{ "Event": { "analysis": "0", "date": "2020-06-18", "extends_uuid": "", "info": "[CERT-FR] Le groupe cybercriminel Silence", "protected": false, "publish_timestamp": "1766038683", "published": true, "threat_level_id": "4", "timestamp": "1753922581", "uuid": "5eeb995f-c570-4242-94c6-79870aba047c", "Orgc": { "name": "CERT-FR", "uuid": "56bdf779-46f8-4353-bdf9-2bb95bce2212" }, "Tag": [ { "colour": "#f89595", "local": false, "name": "fr-classif:non-classifiees=\"NON-CLASSIFIEES\"", "relationship_type": "" }, { "colour": "#00714f", "local": false, "name": "cert-fr:fiabilite=\"Bonne\"", "relationship_type": "" }, { "colour": "#26d275", "local": false, "name": "misp-galaxy:threat-actor=\"Silence group\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "PAP:CLEAR", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "cossi:TLP=\"white\"", "relationship_type": "" }, { "colour": "#008e63", "local": false, "name": "cossi:RechercheSourceOuverte=\"Autorisee\"", "relationship_type": "" }, { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "comment", "uuid": "effb0b42-9d11-4107-9eb6-092e0ca028c7", "value": "Silence est un groupe de cybercriminels suppos\u00e9ment russophone, actif depuis 2016, et ciblant des institutions financi\u00e8res \u00e0 travers le monde.", "Tag": [ { "colour": "#00af7a", "local": false, "name": "DescriptionTechnique", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Silence.Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "ab111bd5-f505-4733-adf3-217f5226dfa7", "value": "5.39.30.110" }, { "category": "Network activity", "comment": "Silence.Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "83d39669-c2a1-48a9-8d9e-28c78205bf7f", "value": "54.36.191.97" }, { "category": "Network activity", "comment": "Silence.Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "e00c43c5-2721-47c7-89fa-9059fe9f46d5", "value": "164.132.228.29" }, { "category": "Network activity", "comment": "Silence.Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "d12438f1-b465-4f36-bac1-80acafdd98bf", "value": "137.74.224.142" }, { "category": "Network activity", "comment": "Silence.Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "42908c70-e087-42b3-8fe7-f8501c63b7c7", "value": "92.222.68.32" }, { "category": "Network activity", "comment": "Exploit", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "01767c28-1952-4ce1-9979-09611a22b2c9", "value": "139.99.156.100" }, { "category": "Network activity", "comment": "Meterpreter", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "d122e843-aaf8-4d9c-b330-d8017a668823", "value": "149.56.131.140" }, { "category": "Network activity", "comment": "Exploit CVE-2017-0199", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "78f7cbee-9157-49d5-9942-1b86e4c1397c", "value": "51.255.200.161" }, { "category": "Network activity", "comment": "pakovelli@mail.com", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "0d122218-2730-4d31-aab9-a2e627c99ee5", "value": "109.13.212.72" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "ad4bd74f-e519-4150-a9c6-fa7cc11828a4", "value": "217.160.233.141" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498527", "to_ids": true, "type": "ip-dst", "uuid": "81d5bfd4-cc99-426d-b5fb-cc5d099be19c", "value": "187.70.187.188" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "3f6ba131-48a4-41de-a185-2a314a6c4f6e", "value": "185.70.186.146" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "825329bc-3418-4b7c-a906-cf29e9e10705", "value": "185.36.19.42" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "668c6a40-30d6-4969-a723-61abf15c8fa0", "value": "185.175.58.136" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "b3eec42e-f799-4f07-9c11-6998718bc581", "value": "185.29.8.45" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "f2bf27d6-88ee-464b-a05a-3c11657508c6", "value": "5.39.218.210" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "9d830b89-0928-4b2a-9cd8-1609dc4c8a01", "value": "5.188.231.47" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "0cbd2c9a-5851-4304-a5c1-46e4556b01b4", "value": "185.70.184.32" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "a358dee6-affb-4569-a3f8-04ace3dd7ca5", "value": "185.20.187.89" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "f4f24f45-b526-4255-84c1-a5ac83226b01", "value": "193.109.69.5" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "b891a266-c8ce-4f84-b406-bc1438e0e324", "value": "185.29.9.41" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "5ee1f882-e086-4976-baf3-dcd99f2e9c03", "value": "185.161.208.9" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "ca54afa6-65a3-4cca-8b3e-7a0724575de2", "value": "185.70.186.149" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "e4f10c32-b96d-4194-b6c8-35294e96cb30", "value": "185.70.186.151" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "42bb0a7e-f9ee-455b-a45f-d99313a96ff3", "value": "151.248.115.41" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "c244570f-3d36-4082-8583-00c4541a1c47", "value": "185.154.52.83" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "aae17331-433b-4fcb-a7f4-af44a9c8ac54", "value": "185.154.52.142" }, { "category": "Network activity", "comment": "Source : Group-IB", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "ip-dst", "uuid": "36b55174-6755-4a48-8634-bff434ec372a", "value": "185.236.76.216" }, { "category": "Network activity", "comment": "r\u00e9soud l'ip 5.39.30.110 (C2) entre 2012 et juin 2019", "deleted": false, "disable_correlation": false, "timestamp": "1592498528", "to_ids": true, "type": "domain", "uuid": "c5483dba-4837-493b-bbfe-9a2ac8f18591", "value": "cours-a-domicile.fr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1592841698", "to_ids": true, "type": "comment", "uuid": "5f7074cb-0ac2-45e3-85f9-c7eefba54b46", "value": "2019-01-01", "Tag": [ { "colour": "#000000", "local": false, "name": "cert-fr:relevantTimespan=\"from\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "File Name: 'app.exe'\r\nFile Size: 117248 ProxyBot, 2019-01-17", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557881", "uuid": "f9118f68-a5c0-4f3f-b2a8-8b1a6d327933", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557881", "to_ids": true, "type": "md5", "uuid": "a8146329-fa07-4b84-8b24-83e6b8fc3dc3", "value": "9b38aa473fde5803c87f6f29a8241abe", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557881", "to_ids": true, "type": "sha1", "uuid": "17ee3d38-cdd3-4788-8e86-a778170cc5cf", "value": "7067326bf1efd4898afa4318b1b1ceba0da86bb3", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557881", "to_ids": true, "type": "sha256", "uuid": "1aea363a-6d42-4505-ac11-7d5b345fac4c", "value": "0dc3422709765715812581d5c7ff85c40264933e6e530b911e73a09181bf2e3d", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557882", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec813a-13dc-425c-a6d8-c4050aba047c", "value": "117248" } ] }, { "comment": "File Name: 'winss.exe'\r\nFile Size: 117248 ProxyBot, 2019-09-17", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592558089", "uuid": "71d0cb72-c478-4123-a98f-893ed1676cb9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592558089", "to_ids": true, "type": "md5", "uuid": "ebd8c49a-7b43-4daa-8b5f-42e186014959", "value": "3f5372c2776e5cc8aec8a7107f49cf8a", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592558089", "to_ids": true, "type": "sha1", "uuid": "a29d05d2-d04a-4b5b-b607-d6ebcdced965", "value": "5a7a2fcd906062f2c9e3bc5edf2b82741fc0658b", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592558089", "to_ids": true, "type": "sha256", "uuid": "d442e0b2-31c7-4f8e-b784-e97e6736a313", "value": "14696a979206432f9bbd74f3cdf27bc22dcaf5889e33b612ca27065d1af5769e", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592558090", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec820a-482c-4446-801d-c3cf0aba047c", "value": "117248" } ] }, { "comment": "File Name: 'printsrv.exe'\r\nFile Size: 117248 ProxyBot, 2019-09-26", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592558076", "uuid": "bb27e24e-e6a9-40a8-be62-b150795ce0fa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592558076", "to_ids": true, "type": "md5", "uuid": "345f98b1-4bb0-4312-bb70-1e9581e83f65", "value": "1136c47332daa275d2ecc179a0bf4c0c", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592558076", "to_ids": true, "type": "sha1", "uuid": "cffa698e-f399-4088-a4fa-7d66fa09b60d", "value": "f4277cc5c755d90405a3b15201a1b4ed398deb61", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592558076", "to_ids": true, "type": "sha256", "uuid": "bf56c314-7daf-477e-85de-6053e35f0cde", "value": "21176810b854c2253f522e71039c9344b81eff697b7a36abd86ab6c220ea23dc", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592558076", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec81fc-37b4-494e-bda5-c3d20aba047c", "value": "117248" } ] }, { "comment": "File Name: 'app.exe'\r\nFile Size: 117248 ProxyBot, 2019-09-26", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592558059", "uuid": "af10bb81-3b28-4c92-b5e7-976e3263547e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592558059", "to_ids": true, "type": "md5", "uuid": "1838e690-0f08-4984-89ed-e37fd6bdbcd9", "value": "2fe01a04d6beef14555b2cf9a717615c", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592558059", "to_ids": true, "type": "sha1", "uuid": "31b92675-09ec-4508-97af-09a0f0428cc1", "value": "08c985a9187d3823d89c16f479a56181559681ae", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592558059", "to_ids": true, "type": "sha256", "uuid": "e755aff7-deaf-49fc-a075-5c461fe23bbc", "value": "3b84b2948b95c291986b793e1d8e935792c298ee6b5bdd05b4d908738bf40156", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592558059", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec81eb-c144-4490-b9eb-264a0aba047c", "value": "117248" } ] }, { "comment": "File Name: 'samsung.exe'\r\nFile Size: 117248 ProxyBot, 2017-10-23", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592558046", "uuid": "60443dd6-7cf3-4962-8fe4-a937d1e104e0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592558046", "to_ids": true, "type": "md5", "uuid": "4dc4dc4c-4e68-43e4-8306-989d040b313f", "value": "121c7a3f139b1cc3d0bf62d951bbe5cb", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592558046", "to_ids": true, "type": "sha1", "uuid": "33014358-2a8d-4294-879f-df8857cd89ae", "value": "9bbbde6f0b574cd7fb5c9c752ae33393b82878a0", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592558046", "to_ids": true, "type": "sha256", "uuid": "04c2a809-8f9f-4028-ab83-d204c468f566", "value": "628172ab0dc7360ebc49ec15f6197d7f26f6e06c370aad9c55e5e87542bcb4ec", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592558046", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec81de-4a90-4c18-83c1-c4050aba047c", "value": "117248" } ] }, { "comment": "File Name: 'apps.exe'\r\nFile Size: 117248 ProxyBot, 2018-01-17", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592558033", "uuid": "728cca71-f107-47ff-91a4-90c56875ec2d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592558033", "to_ids": true, "type": "md5", "uuid": "29f854bb-8d0a-4229-a0aa-9254f529799c", "value": "d9a80697b07f7cfcc5c78a33f561cfbb", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592558033", "to_ids": true, "type": "sha1", "uuid": "d2231936-ed64-4636-b7ab-3a3bf341f12d", "value": "e83e6946bd81b55d834618a18213ce1a6c50abe0", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592558033", "to_ids": true, "type": "sha256", "uuid": "98cc7cb2-d12a-4348-b7e0-599bf3996285", "value": "80fcfc8d923f8ba8b16f1336160feb86d703407ea582cf5fe9ac9a338638cbc3", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592558033", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec81d1-dd78-4b23-8018-c3d20aba047c", "value": "117248" } ] }, { "comment": "File Name: 'app.exe'\r\nFile Size: 117248 ProxyBot, 2018-03-23", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592558015", "uuid": "f208daeb-5e5f-44c5-bc3f-946612ae8368", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592558015", "to_ids": true, "type": "md5", "uuid": "39981c5e-b275-400b-a74f-4a86a1de294a", "value": "a6771cafd7114df25ac0ef2688722fdf", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592558015", "to_ids": true, "type": "sha1", "uuid": "6445e61b-49a8-4008-9096-48acc5d8b445", "value": "69ff11f086e167f8d2f6849dbe6061f492327b94", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592558015", "to_ids": true, "type": "sha256", "uuid": "435804c7-1ffa-4a94-b524-ecbe054f242f", "value": "92200067104192655a5e2c90d2eec4c31470885996a62eddaa21346fd72633e8", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592558015", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec81bf-cd60-4b17-8125-264a0aba047c", "value": "117248" } ] }, { "comment": "File Name: 'sok83.exe'\r\nFile Size: 117760 ProxyBot, 2016-08-01", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557997", "uuid": "58ef928e-9f3a-46bc-89aa-715f3f368f19", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557997", "to_ids": true, "type": "md5", "uuid": "11030032-f06e-426f-9e95-f9f4d5c64eb9", "value": "dc4ac53350cc4b30839db19d8d6f3b5f", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557997", "to_ids": true, "type": "sha1", "uuid": "69fbaf20-d042-4c5f-93be-f08f4440f037", "value": "7e107326a265ddb22e1c92b88c9105fcf3346a8b", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557997", "to_ids": true, "type": "sha256", "uuid": "e6d3fb69-3da7-4885-bbd9-3a123e24a7b2", "value": "938c40310999d34a00055365a6f6739495b5f305d7da3068f6f86b4e7d80d137", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557998", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec81ae-4174-4283-8ce2-c3d10aba047c", "value": "117760" } ] }, { "comment": "File Name: 'application_client.exe'\r\nFile Size: 117760 ProxyBot, 2016-05-04", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557980", "uuid": "88f0a1ae-7774-47d2-9e03-a08f041e5396", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557980", "to_ids": true, "type": "md5", "uuid": "c6fa3225-302a-4149-9dd3-c112e981f5e3", "value": "131014834d9b3d3e93c31553398ae524", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557980", "to_ids": true, "type": "sha1", "uuid": "bc696ca8-f0c8-4596-8368-7979397fc73c", "value": "7fd7481f11f3d41dc6184a867ad4970f7f7c05b3", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557980", "to_ids": true, "type": "sha256", "uuid": "6e1078a5-0573-4d63-a78d-908f8737703b", "value": "9acc58f99eac029f730a8e984cbc77c927d48cd590a0271d320acf5731902ad3", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557980", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec819c-4ff0-4f0d-bd0e-c3cf0aba047c", "value": "117760" } ] }, { "comment": "File Name: 'inteldrv.exe'\r\nFile Size: 117248 ProxyBot, 2019-09-24", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557966", "uuid": "f875e278-ea11-417f-a076-632f742d2f29", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557966", "to_ids": true, "type": "md5", "uuid": "a067ff45-fb98-4ca4-8577-f6efeae9b0c9", "value": "043b383e895a26848bef90abb8da2216", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557966", "to_ids": true, "type": "sha1", "uuid": "206f70bc-4a6d-443b-a15d-e3d9cc63f8a4", "value": "3727cf8ca830f067a65e446977292159baa2573d", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557966", "to_ids": true, "type": "sha256", "uuid": "6c6bd507-a436-4d1c-b0a4-a22353449d0a", "value": "ae88e45b7e1c92b0e2a8e6c8f969bbdd0b260660a42468e5c61fa6ab834678ff", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557966", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec818e-dc2c-48b4-ae03-94a90aba047c", "value": "117248" } ] }, { "comment": "File Name: 'apcs.exe'\r\nFile Size: 117248 ProxyBot, 2016-07-12", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557950", "uuid": "b7c1a8d6-03ea-46a3-a0df-0ef72f5c8cab", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557950", "to_ids": true, "type": "md5", "uuid": "44e70d5e-87ae-41c1-90c5-8b3230ad9765", "value": "88cb1babb591381054001a7a588f7a28", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557950", "to_ids": true, "type": "sha1", "uuid": "f1fa14ae-cff5-46da-a209-780310dd746e", "value": "22d27a623118b8b6e5638b9ca4f975809951fd80", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557950", "to_ids": true, "type": "sha256", "uuid": "fbe918cc-504d-48ac-bdcc-ab0f05e00b61", "value": "b7e2df9bdbff5c577d7afe9e3ceb7a1ff337e6b19eab9a319c4e033dae16f37c", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557951", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec817f-b80c-459b-b5de-c3d20aba047c", "value": "117248" } ] }, { "comment": "File Name: 'test.exe'\r\nFile Size: 117248 ProxyBot, 2019-09-30", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557935", "uuid": "9a9ea373-46b8-4d1a-a260-4920c0131836", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557935", "to_ids": true, "type": "md5", "uuid": "283f36fa-a532-480a-a20a-78883027e460", "value": "7eee932149002f53b33b6f71d3f25fa8", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557935", "to_ids": true, "type": "sha1", "uuid": "63695f1f-ccf6-42e3-b7de-aa90556ebdfa", "value": "76dec76d27f7fea40a1152893d9f5152498d853b", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557935", "to_ids": true, "type": "sha256", "uuid": "c50ab66a-742f-4f9e-abb0-fe929f6fdc8d", "value": "daa1e35545004045a36753ae1af8d6d840141519a61f95bdf9a71d42b7b478c4", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557935", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec816f-1a80-47ef-acb8-9ab40aba047c", "value": "117248" } ] }, { "comment": "File Name: 'aps.exe'\r\nFile Size: 117248 ProxyBot, 2018-10-25", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557919", "uuid": "8c54cfcf-2625-4ee7-8af9-a9a652026072", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557919", "to_ids": true, "type": "md5", "uuid": "d62decfc-d499-4fd9-b4ea-75a2f384dad5", "value": "b33cd8d369a7167351c69fe57bae0bb1", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557919", "to_ids": true, "type": "sha1", "uuid": "8d5c7f5c-889c-4f26-812b-dfa7ddec5897", "value": "325504b23944b32ecd93579a470e51d6c0a49bfd", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557919", "to_ids": true, "type": "sha256", "uuid": "de6596d8-7e69-4f7d-889c-c6e463b9b1fa", "value": "eb1603d2619a3e736a52ca4fa3ca942eea0349908c482eb004b45f6f820edb77", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557919", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec815f-0038-48f9-ac2b-c86c0aba047c", "value": "117248" } ] }, { "comment": "File Name: 'SocksTest.exe'\r\nFile Size: 49086 ProxyBot.net,2019-09-06", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557902", "uuid": "d67f6c8e-27d9-46e4-9351-a9029942a3ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557902", "to_ids": true, "type": "md5", "uuid": "69648f1f-4389-40c6-be63-f14ed319fa1d", "value": "ad9486794e2bbf2cb74e1940af5b79dd", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557902", "to_ids": true, "type": "sha1", "uuid": "b413d16c-e283-4323-9229-679fd79b1fdb", "value": "e760443ecf79cd13604cb00313937e75d4f66251", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557902", "to_ids": true, "type": "sha256", "uuid": "9b7dda1d-bd43-4539-93f3-67dee13477b6", "value": "6297365b051179d0ad0c47e5840bad4ae306f4f218ddc6b51473e6df6d9ae62a", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557902", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec814e-89bc-4d55-88cc-264a0aba047c", "value": "49086" } ] }, { "comment": "File Name: 'SocksTest.exe', 'Sgx.exe', 'ctr.exe'\r\nFile Size: 67072 ProxyBot.net,2019-01-22", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557864", "uuid": "a25c80bf-03b2-487f-a4c4-b5724dc226f5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557864", "to_ids": true, "type": "md5", "uuid": "7720fec7-1ceb-474f-9d40-7ed2312c9bc1", "value": "3ff094c23e3e2bc87c14774a021a2d56", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557864", "to_ids": true, "type": "sha1", "uuid": "77865379-fb9f-46dc-b492-af22aa61f543", "value": "2a54b8216b96897f9f5c31992ea0d6b43b96f32b", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557864", "to_ids": true, "type": "sha256", "uuid": "d79a2621-1d1b-4cd5-9d4f-e7010e34f1ee", "value": "67de8adb2cc41af5306645aa05b3b658f1781c2415e459a5b7a139569b0d8d57", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557865", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8129-a304-4557-a85f-c3cf0aba047c", "value": "67072" } ] }, { "comment": "File Name: 'SocksTest.exe', 'apps.exe'\r\nFile Size: 62392 ProxyBot.net,2017-07-06", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557531", "uuid": "7705bafb-cdaf-4e40-86e4-e24c88069b74", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557531", "to_ids": true, "type": "md5", "uuid": "6698f72a-86f0-4d90-a2b5-afa75d009253", "value": "8191dae4bdeda349bda38fd5791cb66f", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557531", "to_ids": true, "type": "sha1", "uuid": "8a8f944e-8260-43d4-9d89-0c54adb744d2", "value": "6779c673839bc62199933b9bd8a86dbcc34d475a", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557531", "to_ids": true, "type": "sha256", "uuid": "1a8b3977-c38b-4733-ab18-94b660e2eb24", "value": "730969d84e8a843ebe4b8adea0489710dd854dd8b5f702ac9765865ba0e61d5f", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557531", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec7fdb-2dec-4dce-b696-c46c0aba047c", "value": "62392" } ] }, { "comment": "File Name: 'SocksTest.exe' File Size: 90112 ProxyBot.net,2019-03-12", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557834", "uuid": "d8f5ffd1-3b10-425b-a46c-87f1a8b9af1c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557834", "to_ids": true, "type": "md5", "uuid": "f11b3ed9-a9f8-46f8-a3f1-6660bafc8685", "value": "e262b258489d57d2c30c893bf5a15f83", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557834", "to_ids": true, "type": "sha1", "uuid": "ee6e5313-1e0c-435f-a118-dd580c9c3e30", "value": "369f1e61fb89f651be5771dcfeaa172ba52b7de8", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557834", "to_ids": true, "type": "sha256", "uuid": "193ca8a0-cc59-4826-b546-eb35f971cf08", "value": "816ca3c440d95809757c8cdb4644de6aded8ba1412e493421f72265cd9f084c2", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557834", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec810a-42cc-457c-912c-c3d20aba047c", "value": "90112" } ] }, { "comment": "File Name: 'SocksTest.exe', 'SvcCore.exe'\r\nFile Size: 49072 ProxyBot.net,2019-03-18", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557737", "uuid": "ae81e684-053a-4ed6-854d-18cc08755fc5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557737", "to_ids": true, "type": "md5", "uuid": "3ead660a-7f80-4a4e-8c71-0314dad7fb54", "value": "9065d850e48638000694e0941c881d73", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557737", "to_ids": true, "type": "sha1", "uuid": "0de62543-2478-4abb-bf35-ee1b8f095fbf", "value": "5fcb0495cf70946cf606b95b51ead132e4dded3e", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557737", "to_ids": true, "type": "sha256", "uuid": "55ff1e6b-bcf8-4e3a-82bb-0612f1ebbb9a", "value": "817d39283306200c1c4526e18427a7295164e19d2a5cc8839194747f441b73b0", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557737", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec80a9-45bc-412a-a83e-9ab40aba047c", "value": "49072" } ] }, { "comment": "File Name: 'SocksTest.exe', '1'\r\nFile Size: 58256 ProxyBot.net,2019-06-05", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557721", "uuid": "72e0b710-7a74-46b3-a31c-4ae7fb6b864b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557721", "to_ids": true, "type": "md5", "uuid": "9011eeca-2082-47a3-a9f0-143bb893c5a4", "value": "7e60310609e7b00da2f7a669ebd2b547", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557721", "to_ids": true, "type": "sha1", "uuid": "b96ec9fb-1436-406c-8214-aefcfe1bbfa8", "value": "e2955b716250ec0f25510e5bc2ca05fa037ffdad", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557721", "to_ids": true, "type": "sha256", "uuid": "5c7e937f-9510-4701-a157-813843638f59", "value": "9066bd2f52e06497b110b60c4031fecb398eeeab6434543fb3a3d05329427778", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557721", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8099-88a8-4837-8370-c3d10aba047c", "value": "58256" } ] }, { "comment": "File Name: 'SocksTest.exe', '2', '1'\r\nFile Size: 58259 ProxyBot.net,2019-05-13", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557703", "uuid": "b886aa18-437d-4750-8e21-d7ac54b175ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557703", "to_ids": true, "type": "md5", "uuid": "45ac6968-4cce-4192-a384-5301e847c3b3", "value": "08f03feeed1aa88f35d5675713572898", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557703", "to_ids": true, "type": "sha1", "uuid": "6ac1cffb-69d4-4f8c-a46e-5fe19e68175e", "value": "0f5cf45240401aad6ea2118f99eb3fceca9d23e4", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557703", "to_ids": true, "type": "sha256", "uuid": "0657ebff-1abf-4f2e-8e5a-bfc32b2a4cc1", "value": "c6652df62d738c02458f577ceda17530c1d0af99526a5c9f8f8652b20a636d9b", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557703", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8087-7f34-46ef-8aea-c86c0aba047c", "value": "58259" } ] }, { "comment": "File Name: 'SocksTest.exe'\r\nFile Size: 81920 ProxyBot.net,2019-03-12", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557688", "uuid": "001034e5-cae6-4223-b262-44179a77463a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557688", "to_ids": true, "type": "md5", "uuid": "36471f9c-1cd8-4529-bb44-5f854dd14f37", "value": "10d3d4c6f91b3e44dcb2eb9f9411f865", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557688", "to_ids": true, "type": "sha1", "uuid": "c4ed5eed-b85e-421d-8091-7eb2c2917c35", "value": "cab52c636a4b540661badf7da453eaf52bf1afef", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557688", "to_ids": true, "type": "sha256", "uuid": "a2d2e5e5-a191-422c-adb3-d1cf5b05a504", "value": "d24a65be7b98ce6b9c26f14af3cfe8d736ff102f291f31f5bee9cc90561d91c0", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557688", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8078-c960-4bf8-aa2c-c86c0aba047c", "value": "81920" } ] }, { "comment": "File Name: 'SocksTest.exe', 'sapp.exe'\r\nFile Size: 56767 ProxyBot.net,2018-03-19", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557669", "uuid": "ce4d7dfa-19e6-4e28-9e2a-bdf7fa982b7b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557669", "to_ids": true, "type": "md5", "uuid": "939a0a59-18b2-4271-990c-c912f4a21abd", "value": "50565c4b80f41d2e7eb989cd24082aab", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557669", "to_ids": true, "type": "sha1", "uuid": "ba19e48a-f34d-4219-a6d5-e2ff070789c4", "value": "5a4a1a46794941577e262c4f6899964977179d4f", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557669", "to_ids": true, "type": "sha256", "uuid": "e46243dc-d6f8-41a5-874a-8ec8dcf02124", "value": "ddcc0d8eb861b596b46971adc301431b84ab43d53c1a7ae9da354786b5d4273b", "Tag": [ { "colour": "#e200a3", "local": false, "name": "kill-chain:Command and Control", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557669", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8065-485c-4363-80bc-94a90aba047c", "value": "56767" } ] }, { "comment": "File Name: 'netsrvc32.exe'\r\nFile Size: 201216 Silence.MainModule,2017-07-05", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557652", "uuid": "2abe5865-7759-4683-8629-4578c36de3ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557652", "to_ids": true, "type": "md5", "uuid": "af11b6ce-c33b-490d-a36c-bea1315dff4c", "value": "cfffc5a0e5bdc87ab11b75ec8a6715a4", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557652", "to_ids": true, "type": "sha1", "uuid": "4709f0de-4585-483f-bd72-c81a468bdebf", "value": "2f622723cfa93d1e55807383e838cb893d84fdf7", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557652", "to_ids": true, "type": "sha256", "uuid": "7e5299f1-1039-4620-b071-4ddf06f9009c", "value": "1efd68cd651c6e7ee0b6849286b39627e8b8394bc3229e48a1a584695b5c7c59", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557652", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8054-869c-4500-b6ce-c3d20aba047c", "value": "201216" } ] }, { "comment": "File Name: 'srv_cons.exe'\r\nFile Size: 201216 Silence.MainModule,2017-07-05", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557636", "uuid": "dd97c94a-7e0f-489f-9963-b0a387fcbf69", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557636", "to_ids": true, "type": "md5", "uuid": "5908cf1d-0457-4104-8d44-8394c2b45f4a", "value": "b43f65492f2f374c86998bd8ed39bfdd", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557636", "to_ids": true, "type": "sha1", "uuid": "c597d801-df4c-4771-86e7-44863f6daab3", "value": "404d30fd9d9d97dc93d105cfbc0cdfd3d514fe24", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557636", "to_ids": true, "type": "sha256", "uuid": "bcad428b-6b6c-49a5-9d2a-35a38d740b98", "value": "31395b919164e51c2ae5cfbcfc801e1b0465e0b7367189272b4375037ec82824", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557636", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8044-4964-49c2-a22f-264a0aba047c", "value": "201216" } ] }, { "comment": "File Size: 198656 Silence.MainModule,2017-11-22", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557620", "uuid": "2ae14824-99cb-4a77-8d01-ad4c42dd61e7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557620", "to_ids": true, "type": "md5", "uuid": "2ee659fc-d72b-4da0-889b-25712c71b1f8", "value": "a3de4a1e5b66d96183ad42800d6be862", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557620", "to_ids": true, "type": "sha1", "uuid": "68b490e3-80f9-4e55-8aa9-f2a1d9bd8183", "value": "1d65dcc1de578964c2cfe898f970822eedb2d8d4", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557620", "to_ids": true, "type": "sha256", "uuid": "a7060df1-68d1-4689-8abb-8655e291b740", "value": "60706983b0fd6ae95f982c9b63c9fdbb5cb10e65b2ee654f10581e41dd032a58", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557620", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8034-c488-45a8-9dd6-dada0aba047c", "value": "198656" } ] }, { "comment": "File Name: '2'\r\nFile Size: 86016 Silence.MainModule,2019-07-06", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557604", "uuid": "fddafab4-fc9a-4310-8f1d-c276a6556c77", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557604", "to_ids": true, "type": "md5", "uuid": "c7774435-196e-4efc-9b10-149b2306b7a5", "value": "62d0f154f50e9a1041c8eb4d5fc1407f", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557604", "to_ids": true, "type": "sha1", "uuid": "27ac7f92-60fc-4f45-8bde-e0a553929029", "value": "08ba0b0ad45202c78c3a65da0209b97959012181", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557604", "to_ids": true, "type": "sha256", "uuid": "8f84eb8f-085b-4343-8c12-1dd08fbdc1ee", "value": "714334fcf167a33a22f35b3df6528f947809fdba904ab1e15825a7fd4c4973c9", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557604", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8024-29f0-497a-b049-c3d20aba047c", "value": "86016" } ] }, { "comment": "File Name: '1'\r\nFile Size: 86016 Silence.MainModule,2019-05-21", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557585", "uuid": "2451bf74-fcef-49bb-94e9-3cafc9ac76d3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557585", "to_ids": true, "type": "md5", "uuid": "41a3290b-433c-41df-a94d-24ba2a36526c", "value": "b5343bc27d58d906406c9dbbe71aefbc", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557585", "to_ids": true, "type": "sha1", "uuid": "f4453534-bf4a-441a-920f-f73a5c7b29c6", "value": "0b5f0c94ca5251a16bf142f8fdbae117d2996f66", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557585", "to_ids": true, "type": "sha256", "uuid": "f3a78cc6-739a-4502-9262-403e4733d091", "value": "a34103f4568484358ad60252ca7fd1df0b4d98717bd5fa7e0b47986f6bfa4f82", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557585", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec8011-92e8-4b80-b550-c3d20aba047c", "value": "86016" } ] }, { "comment": "File Size: 201220 Silence.MainModule,2018-02-02", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557567", "uuid": "28c5daf6-dfce-4325-8978-04142ad7a43f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557567", "to_ids": true, "type": "md5", "uuid": "1d024230-ec35-445c-a943-5d1804e24046", "value": "dd74fcfa1a985beeb972022e3a722589", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557567", "to_ids": true, "type": "sha1", "uuid": "c4ad3ce3-8e95-4d96-8a45-ce3e017ebd65", "value": "ee9177e67591ad4abcae7aa397fedbe1ed23580f", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557567", "to_ids": true, "type": "sha256", "uuid": "0ae14dcf-13b2-4fe5-b907-5340ec62d081", "value": "dd7ce57e65f27e25dfb341adefe82d0b39b45a7b0e9f4c215efd20116b559c2a", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557567", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec7fff-eca0-4a67-b1bf-c3d20aba047c", "value": "201220" } ] }, { "comment": "File Name: 'dwenole.exe'\r\nFile Size: 249344 Silence.MainModule,2018-03-25", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592557550", "uuid": "8f5b5441-ad65-403c-9430-bfda1d2794d9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592557550", "to_ids": true, "type": "md5", "uuid": "86c422ff-bdec-438c-9231-d10022364bc7", "value": "c4f18d40b17e506f42f72b8ff111a614", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592557550", "to_ids": true, "type": "sha1", "uuid": "2710a2df-8ed0-4ab7-8157-fe83b7a0a655", "value": "850dbdf813221b991168314ef58b9847c772a3c0", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592557550", "to_ids": true, "type": "sha256", "uuid": "5644f0e4-7b98-4511-8079-2902c99694cf", "value": "e2466ecf098e78dc7e191b005f9b67a9ef6ffdad0ce6b6c01d635b3d9cac5357", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592557550", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec7fee-f1a0-4002-89e2-c3d20aba047c", "value": "249344" } ] }, { "comment": "File Size: 207872 Silence.MainModule,2019-03-12", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1592558108", "uuid": "b93e709e-73e0-4c3b-94cc-e34a93055133", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1592558108", "to_ids": true, "type": "md5", "uuid": "32654659-149e-4cc7-aaf4-268d9bcaecac", "value": "1fe851d029451f73f9e9687589714b0a", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1592558108", "to_ids": true, "type": "sha1", "uuid": "856544f8-fcd1-4c3d-b2a9-ec13f8f9313c", "value": "bb4938fbf8b220af6fcd5b03ad5dbf8f3537b954", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1592558108", "to_ids": true, "type": "sha256", "uuid": "8f3ec06d-d966-4c77-bd12-16cb835c9d4c", "value": "dcaa811f442813400352eb414d57261fabc80e239f621a56cb2fe38dcfceded0", "Tag": [ { "colour": "#c5008e", "local": false, "name": "kill-chain:Installation", "relationship_type": "" } ] }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "size-in-bytes", "timestamp": "1592558108", "to_ids": false, "type": "size-in-bytes", "uuid": "5eec821c-6480-4766-a282-9ab40aba047c", "value": "207872" } ] } ] } }