{ "Event": { "analysis": "1", "date": "2026-03-10", "extends_uuid": "", "info": "[Threat Intel] KadNap Malware Turning Asus Routers Into Botnets", "protected": false, "publish_timestamp": "1774021939", "published": true, "threat_level_id": "3", "timestamp": "1774012015", "uuid": "bb152a33-98e5-48ac-93a4-53dc331be1f0", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#25fb9f", "local": false, "name": "misp-galaxy:producer=\"Lumen\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#2da3e8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Network Information - T1590\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#afd4c9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Endpoint Denial of Service - T1499\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#1b0068", "local": false, "name": "rectifyq:topic=\"cloud\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773226815", "to_ids": false, "type": "link", "uuid": "c17ea7b4-2478-4b5f-b9cb-bde19b4672ac", "value": "https://blog.lumen.com/silence-of-the-hops-the-kadnap-botnet" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773226815", "to_ids": false, "type": "text", "uuid": "b3af45f2-9b64-4017-b497-4ad2b75a19ce", "value": "A sophisticated new malware called KadNap has been discovered targeting Asus routers and conscripting them into a botnet for proxying malicious traffic. The malware employs a custom version of the Kademlia Distributed Hash Table protocol to conceal its command-and-control infrastructure within a peer-to-peer system, evading traditional network monitoring. The botnet, which has grown to over 14,000 infected devices, is marketed by a proxy service called Doppelganger, tailored for criminal activity. More than 60% of KadNap's victims are based in the United States. The malware demonstrates versatility by targeting various edge networking devices and employing different C2 servers for different victim types." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773226815", "to_ids": false, "type": "text", "uuid": "4751fc8f-e7ff-4e92-8834-53ea39312699", "value": "Name: KadNap Malware Turning Asus Routers Into Botnets\nAuthor: AlienVault\nAdversary: \nTags: [\"iot devices\", \"botnet\", \"kademlia dht\", \"kadnap\", \"proxy service\"]\nTgtd countries: [\"United States of America\", \"Taiwan\", \"Hong Kong\", \"Russian Federation\"]\nMlwr families: [\"KadNap\", \"TheMoon\"]\nAttack_ids: [\"T1047\", \"T1133\", \"T1082\", \"T1595\", \"T1016\", \"T1083\", \"T1584\", \"T1497\", \"T1102\", \"T1590\", \"T1571\", \"T1095\", \"T1499\", \"T1132\", \"T1046\"]\nIndustries: []" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999300", "to_ids": true, "type": "ip-dst", "uuid": "df54a307-e3c2-4ccb-97e2-4e0675bf00d9", "value": "45.135.180.177", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999321", "to_ids": true, "type": "ip-dst", "uuid": "ea4eed3f-f55d-4125-b338-f1e06d40ae7e", "value": "212.104.141.140", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999342", "to_ids": true, "type": "ip-dst", "uuid": "4af2c9c6-8a4a-42d1-bd87-b5e0e7c45aa8", "value": "45.135.180.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IOC-description:CC=US ASN=AS397423 tier.net technologies llc", "deleted": false, "disable_correlation": false, "timestamp": "1773999364", "to_ids": true, "type": "ip-dst", "uuid": "187fc8dc-1ec7-474a-ac2a-c57652abfe13", "value": "154.7.253.12", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IOC-description:CC=GB ASN=AS206509 kcom group limited", "deleted": false, "disable_correlation": false, "timestamp": "1773999385", "to_ids": true, "type": "ip-dst", "uuid": "a09e14ab-a39d-4f64-8928-6b51174c2744", "value": "212.104.141.88", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IOC-description:CC=US ASN=AS202015 hz hosting ltd", "deleted": false, "disable_correlation": false, "timestamp": "1773999407", "to_ids": true, "type": "ip-dst", "uuid": "530b1593-f7ff-48a1-b2dc-062a861b3fae", "value": "79.141.161.152", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IOC-description:CC=BE ASN=AS8368 destiny n.v", "deleted": false, "disable_correlation": false, "timestamp": "1773999428", "to_ids": true, "type": "ip-dst", "uuid": "da5229e0-2d1e-482f-be97-c25bca3e34af", "value": "85.158.111.100", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IOC-description:CC=RO ASN=AS41646 alternative commercial networks", "deleted": false, "disable_correlation": false, "timestamp": "1773999450", "to_ids": true, "type": "ip-dst", "uuid": "c2910cfe-9e91-4b81-997c-fbd000d85eba", "value": "89.46.38.74", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IOC-description:CC=US ASN=AS202015 hz hosting ltd", "deleted": false, "disable_correlation": false, "timestamp": "1773999472", "to_ids": true, "type": "ip-dst", "uuid": "46544358-f40d-48d2-8216-1429a3a22885", "value": "91.193.19.226", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999493", "to_ids": true, "type": "ip-dst", "uuid": "c99046d8-d4b0-4f74-b464-ea864132a999", "value": "91.193.19.51", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999515", "to_ids": true, "type": "ip-dst", "uuid": "9d3fc514-a01b-4242-8a0c-ab3140786ec6", "value": "79.141.163.155", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999537", "to_ids": true, "type": "ip-dst", "uuid": "7a0db464-fcb9-4219-8807-a4d85353369a", "value": "23.227.203.221", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774011992", "uuid": "ed3ab939-8a30-4854-9641-ae6bf62c39f8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773999558", "to_ids": true, "type": "md5", "uuid": "f47fd57a-cab3-4c65-91d7-6a77f89675a0", "value": "5e0ab4ab2b53e8e1dbb74dd97c03979d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999057", "to_ids": true, "type": "sha1", "uuid": "bb5f6d14-c4e6-4529-9a40-721719bf8bb7", "value": "b81e1dcd55e9b6b169d52ee72dc061f90c123515", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999057", "to_ids": true, "type": "sha256", "uuid": "e0eb9a17-7cbf-4340-b95c-3b97bc7af9b3", "value": "0b3dbb951de7a216dd5032d783ba7d0a5ecda2bf872643c3a4ddd1667fb38ffe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997458", "to_ids": true, "type": "ssdeep", "uuid": "4686590b-06d0-4b85-8ba7-34498fb58fde", "value": "6144:yDRe/kAR9jEeTTN8R15u9f/c+RZK4V3mD2RrD8gQmDjixe5xzjYF0XWj0fJd2XRW:yDRe/kAR9jEeTTN8R15u9f/c+RZV3mD/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997458", "to_ids": false, "type": "size-in-bytes", "uuid": "a761ff31-b49e-4ec1-ba6f-466679da6f81", "value": "333796" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997458", "to_ids": true, "type": "vhash", "uuid": "7706e72b-b49d-4bbf-82a5-4e6248d981c4", "value": "dc7e4b158cee8ed39dd2bf6e86fca227" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997458", "to_ids": true, "type": "filename", "uuid": "c407c19d-3cc9-440c-a00c-a13481dfdfa9", "value": "kad_malware_01001001r1" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997458", "to_ids": false, "type": "text", "uuid": "13b49916-7023-4f9f-9d30-809950721008", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:24/64\nFirst Submission:2025-08-16T07:07:45.000000+00:00\nLast Submission:2026-03-07T13:32:57.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774011992", "to_ids": false, "type": "text", "uuid": "2f473346-c42b-469c-a854-af32a8a809b1", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:24/64" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774011992", "to_ids": true, "type": "ssdeep", "uuid": "1ff9410d-5d31-4973-bbe9-563962b9cc3c", "value": "6144:yDRe/kAR9jEeTTN8R15u9f/c+RZK4V3mD2RrD8gQmDjixe5xzjYF0XWj0fJd2XRW:yDRe/kAR9jEeTTN8R15u9f/c+RZV3mD/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774011992", "to_ids": false, "type": "size-in-bytes", "uuid": "440e6a41-0ff7-48a6-850e-0493db4f1336", "value": "333796" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774011992", "to_ids": true, "type": "vhash", "uuid": "97eac771-3f0e-4c08-a6bc-78fae33614d3", "value": "dc7e4b158cee8ed39dd2bf6e86fca227" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774011992", "to_ids": true, "type": "filename", "uuid": "e981f61e-dca8-4784-a2e6-c103e226c99f", "value": "kad_malware_01001001r1" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774012015", "uuid": "13c796b6-ae50-4d73-aaba-51b91b8f9263", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773999580", "to_ids": true, "type": "md5", "uuid": "d66c9a27-6a8a-40cb-868f-5b944e181c1a", "value": "103710ebc767772eb0e033e0bb6c77da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773999058", "to_ids": true, "type": "sha1", "uuid": "07226d07-32cd-4431-815a-a6eaa427ffe7", "value": "82d62c92d1e5d2e4b4571401b8dbd225d9216a0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773999058", "to_ids": true, "type": "sha256", "uuid": "918913cd-3565-4a7c-b89e-b2cba41658bd", "value": "ebf9de6b67e94b2bd2b0dcda1941e04fef1a1dad830404813e468ab8744b7ed8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773997481", "to_ids": true, "type": "ssdeep", "uuid": "48cdd949-1f9d-45a1-856d-f0b5a77dea33", "value": "3072:DafTo5xJB61i+NODxTpSDMVrg88x2XxkncamNAHwEFjeAQ8kOWxtWGGaxXsWC/zi:iP1irxT3z80xknC6eAQ+LalC7UP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773997481", "to_ids": false, "type": "size-in-bytes", "uuid": "444b051c-105d-4767-833f-5aa9ab4db08f", "value": "249712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773997481", "to_ids": true, "type": "vhash", "uuid": "0fab0e83-8fa3-45a2-ae09-6a307e7b206d", "value": "76becfa7727549d2bfb044bb67a602cb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773997481", "to_ids": true, "type": "filename", "uuid": "5ac9c9d0-88a1-4828-ac8c-97dcd4e38202", "value": "00101001r1" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773997481", "to_ids": false, "type": "text", "uuid": "ee5b940a-84ef-4a31-807d-3530086e31be", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:30/64\nFirst Submission:2025-08-16T07:15:19.000000+00:00\nLast Submission:2025-10-07T09:30:45.000000+00:00" }, { "category": "Other", "comment": "Checked: 20/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774012015", "to_ids": false, "type": "text", "uuid": "144ddf3a-a523-4cba-8059-c533695a28ed", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:30/64" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774012015", "to_ids": true, "type": "ssdeep", "uuid": "b640d3da-d934-4390-a6bb-d767d76d23c9", "value": "3072:DafTo5xJB61i+NODxTpSDMVrg88x2XxkncamNAHwEFjeAQ8kOWxtWGGaxXsWC/zi:iP1irxT3z80xknC6eAQ+LalC7UP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774012015", "to_ids": false, "type": "size-in-bytes", "uuid": "899fed8e-1a9c-471b-96f9-a68dc41e7c07", "value": "249712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774012015", "to_ids": true, "type": "vhash", "uuid": "c7aa489b-eb4a-4428-a3fc-938ee98575ce", "value": "76becfa7727549d2bfb044bb67a602cb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774012015", "to_ids": true, "type": "filename", "uuid": "b999d60f-5af1-4bf5-ad4d-fcb97c311a65", "value": "00101001r1" } ] } ] } }