2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5afaeb66-962c-4cd6-a5c8-419e950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:14:13.000Z" ,
"modified" : "2018-11-23T09:14:13.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5afaeb66-962c-4cd6-a5c8-419e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:14:13.000Z" ,
"modified" : "2018-11-23T09:14:13.000Z" ,
"name" : "OSINT - RAT Gone Rogue: Meet ARS VBS Loader" ,
"published" : "2018-11-23T09:14:41Z" ,
"object_refs" : [
"observed-data--5afaeb74-4a00-41b0-b991-4eff950d210f" ,
"url--5afaeb74-4a00-41b0-b991-4eff950d210f" ,
"indicator--5bf52857-9e1c-48b8-a140-4207950d210f" ,
"indicator--5bf52e53-79a8-4f80-b80b-9913950d210f" ,
"indicator--5bf52e53-a860-4d57-824a-9913950d210f" ,
"indicator--5bf52e54-e614-4d46-858b-9913950d210f" ,
"indicator--5bf52e54-92d4-451b-9325-9913950d210f" ,
"x-misp-attribute--5bf56706-3330-4f1f-b970-9c1a950d210f" ,
"indicator--5bf52eca-f7bc-40e0-8a7d-435d950d210f" ,
"indicator--5bf52edd-00f8-420f-b93b-4572950d210f" ,
"indicator--5bf52eeb-348c-478a-a262-4f90950d210f" ,
"indicator--5bf52efd-32e4-4e59-9493-493a950d210f" ,
"indicator--5bf52f08-3914-4fa0-ab95-a2d7950d210f" ,
"indicator--5bf52f19-6570-424f-af25-a2d8950d210f" ,
"indicator--5bf52f24-cdf8-401c-9f6c-a2d8950d210f" ,
"indicator--5bf52f33-c3a0-409f-810f-424d950d210f" ,
"indicator--5bf52fb0-0c74-4260-af97-47a0950d210f" ,
"indicator--5bf52fbd-44d8-4f4c-88af-4bec950d210f" ,
"indicator--5bf52fdd-d0cc-4036-9556-04e1950d210f" ,
"indicator--5bf53002-370c-4879-ae45-453b950d210f" ,
"indicator--5bf5300f-1a90-4ca2-bb7d-4f33950d210f" ,
"indicator--5bf5301f-b4e8-405b-a7f2-4b0a950d210f" ,
"indicator--5bf5377e-1ce8-4c6c-8f90-1976950d210f" ,
"indicator--5bf5380a-8498-45c7-b5ea-4d06950d210f" ,
"indicator--5bf53822-d924-4b32-9d4e-a487950d210f" ,
"indicator--5bf53832-3448-4f0c-bc2f-449f950d210f" ,
"indicator--5bf5383f-58dc-4abe-9904-a487950d210f" ,
"indicator--5bf538f9-d6ac-4f49-a43d-a4d4950d210f" ,
"indicator--5bf53909-9d30-4cf8-b45a-47e7950d210f" ,
"indicator--5bf53918-375c-44bc-9b69-4a98950d210f" ,
"indicator--5bf53928-ae80-476a-bb73-415a950d210f" ,
"indicator--5bf539e2-38dc-40e9-9407-44a3950d210f" ,
"indicator--5bf539fc-d580-4fb9-8e47-476f950d210f" ,
"indicator--5bf53a28-691c-43f1-8f82-a38b950d210f" ,
"indicator--5bf53a3d-1690-4625-bbc0-1974950d210f" ,
"indicator--5bf53a6d-7750-43bb-b40a-4c98950d210f" ,
"indicator--5bf53a83-b240-4842-94c0-9913950d210f" ,
"indicator--5bf53aa3-d434-48ea-8f92-4600950d210f" ,
"indicator--5bf53ab1-b95c-4731-b0f9-4d37950d210f" ,
"indicator--5bf53ac9-f710-4c03-a5ec-468e950d210f" ,
"indicator--5bf53ada-2f54-44cd-a409-403f950d210f" ,
"indicator--5bf53aeb-dd6c-4a8d-b0d8-4cb8950d210f" ,
"indicator--2d231203-1e2f-4712-a02a-3405916933a9" ,
"x-misp-object--53f797ad-a7fb-4c40-8ad9-f2f5f9e04e79" ,
"indicator--455a8600-8604-40a8-b5b3-f8aef188d90b" ,
"x-misp-object--28691535-ee67-4f62-8bcf-89443851cec9" ,
"indicator--38a2857c-7ec4-4756-bdb3-180bda33ccd8" ,
"x-misp-object--8e2b6512-4442-4879-9447-1d2c1aae9ee3" ,
"indicator--9156cb7b-bdb1-44ee-99d2-adb57e5981a9" ,
"x-misp-object--fa2d5995-01fa-42d2-b419-90e4104fc039" ,
"indicator--32700a0e-a687-411b-b8f6-8de44536cd50" ,
"x-misp-object--0becc351-5917-49e8-a74a-7fce2a71af78" ,
"indicator--e5b457e6-a246-4e0e-82a5-c5230e570092" ,
"x-misp-object--fd219f9d-96a6-4df7-9554-c29eb0b150f0" ,
"indicator--7f4f1b73-baee-4e65-a4f0-5330b25bb62c" ,
"x-misp-object--c0a3a24a-e187-4231-82d7-b72e30702e48" ,
"indicator--61a28418-26d7-41c2-a8a7-f0a1bfe09bda" ,
"x-misp-object--30a5e86b-9518-4115-814d-cdc00b3ce12b" ,
"indicator--b2833b66-d9e4-4d6e-81c9-50ac0219adab" ,
"x-misp-object--aa2a462d-1500-4d47-aab2-1913a735bac1" ,
"indicator--5924ec0d-c09b-4142-a031-91f67c938a4a" ,
"x-misp-object--2946e5f7-a2f3-4502-8e3f-77b14ebedffa" ,
"indicator--c6901866-939c-4729-a229-5e57d96f61fd" ,
"x-misp-object--eaf37e2f-fc4f-45fa-8d32-bd68a24f77b1" ,
"indicator--3b99cbd2-7122-44e4-b35a-b74898957a90" ,
"x-misp-object--e3526893-c659-40a6-a103-75f2c83ebee4" ,
"indicator--0fed2a59-cbe4-42da-a396-95d30b13fa1c" ,
"x-misp-object--e2ef9578-ee07-4f38-9ad3-653dae691c27" ,
"indicator--d2bf9eb7-9d12-49a7-97b1-29f54560f192" ,
"x-misp-object--515dead6-0759-43df-b43c-d03339832582" ,
"indicator--c09966ed-c0c4-4f6e-8d95-dc56aa3ee1ed" ,
"x-misp-object--a0d6d50b-aaed-468b-a3c6-406780156917" ,
"indicator--58d2ad0b-2195-4b98-be19-35e92dd3def8" ,
"x-misp-object--e0d5b904-2f28-42cf-b9d8-0a2fd9e13acd" ,
"indicator--0531bcf3-d700-4647-9ee5-8222dcf77031" ,
"x-misp-object--aca17406-fbc5-4ad9-836d-d6f7b87f32e0" ,
"indicator--abf8b9af-5db3-415e-91c8-ec77b9042bd3" ,
"x-misp-object--2bb390b2-d76b-4144-ae17-f116bc7e1679" ,
"indicator--812ad998-5585-46a3-ae10-3a75651bb1e3" ,
"x-misp-object--99fcaeca-7b2e-4bb3-bdd1-65f67c600dcf" ,
"indicator--96b8e393-d609-4e7e-976a-44de591e6ad2" ,
"x-misp-object--9124c4d5-7657-4cd4-9213-f981805a9da0" ,
"indicator--f9247032-a5e2-4254-a6e1-0d9cbbca80f7" ,
"x-misp-object--bcdcb988-4f3a-4516-b7be-fc921e2f13ce" ,
"indicator--498610cd-cb8b-44b1-9b39-3975489d1a91" ,
"x-misp-object--67fe65f8-5bcc-4f03-878f-170583080d8c" ,
"indicator--6fd19418-7bec-4356-8020-e33d6f70ef65" ,
"x-misp-object--d805f716-a752-4f5c-96c7-f99946b04216" ,
"indicator--6ea34765-1d33-4141-a4ec-7d96ad75657b" ,
"x-misp-object--2e58aac3-5acb-45ed-9409-e4bc86c69962" ,
"indicator--1626747a-0584-4978-97bd-445b51be7ec9" ,
"x-misp-object--0c86b217-a577-4b07-9ea6-960642cfe0e1" ,
"indicator--2c4d2509-740b-4a02-a0a6-d491102926f1" ,
"x-misp-object--8020cfc1-e4d3-4068-9d05-2d5d0fa8cb07" ,
"indicator--a836db08-ec9d-49ca-9d44-df76d3845d2a" ,
"x-misp-object--7a4046c0-0255-4bd6-b2ea-a60a1da8f93d" ,
"indicator--75614a07-da01-4aaf-a183-787ad1ab1528" ,
"x-misp-object--a2e7637e-8ea9-45ca-aa7f-5e68c829f863" ,
"indicator--267bd58d-04fc-493e-a072-784621128b22" ,
"x-misp-object--1194d254-c086-47d9-b3fc-01058920c465" ,
"indicator--f089d728-53cd-497d-9be0-9a7b92f5e079" ,
"x-misp-object--b0bfdec1-85cf-4cf2-a672-c0de92ecc0e8" ,
"indicator--1db9d7bd-f7d1-4db5-9efd-f3f23707dbd0" ,
"x-misp-object--e8e14067-3d30-498e-8da8-34126bd0e997" ,
"indicator--33c04ab5-2063-4b38-a3a9-63ec5dbb34a4" ,
"x-misp-object--315dc26e-154d-406e-a88f-cd73f56ed8f0" ,
"indicator--0c7aaa35-6f9e-4364-954a-168f04952f51" ,
"x-misp-object--792f22a7-0ce5-4cfa-9187-88fb668071d4" ,
"indicator--9236e519-f50b-419a-8809-e3aeea5c6ca7" ,
"x-misp-object--2a31be24-48c6-4a58-a57d-db912afab36f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:malpedia=\"ARS VBS Loader\"" ,
"misp-galaxy:rat=\"ARS VBS Loader\"" ,
"osint:source-type=\"blog-post\"" ,
"ms-caro-malware-full:malware-type=\"RemoteAccess\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5afaeb74-4a00-41b0-b991-4eff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T14:29:36.000Z" ,
"modified" : "2018-11-21T14:29:36.000Z" ,
"first_observed" : "2018-11-21T14:29:36Z" ,
"last_observed" : "2018-11-21T14:29:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5afaeb74-4a00-41b0-b991-4eff950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5afaeb74-4a00-41b0-b991-4eff950d210f" ,
"value" : "https://www.flashpoint-intel.com/blog/meet-ars-vbs-loader/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52857-9e1c-48b8-a140-4207950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T09:41:43.000Z" ,
"modified" : "2018-11-21T09:41:43.000Z" ,
"pattern" : "[rule ARS_VBS_Loader \r\n{ \r\n strings: \r\n $a1 = \"Array(\" \r\n $a2 = \"crypted&\" \r\n $a3 = \"execute(crypted)\" \r\n $b1 = \"ToDecrypt\" \r\n $b2 = \"replace(ToDecrypt,\" \r\n $b3 = \"execute(ToDecrypt)\" \r\n $c1 = \"Randomize\" \r\n $c2 = \"execute(\" \r\n $c3 = \"Wscript.Sleep(\" \r\n $d1 = \"changeCNC()\" \r\n $d2 = \"downloadexecutep\" \r\n $d3 = \"sGetAV\" \r\n $d4 = \"AgonyMutex\" \r\n $d5 = \"dos(hst, cnt)\" \r\n condition: \r\n ((all of ($a*)) or \r\n (all of ($b*)) or \r\n (all of ($c*)) or \r\n (all of ($d*))) \r\n}]" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-11-21T09:41:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52e53-79a8-4f80-b80b-9913950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:07:15.000Z" ,
"modified" : "2018-11-21T10:07:15.000Z" ,
"description" : "ASPC/ARS VBS Loader C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.36.12.175']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:07:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52e53-a860-4d57-824a-9913950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:07:15.000Z" ,
"modified" : "2018-11-21T10:07:15.000Z" ,
"description" : "ASPC/ARS VBS Loader C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.102.60.148']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:07:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52e54-e614-4d46-858b-9913950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:07:16.000Z" ,
"modified" : "2018-11-21T10:07:16.000Z" ,
"description" : "ASPC/ARS VBS Loader C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.95.42.88']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:07:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52e54-92d4-451b-9325-9913950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:07:16.000Z" ,
"modified" : "2018-11-21T10:07:16.000Z" ,
"description" : "ASPC/ARS VBS Loader C2" ,
"pattern" : "[domain-name:value = 'gtneifnsyrf.tk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:07:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5bf56706-3330-4f1f-b970-9c1a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T14:10:10.000Z" ,
"modified" : "2018-11-21T14:10:10.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Malicious VBScript has long been a fixture of spam and phishing campaigns, but until recently its functionality has been limited to downloading malware from an attacker-controlled server and executing it on a compromised computer.\r\n\r\nResearchers at Flashpoint have seen and analyzed a unique departure from this norm in ARS VBS Loader, a spin-off of a popular downloader called SafeLoader VBS that was sold and eventually leaked in 2015 on Russian crimeware forums.\r\n\r\nARS VBS Loader not only downloads and executes malicious code, but also includes a command and control application written in PHP that allows a botmaster to issue commands to a victim\u00e2\u20ac\u2122s machine. This behavior likens ARS VBS Loader to a remote access Trojan (RAT), giving it behavior and capabilities rarely seen in malicious \u00e2\u20ac\u0153loaders\u00e2\u20ac\u009d, i.e. initial infection vector malware families used to install subsequent payloads."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52eca-f7bc-40e0-8a7d-435d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:09:14.000Z" ,
"modified" : "2018-11-21T10:09:14.000Z" ,
"pattern" : "[file:hashes.SHA256 = '7dd3252bbe36caec6c9e4d263e48603a08b0aeca852a582c434dd899b9167e40' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:09:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52edd-00f8-420f-b93b-4572950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:09:33.000Z" ,
"modified" : "2018-11-21T10:09:33.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f9357a84d1688315416db12d3a1461b3fb2aee9d8dc749c33d39fc2d90b292da' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:09:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52eeb-348c-478a-a262-4f90950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:09:47.000Z" ,
"modified" : "2018-11-21T10:09:47.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'c6115fcc183b642820bb4ef43353b2a15d3b9c5d41dee833d45715a43e538246' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:09:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52efd-32e4-4e59-9493-493a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:10:05.000Z" ,
"modified" : "2018-11-21T10:10:05.000Z" ,
"pattern" : "[file:hashes.SHA256 = '4cfb17b9b34703128d63aa0c57cef234469f64f1331dd6382d82b0d2f7768b1a' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:10:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52f08-3914-4fa0-ab95-a2d7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:10:16.000Z" ,
"modified" : "2018-11-21T10:10:16.000Z" ,
"pattern" : "[file:hashes.SHA256 = '8d0237e262cacd529c6ca49dc1b105f1e4043942cc0b6d39d8c33871d7659194' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:10:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52f19-6570-424f-af25-a2d8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:10:33.000Z" ,
"modified" : "2018-11-21T10:10:33.000Z" ,
"pattern" : "[file:hashes.SHA256 = '35fb0e1be5b295f2c50a361c112f6573150c4b5e3fb7d244e02aee39f76b1782' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:10:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52f24-cdf8-401c-9f6c-a2d8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:10:44.000Z" ,
"modified" : "2018-11-21T10:10:44.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'efee338bd78d0b87174078a27bc9d2b290cfbd3363e94e67964976488d74d585' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:10:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52f33-c3a0-409f-810f-424d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:10:59.000Z" ,
"modified" : "2018-11-21T10:10:59.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f93503be098993f8be5d76a641d3c322724ce4eb347bac6ab9500a7649d59da0' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:10:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52fb0-0c74-4260-af97-47a0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:13:04.000Z" ,
"modified" : "2018-11-21T10:13:04.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'a23efd2b532958cb2206e75919577cde1efd2e75109a481cee3778740491b895' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:13:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52fbd-44d8-4f4c-88af-4bec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:13:17.000Z" ,
"modified" : "2018-11-21T10:13:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '44cf09f2ddc1157f085a84a57d34ec184582f6a8e94f40b033c754c699afe0f0' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:13:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf52fdd-d0cc-4036-9556-04e1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:13:49.000Z" ,
"modified" : "2018-11-21T10:13:49.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'adefdc3772dc115ec278a300f2ec8373d71824c3fe021f1ea91f61813a6ce5cb' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:13:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53002-370c-4879-ae45-453b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:14:26.000Z" ,
"modified" : "2018-11-21T10:14:26.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'c8073d26fae3220e7e7d866d9e612506d25821efc36882ef90ef6a97268a78ec' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:14:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf5300f-1a90-4ca2-bb7d-4f33950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:14:39.000Z" ,
"modified" : "2018-11-21T10:14:39.000Z" ,
"pattern" : "[file:hashes.SHA256 = '9aa6a80f04aab3a87c4082f24bb6f5327dc7ca2ab852c8edb943ced7d2190874' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:14:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf5301f-b4e8-405b-a7f2-4b0a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:14:55.000Z" ,
"modified" : "2018-11-21T10:14:55.000Z" ,
"pattern" : "[file:hashes.SHA256 = '6b871eef7890967f66b071390c60e0d3a033414df01341821627fe1fffeebcf0' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:14:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf5377e-1ce8-4c6c-8f90-1976950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:46:22.000Z" ,
"modified" : "2018-11-21T10:46:22.000Z" ,
"pattern" : "[file:hashes.SHA256 = '1322625bdf1765aec6ebac62bd6911b1264d814c639be7c3ce959aa850b59436' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:46:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf5380a-8498-45c7-b5ea-4d06950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:48:42.000Z" ,
"modified" : "2018-11-21T10:48:42.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'c110060c58380156489ff52f9a6fe0a362a7195fe68cf1fc6c27bff5498c8d82' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:48:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53822-d924-4b32-9d4e-a487950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:49:06.000Z" ,
"modified" : "2018-11-21T10:49:06.000Z" ,
"pattern" : "[file:hashes.SHA256 = '2dc4f6b2d9f63bc0da746bd8d36f7c7f116a6b5e25e90ebbb7901415a9eb5d0f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:49:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53832-3448-4f0c-bc2f-449f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:49:22.000Z" ,
"modified" : "2018-11-21T10:49:22.000Z" ,
"pattern" : "[file:hashes.SHA256 = '45dd58018c3208c084f27611ff99ec5622010a370bda8359974f784451fe517d' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:49:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf5383f-58dc-4abe-9904-a487950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:49:35.000Z" ,
"modified" : "2018-11-21T10:49:35.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'fa3d5a1a6dcfd3db42674adb860ac9bb08507bc5a614f9509946c9ca9db23c11' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:49:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf538f9-d6ac-4f49-a43d-a4d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:52:41.000Z" ,
"modified" : "2018-11-21T10:52:41.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'd440a31955f763ccf5a07367783d67927a6817fb50a0e88ee986171d407cfcd6' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:52:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53909-9d30-4cf8-b45a-47e7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:52:57.000Z" ,
"modified" : "2018-11-21T10:52:57.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f18b705500532fcd32be985ff878851d64f700d9872564daaf05c57aecc2bb45' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:52:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53918-375c-44bc-9b69-4a98950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:53:12.000Z" ,
"modified" : "2018-11-21T10:53:12.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'bde4835c5c8fd1c9d7b471161618051a30c5e3df7e919d66cf6062f74e47eb7c' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:53:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53928-ae80-476a-bb73-415a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:53:28.000Z" ,
"modified" : "2018-11-21T10:53:28.000Z" ,
"pattern" : "[file:hashes.SHA256 = '5608c2b49ae8b8325f902e8a2e1a63cfde0a606ee580e392b7abaedba02d8e25' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:53:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf539e2-38dc-40e9-9407-44a3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:56:34.000Z" ,
"modified" : "2018-11-21T10:56:34.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b8be8355fdab0987fd4f67768b425322b75849fe8b47945c6bda9b0bea2d904e' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:56:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf539fc-d580-4fb9-8e47-476f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:57:00.000Z" ,
"modified" : "2018-11-21T10:57:00.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b78cdb90d9a945686d367419f439d44c1f868051b6ce16c2e1008082bee750c1' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:57:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53a28-691c-43f1-8f82-a38b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:57:44.000Z" ,
"modified" : "2018-11-21T10:57:44.000Z" ,
"pattern" : "[file:hashes.SHA256 = '01675c7ab0f4a5807ec4b04c03c5636d01ff0958c64e6a3792463f6ce16a7af7' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:57:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53a3d-1690-4625-bbc0-1974950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:58:05.000Z" ,
"modified" : "2018-11-21T10:58:05.000Z" ,
"pattern" : "[file:hashes.SHA256 = '969a02e8eb029553784b46cc0577009118b79cdba13ccc0afae8ac3f32b2fd9a' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:58:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53a6d-7750-43bb-b40a-4c98950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:58:53.000Z" ,
"modified" : "2018-11-21T10:58:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'cb0a1eda5d199f88dd2cd4ed464398f68c5999b825bdd101060938f1f5bac01f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:58:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53a83-b240-4842-94c0-9913950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:59:15.000Z" ,
"modified" : "2018-11-21T10:59:15.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b67b84986c1563c78d452eed8c050a124040974efec655920c905d64964fde4f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:59:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53aa3-d434-48ea-8f92-4600950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T10:59:47.000Z" ,
"modified" : "2018-11-21T10:59:47.000Z" ,
"pattern" : "[file:hashes.SHA256 = '54cb7f331bb2feec0ac51be79366b17a1d8ecc0ecc8cbb9a08e58ee54f1049a9' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T10:59:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53ab1-b95c-4731-b0f9-4d37950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T11:00:01.000Z" ,
"modified" : "2018-11-21T11:00:01.000Z" ,
"pattern" : "[file:hashes.SHA256 = '92346d628a862e7b8e18779331094f9bbca723f531d7f9cd87f6fef4d0d0b064' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T11:00:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53ac9-f710-4c03-a5ec-468e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T11:00:25.000Z" ,
"modified" : "2018-11-21T11:00:25.000Z" ,
"pattern" : "[file:hashes.SHA256 = '3d6ce8062c14ad6a7abed4ba8ba373db9d09ba9b202d37ed4ab9eb62a711721c' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T11:00:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53ada-2f54-44cd-a409-403f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T11:00:42.000Z" ,
"modified" : "2018-11-21T11:00:42.000Z" ,
"pattern" : "[file:hashes.SHA256 = '64c5c30f1aebdf1dfc59855e579d99e212ca9b3b5296c801f9a3f22c186bb354' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T11:00:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bf53aeb-dd6c-4a8d-b0d8-4cb8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-21T11:00:59.000Z" ,
"modified" : "2018-11-21T11:00:59.000Z" ,
"pattern" : "[file:hashes.SHA256 = '6229a180fb9000cf7ad023f3b74361fba83375c3973ac31428574de5c3f78790' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-21T11:00:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2d231203-1e2f-4712-a02a-3405916933a9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:10.000Z" ,
"modified" : "2018-11-23T09:12:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '627ee1dfa0bc963c4ba89e4013630c2e' AND file:hashes.SHA1 = 'b07ae354fec6005d4844b3c64c3e6f4dcf7540b1' AND file:hashes.SHA256 = '1322625bdf1765aec6ebac62bd6911b1264d814c639be7c3ce959aa850b59436']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--53f797ad-a7fb-4c40-8ad9-f2f5f9e04e79" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:12.000Z" ,
"modified" : "2018-11-23T09:12:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:34" ,
"category" : "Other" ,
"uuid" : "7f906598-1b82-45d6-8b0a-e9db54ca79af"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1322625bdf1765aec6ebac62bd6911b1264d814c639be7c3ce959aa850b59436/analysis/1538690614/" ,
"category" : "External analysis" ,
"uuid" : "16453c52-b887-42e6-a08c-d30cbe22151d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/59" ,
"category" : "Other" ,
"uuid" : "984e80c0-1dc8-45e1-85e2-1877a28100c2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--455a8600-8604-40a8-b5b3-f8aef188d90b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:13.000Z" ,
"modified" : "2018-11-23T09:12:13.000Z" ,
"pattern" : "[file:hashes.MD5 = '3ce2e8012dd556883eb27c3931a16c14' AND file:hashes.SHA1 = '1b83853f7ec1714807857072a6ac0512f6cf0c89' AND file:hashes.SHA256 = '64c5c30f1aebdf1dfc59855e579d99e212ca9b3b5296c801f9a3f22c186bb354']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--28691535-ee67-4f62-8bcf-89443851cec9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:14.000Z" ,
"modified" : "2018-11-23T09:12:14.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T21:47:53" ,
"category" : "Other" ,
"uuid" : "fa04cb7d-a158-4592-b29d-d532d28e7d52"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/64c5c30f1aebdf1dfc59855e579d99e212ca9b3b5296c801f9a3f22c186bb354/analysis/1538689673/" ,
"category" : "External analysis" ,
"uuid" : "5e043bc1-cab8-406d-a4c0-53bf782662c7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/69" ,
"category" : "Other" ,
"uuid" : "d15c5446-8e2e-497e-80c8-3e3804e9d193"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--38a2857c-7ec4-4756-bdb3-180bda33ccd8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:15.000Z" ,
"modified" : "2018-11-23T09:12:15.000Z" ,
"pattern" : "[file:hashes.MD5 = 'dc1eeaa99ad020c5eec705b02593fb0e' AND file:hashes.SHA1 = 'bf9d63751dd2cdfdb24e85bc918fe5c55ee0318a' AND file:hashes.SHA256 = '6229a180fb9000cf7ad023f3b74361fba83375c3973ac31428574de5c3f78790']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8e2b6512-4442-4879-9447-1d2c1aae9ee3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:17.000Z" ,
"modified" : "2018-11-23T09:12:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:39" ,
"category" : "Other" ,
"uuid" : "14e0705f-8f78-407f-9ef1-e0b59e3c8870"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6229a180fb9000cf7ad023f3b74361fba83375c3973ac31428574de5c3f78790/analysis/1538690619/" ,
"category" : "External analysis" ,
"uuid" : "c9d7403c-b891-41b6-b581-6b0ccf848853"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/58" ,
"category" : "Other" ,
"uuid" : "f54826d7-f529-425b-b9da-e315f79b97a7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9156cb7b-bdb1-44ee-99d2-adb57e5981a9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:18.000Z" ,
"modified" : "2018-11-23T09:12:18.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c898c7febc4c1cc55d5f17a66868de06' AND file:hashes.SHA1 = '3a74eb84b564583430e58fd388f10f6a1a08c7b1' AND file:hashes.SHA256 = 'adefdc3772dc115ec278a300f2ec8373d71824c3fe021f1ea91f61813a6ce5cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--fa2d5995-01fa-42d2-b419-90e4104fc039" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:19.000Z" ,
"modified" : "2018-11-23T09:12:19.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:27" ,
"category" : "Other" ,
"uuid" : "93c5034f-8267-41ba-9da2-bd6e575b1cea"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/adefdc3772dc115ec278a300f2ec8373d71824c3fe021f1ea91f61813a6ce5cb/analysis/1538690487/" ,
"category" : "External analysis" ,
"uuid" : "2bd205ed-0d73-494e-86d1-340140144eba"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/59" ,
"category" : "Other" ,
"uuid" : "40b16371-fab8-40a2-a2c2-6b2413c4e22c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--32700a0e-a687-411b-b8f6-8de44536cd50" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:20.000Z" ,
"modified" : "2018-11-23T09:12:20.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f157f83b1556a118504b340406cc5633' AND file:hashes.SHA1 = '16d11103fa9792f9745b7dd0a21b1cdb2f4f61de' AND file:hashes.SHA256 = 'efee338bd78d0b87174078a27bc9d2b290cfbd3363e94e67964976488d74d585']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0becc351-5917-49e8-a74a-7fce2a71af78" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:22.000Z" ,
"modified" : "2018-11-23T09:12:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:34" ,
"category" : "Other" ,
"uuid" : "2c9b9ee2-9b04-49c6-91eb-b5ffb70da6cb"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/efee338bd78d0b87174078a27bc9d2b290cfbd3363e94e67964976488d74d585/analysis/1538690494/" ,
"category" : "External analysis" ,
"uuid" : "2715ddad-d121-417c-9349-1696c496f4df"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/60" ,
"category" : "Other" ,
"uuid" : "b211e589-a015-42ac-9106-0c7d30f56991"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e5b457e6-a246-4e0e-82a5-c5230e570092" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:23.000Z" ,
"modified" : "2018-11-23T09:12:23.000Z" ,
"pattern" : "[file:hashes.MD5 = '81600266fc940c61c590e1c27c2605ee' AND file:hashes.SHA1 = 'ed1af846015854ed83be389673a35f0927b07269' AND file:hashes.SHA256 = 'f9357a84d1688315416db12d3a1461b3fb2aee9d8dc749c33d39fc2d90b292da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--fd219f9d-96a6-4df7-9554-c29eb0b150f0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:25.000Z" ,
"modified" : "2018-11-23T09:12:25.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:38" ,
"category" : "Other" ,
"uuid" : "6ade2e56-ac24-4d1c-8fb2-24b6f284d50e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f9357a84d1688315416db12d3a1461b3fb2aee9d8dc749c33d39fc2d90b292da/analysis/1538690498/" ,
"category" : "External analysis" ,
"uuid" : "9d661378-d1a6-4933-86fa-9ae1084675e1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/60" ,
"category" : "Other" ,
"uuid" : "9f7e7910-a081-4457-ac03-05605cdc894e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7f4f1b73-baee-4e65-a4f0-5330b25bb62c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:26.000Z" ,
"modified" : "2018-11-23T09:12:26.000Z" ,
"pattern" : "[file:hashes.MD5 = '715c8a236a41b078cd032f5aa9bcff03' AND file:hashes.SHA1 = 'ffe9a1d1721276df525d01d7facea8a7f16a274f' AND file:hashes.SHA256 = '9aa6a80f04aab3a87c4082f24bb6f5327dc7ca2ab852c8edb943ced7d2190874']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c0a3a24a-e187-4231-82d7-b72e30702e48" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:27.000Z" ,
"modified" : "2018-11-23T09:12:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:42" ,
"category" : "Other" ,
"uuid" : "934395f2-2768-4a76-afc5-3512fe0e3937"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9aa6a80f04aab3a87c4082f24bb6f5327dc7ca2ab852c8edb943ced7d2190874/analysis/1538690622/" ,
"category" : "External analysis" ,
"uuid" : "26228f42-ed81-4724-91ca-784454a2202f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/59" ,
"category" : "Other" ,
"uuid" : "afaf6783-de0d-40b3-a604-4b4ac7c1e2ea"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--61a28418-26d7-41c2-a8a7-f0a1bfe09bda" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:28.000Z" ,
"modified" : "2018-11-23T09:12:28.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd3ea69adf242199195da416adef6fd4b' AND file:hashes.SHA1 = '31866b972a0b5ca8186958e96ba617e449c8e201' AND file:hashes.SHA256 = '5608c2b49ae8b8325f902e8a2e1a63cfde0a606ee580e392b7abaedba02d8e25']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--30a5e86b-9518-4115-814d-cdc00b3ce12b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:30.000Z" ,
"modified" : "2018-11-23T09:12:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:39" ,
"category" : "Other" ,
"uuid" : "10bc5880-2376-4542-9266-3f68263ce503"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5608c2b49ae8b8325f902e8a2e1a63cfde0a606ee580e392b7abaedba02d8e25/analysis/1538690619/" ,
"category" : "External analysis" ,
"uuid" : "1989fd8d-5768-4b78-93ab-b4a1948d2705"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "14/59" ,
"category" : "Other" ,
"uuid" : "1c2c39f7-1214-40a6-8ab1-9ae418ce92ef"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b2833b66-d9e4-4d6e-81c9-50ac0219adab" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:31.000Z" ,
"modified" : "2018-11-23T09:12:31.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e3dc901f99f08c3b7198f71d8e583882' AND file:hashes.SHA1 = 'f39815148252b7b134e0843726770b779e5f1393' AND file:hashes.SHA256 = 'bde4835c5c8fd1c9d7b471161618051a30c5e3df7e919d66cf6062f74e47eb7c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aa2a462d-1500-4d47-aab2-1913a735bac1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:32.000Z" ,
"modified" : "2018-11-23T09:12:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:31" ,
"category" : "Other" ,
"uuid" : "49343f1e-e1eb-482a-82f0-2532801e823a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/bde4835c5c8fd1c9d7b471161618051a30c5e3df7e919d66cf6062f74e47eb7c/analysis/1538690491/" ,
"category" : "External analysis" ,
"uuid" : "83074d1c-da30-4a88-820a-faef1b19aada"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/60" ,
"category" : "Other" ,
"uuid" : "353dfcc8-bae4-4cfe-b670-3db6c57fe4ea"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5924ec0d-c09b-4142-a031-91f67c938a4a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:34.000Z" ,
"modified" : "2018-11-23T09:12:34.000Z" ,
"pattern" : "[file:hashes.MD5 = '917d0038c6dc129891e96146ca65d52b' AND file:hashes.SHA1 = '2ded6393a3b523708cc084dd1c7cf70504dc6e20' AND file:hashes.SHA256 = 'b67b84986c1563c78d452eed8c050a124040974efec655920c905d64964fde4f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2946e5f7-a2f3-4502-8e3f-77b14ebedffa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:35.000Z" ,
"modified" : "2018-11-23T09:12:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:28" ,
"category" : "Other" ,
"uuid" : "09d04bb8-a98c-454d-8516-2678790fc289"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b67b84986c1563c78d452eed8c050a124040974efec655920c905d64964fde4f/analysis/1538690488/" ,
"category" : "External analysis" ,
"uuid" : "b15c3de2-33d9-4672-a701-14a32fba4b39"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/60" ,
"category" : "Other" ,
"uuid" : "382ca9c2-c57c-4557-9e7f-af9812358ee0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c6901866-939c-4729-a229-5e57d96f61fd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:36.000Z" ,
"modified" : "2018-11-23T09:12:36.000Z" ,
"pattern" : "[file:hashes.MD5 = '7891d9231fb15c96be52f57762a27ab9' AND file:hashes.SHA1 = '3011e4f63184ba676da55551a06138d68cfd4b85' AND file:hashes.SHA256 = '6b871eef7890967f66b071390c60e0d3a033414df01341821627fe1fffeebcf0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--eaf37e2f-fc4f-45fa-8d32-bd68a24f77b1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:38.000Z" ,
"modified" : "2018-11-23T09:12:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:40" ,
"category" : "Other" ,
"uuid" : "2bd9c791-9b33-4f59-94f7-31bcce69ce34"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6b871eef7890967f66b071390c60e0d3a033414df01341821627fe1fffeebcf0/analysis/1538690620/" ,
"category" : "External analysis" ,
"uuid" : "718e106e-8114-46f8-b11e-574e115a32c8"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "6/59" ,
"category" : "Other" ,
"uuid" : "36069caf-8e8d-4f78-bdcc-9b77f6da4502"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3b99cbd2-7122-44e4-b35a-b74898957a90" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:39.000Z" ,
"modified" : "2018-11-23T09:12:39.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd80a48c80be4e8558df1ea5b568082c3' AND file:hashes.SHA1 = '96f558cf79c4570f749d6463c95b4d188452dadb' AND file:hashes.SHA256 = '3d6ce8062c14ad6a7abed4ba8ba373db9d09ba9b202d37ed4ab9eb62a711721c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e3526893-c659-40a6-a103-75f2c83ebee4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:41.000Z" ,
"modified" : "2018-11-23T09:12:41.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-12T04:23:59" ,
"category" : "Other" ,
"uuid" : "82a20279-4faf-4a49-b913-b03e12a8450d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/3d6ce8062c14ad6a7abed4ba8ba373db9d09ba9b202d37ed4ab9eb62a711721c/analysis/1539318239/" ,
"category" : "External analysis" ,
"uuid" : "9968cc1c-3f34-4e83-863c-9de779a3fb1e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/58" ,
"category" : "Other" ,
"uuid" : "02a0c0a0-d3f0-4cc3-9ea3-24e3c2b7532e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0fed2a59-cbe4-42da-a396-95d30b13fa1c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:42.000Z" ,
"modified" : "2018-11-23T09:12:42.000Z" ,
"pattern" : "[file:hashes.MD5 = '3048853c134cbbed51fc62829882198a' AND file:hashes.SHA1 = '9487abdc69b90ba332d07deb72660b630f43ddf7' AND file:hashes.SHA256 = '35fb0e1be5b295f2c50a361c112f6573150c4b5e3fb7d244e02aee39f76b1782']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e2ef9578-ee07-4f38-9ad3-653dae691c27" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:43.000Z" ,
"modified" : "2018-11-23T09:12:43.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:35" ,
"category" : "Other" ,
"uuid" : "11581142-6866-426e-a038-2255974382d4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/35fb0e1be5b295f2c50a361c112f6573150c4b5e3fb7d244e02aee39f76b1782/analysis/1538690615/" ,
"category" : "External analysis" ,
"uuid" : "0f04b942-4af6-4557-8b6f-b56c1cd24f49"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/60" ,
"category" : "Other" ,
"uuid" : "7ad8aa34-c2fd-440d-80c8-21529d0c214e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d2bf9eb7-9d12-49a7-97b1-29f54560f192" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:44.000Z" ,
"modified" : "2018-11-23T09:12:44.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd4258390bc32171d136612a7088cda9d' AND file:hashes.SHA1 = '76029fd2ef902687b66c6e26dd85387ea62f439b' AND file:hashes.SHA256 = '45dd58018c3208c084f27611ff99ec5622010a370bda8359974f784451fe517d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--515dead6-0759-43df-b43c-d03339832582" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:46.000Z" ,
"modified" : "2018-11-23T09:12:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:36" ,
"category" : "Other" ,
"uuid" : "d77e9411-04a6-4584-b3cc-f96fd17f3af5"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/45dd58018c3208c084f27611ff99ec5622010a370bda8359974f784451fe517d/analysis/1538690616/" ,
"category" : "External analysis" ,
"uuid" : "7cbcb577-174a-4f1a-bc2b-b88336d4a45d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/58" ,
"category" : "Other" ,
"uuid" : "4600b3a2-4967-4b61-bb32-589d424e9319"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c09966ed-c0c4-4f6e-8d95-dc56aa3ee1ed" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:47.000Z" ,
"modified" : "2018-11-23T09:12:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '074bfed6c3797e46d88d64c1f57a6a7f' AND file:hashes.SHA1 = '2f587614bc10a802c4675075ab818bf30a8a72ce' AND file:hashes.SHA256 = 'f18b705500532fcd32be985ff878851d64f700d9872564daaf05c57aecc2bb45']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a0d6d50b-aaed-468b-a3c6-406780156917" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:48.000Z" ,
"modified" : "2018-11-23T09:12:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-04T01:39:29" ,
"category" : "Other" ,
"uuid" : "c0825efc-40ed-48c2-bc0b-034b8b7351aa"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f18b705500532fcd32be985ff878851d64f700d9872564daaf05c57aecc2bb45/analysis/1541295569/" ,
"category" : "External analysis" ,
"uuid" : "6554b77c-c853-4b02-8ac0-bab733d253c5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/57" ,
"category" : "Other" ,
"uuid" : "aff817d2-b1cf-4f04-ac58-ba1f51a1e1f7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58d2ad0b-2195-4b98-be19-35e92dd3def8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:49.000Z" ,
"modified" : "2018-11-23T09:12:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '63d30e1c9c014c36afac1303ecaa186b' AND file:hashes.SHA1 = '91d156e40c9e7bfbccc4fa88b1897240e5dc6bbd' AND file:hashes.SHA256 = 'fa3d5a1a6dcfd3db42674adb860ac9bb08507bc5a614f9509946c9ca9db23c11']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e0d5b904-2f28-42cf-b9d8-0a2fd9e13acd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:51.000Z" ,
"modified" : "2018-11-23T09:12:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:39" ,
"category" : "Other" ,
"uuid" : "9bd0ffae-eaff-445d-9aaf-87ffbbef0537"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fa3d5a1a6dcfd3db42674adb860ac9bb08507bc5a614f9509946c9ca9db23c11/analysis/1538690499/" ,
"category" : "External analysis" ,
"uuid" : "9b1a0a20-acde-4594-8811-23c4bdc4c380"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/59" ,
"category" : "Other" ,
"uuid" : "5bbafbbc-6479-4d83-a2fa-cb980bd0e79c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0531bcf3-d700-4647-9ee5-8222dcf77031" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:52.000Z" ,
"modified" : "2018-11-23T09:12:52.000Z" ,
"pattern" : "[file:hashes.MD5 = '901d3d0705fac0c41343f891cba3afeb' AND file:hashes.SHA1 = '418b7328c68577b925e99d92fbfdb877deb17eeb' AND file:hashes.SHA256 = 'd440a31955f763ccf5a07367783d67927a6817fb50a0e88ee986171d407cfcd6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aca17406-fbc5-4ad9-836d-d6f7b87f32e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:53.000Z" ,
"modified" : "2018-11-23T09:12:53.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:34" ,
"category" : "Other" ,
"uuid" : "a5f95bea-435f-4b40-9772-68c78e32a130"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d440a31955f763ccf5a07367783d67927a6817fb50a0e88ee986171d407cfcd6/analysis/1538690494/" ,
"category" : "External analysis" ,
"uuid" : "aa81669a-77ae-4bac-b674-836abd395179"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/59" ,
"category" : "Other" ,
"uuid" : "f0eed020-b258-4951-a505-d9de23b84a2e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--abf8b9af-5db3-415e-91c8-ec77b9042bd3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:54.000Z" ,
"modified" : "2018-11-23T09:12:54.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c7675e036e80691a108d8f336458b282' AND file:hashes.SHA1 = 'eb9e4269eeabdaff3e5cf2357ea20ae5228985d2' AND file:hashes.SHA256 = 'c110060c58380156489ff52f9a6fe0a362a7195fe68cf1fc6c27bff5498c8d82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2bb390b2-d76b-4144-ae17-f116bc7e1679" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:56.000Z" ,
"modified" : "2018-11-23T09:12:56.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:32" ,
"category" : "Other" ,
"uuid" : "905e97e4-3836-4dc2-b2ac-6553b90ab649"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c110060c58380156489ff52f9a6fe0a362a7195fe68cf1fc6c27bff5498c8d82/analysis/1538690492/" ,
"category" : "External analysis" ,
"uuid" : "e49ef480-50a1-4ef5-9709-795018a1c795"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/60" ,
"category" : "Other" ,
"uuid" : "a595283f-6d10-47ae-b481-72aa9f2125c1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--812ad998-5585-46a3-ae10-3a75651bb1e3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:57.000Z" ,
"modified" : "2018-11-23T09:12:57.000Z" ,
"pattern" : "[file:hashes.MD5 = 'babb80883aa9284e54550c3b8f9f7c66' AND file:hashes.SHA1 = 'a8a92cdfa770fd83ed85980cf7ed6ef3ff9a8d42' AND file:hashes.SHA256 = '8d0237e262cacd529c6ca49dc1b105f1e4043942cc0b6d39d8c33871d7659194']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:12:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--99fcaeca-7b2e-4bb3-bdd1-65f67c600dcf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:12:58.000Z" ,
"modified" : "2018-11-23T09:12:58.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:41" ,
"category" : "Other" ,
"uuid" : "d190b3a3-a213-409c-a504-49b093d03ec8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8d0237e262cacd529c6ca49dc1b105f1e4043942cc0b6d39d8c33871d7659194/analysis/1538690621/" ,
"category" : "External analysis" ,
"uuid" : "70e7dc9d-4bca-4733-9f70-4c72ec3c0e48"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/59" ,
"category" : "Other" ,
"uuid" : "1e820c19-21f5-4868-8e85-9e552c3064f7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--96b8e393-d609-4e7e-976a-44de591e6ad2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:00.000Z" ,
"modified" : "2018-11-23T09:13:00.000Z" ,
"pattern" : "[file:hashes.MD5 = '19fdfd55045eb8603d4da84633fcd612' AND file:hashes.SHA1 = '93c0104229b3add41e11a7a0dbeeafd812031e62' AND file:hashes.SHA256 = 'f93503be098993f8be5d76a641d3c322724ce4eb347bac6ab9500a7649d59da0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9124c4d5-7657-4cd4-9213-f981805a9da0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:01.000Z" ,
"modified" : "2018-11-23T09:13:01.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-22T10:13:37" ,
"category" : "Other" ,
"uuid" : "c325b7d5-227b-4d5a-afd6-4267e3bdf9a8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f93503be098993f8be5d76a641d3c322724ce4eb347bac6ab9500a7649d59da0/analysis/1542881617/" ,
"category" : "External analysis" ,
"uuid" : "69cfa5f8-8a53-443f-8af2-fa1eaf1c4aa4"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "14/57" ,
"category" : "Other" ,
"uuid" : "d833b294-dda6-4d3d-81f7-e87eb48d84fc"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f9247032-a5e2-4254-a6e1-0d9cbbca80f7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:02.000Z" ,
"modified" : "2018-11-23T09:13:02.000Z" ,
"pattern" : "[file:hashes.MD5 = '9ecf853d6db3dd2cd82c640200caaee2' AND file:hashes.SHA1 = '66cb85038dba5e9f40e30e9874fc270ebcc5de74' AND file:hashes.SHA256 = 'a23efd2b532958cb2206e75919577cde1efd2e75109a481cee3778740491b895']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bcdcb988-4f3a-4516-b7be-fc921e2f13ce" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:04.000Z" ,
"modified" : "2018-11-23T09:13:04.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:26" ,
"category" : "Other" ,
"uuid" : "9fcf50ce-b7a9-4110-b566-833dba1a7e79"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a23efd2b532958cb2206e75919577cde1efd2e75109a481cee3778740491b895/analysis/1538690486/" ,
"category" : "External analysis" ,
"uuid" : "05cdf0c7-e89e-4e28-8b3d-66a2f4a4a9f5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/59" ,
"category" : "Other" ,
"uuid" : "9af72b35-2a53-45de-8cdf-35e8bcf65109"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--498610cd-cb8b-44b1-9b39-3975489d1a91" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:05.000Z" ,
"modified" : "2018-11-23T09:13:05.000Z" ,
"pattern" : "[file:hashes.MD5 = '03f182668e5af2047b9efe1133f0ae52' AND file:hashes.SHA1 = '1bca79c1e8539ed69ea9629ea730dbab7b3fd963' AND file:hashes.SHA256 = 'b8be8355fdab0987fd4f67768b425322b75849fe8b47945c6bda9b0bea2d904e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--67fe65f8-5bcc-4f03-878f-170583080d8c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:06.000Z" ,
"modified" : "2018-11-23T09:13:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:31" ,
"category" : "Other" ,
"uuid" : "1259810a-f2c3-47f7-bf91-b9dce7457fbb"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b8be8355fdab0987fd4f67768b425322b75849fe8b47945c6bda9b0bea2d904e/analysis/1538690491/" ,
"category" : "External analysis" ,
"uuid" : "fa305c0f-fbff-4013-ab7f-abf016fb6371"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/60" ,
"category" : "Other" ,
"uuid" : "9351d12b-de9a-4a8e-b194-e469ecccd942"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6fd19418-7bec-4356-8020-e33d6f70ef65" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:07.000Z" ,
"modified" : "2018-11-23T09:13:07.000Z" ,
"pattern" : "[file:hashes.MD5 = '876ed66c71945fcb3b7df1387137f0f0' AND file:hashes.SHA1 = 'dcbe261011ee997c0ffa46b5ff7b6280ff8fe853' AND file:hashes.SHA256 = '2dc4f6b2d9f63bc0da746bd8d36f7c7f116a6b5e25e90ebbb7901415a9eb5d0f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d805f716-a752-4f5c-96c7-f99946b04216" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:09.000Z" ,
"modified" : "2018-11-23T09:13:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:34" ,
"category" : "Other" ,
"uuid" : "8637fa4e-0654-4176-b408-ffaf7b5360d4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2dc4f6b2d9f63bc0da746bd8d36f7c7f116a6b5e25e90ebbb7901415a9eb5d0f/analysis/1538690614/" ,
"category" : "External analysis" ,
"uuid" : "258eb7b8-14c9-423b-9e77-f2017282cd60"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/59" ,
"category" : "Other" ,
"uuid" : "bfb42e74-6c7b-49b8-b172-e68abb7e5960"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6ea34765-1d33-4141-a4ec-7d96ad75657b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:10.000Z" ,
"modified" : "2018-11-23T09:13:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '926cc8a4981587eb55dd7152cf244401' AND file:hashes.SHA1 = 'cefc04e1b622c36e0d65bdad3191d9737921b082' AND file:hashes.SHA256 = '7dd3252bbe36caec6c9e4d263e48603a08b0aeca852a582c434dd899b9167e40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2e58aac3-5acb-45ed-9409-e4bc86c69962" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:11.000Z" ,
"modified" : "2018-11-23T09:13:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:40" ,
"category" : "Other" ,
"uuid" : "ef3938ba-7107-41d8-9cf2-b11ea9d4f6d2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7dd3252bbe36caec6c9e4d263e48603a08b0aeca852a582c434dd899b9167e40/analysis/1538690620/" ,
"category" : "External analysis" ,
"uuid" : "30763bb5-70b2-481b-a8f1-3d81c7103d29"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "15/60" ,
"category" : "Other" ,
"uuid" : "7a993d45-579e-4ba5-a591-f397a3da6bcd"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1626747a-0584-4978-97bd-445b51be7ec9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:12.000Z" ,
"modified" : "2018-11-23T09:13:12.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f9ee6f7f49f0b175f1ddea33a5eee401' AND file:hashes.SHA1 = 'd1a036c70f29e3d89d22cb630e57d2c510a72cf2' AND file:hashes.SHA256 = 'c6115fcc183b642820bb4ef43353b2a15d3b9c5d41dee833d45715a43e538246']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0c86b217-a577-4b07-9ea6-960642cfe0e1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:14.000Z" ,
"modified" : "2018-11-23T09:13:14.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:32" ,
"category" : "Other" ,
"uuid" : "8ce27327-dd55-4f65-8ca2-8c479dfe2f2f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c6115fcc183b642820bb4ef43353b2a15d3b9c5d41dee833d45715a43e538246/analysis/1538690492/" ,
"category" : "External analysis" ,
"uuid" : "07f95690-286e-49e0-a3c7-0b537de24067"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/59" ,
"category" : "Other" ,
"uuid" : "27c553dc-cad0-4d6e-847d-d58d99adad9c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2c4d2509-740b-4a02-a0a6-d491102926f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:15.000Z" ,
"modified" : "2018-11-23T09:13:15.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f64208cfe7233d7fda733b1f34762cff' AND file:hashes.SHA1 = '8139484ccbb67b133d6e608608f59945390dd3c7' AND file:hashes.SHA256 = '4cfb17b9b34703128d63aa0c57cef234469f64f1331dd6382d82b0d2f7768b1a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8020cfc1-e4d3-4068-9d05-2d5d0fa8cb07" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:17.000Z" ,
"modified" : "2018-11-23T09:13:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:37" ,
"category" : "Other" ,
"uuid" : "007fb078-5333-4503-a2a8-edd05458ee7c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4cfb17b9b34703128d63aa0c57cef234469f64f1331dd6382d82b0d2f7768b1a/analysis/1538690617/" ,
"category" : "External analysis" ,
"uuid" : "c0740138-3e52-44ea-ba49-2f8872fb704f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/59" ,
"category" : "Other" ,
"uuid" : "4ed0dcbd-1857-488d-8ce2-66749f5d1bb0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a836db08-ec9d-49ca-9d44-df76d3845d2a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:18.000Z" ,
"modified" : "2018-11-23T09:13:18.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a7b85c263611b66d93859ad25305c1c9' AND file:hashes.SHA1 = 'ba4bbce0576f227b1484fbdfa1eab632475dbf4f' AND file:hashes.SHA256 = '92346d628a862e7b8e18779331094f9bbca723f531d7f9cd87f6fef4d0d0b064']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7a4046c0-0255-4bd6-b2ea-a60a1da8f93d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:19.000Z" ,
"modified" : "2018-11-23T09:13:19.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:41" ,
"category" : "Other" ,
"uuid" : "4cbe4fc4-36f9-473a-b7e5-794a2954a03e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/92346d628a862e7b8e18779331094f9bbca723f531d7f9cd87f6fef4d0d0b064/analysis/1538690621/" ,
"category" : "External analysis" ,
"uuid" : "a15a67d0-78b8-4765-b264-0fd7facbe27f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/59" ,
"category" : "Other" ,
"uuid" : "b1f5087a-2c8b-4f9b-975b-164854e7849c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--75614a07-da01-4aaf-a183-787ad1ab1528" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:20.000Z" ,
"modified" : "2018-11-23T09:13:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '734d5bcc52ba2d7dc4c5d61b22ecfca1' AND file:hashes.SHA1 = 'ed845ccaf593419288f2e0f83b464e55caaed622' AND file:hashes.SHA256 = '44cf09f2ddc1157f085a84a57d34ec184582f6a8e94f40b033c754c699afe0f0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a2e7637e-8ea9-45ca-aa7f-5e68c829f863" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:22.000Z" ,
"modified" : "2018-11-23T09:13:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:36" ,
"category" : "Other" ,
"uuid" : "2fd639c1-5d55-4b0c-bedc-53dd7dfc12d7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/44cf09f2ddc1157f085a84a57d34ec184582f6a8e94f40b033c754c699afe0f0/analysis/1538690616/" ,
"category" : "External analysis" ,
"uuid" : "2833b63a-fc6a-4316-9025-dafe1ebce911"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "15/59" ,
"category" : "Other" ,
"uuid" : "9bbb5a3c-c854-4a1c-9e49-ad42c70a15f8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--267bd58d-04fc-493e-a072-784621128b22" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:23.000Z" ,
"modified" : "2018-11-23T09:13:23.000Z" ,
"pattern" : "[file:hashes.MD5 = '5e3f5d3f9bd5b3bfa65731d8d3184cd6' AND file:hashes.SHA1 = 'c22aeb9ca9e60d0c579549fa1430904dc453cfa8' AND file:hashes.SHA256 = 'cb0a1eda5d199f88dd2cd4ed464398f68c5999b825bdd101060938f1f5bac01f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1194d254-c086-47d9-b3fc-01058920c465" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:25.000Z" ,
"modified" : "2018-11-23T09:13:25.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:33" ,
"category" : "Other" ,
"uuid" : "af1e45f1-f510-4c66-9026-a774077d9537"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/cb0a1eda5d199f88dd2cd4ed464398f68c5999b825bdd101060938f1f5bac01f/analysis/1538690493/" ,
"category" : "External analysis" ,
"uuid" : "d4b2828e-8a6e-44a4-807c-8e814cd8c049"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/59" ,
"category" : "Other" ,
"uuid" : "01960bc9-278a-4b2c-9f64-0819bb57f8d0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f089d728-53cd-497d-9be0-9a7b92f5e079" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:26.000Z" ,
"modified" : "2018-11-23T09:13:26.000Z" ,
"pattern" : "[file:hashes.MD5 = '4f977db6063bcb43505f7da2437a2d67' AND file:hashes.SHA1 = '48539976e7400fca42a71a58910e584fed3ed60b' AND file:hashes.SHA256 = 'b78cdb90d9a945686d367419f439d44c1f868051b6ce16c2e1008082bee750c1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b0bfdec1-85cf-4cf2-a672-c0de92ecc0e8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:27.000Z" ,
"modified" : "2018-11-23T09:13:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:01:30" ,
"category" : "Other" ,
"uuid" : "0ee0ba12-86ad-49b5-96a6-fdc920845a81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b78cdb90d9a945686d367419f439d44c1f868051b6ce16c2e1008082bee750c1/analysis/1538690490/" ,
"category" : "External analysis" ,
"uuid" : "5f06a0e9-8fea-40c6-9af8-1544e96ec188"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/57" ,
"category" : "Other" ,
"uuid" : "3ff4fef5-48e2-4176-a0bb-69bd0c381063"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1db9d7bd-f7d1-4db5-9efd-f3f23707dbd0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:28.000Z" ,
"modified" : "2018-11-23T09:13:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '2bc23bb6f305c4da8c75bb92d3f0c1cb' AND file:hashes.SHA1 = '5c8dcc3eedb17fe796befd978ca39b535b4c5089' AND file:hashes.SHA256 = 'c8073d26fae3220e7e7d866d9e612506d25821efc36882ef90ef6a97268a78ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e8e14067-3d30-498e-8da8-34126bd0e997" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:29.000Z" ,
"modified" : "2018-11-23T09:13:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-22T06:40:34" ,
"category" : "Other" ,
"uuid" : "8cf5727f-d850-452e-8dd3-fee9566eb61c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c8073d26fae3220e7e7d866d9e612506d25821efc36882ef90ef6a97268a78ec/analysis/1542868834/" ,
"category" : "External analysis" ,
"uuid" : "25273bee-1ce8-4e15-b64c-b8f51d0ecfec"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/58" ,
"category" : "Other" ,
"uuid" : "7ebffdd3-ddbb-4193-981a-3f1181e0102a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--33c04ab5-2063-4b38-a3a9-63ec5dbb34a4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:31.000Z" ,
"modified" : "2018-11-23T09:13:31.000Z" ,
"pattern" : "[file:hashes.MD5 = '683c753dd3a7cb5fa5ff5fa3a0f5e5de' AND file:hashes.SHA1 = '362acc479033806ca0f8128e765205c791a0593f' AND file:hashes.SHA256 = '54cb7f331bb2feec0ac51be79366b17a1d8ecc0ecc8cbb9a08e58ee54f1049a9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--315dc26e-154d-406e-a88f-cd73f56ed8f0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:32.000Z" ,
"modified" : "2018-11-23T09:13:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:38" ,
"category" : "Other" ,
"uuid" : "25eb8b0a-e817-4823-941d-a5ff04c56dea"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/54cb7f331bb2feec0ac51be79366b17a1d8ecc0ecc8cbb9a08e58ee54f1049a9/analysis/1538690618/" ,
"category" : "External analysis" ,
"uuid" : "81a29f80-23d9-4c53-a6c3-b3f15524ef05"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/60" ,
"category" : "Other" ,
"uuid" : "d9a4034c-5e60-4208-9432-80b0c8303920"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0c7aaa35-6f9e-4364-954a-168f04952f51" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:33.000Z" ,
"modified" : "2018-11-23T09:13:33.000Z" ,
"pattern" : "[file:hashes.MD5 = '0059c514d28f0cf7c42669ed4d9a2510' AND file:hashes.SHA1 = '1f9d5043582a24114a4a97ac3e77a424d74af0c0' AND file:hashes.SHA256 = '01675c7ab0f4a5807ec4b04c03c5636d01ff0958c64e6a3792463f6ce16a7af7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--792f22a7-0ce5-4cfa-9187-88fb668071d4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:34.000Z" ,
"modified" : "2018-11-23T09:13:34.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-05T16:57:14" ,
"category" : "Other" ,
"uuid" : "7b6d01fb-e17d-4e1e-9189-f8de530ea0df"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/01675c7ab0f4a5807ec4b04c03c5636d01ff0958c64e6a3792463f6ce16a7af7/analysis/1538758634/" ,
"category" : "External analysis" ,
"uuid" : "5f7323ec-edf5-43cb-96c6-cc2b93eea39f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/69" ,
"category" : "Other" ,
"uuid" : "d302d76a-dffe-4ed2-b1e5-17c484d6c437"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9236e519-f50b-419a-8809-e3aeea5c6ca7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:36.000Z" ,
"modified" : "2018-11-23T09:13:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd2361e4684a00774eeac70196dbfc2a4' AND file:hashes.SHA1 = 'fedd21b12e4878d2de0c8aa592ead0d9af0019e9' AND file:hashes.SHA256 = '969a02e8eb029553784b46cc0577009118b79cdba13ccc0afae8ac3f32b2fd9a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-11-23T09:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2a31be24-48c6-4a58-a57d-db912afab36f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-11-23T09:13:37.000Z" ,
"modified" : "2018-11-23T09:13:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T22:03:42" ,
"category" : "Other" ,
"uuid" : "5d18618c-8772-4697-8ec9-f4a29952e16b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/969a02e8eb029553784b46cc0577009118b79cdba13ccc0afae8ac3f32b2fd9a/analysis/1538690622/" ,
"category" : "External analysis" ,
"uuid" : "f31fc33e-12cf-4395-9a80-5e4a126a78f5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/59" ,
"category" : "Other" ,
"uuid" : "7d632373-ebf0-4f16-87f2-2b3f08916a60"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
}
]
}