- "to_ids": true,
3444
- "type": "domain",
3445
- "uuid": "5a3ce60b-e648-4667-8432-4ba8950d210f",
3446
- "value": "mvband.net"
3447
- }
3448
- ],
3449
- "comment": "",
3450
- "deleted": false,
3451
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3452
- "distribution": "5",
3453
- "event_id": "9747",
3454
- "id": "1594",
3455
- "meta-category": "network",
3456
- "name": "domain-ip",
3457
- "sharing_group_id": "0",
3458
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3459
- "template_version": "5",
3460
- "timestamp": "1513940490",
3461
- "uuid": "5a3ce60a-6db8-4212-b194-4339950d210f"
3462
- },
3463
- {
3464
- "Attribute": [
3465
- {
3466
- "category": "Network activity",
3467
- "comment": "",
3468
- "deleted": false,
3469
- "disable_correlation": false,
3470
- "distribution": "5",
3471
- "event_id": "9747",
3472
- "id": "1189039",
3473
- "object_id": "1595",
3474
- "object_relation": "ip",
3475
- "sharing_group_id": "0",
3476
- "timestamp": "1513940506",
3477
- "to_ids": true,
3478
- "type": "ip-dst",
3479
- "uuid": "5a3ce61a-4458-4c36-866e-44e9950d210f",
3480
- "value": "89.33.246.117"
3481
- },
3482
- {
3483
- "category": "Network activity",
3484
- "comment": "",
3485
- "deleted": false,
3486
- "disable_correlation": false,
3487
- "distribution": "5",
3488
- "event_id": "9747",
3489
- "id": "1189040",
3490
- "object_id": "1595",
3491
- "object_relation": "domain",
3492
- "sharing_group_id": "0",
3493
- "timestamp": "1513940506",
3494
- "to_ids": true,
3495
- "type": "domain",
3496
- "uuid": "5a3ce61a-f820-4a43-b3d9-47e5950d210f",
3497
- "value": "mvtband.net"
3498
- }
3499
- ],
3500
- "comment": "",
3501
- "deleted": false,
3502
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3503
- "distribution": "5",
3504
- "event_id": "9747",
3505
- "id": "1595",
3506
- "meta-category": "network",
3507
- "name": "domain-ip",
3508
- "sharing_group_id": "0",
3509
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3510
- "template_version": "5",
3511
- "timestamp": "1513940506",
3512
- "uuid": "5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
3513
- },
3514
- {
3515
- "Attribute": [
3516
- {
3517
- "category": "Network activity",
3518
- "comment": "",
3519
- "deleted": false,
3520
- "disable_correlation": false,
3521
- "distribution": "5",
3522
- "event_id": "9747",
3523
- "id": "1189041",
3524
- "object_id": "1596",
3525
- "object_relation": "ip",
3526
- "sharing_group_id": "0",
3527
- "timestamp": "1513940542",
3528
- "to_ids": true,
3529
- "type": "ip-dst",
3530
- "uuid": "5a3ce63e-66d4-483f-bae6-44f6950d210f",
3531
- "value": "87.236.211.182"
3532
- },
3533
- {
3534
- "category": "Network activity",
3535
- "comment": "",
3536
- "deleted": false,
3537
- "disable_correlation": false,
3538
- "distribution": "5",
3539
- "event_id": "9747",
3540
- "id": "1189042",
3541
- "object_id": "1596",
3542
- "object_relation": "domain",
3543
- "sharing_group_id": "0",
3544
- "timestamp": "1513940542",
3545
- "to_ids": true,
3546
- "type": "domain",
3547
- "uuid": "5a3ce63e-0d88-405b-82a9-43b5950d210f",
3548
- "value": "servicecdp.com"
3549
- }
3550
- ],
3551
- "comment": "",
3552
- "deleted": false,
3553
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3554
- "distribution": "5",
3555
- "event_id": "9747",
3556
- "id": "1596",
3557
- "meta-category": "network",
3558
- "name": "domain-ip",
3559
- "sharing_group_id": "0",
3560
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3561
- "template_version": "5",
3562
- "timestamp": "1513940542",
3563
- "uuid": "5a3ce63e-0240-46f5-b9ed-4759950d210f"
3564
- },
3565
- {
3566
- "Attribute": [
3567
- {
3568
- "category": "Network activity",
3569
- "comment": "",
3570
- "deleted": false,
3571
- "disable_correlation": false,
3572
- "distribution": "5",
3573
- "event_id": "9747",
3574
- "id": "1189043",
3575
- "object_id": "1597",
3576
- "object_relation": "ip",
3577
- "sharing_group_id": "0",
3578
- "timestamp": "1513940558",
3579
- "to_ids": true,
3580
- "type": "ip-dst",
3581
- "uuid": "5a3ce64e-d7a8-4817-a132-4c72950d210f",
3582
- "value": "185.156.173.70"
3583
- },
3584
- {
3585
- "category": "Network activity",
3586
- "comment": "",
3587
- "deleted": false,
3588
- "disable_correlation": false,
3589
- "distribution": "5",
3590
- "event_id": "9747",
3591
- "id": "1189044",
3592
- "object_id": "1597",
3593
- "object_relation": "domain",
3594
- "sharing_group_id": "0",
3595
- "timestamp": "1513940558",
3596
- "to_ids": true,
3597
- "type": "domain",
3598
- "uuid": "5a3ce64e-243c-4931-b733-403c950d210f",
3599
- "value": "runvercheck.com"
3600
- }
3601
- ],
3602
- "comment": "",
3603
- "deleted": false,
3604
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3605
- "distribution": "5",
3606
- "event_id": "9747",
3607
- "id": "1597",
3608
- "meta-category": "network",
3609
- "name": "domain-ip",
3610
- "sharing_group_id": "0",
3611
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3612
- "template_version": "5",
3613
- "timestamp": "1513940558",
3614
- "uuid": "5a3ce64e-8bf8-4dc6-be49-437f950d210f"
3615
- },
3616
- {
3617
- "Attribute": [
3618
- {
3619
- "category": "Network activity",
3620
- "comment": "",
3621
- "deleted": false,
3622
- "disable_correlation": false,
3623
- "distribution": "5",
3624
- "event_id": "9747",
3625
- "id": "1189045",
3626
- "object_id": "1598",
3627
- "object_relation": "ip",
3628
- "sharing_group_id": "0",
3629
- "timestamp": "1513940572",
3630
- "to_ids": true,
3631
- "type": "ip-dst",
3632
- "uuid": "5a3ce65c-bf78-4b78-bafd-4cf6950d210f",
3633
- "value": "191.101.31.96"
3634
- },
3635
- {
3636
- "category": "Network activity",
3637
- "comment": "",
3638
- "deleted": false,
3639
- "disable_correlation": false,
3640
- "distribution": "5",
3641
- "event_id": "9747",
3642
- "id": "1189046",
3643
- "object_id": "1598",
3644
- "object_relation": "domain",
3645
- "sharing_group_id": "0",
3646
- "timestamp": "1513940572",
3647
- "to_ids": true,
3648
- "type": "domain",
3649
- "uuid": "5a3ce65c-8140-4146-a927-45e4950d210f",
3650
- "value": "remsupport.org"
3651
- }
3652
- ],
3653
- "comment": "",
3654
- "deleted": false,
3655
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3656
- "distribution": "5",
3657
- "event_id": "9747",
3658
- "id": "1598",
3659
- "meta-category": "network",
3660
- "name": "domain-ip",
3661
- "sharing_group_id": "0",
3662
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3663
- "template_version": "5",
3664
- "timestamp": "1513940572",
3665
- "uuid": "5a3ce65c-fc40-4585-817e-4ca3950d210f"
3666
- },
3667
- {
3668
- "Attribute": [
3669
- {
3670
- "category": "Network activity",
3671
- "comment": "",
3672
- "deleted": false,
3673
- "disable_correlation": false,
3674
- "distribution": "5",
3675
- "event_id": "9747",
3676
- "id": "1189047",
3677
- "object_id": "1599",
3678
- "object_relation": "ip",
3679
- "sharing_group_id": "0",
3680
- "timestamp": "1513940591",
3681
- "to_ids": true,
3682
- "type": "ip-dst",
3683
- "uuid": "5a3ce66f-150c-43ec-a3ff-4aa5950d210f",
3684
- "value": "89.187.150.44"
3685
- },
3686
- {
3687
- "category": "Network activity",
3688
- "comment": "",
3689
- "deleted": false,
3690
- "disable_correlation": false,
3691
- "distribution": "5",
3692
- "event_id": "9747",
3693
- "id": "1189048",
3694
- "object_id": "1599",
3695
- "object_relation": "domain",
3696
- "sharing_group_id": "0",
3697
- "timestamp": "1513940591",
3698
- "to_ids": true,
3699
- "type": "domain",
3700
- "uuid": "5a3ce66f-466c-478e-8064-4b42950d210f",
3701
- "value": "viters.org"
3702
- }
3703
- ],
3704
- "comment": "",
3705
- "deleted": false,
3706
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3707
- "distribution": "5",
3708
- "event_id": "9747",
3709
- "id": "1599",
3710
- "meta-category": "network",
3711
- "name": "domain-ip",
3712
- "sharing_group_id": "0",
3713
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3714
- "template_version": "5",
3715
- "timestamp": "1513940590",
3716
- "uuid": "5a3ce66e-70b4-47e7-b965-46f6950d210f"
3717
- },
3718
- {
3719
- "Attribute": [
3720
- {
3721
- "category": "Network activity",
3722
- "comment": "",
3723
- "deleted": false,
3724
- "disable_correlation": false,
3725
- "distribution": "5",
3726
- "event_id": "9747",
3727
- "id": "1189049",
3728
- "object_id": "1600",
3729
- "object_relation": "ip",
3730
- "sharing_group_id": "0",
3731
- "timestamp": "1513940608",
3732
- "to_ids": true,
3733
- "type": "ip-dst",
3734
- "uuid": "5a3ce680-7b04-466d-b187-4301950d210f",
3735
- "value": "146.185.253.132"
3736
- },
3737
- {
3738
- "category": "Network activity",
3739
- "comment": "",
3740
- "deleted": false,
3741
- "disable_correlation": false,
3742
- "distribution": "5",
3743
- "event_id": "9747",
3744
- "id": "1189050",
3745
- "object_id": "1600",
3746
- "object_relation": "domain",
3747
- "sharing_group_id": "0",
3748
- "timestamp": "1513940608",
3749
- "to_ids": true,
3750
- "type": "domain",
3751
- "uuid": "5a3ce680-12f4-4001-9f86-4aa4950d210f",
3752
- "value": "myinvestgroup.com"
3753
- }
3754
- ],
3755
- "comment": "",
3756
- "deleted": false,
3757
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3758
- "distribution": "5",
3759
- "event_id": "9747",
3760
- "id": "1600",
3761
- "meta-category": "network",
3762
- "name": "domain-ip",
3763
- "sharing_group_id": "0",
3764
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3765
- "template_version": "5",
3766
- "timestamp": "1513940608",
3767
- "uuid": "5a3ce680-90d4-478d-95db-48a6950d210f"
3768
- },
3769
- {
3770
- "Attribute": [
3771
- {
3772
- "category": "Network activity",
3773
- "comment": "",
3774
- "deleted": false,
3775
- "disable_correlation": false,
3776
- "distribution": "5",
3777
- "event_id": "9747",
3778
- "id": "1189051",
3779
- "object_id": "1601",
3780
- "object_relation": "ip",
3781
- "sharing_group_id": "0",
3782
- "timestamp": "1513940621",
3783
- "to_ids": true,
3784
- "type": "ip-dst",
3785
- "uuid": "5a3ce68d-0108-4557-8921-4377950d210f",
3786
- "value": "86.106.131.141"
3787
- },
3788
- {
3789
- "category": "Network activity",
3790
- "comment": "",
3791
- "deleted": false,
3792
- "disable_correlation": false,
3793
- "distribution": "5",
3794
- "event_id": "9747",
3795
- "id": "1189052",
3796
- "object_id": "1601",
3797
- "object_relation": "domain",
3798
- "sharing_group_id": "0",
3799
- "timestamp": "1513940622",
3800
- "to_ids": true,
3801
- "type": "domain",
3802
- "uuid": "5a3ce68e-54d0-4c67-8c4c-4dea950d210f",
3803
- "value": "space-delivery.com"
3804
- }
3805
- ],
3806
- "comment": "",
3807
- "deleted": false,
3808
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3809
- "distribution": "5",
3810
- "event_id": "9747",
3811
- "id": "1601",
3812
- "meta-category": "network",
3813
- "name": "domain-ip",
3814
- "sharing_group_id": "0",
3815
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3816
- "template_version": "5",
3817
- "timestamp": "1513940621",
3818
- "uuid": "5a3ce68d-1940-4ea6-becd-44fe950d210f"
3819
- },
3820
- {
3821
- "Attribute": [
3822
- {
3823
- "category": "Network activity",
3824
- "comment": "",
3825
- "deleted": false,
3826
- "disable_correlation": false,
3827
- "distribution": "5",
3828
- "event_id": "9747",
3829
- "id": "1189054",
3830
- "object_id": "1602",
3831
- "object_relation": "ip",
3832
- "sharing_group_id": "0",
3833
- "timestamp": "1513940642",
3834
- "to_ids": true,
3835
- "type": "ip-dst",
3836
- "uuid": "5a3ce6a2-4a38-4b90-8d74-4f10950d210f",
3837
- "value": "89.34.111.160"
3838
- },
3839
- {
3840
- "category": "Network activity",
3841
- "comment": "",
3842
- "deleted": false,
3843
- "disable_correlation": false,
3844
- "distribution": "5",
3845
- "event_id": "9747",
3846
- "id": "1189055",
3847
- "object_id": "1602",
3848
- "object_relation": "domain",
3849
- "sharing_group_id": "0",
3850
- "timestamp": "1513940642",
3851
- "to_ids": true,
3852
- "type": "domain",
3853
- "uuid": "5a3ce6a2-ffa4-4afb-89ab-42a6950d210f",
3854
- "value": "satellitedeluxpanorama.com"
3855
- }
3856
- ],
3857
- "comment": "",
3858
- "deleted": false,
3859
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3860
- "distribution": "5",
3861
- "event_id": "9747",
3862
- "id": "1602",
3863
- "meta-category": "network",
3864
- "name": "domain-ip",
3865
- "sharing_group_id": "0",
3866
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3867
- "template_version": "5",
3868
- "timestamp": "1513940641",
3869
- "uuid": "5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
3870
- },
3871
- {
3872
- "Attribute": [
3873
- {
3874
- "category": "Network activity",
3875
- "comment": "",
3876
- "deleted": false,
3877
- "disable_correlation": false,
3878
- "distribution": "5",
3879
- "event_id": "9747",
3880
- "id": "1189056",
3881
- "object_id": "1603",
3882
- "object_relation": "ip",
3883
- "sharing_group_id": "0",
3884
- "timestamp": "1513940654",
3885
- "to_ids": true,
3886
- "type": "ip-dst",
3887
- "uuid": "5a3ce6ae-601c-44b8-8eec-4a5f950d210f",
3888
- "value": "185.216.35.26"
3889
- },
3890
- {
3891
- "category": "Network activity",
3892
- "comment": "",
3893
- "deleted": false,
3894
- "disable_correlation": false,
3895
- "distribution": "5",
3896
- "event_id": "9747",
3897
- "id": "1189057",
3898
- "object_id": "1603",
3899
- "object_relation": "domain",
3900
- "sharing_group_id": "0",
3901
- "timestamp": "1513940654",
3902
- "to_ids": true,
3903
- "type": "domain",
3904
- "uuid": "5a3ce6ae-3b00-420a-82fd-45fb950d210f",
3905
- "value": "webviewres.net"
3906
- }
3907
- ],
3908
- "comment": "",
3909
- "deleted": false,
3910
- "description": "A domain and IP address seen as a tuple in a specific time frame.",
3911
- "distribution": "5",
3912
- "event_id": "9747",
3913
- "id": "1603",
3914
- "meta-category": "network",
3915
- "name": "domain-ip",
3916
- "sharing_group_id": "0",
3917
- "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
3918
- "template_version": "5",
3919
- "timestamp": "1513940654",
3920
- "uuid": "5a3ce6ae-98d8-4270-b88f-47f2950d210f"
3921
- }
3922
- ],
3923
- "Org": {
3924
- "id": "2",
3925
- "name": "CIRCL",
3926
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3927
- },
3928
- "Orgc": {
3929
- "id": "2",
3930
- "name": "CIRCL",
3931
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3932
- },
3933
- "RelatedEvent": [
3934
- {
3935
- "Event": {
3936
- "Org": {
3937
- "id": "2",
3938
- "name": "CIRCL",
3939
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3940
- },
3941
- "Orgc": {
3942
- "id": "2",
3943
- "name": "CIRCL",
3944
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3945
- },
3946
- "analysis": "2",
3947
- "date": "2017-12-14",
3948
- "distribution": "3",
3949
- "id": "9616",
3950
- "info": "OSINT - Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure",
3951
- "org_id": "2",
3952
- "orgc_id": "2",
3953
- "published": false,
3954
- "threat_level_id": "3",
3955
- "timestamp": "1513674510",
3956
- "uuid": "5a329d19-03e0-4eaa-8b4d-4310950d210f"
3957
- }
3958
- },
3959
- {
3960
- "Event": {
3961
- "Org": {
3962
- "id": "2",
3963
- "name": "CIRCL",
3964
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3965
- },
3966
- "Orgc": {
3967
- "id": "2",
3968
- "name": "CIRCL",
3969
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3970
- },
3971
- "analysis": "2",
3972
- "date": "2017-12-07",
3973
- "distribution": "3",
3974
- "id": "9552",
3975
- "info": "OSINT - Master Channel: The Boleto Mestre Campaign Targets Brazil",
3976
- "org_id": "2",
3977
- "orgc_id": "2",
3978
- "published": false,
3979
- "threat_level_id": "3",
3980
- "timestamp": "1512657975",
3981
- "uuid": "5a2943a3-c574-44bb-8e68-45de950d210f"
3982
- }
3983
- },
3984
- {
3985
- "Event": {
3986
- "Org": {
3987
- "id": "2",
3988
- "name": "CIRCL",
3989
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3990
- },
3991
- "Orgc": {
3992
- "id": "2",
3993
- "name": "CIRCL",
3994
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
3995
- },
3996
- "analysis": "0",
3997
- "date": "2017-11-27",
3998
- "distribution": "3",
3999
- "id": "9513",
4000
- "info": "OSINT - Tizi: Detecting and blocking socially engineered spyware on Android",
4001
- "org_id": "2",
4002
- "orgc_id": "2",
4003
- "published": true,
4004
- "threat_level_id": "3",
4005
- "timestamp": "1512356440",
4006
- "uuid": "5a23a972-e6a0-4a05-b505-4e8f02de0b81"
4007
- }
4008
- },
4009
- {
4010
- "Event": {
4011
- "Org": {
4012
- "id": "2",
4013
- "name": "CIRCL",
4014
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4015
- },
4016
- "Orgc": {
4017
- "id": "2",
4018
- "name": "CIRCL",
4019
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4020
- },
4021
- "analysis": "2",
4022
- "date": "2017-11-07",
4023
- "distribution": "3",
4024
- "id": "9309",
4025
- "info": "OSINT - Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack",
4026
- "org_id": "2",
4027
- "orgc_id": "2",
4028
- "published": true,
4029
- "threat_level_id": "3",
4030
- "timestamp": "1511385862",
4031
- "uuid": "5a021bc2-8e0c-4ac5-b048-cc3e02de0b81"
4032
- }
4033
- },
4034
- {
4035
- "Event": {
4036
- "Org": {
4037
- "id": "291",
4038
- "name": "NCSC-NL",
4039
- "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4040
- },
4041
- "Orgc": {
4042
- "id": "291",
4043
- "name": "NCSC-NL",
4044
- "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4045
- },
4046
- "analysis": "2",
4047
- "date": "2017-10-23",
4048
- "distribution": "3",
4049
- "id": "9208",
4050
- "info": "Talos: \"Cyber Conflict\" Decoy Document Used In Real Cyber Conflict",
4051
- "org_id": "291",
4052
- "orgc_id": "291",
4053
- "published": true,
4054
- "threat_level_id": "2",
4055
- "timestamp": "1510088616",
4056
- "uuid": "59ed9c81-6484-47a9-aab4-191d0a950b0c"
4057
- }
4058
- },
4059
- {
4060
- "Event": {
4061
- "Org": {
4062
- "id": "2",
4063
- "name": "CIRCL",
4064
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4065
- },
4066
- "Orgc": {
4067
- "id": "2",
4068
- "name": "CIRCL",
4069
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4070
- },
4071
- "analysis": "2",
4072
- "date": "2017-08-11",
4073
- "distribution": "3",
4074
- "id": "8798",
4075
- "info": "OSINT - APT28 Targets Hospitality Sector, Presents Threat to Travelers",
4076
- "org_id": "2",
4077
- "orgc_id": "2",
4078
- "published": true,
4079
- "threat_level_id": "3",
4080
- "timestamp": "1502460096",
4081
- "uuid": "598db7fd-47a8-45f8-9414-408b02de0b81"
4082
- }
4083
- },
4084
- {
4085
- "Event": {
4086
- "Org": {
4087
- "id": "231",
4088
- "name": "kingfisherops.com",
4089
- "uuid": "566ff5f4-7020-4089-9003-4374950d210f"
4090
- },
4091
- "Orgc": {
4092
- "id": "204",
4093
- "name": "CERT-BUND",
4094
- "uuid": "56a64d7a-63dc-4471-bce9-4accc25ed029"
4095
- },
4096
- "analysis": "0",
4097
- "date": "2017-07-25",
4098
- "distribution": "3",
4099
- "id": "8750",
4100
- "info": "European Defence Agency lure drops mssuppa.dat",
4101
- "org_id": "231",
4102
- "orgc_id": "204",
4103
- "published": true,
4104
- "threat_level_id": "2",
4105
- "timestamp": "1500967989",
4106
- "uuid": "5976f294-a844-44fe-a4f0-6c67c25ed029"
4107
- }
4108
- },
4109
- {
4110
- "Event": {
4111
- "Org": {
4112
- "id": "277",
4113
- "name": "inthreat.com",
4114
- "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4115
- },
4116
- "Orgc": {
4117
- "id": "277",
4118
- "name": "inthreat.com",
4119
- "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4120
- },
4121
- "analysis": "2",
4122
- "date": "2017-05-11",
4123
- "distribution": "3",
4124
- "id": "7820",
4125
- "info": "APT28-Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy",
4126
- "org_id": "277",
4127
- "orgc_id": "277",
4128
- "published": true,
4129
- "threat_level_id": "2",
4130
- "timestamp": "1494824291",
4131
- "uuid": "59147a22-3100-4779-9377-360395ca48b7"
4132
- }
4133
- },
4134
- {
4135
- "Event": {
4136
- "Org": {
4137
- "id": "2",
4138
- "name": "CIRCL",
4139
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4140
- },
4141
- "Orgc": {
4142
- "id": "2",
4143
- "name": "CIRCL",
4144
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4145
- },
4146
- "analysis": "2",
4147
- "date": "2017-05-09",
4148
- "distribution": "3",
4149
- "id": "7801",
4150
- "info": "OSINT - EPS Processing Zero-Days Exploited by Multiple Threat Actors",
4151
- "org_id": "2",
4152
- "orgc_id": "2",
4153
- "published": true,
4154
- "threat_level_id": "3",
4155
- "timestamp": "1494354378",
4156
- "uuid": "59120865-27e0-4e6d-9b74-4a9f950d210f"
4157
- }
4158
- },
4159
- {
4160
- "Event": {
4161
- "Org": {
4162
- "id": "2",
4163
- "name": "CIRCL",
4164
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4165
- },
4166
- "Orgc": {
4167
- "id": "2",
4168
- "name": "CIRCL",
4169
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
4170
- },
4171
- "analysis": "0",
4172
- "date": "2016-12-29",
4173
- "distribution": "3",
4174
- "id": "5667",
4175
- "info": "OSINT - GRIZZLY STEPPE – Russian Malicious Cyber Activity",
4176
- "org_id": "2",
4177
- "orgc_id": "2",
4178
- "published": true,
4179
- "threat_level_id": "3",
4180
- "timestamp": "1494853878",
4181
- "uuid": "58658c15-54ac-43c3-9beb-414502de0b81"
4182
- }
4183
- },
4184
- {
4185
- "Event": {
4186
- "Org": {
4187
- "id": "277",
4188
- "name": "inthreat.com",
4189
- "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4190
- },
4191
- "Orgc": {
4192
- "id": "277",
4193
- "name": "inthreat.com",
4194
- "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4195
- },
4196
- "analysis": "2",
4197
- "date": "2016-12-20",
4198
- "distribution": "1",
4199
- "id": "5616",
4200
- "info": "APT28-The Sofacy Group's DealersChoice Attacks Continue",
4201
- "org_id": "277",
4202
- "orgc_id": "277",
4203
- "published": true,
4204
- "threat_level_id": "2",
4205
- "timestamp": "1494829249",
4206
- "uuid": "58594faf-e98c-4c03-a58c-43cf95ca48b7"
4207
- }
4208
- },
4209
- {
4210
- "Event": {
4211
- "Org": {
4212
- "id": "291",
4213
- "name": "NCSC-NL",
4214
- "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4215
- },
4216
- "Orgc": {
4217
- "id": "291",
4218
- "name": "NCSC-NL",
4219
- "uuid": "5697b0c4-9474-4336-b675-28140a950b0b"
4220
- },
4221
- "analysis": "1",
4222
- "date": "2016-11-09",
4223
- "distribution": "3",
4224
- "id": "5348",
4225
- "info": "[APT-28/Sofacy]Pawn Storm Ramps Up [European Government] Spear-phishing Before Zero-Days Get Patched",
4226
- "org_id": "291",
4227
- "orgc_id": "291",
4228
- "published": true,
4229
- "threat_level_id": "1",
4230
- "timestamp": "1481709638",
4231
- "uuid": "582341ff-0830-4b32-aaba-08640a950b0c"
4232
- }
4233
- },
4234
- {
4235
- "Event": {
4236
- "Org": {
4237
- "id": "74",
4238
- "name": "PwC.lu",
4239
- "uuid": "55f6ea61-4f74-40b6-a6df-4ff9950d210f"
4240
- },
4241
- "Orgc": {
4242
- "id": "325",
4243
- "name": "CUDESO",
4244
- "uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
4245
- },
4246
- "analysis": "2",
4247
- "date": "2016-11-09",
4248
- "distribution": "3",
4249
- "id": "5641",
4250
- "info": "Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched",
4251
- "org_id": "74",
4252
- "orgc_id": "325",
4253
- "published": true,
4254
- "threat_level_id": "2",
4255
- "timestamp": "1478712711",
4256
- "uuid": "58235d0e-34d4-41c1-9a2e-04dcc0a8ab16"
4257
- }
4258
- },
4259
- {
4260
- "Event": {
4261
- "Org": {
4262
- "id": "335",
4263
- "name": "Orange CERT-CC",
4264
- "uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
4265
- },
4266
- "Orgc": {
4267
- "id": "335",
4268
- "name": "Orange CERT-CC",
4269
- "uuid": "5707ccb5-e330-4e25-a193-41d4950d210f"
4270
- },
4271
- "analysis": "0",
4272
- "date": "2016-10-18",
4273
- "distribution": "0",
4274
- "id": "5163",
4275
- "info": "Orange-CERT-CC Test #01",
4276
- "org_id": "335",
4277
- "orgc_id": "335",
4278
- "published": false,
4279
- "threat_level_id": "3",
4280
- "timestamp": "1476782422",
4281
- "uuid": "5805e8a5-611c-498b-839b-bd57950d210f"
4282
- }
4283
- },
4284
- {
4285
- "Event": {
4286
- "Org": {
4287
- "id": "278",
4288
- "name": "TDC.dk",
4289
- "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4290
- },
4291
- "Orgc": {
4292
- "id": "278",
4293
- "name": "TDC.dk",
4294
- "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4295
- },
4296
- "analysis": "2",
4297
- "date": "2016-10-17",
4298
- "distribution": "3",
4299
- "id": "5165",
4300
- "info": "OSINT: ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform",
4301
- "org_id": "278",
4302
- "orgc_id": "278",
4303
- "published": true,
4304
- "threat_level_id": "1",
4305
- "timestamp": "1476789563",
4306
- "uuid": "580602f6-f8b8-4ac3-9813-7bf7bce2ab96"
4307
- }
4308
- },
4309
- {
4310
- "Event": {
4311
- "Org": {
4312
- "id": "412",
4313
- "name": "TS",
4314
- "uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
4315
- },
4316
- "Orgc": {
4317
- "id": "412",
4318
- "name": "TS",
4319
- "uuid": "57470e61-3384-491d-a56f-1bb75b86d7e5"
4320
- },
4321
- "analysis": "2",
4322
- "date": "2016-08-19",
4323
- "distribution": "1",
4324
- "id": "4710",
4325
- "info": "bullettin.doc sample, linked to APT28 campaign",
4326
- "org_id": "412",
4327
- "orgc_id": "412",
4328
- "published": true,
4329
- "threat_level_id": "1",
4330
- "timestamp": "1476776982",
4331
- "uuid": "57b7248f-283c-442e-8e02-2d0f5b86d7e5"
4332
- }
4333
- },
4334
- {
4335
- "Event": {
4336
- "Org": {
4337
- "id": "277",
4338
- "name": "inthreat.com",
4339
- "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4340
- },
4341
- "Orgc": {
4342
- "id": "277",
4343
- "name": "inthreat.com",
4344
- "uuid": "5697b91d-2090-441f-b153-75e895ca48b7"
4345
- },
4346
- "analysis": "2",
4347
- "date": "2016-06-20",
4348
- "distribution": "3",
4349
- "id": "4172",
4350
- "info": "APT28 and APT29 - Inside the DNC Breaches",
4351
- "org_id": "277",
4352
- "orgc_id": "277",
4353
- "published": true,
4354
- "threat_level_id": "2",
4355
- "timestamp": "1494829231",
4356
- "uuid": "5767c102-c170-4124-ae3d-7bef95ca48b7"
4357
- }
4358
- },
4359
- {
4360
- "Event": {
4361
- "Org": {
4362
- "id": "347",
4363
- "name": "incibe.es",
4364
- "uuid": "5720623c-129c-4989-ae9d-4a11950d210f"
4365
- },
4366
- "Orgc": {
4367
- "id": "665",
4368
- "name": "INCIBE",
4369
- "uuid": "56fa4fe4-f528-4480-8332-1ba3c0a80a8c"
4370
- },
4371
- "analysis": "2",
4372
- "date": "2016-06-16",
4373
- "distribution": "3",
4374
- "id": "6131",
4375
- "info": "New Sofacy (APT28) attacks against a US Government Agency",
4376
- "org_id": "347",
4377
- "orgc_id": "665",
4378
- "published": true,
4379
- "threat_level_id": "1",
4380
- "timestamp": "1488792538",
4381
- "uuid": "5762a86a-e314-4e4e-ba5a-51c5c0a80a8e"
4382
- }
4383
- },
4384
- {
4385
- "Event": {
4386
- "Org": {
4387
- "id": "26",
4388
- "name": "CthulhuSPRL.be",
4389
- "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
4390
- },
4391
- "Orgc": {
4392
- "id": "26",
4393
- "name": "CthulhuSPRL.be",
4394
- "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
4395
- },
4396
- "analysis": "2",
4397
- "date": "2016-06-15",
4398
- "distribution": "3",
4399
- "id": "3987",
4400
- "info": "OSINT New Sofacy Attacks Against US Government Agency by Palo Alto Unit 42",
4401
- "org_id": "26",
4402
- "orgc_id": "26",
4403
- "published": true,
4404
- "threat_level_id": "1",
4405
- "timestamp": "1466000907",
4406
- "uuid": "57613790-f6b4-4895-943f-4467950d210f"
4407
- }
4408
- },
4409
- {
4410
- "Event": {
4411
- "Org": {
4412
- "id": "278",
4413
- "name": "TDC.dk",
4414
- "uuid": "56a5d575-2ff4-4738-a2ee-59be950d210f"
4415
- },
4416
- "Orgc": {
4417
- "id": "325",
4418
- "name": "CUDESO",
4419
- "uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16"
4420
- },
4421
- "analysis": "2",
4422
- "date": "2016-06-14",
4423
- "distribution": "3",
4424
- "id": "4183",
4425
- "info": "New Sofacy Attacks Against US Government Agency",
4426
- "org_id": "278",
4427
- "orgc_id": "325",
4428
- "published": true,
4429
- "threat_level_id": "2",
4430
- "timestamp": "1467289109",
4431
- "uuid": "57607369-2490-444a-9034-049fc0a8ab16"
4432
- }
4433
- }
4434
- ],
4435
- "Tag": [
4436
- {
4437
- "colour": "#00d622",
4438
- "exportable": true,
4439
- "hide_tag": false,
4440
- "id": "2",
4441
- "name": "tlp:white",
4442
- "user_id": "0"
4443
- },
4444
- {
4445
- "colour": "#ef0081",
4446
- "exportable": true,
4447
- "hide_tag": false,
4448
- "id": "2986",
4449
- "name": "workflow:state=\"incomplete\"",
4450
- "user_id": "0"
4451
- },
4452
- {
4453
- "colour": "#810046",
4454
- "exportable": true,
4455
- "hide_tag": false,
4456
- "id": "2979",
4457
- "name": "workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
4458
- "user_id": "0"
4459
- },
4460
- {
4461
- "colour": "#91004e",
4462
- "exportable": true,
4463
- "hide_tag": false,
4464
- "id": "2980",
4465
- "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"",
4466
- "user_id": "0"
4467
- },
4468
- {
4469
- "colour": "#12e000",
4470
- "exportable": true,
4471
- "hide_tag": false,
4472
- "id": "1100",
4473
- "name": "misp-galaxy:threat-actor=\"Sofacy\"",
4474
- "user_id": "0"
4475
- },
4476
- {
4477
- "colour": "#0088cc",
4478
- "exportable": true,
4479
- "hide_tag": false,
4480
- "id": "3007",
4481
- "name": "misp-galaxy:exploit-kit=\"Sednit EK\"",
4482
- "user_id": "0"
4483
- },
4484
- {
4485
- "colour": "#0088cc",
4486
- "exportable": true,
4487
- "hide_tag": false,
4488
- "id": "2215",
4489
- "name": "misp-galaxy:tool=\"GAMEFISH\"",
4490
- "user_id": "0"
4491
- },
4492
- {
4493
- "colour": "#0088cc",
4494
- "exportable": true,
4495
- "hide_tag": false,
4496
- "id": "3008",
4497
- "name": "misp-galaxy:mitre-malware=\"JHUHUGIT\"",
4498
- "user_id": "0"
4499
- },
4500
- {
4501
- "colour": "#0c9900",
4502
- "exportable": true,
4503
- "hide_tag": false,
4504
- "id": "1012",
4505
- "name": "misp-galaxy:tool=\"X-Tunnel\"",
4506
- "user_id": "0"
4507
- },
4508
- {
4509
- "colour": "#0088cc",
4510
- "exportable": true,
4511
- "hide_tag": false,
4512
- "id": "3009",
4513
- "name": "misp-galaxy:mitre-malware=\"XTunnel\"",
4514
- "user_id": "0"
4515
- },
4516
- {
4517
- "colour": "#0088cc",
4518
- "exportable": true,
4519
- "hide_tag": false,
4520
- "id": "3010",
4521
- "name": "misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
4522
- "user_id": "0"
4523
- },
4524
- {
4525
- "colour": "#0088cc",
4526
- "exportable": true,
4527
- "hide_tag": false,
4528
- "id": "3011",
4529
- "name": "misp-galaxy:tool=\"EVILTOSS\"",
4530
- "user_id": "0"
4531
- },
4532
- {
4533
- "colour": "#0088cc",
4534
- "exportable": true,
4535
- "hide_tag": false,
4536
- "id": "3012",
4537
- "name": "misp-galaxy:mitre-malware=\"USBStealer\"",
4538
- "user_id": "0"
4539
- },
4540
- {
4541
- "colour": "#0c9800",
4542
- "exportable": true,
4543
- "hide_tag": false,
4544
- "id": "1011",
4545
- "name": "misp-galaxy:tool=\"X-Agent\"",
4546
- "user_id": "0"
4547
- },
4548
- {
4549
- "colour": "#0088cc",
4550
- "exportable": true,
4551
- "hide_tag": false,
4552
- "id": "3013",
4553
- "name": "misp-galaxy:mitre-malware=\"XAgentOSX\"",
4554
- "user_id": "0"
4555
- },
4556
- {
4557
- "colour": "#0088cc",
4558
- "exportable": true,
4559
- "hide_tag": false,
4560
- "id": "3014",
4561
- "name": "misp-galaxy:mitre-malware=\"CHOPSTICK\"",
4562
- "user_id": "0"
4563
- },
4564
- {
4565
- "colour": "#0088cc",
4566
- "exportable": true,
4567
- "hide_tag": false,
4568
- "id": "3015",
4569
- "name": "misp-galaxy:exploit-kit=\"DealersChoice\"",
4570
- "user_id": "0"
4571
- },
4572
- {
4573
- "colour": "#0088cc",
4574
- "exportable": true,
4575
- "hide_tag": false,
4576
- "id": "3016",
4577
- "name": "misp-galaxy:mitre-malware=\"Downdelph\"",
4578
- "user_id": "0"
4579
- }
4580
- ],
4581
- "analysis": "0",
4582
- "attribute_count": "122",
4583
- "date": "2017-12-21",
4584
- "disable_correlation": false,
4585
- "distribution": "3",
4586
- "event_creator_email": "alexandre.dulaunoy@circl.lu",
4587
- "id": "9747",
4588
- "info": "OSINT - Sednit update: How Fancy Bear Spent the Year",
4589
- "locked": false,
4590
- "org_id": "2",
4591
- "orgc_id": "2",
4592
- "proposal_email_lock": false,
4593
- "publish_timestamp": "0",
4594
- "published": false,
4595
- "sharing_group_id": "0",
4596
- "threat_level_id": "3",
4597
- "timestamp": "1513948642",
4598
- "uuid": "5a3c2fcd-8328-42bb-a95e-4f4402de0b81"
4599
- }