3062 lines
133 KiB
JSON
3062 lines
133 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5b9663f7-91d0-4bcb-ad23-4637950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-28T08:53:34.000Z",
|
||
|
"modified": "2018-10-28T08:53:34.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5b9663f7-91d0-4bcb-ad23-4637950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-28T08:53:34.000Z",
|
||
|
"modified": "2018-10-28T08:53:34.000Z",
|
||
|
"name": "OSINT - Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware",
|
||
|
"published": "2018-10-28T08:53:43Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5b96649e-2314-474a-96bd-858d950d210f",
|
||
|
"url--5b96649e-2314-474a-96bd-858d950d210f",
|
||
|
"x-misp-attribute--5b9664b3-9980-4b37-9f56-99a4950d210f",
|
||
|
"indicator--5b966857-de5c-4ddb-9b8c-99a4950d210f",
|
||
|
"indicator--5b966c5a-4768-461c-a422-a34b950d210f",
|
||
|
"indicator--5b966c5b-1e0c-4abf-beeb-a34b950d210f",
|
||
|
"indicator--5b967158-7fb0-4856-9123-a477950d210f",
|
||
|
"indicator--5b98bbfe-1f24-4ff0-9b33-4067950d210f",
|
||
|
"indicator--5b98bbff-91d8-46da-854c-4a26950d210f",
|
||
|
"indicator--5b98bdb9-6514-4d8b-983a-4bd9950d210f",
|
||
|
"indicator--5b98bdba-799c-4fb2-bdca-438e950d210f",
|
||
|
"indicator--5b98bdbc-b660-4a38-9d7c-4b92950d210f",
|
||
|
"indicator--5b98e111-e9c0-488c-8ff4-498b950d210f",
|
||
|
"indicator--5b966633-230c-4174-a51a-9912950d210f",
|
||
|
"indicator--5b96679f-07a4-49fe-8dab-4495950d210f",
|
||
|
"indicator--5b966b29-cc24-4d8d-a919-99a4950d210f",
|
||
|
"indicator--5b966b9e-1e20-4d8e-9e02-a422950d210f",
|
||
|
"indicator--5b966ca1-2098-4ccd-818b-49c6950d210f",
|
||
|
"indicator--5b966cb0-69f8-4435-b4f5-a477950d210f",
|
||
|
"indicator--5b9670b8-4d88-4e12-aff3-46a7950d210f",
|
||
|
"indicator--5b9674b5-4f80-49aa-ba91-8587950d210f",
|
||
|
"indicator--5b967f86-6cfc-4a34-8522-47f3950d210f",
|
||
|
"indicator--5b9680de-a334-4851-a9be-858c950d210f",
|
||
|
"indicator--5b968143-db18-4e15-a2f0-44a9950d210f",
|
||
|
"indicator--5b98b7fd-ba60-4f26-90a2-4b32950d210f",
|
||
|
"indicator--5b98ba45-5eb0-416b-8101-42ef950d210f",
|
||
|
"indicator--5b98c28b-24d0-4b15-a1e5-4d5d950d210f",
|
||
|
"indicator--5b98c2a4-55cc-4ecc-83fc-48fa950d210f",
|
||
|
"indicator--5b98c3dc-c378-4522-800d-4872950d210f",
|
||
|
"indicator--5b98c3ef-b65c-4ef4-8b76-4448950d210f",
|
||
|
"indicator--5b98c401-2e34-4bd7-9406-4d2f950d210f",
|
||
|
"indicator--5b98c418-7888-4270-b483-4535950d210f",
|
||
|
"indicator--5b98d098-3ea8-4ff4-85d5-4211950d210f",
|
||
|
"indicator--5b98d0a6-74ac-4a2d-98de-409c950d210f",
|
||
|
"indicator--5b98d0b5-b6dc-4660-bafe-4aa5950d210f",
|
||
|
"indicator--5b98d0c5-f770-4581-a60b-4ecc950d210f",
|
||
|
"indicator--5b98dff1-19c4-4d4f-91f2-43c5950d210f",
|
||
|
"indicator--5b98e001-5c08-4f9d-8437-4ef4950d210f",
|
||
|
"indicator--5b98e014-abb8-4992-b683-45a6950d210f",
|
||
|
"indicator--17d52801-1094-4116-b67c-dfb490155e28",
|
||
|
"x-misp-object--13cba369-4873-4943-8ded-6654aaed90c2",
|
||
|
"indicator--11e52a0b-8d2f-4a6f-bd20-3b4684fd8128",
|
||
|
"x-misp-object--d2e92430-9479-40d6-be24-4582dd48ee4d",
|
||
|
"indicator--82c7687e-77c9-40d4-8376-65d990499d0f",
|
||
|
"x-misp-object--21573cf4-87c4-4e76-b2cf-4157da90ec01",
|
||
|
"indicator--223d5132-bb63-4f57-b876-78c72c13bd26",
|
||
|
"x-misp-object--575e6f18-7fb4-434c-be2a-ab4fdd9988d0",
|
||
|
"indicator--01eca65b-dc2d-4189-8013-8f0ab30ace16",
|
||
|
"x-misp-object--a3e7ff3e-4df2-4768-b183-d2c502ae4530",
|
||
|
"indicator--ee7fba01-3865-424d-a733-a98273164182",
|
||
|
"x-misp-object--a1712e26-1ee5-43e7-9d94-9df09b5bfd10",
|
||
|
"indicator--f0696971-99bc-4ec5-aaba-f572bb17c799",
|
||
|
"x-misp-object--e4b1b3cd-b5b1-475f-9221-1474cccf1a35",
|
||
|
"indicator--90b8ac49-be68-43a2-bd33-1f7d31416fd1",
|
||
|
"x-misp-object--6acc54c0-0a33-4e71-9f4a-6df54ce4acf7",
|
||
|
"indicator--35c13dd8-251d-4a34-be6d-1fb24666df9d",
|
||
|
"x-misp-object--ddb5f005-3e5e-40d7-930a-6d8e22f52e8c",
|
||
|
"indicator--ee3c16a6-e83e-41f5-8bb9-1b673c6f4631",
|
||
|
"x-misp-object--eba43f45-c2b4-4db8-9c0e-1db78ac1723b",
|
||
|
"indicator--3a6d0b08-b37c-4a3b-b5e5-bc468b9e3f29",
|
||
|
"x-misp-object--8d116c31-9689-40a3-bde1-a71d4eb05147",
|
||
|
"indicator--a4a77d79-a1cb-4813-9814-32aa83625427",
|
||
|
"x-misp-object--7b382898-bd12-421e-9a5c-80a51d64e9ba",
|
||
|
"indicator--72f8726d-7521-4b8a-bf1d-65decf2f9ca0",
|
||
|
"x-misp-object--838d564e-8276-45f3-9e49-c0abd287ea4d",
|
||
|
"indicator--0eae6d47-696e-4503-af17-c9883dcc57a5",
|
||
|
"x-misp-object--ea64b90b-6673-4998-9f90-f6fbc3041c6c",
|
||
|
"indicator--ec05b2e1-413c-4bde-9999-e0efbf661643",
|
||
|
"x-misp-object--f0ac4378-f39e-49b7-93e3-8c5f41578733",
|
||
|
"indicator--41b36758-3651-4382-aba5-33202b135de2",
|
||
|
"x-misp-object--aa249112-7421-48ef-aced-34a5e1cdff34",
|
||
|
"indicator--0ad45ff4-96d7-40c5-8287-2b9405931e06",
|
||
|
"x-misp-object--8bcf6c80-a4fc-42b4-a551-d67747c5fcf3",
|
||
|
"indicator--73eeed1a-3e38-4d43-9e43-3fd2a140882a",
|
||
|
"x-misp-object--2ba1e0da-4d99-42ff-998e-183353fd98b3",
|
||
|
"indicator--560fd814-5524-484c-a8a5-a243cad76780",
|
||
|
"x-misp-object--62ab9f1b-fda8-43f3-9501-48006d175686",
|
||
|
"indicator--6dbac290-a64e-449e-99d3-f6fde4774b0a",
|
||
|
"x-misp-object--e33cba87-573e-4649-bb3e-28409afafd5e",
|
||
|
"indicator--f9fd2ead-4e36-4938-93bd-e45d32ada0d7",
|
||
|
"x-misp-object--9727dbb6-a8b8-41df-883a-0792bf695df6",
|
||
|
"x-misp-object--5df1a9a1-e8d3-4b8f-af17-a212d7d13c6c",
|
||
|
"x-misp-object--8e7e9a50-4555-4d2e-ad70-c875e120f280",
|
||
|
"x-misp-object--37f4c1cb-984c-427a-bad7-74753a1c5b68",
|
||
|
"x-misp-object--91867296-98cb-4195-927e-ec2f07837c44",
|
||
|
"x-misp-object--da01dcf1-22db-48e5-88d7-67bdb76d5a65",
|
||
|
"x-misp-object--523c58ae-4fb4-4289-8541-835a177c3825",
|
||
|
"x-misp-object--f4627b38-7e54-444f-8e64-d4c1414ff41a",
|
||
|
"x-misp-object--d7a3431d-c624-464c-8849-e5530e5cb087",
|
||
|
"x-misp-object--5a415b19-6671-44dc-86d4-8006edbd73f2",
|
||
|
"x-misp-object--0a95b23d-be04-48fc-8696-45f1e5c20802",
|
||
|
"x-misp-object--57cce45d-bd28-466d-aed2-aae7e6e5d7f9",
|
||
|
"x-misp-object--6c4f65aa-d78c-4cb5-bf8e-a9eb28bc2979",
|
||
|
"x-misp-object--1a9bebf7-05fe-42e0-8b64-56a506005c3d",
|
||
|
"x-misp-object--3a1b28e1-1814-493b-b6dd-dc1122647ad4",
|
||
|
"x-misp-object--be039ea8-ee2e-41d4-b0b0-f5bec7b30ba0",
|
||
|
"x-misp-object--6f6d7954-c7b2-48e1-bc03-9397978a8249",
|
||
|
"x-misp-object--8f12f6da-6b48-4f90-93f1-482eeda63605",
|
||
|
"x-misp-object--7701a378-4acd-4cc2-b8af-9477b79fb4ed",
|
||
|
"x-misp-object--c211aec8-756e-4d1e-8e32-05644b06bfb9",
|
||
|
"x-misp-object--a6d9f960-39af-4cc8-ae32-3d92846eb8b0",
|
||
|
"x-misp-object--d6cf1798-bd22-499b-a0b7-0e9457214789"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:threat-actor=\"Lazarus Group\"",
|
||
|
"misp-galaxy:rat=\"FALLCHILL\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Local System - T1005\"",
|
||
|
"circl:incident-classification=\"malware\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b96649e-2314-474a-96bd-858d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-10T12:34:16.000Z",
|
||
|
"modified": "2018-09-10T12:34:16.000Z",
|
||
|
"first_observed": "2018-09-10T12:34:16Z",
|
||
|
"last_observed": "2018-09-10T12:34:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5b96649e-2314-474a-96bd-858d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5b96649e-2314-474a-96bd-858d950d210f",
|
||
|
"value": "https://securelist.com/operation-applejeus/87553/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5b9664b3-9980-4b37-9f56-99a4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-10T12:34:07.000Z",
|
||
|
"modified": "2018-09-10T12:34:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cybersabotage, the attacker has been targeting banks and other financial companies around the globe. Over the last few months, Lazarus has successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies.\r\n\r\nKaspersky Lab has been assisting with incident response efforts. While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email. It turned out that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill, an old tool that Lazarus has recently switched back to. There have been multiple reports on the reappearance of Fallchill, including one from US-CERT.\r\n\r\nTo ensure that the OS platform was not an obstacle to infecting targets, it seems the attackers went the extra mile and developed malware for other platforms, including for macOS. A version for Linux is apparently coming soon, according to the website. It\u00e2\u20ac\u2122s probably the first time we see this APT group using malware for macOS.\r\n\r\nThe fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966857-de5c-4ddb-9b8c-99a4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-10T12:49:27.000Z",
|
||
|
"modified": "2018-09-10T12:49:27.000Z",
|
||
|
"pattern": "[url:value = 'www.celasllc.com/checkupdate.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-10T12:49:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966c5a-4768-461c-a422-a34b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-10T13:06:34.000Z",
|
||
|
"modified": "2018-09-10T13:06:34.000Z",
|
||
|
"pattern": "[file:name = 'H:\\\\DEV\\\\TManager\\\\DLoader\\\\20180702\\\\dloader\\\\WorkingDir\\\\Output\\\\00000009\\\\Release\\\\dloader.pdb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-10T13:06:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966c5b-1e0c-4abf-beeb-a34b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-10T13:06:35.000Z",
|
||
|
"modified": "2018-09-10T13:06:35.000Z",
|
||
|
"pattern": "[file:name = 'H:\\\\DEV\\\\TManager\\\\DLoader\\\\20180702\\\\dloader\\\\WorkingDir\\\\Output\\\\00000006\\\\Release\\\\dloader.pdb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-10T13:06:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b967158-7fb0-4856-9123-a477950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-10T13:27:52.000Z",
|
||
|
"modified": "2018-09-10T13:27:52.000Z",
|
||
|
"pattern": "[url:value = 'https://www.celasllc.com/checkupdate.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-10T13:27:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98bbfe-1f24-4ff0-9b33-4067950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T07:10:54.000Z",
|
||
|
"modified": "2018-09-12T07:10:54.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.38.48.121']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T07:10:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98bbff-91d8-46da-854c-4a26950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T07:10:55.000Z",
|
||
|
"modified": "2018-09-12T07:10:55.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.142.236.226']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T07:10:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98bdb9-6514-4d8b-983a-4bd9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T07:18:17.000Z",
|
||
|
"modified": "2018-09-12T07:18:17.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.142.236.213']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T07:18:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98bdba-799c-4fb2-bdca-438e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T07:18:18.000Z",
|
||
|
"modified": "2018-09-12T07:18:18.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.82.64.91']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T07:18:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98bdbc-b660-4a38-9d7c-4b92950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T07:18:20.000Z",
|
||
|
"modified": "2018-09-12T07:18:20.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.142.239.173']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T07:18:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98e111-e9c0-488c-8ff4-498b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T09:49:05.000Z",
|
||
|
"modified": "2018-09-12T09:49:05.000Z",
|
||
|
"pattern": "[file:name = 'H:\\\\DEV\\\\TManager\\\\all_BOSS_troy\\\\T_4.2\\\\T_4.2\\\\Server_\\\\x64\\\\Release\\\\ServerDll.pdb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T09:49:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966633-230c-4174-a51a-9912950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"description": "MSI installer",
|
||
|
"pattern": "[file:hashes.MD5 = '9e740241ca2acdc79f30ad2c3f50990a' AND file:name = 'celastradepro_win_installer_1.00.00.msi' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b96679f-07a4-49fe-8dab-4495950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"description": "PE32 executable (GUI) Intel 80386, for MS Windows",
|
||
|
"pattern": "[file:hashes.MD5 = 'b054a7382adf6b774b15f52d971f3799' AND file:name = 'Updater.exe' AND file:parent_directory_ref.path = '\\\\%Program Files\\\\%\\\\CelasTradePro\\\\' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966b29-cc24-4d8d-a919-99a4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '4126e1f34cf282c354e17587bb6e8da3' AND file:name = 'celastradepro_win_installer_1.00.00.msi' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966b9e-1e20-4d8e-9e02-a422950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'ffae703a1e327380d85880b9037a0aeb' AND file:name = 'Updater.exe' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966ca1-2098-4ccd-818b-49c6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '0bdb652bbe15942e866083f29fb6dd62' AND file:name = 'CelasTradePro-Installer.msi' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b966cb0-69f8-4435-b4f5-a477950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'bbbcf6da5a4c352e8846bf91c3358d5c' AND file:name = 'Updater.exe' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b9670b8-4d88-4e12-aff3-46a7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '48ded52752de9f9b73c6bf9ae81cb429' AND file:name = 'celastradepro_mac_installer_1.00.00.dmg' AND file:size = '15020544' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b9674b5-4f80-49aa-ba91-8587950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T10:02:39.000Z",
|
||
|
"modified": "2018-09-12T10:02:39.000Z",
|
||
|
"description": "PE32+ executable (GUI) x86-64, for MS Windows",
|
||
|
"pattern": "[file:hashes.MD5 = '0a15a33844c9df11f12a4889ae7b7e4b' AND file:name = 'msn.exe' AND file:size = '104898560' AND file:parent_directory_ref.path = 'C:\\\\Recovery\\\\' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T10:02:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b967f86-6cfc-4a34-8522-47f3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-10T14:28:22.000Z",
|
||
|
"modified": "2018-09-10T14:28:22.000Z",
|
||
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\netsvcs' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'netsvcs' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-10T14:28:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"registry-key\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b9680de-a334-4851-a9be-858c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T10:03:05.000Z",
|
||
|
"modified": "2018-09-12T10:03:05.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e1ed584a672cab33af29114576ad6cce' AND file:name = 'uploadmgrsvc.dll' AND file:size = '104878356' AND file:parent_directory_ref.path = '\\\\%WINDIR\\\\%\\\\system32\\\\' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T10:03:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b968143-db18-4e15-a2f0-44a9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T10:15:58.000Z",
|
||
|
"modified": "2018-09-12T10:15:58.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd8484469587756ce0d10a09027044808' AND file:name = 'uploadmgr.dat' AND file:size = '143872' AND file:parent_directory_ref.path = '\\\\%WINDIR\\\\%\\\\system32\\\\' AND file:x_misp_state = 'Malicious' AND file:x_misp_fullpath = '\\\\%WINDIR\\\\%\\\\system32\\\\uploadmgr.dat']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T10:15:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98b7fd-ba60-4f26-90a2-4b32950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"description": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
|
||
|
"pattern": "[file:hashes.MD5 = 'd7089e6bc8bd137a7241a7ad297f975d' AND file:size = '143872' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98ba45-5eb0-416b-8101-42ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-12T07:03:33.000Z",
|
||
|
"modified": "2018-09-12T07:03:33.000Z",
|
||
|
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\TaskConfigs\\\\Description' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-12T07:03:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"registry-key\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98c28b-24d0-4b15-a1e5-4d5d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '81c3a3c5a0129477b59397173fdc0b01' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98c2a4-55cc-4ecc-83fc-48fa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:25.000Z",
|
||
|
"modified": "2018-10-26T13:59:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6cb34af551b3fb63df6c9b86900cf044' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98c3dc-c378-4522-800d-4872950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:27.000Z",
|
||
|
"modified": "2018-10-26T13:59:27.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '21694c8db6234df74102e8b5994b7627' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98c3ef-b65c-4ef4-8b76-4448950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:31.000Z",
|
||
|
"modified": "2018-10-26T13:59:31.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '5ad7d35f0617595f26d565a3b7ebc6d0' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98c401-2e34-4bd7-9406-4d2f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c501ea6c56ba9133c3c26a7d5ed4ce49' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98c418-7888-4270-b483-4535950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cafda7b3e9a4f86d4bd005075040a712' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98d098-3ea8-4ff4-85d5-4211950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cea1a63656fb199dd5ab90528188e87c' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98d0a6-74ac-4a2d-98de-409c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6b061267c7ddeb160368128a933d38be' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98d0b5-b6dc-4660-bafe-4aa5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '56f5088f488e50999ee6cced1f5dd6aa' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98d0c5-f770-4581-a60b-4ecc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cd6796f324ecb7cf34bc9bc38ce4e649' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98dff1-19c4-4d4f-91f2-43c5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '94dfcabd8ba5ca94828cd5a88d6ed488' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98e001-5c08-4f9d-8437-4ef4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '14b6d24873f19332701177208f85e776' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b98e014-abb8-4992-b683-45a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:35.000Z",
|
||
|
"modified": "2018-10-26T13:59:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'abec84286df80704b823e698199d89f7' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:59:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--17d52801-1094-4116-b67c-dfb490155e28",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:35:32.000Z",
|
||
|
"modified": "2018-10-26T13:35:32.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '81c3a3c5a0129477b59397173fdc0b01' AND file:hashes.SHA1 = '5feee99bd64af03698a2cdd3d0d445838bb0fc96' AND file:hashes.SHA256 = '8ae766795cda6336fd5cad9e89199ea2a1939a35e03eb0e54c503b1029d870c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:35:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--13cba369-4873-4943-8ded-6654aaed90c2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:35:45.000Z",
|
||
|
"modified": "2018-10-26T13:35:45.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-04T11:17:30",
|
||
|
"category": "Other",
|
||
|
"uuid": "752d80cb-67e2-4fa1-823d-91b32168a2b9"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/8ae766795cda6336fd5cad9e89199ea2a1939a35e03eb0e54c503b1029d870c4/analysis/1536059850/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "1d357c9e-0297-43ae-8b19-a9f42fe246b3"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "2be7e87c-fe5f-4ba0-b75c-d012566c7176"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--11e52a0b-8d2f-4a6f-bd20-3b4684fd8128",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:35:46.000Z",
|
||
|
"modified": "2018-10-26T13:35:46.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '21694c8db6234df74102e8b5994b7627' AND file:hashes.SHA1 = '4d92b56cac6a02e70adbd16a9d1121c918f0c257' AND file:hashes.SHA256 = '1b8d3e69fc214cb7a08bef3c00124717f4b4d7fd6be65f2829e9fd337fc7c03c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:35:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d2e92430-9479-40d6-be24-4582dd48ee4d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:35:50.000Z",
|
||
|
"modified": "2018-10-26T13:35:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-03T14:59:04",
|
||
|
"category": "Other",
|
||
|
"uuid": "a0f4121e-298f-4348-8181-edb579baf2d5"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/1b8d3e69fc214cb7a08bef3c00124717f4b4d7fd6be65f2829e9fd337fc7c03c/analysis/1535986744/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "084105c0-bc7f-4ef8-ad81-e230549ea1c3"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "46/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "6f09c496-a236-4232-89b2-9ef988d2af40"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--82c7687e-77c9-40d4-8376-65d990499d0f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:35:55.000Z",
|
||
|
"modified": "2018-10-26T13:35:55.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6cb34af551b3fb63df6c9b86900cf044' AND file:hashes.SHA1 = 'a09658ce5642f9bedf2e737d8da81d7ffc232c14' AND file:hashes.SHA256 = 'ef400d73c6920ac811af401259e376458b498eb0084631386136747dfc3dcfa8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:35:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--21573cf4-87c4-4e76-b2cf-4157da90ec01",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:06.000Z",
|
||
|
"modified": "2018-10-26T13:36:06.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-26T04:00:32",
|
||
|
"category": "Other",
|
||
|
"uuid": "f4336359-8225-4866-ab24-39432f3997d0"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/ef400d73c6920ac811af401259e376458b498eb0084631386136747dfc3dcfa8/analysis/1535256032/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "e684dd3b-fb0c-44fd-8d6f-5f4535fb8592"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "42/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "8c17f298-4244-4502-8736-4835f77bd594"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--223d5132-bb63-4f57-b876-78c72c13bd26",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:10.000Z",
|
||
|
"modified": "2018-10-26T13:36:10.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd7089e6bc8bd137a7241a7ad297f975d' AND file:hashes.SHA1 = '15062b26d9dd1cf7b0cdf167f4b37cb632ddbd41' AND file:hashes.SHA256 = '08012e68f4f84bba8b74690c379cb0b1431cdcadc9ed076ff068de289e0f6774']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--575e6f18-7fb4-434c-be2a-ab4fdd9988d0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:12.000Z",
|
||
|
"modified": "2018-10-26T13:36:12.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-16T11:13:35",
|
||
|
"category": "Other",
|
||
|
"uuid": "ab44a74f-496b-4521-8dd3-b5fbab358e91"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/08012e68f4f84bba8b74690c379cb0b1431cdcadc9ed076ff068de289e0f6774/analysis/1539688415/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "a727d8bf-99ff-46e7-a383-a640eff7f507"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "72be75bc-a4e8-44d0-947c-19a9591956e6"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--01eca65b-dc2d-4189-8013-8f0ab30ace16",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:13.000Z",
|
||
|
"modified": "2018-10-26T13:36:13.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6b061267c7ddeb160368128a933d38be' AND file:hashes.SHA1 = 'e90cd55d544a097306b61af8af7f73c524e00ad2' AND file:hashes.SHA256 = 'ca70aa2f89bee0c22ebc18bd5569e542f09d3c4a060b094ec6abeeeb4768a143']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a3e7ff3e-4df2-4768-b183-d2c502ae4530",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:14.000Z",
|
||
|
"modified": "2018-10-26T13:36:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-19T00:13:43",
|
||
|
"category": "Other",
|
||
|
"uuid": "3e97bd2d-9dee-4125-96c4-7890d7e0727a"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/ca70aa2f89bee0c22ebc18bd5569e542f09d3c4a060b094ec6abeeeb4768a143/analysis/1539908023/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "c187d08a-f5bb-4002-902b-0f2398242834"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "47/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "8e1ed7bf-51d1-46a2-b926-b49f752750dc"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ee7fba01-3865-424d-a733-a98273164182",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:15.000Z",
|
||
|
"modified": "2018-10-26T13:36:15.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '4126e1f34cf282c354e17587bb6e8da3' AND file:hashes.SHA1 = '258537df5611d9cbf3f8f3f6ea703f35e0e47dfa' AND file:hashes.SHA256 = '6829b51523f69bd0ea6ebc6157e989d269661567f3e62d92ae26d71e6abf6652']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a1712e26-1ee5-43e7-9d94-9df09b5bfd10",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:17.000Z",
|
||
|
"modified": "2018-10-26T13:36:17.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T06:43:05",
|
||
|
"category": "Other",
|
||
|
"uuid": "20064d90-ba50-48ee-9971-4bf65970e567"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6829b51523f69bd0ea6ebc6157e989d269661567f3e62d92ae26d71e6abf6652/analysis/1536216185/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "a7a61b84-2bbe-4353-9412-49328ba6a605"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "32/57",
|
||
|
"category": "Other",
|
||
|
"uuid": "20cf9fe2-0ff7-414e-bf76-f31544edce38"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f0696971-99bc-4ec5-aaba-f572bb17c799",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:18.000Z",
|
||
|
"modified": "2018-10-26T13:36:18.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '48ded52752de9f9b73c6bf9ae81cb429' AND file:hashes.SHA1 = '1e8a2f1f751e5a9931bca5710b4f304798d665dc' AND file:hashes.SHA256 = 'd404c0a634cef0d32029286fde8efccb6dfe1809066bbec7ac32d42c5ce3bc04']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e4b1b3cd-b5b1-475f-9221-1474cccf1a35",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:20.000Z",
|
||
|
"modified": "2018-10-26T13:36:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-08T18:26:16",
|
||
|
"category": "Other",
|
||
|
"uuid": "b54f8705-6f12-4fd2-9321-82a366fcff09"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d404c0a634cef0d32029286fde8efccb6dfe1809066bbec7ac32d42c5ce3bc04/analysis/1539023176/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "08868482-ce1b-409f-a45f-55c92b6afe77"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "20/57",
|
||
|
"category": "Other",
|
||
|
"uuid": "28cee124-4582-4776-a40e-55c9019c9ae2"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--90b8ac49-be68-43a2-bd33-1f7d31416fd1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:21.000Z",
|
||
|
"modified": "2018-10-26T13:36:21.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '94dfcabd8ba5ca94828cd5a88d6ed488' AND file:hashes.SHA1 = '999513f13fb9cea5d6321631a10a8fbf741a107a' AND file:hashes.SHA256 = 'efa6c2894896343e55337231989d46c665f84930ce99fa5a259f398e62d211f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--6acc54c0-0a33-4e71-9f4a-6df54ce4acf7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:26.000Z",
|
||
|
"modified": "2018-10-26T13:36:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T07:43:27",
|
||
|
"category": "Other",
|
||
|
"uuid": "97fd63ab-ac19-471e-9e9a-58fee7fb6bbe"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/efa6c2894896343e55337231989d46c665f84930ce99fa5a259f398e62d211f4/analysis/1536219807/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "1db2d103-d671-40d8-86e4-256e7eef4a25"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "8f03f425-662e-46a5-95f1-6fd5d9f428be"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--35c13dd8-251d-4a34-be6d-1fb24666df9d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:35.000Z",
|
||
|
"modified": "2018-10-26T13:36:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'abec84286df80704b823e698199d89f7' AND file:hashes.SHA1 = 'f1203cf53b0ea0edaac0db04c88f6714274d284e' AND file:hashes.SHA256 = 'e4226e9f6faaafaafca5f572770eeffa1512c496aa9ed63977729a01513d27a9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--ddb5f005-3e5e-40d7-930a-6d8e22f52e8c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:36.000Z",
|
||
|
"modified": "2018-10-26T13:36:36.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T09:44:02",
|
||
|
"category": "Other",
|
||
|
"uuid": "af4c19b9-5463-4e7d-9500-add188cdb784"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/e4226e9f6faaafaafca5f572770eeffa1512c496aa9ed63977729a01513d27a9/analysis/1536227042/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "6fb8e323-24f6-467d-971c-8b9ce5e131fe"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "37/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "f76c77d5-7899-4549-be03-5305d421b3dd"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ee3c16a6-e83e-41f5-8bb9-1b673c6f4631",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:43.000Z",
|
||
|
"modified": "2018-10-26T13:36:43.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'bbbcf6da5a4c352e8846bf91c3358d5c' AND file:hashes.SHA1 = '313aca049a83c362066cd130d6263af1bcd43565' AND file:hashes.SHA256 = 'e2199fc4e4b31f7e4c61f6d9038577633ed6ad787718ed7c39b36f316f38befd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--eba43f45-c2b4-4db8-9c0e-1db78ac1723b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:44.000Z",
|
||
|
"modified": "2018-10-26T13:36:44.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-27T12:36:49",
|
||
|
"category": "Other",
|
||
|
"uuid": "e671e7a4-08b2-46bd-8fcf-e4a714d4b85f"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/e2199fc4e4b31f7e4c61f6d9038577633ed6ad787718ed7c39b36f316f38befd/analysis/1535373409/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "c7b043b4-b952-4f76-ad03-5d4c2d185601"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "37/68",
|
||
|
"category": "Other",
|
||
|
"uuid": "e8da068d-c424-416b-9205-6e6ebdb2049f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3a6d0b08-b37c-4a3b-b5e5-bc468b9e3f29",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:50.000Z",
|
||
|
"modified": "2018-10-26T13:36:50.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '5ad7d35f0617595f26d565a3b7ebc6d0' AND file:hashes.SHA1 = 'cadb4e5fcc1338938808de8877e738243394ba96' AND file:hashes.SHA256 = 'd3ef262bae0beb5d35841d131b3f89a9b71a941a86dab1913bda72b935744d2e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8d116c31-9689-40a3-bde1-a71d4eb05147",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:51.000Z",
|
||
|
"modified": "2018-10-26T13:36:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-23T18:34:15",
|
||
|
"category": "Other",
|
||
|
"uuid": "96484e92-5cb7-4eb1-8e41-cfcdd2431dab"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d3ef262bae0beb5d35841d131b3f89a9b71a941a86dab1913bda72b935744d2e/analysis/1535049255/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "1ac193d1-590f-4700-a929-791acf815f56"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "31/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "f87dcded-5fff-45ab-b4f5-904ef082223d"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a4a77d79-a1cb-4813-9814-32aa83625427",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:36:52.000Z",
|
||
|
"modified": "2018-10-26T13:36:52.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'ffae703a1e327380d85880b9037a0aeb' AND file:hashes.SHA1 = 'd48a81613b3c0186d563744e79d28c05df49c480' AND file:hashes.SHA256 = 'd555dcb6da4a6b87e256ef75c0150780b8a343c4a1e09935b0647f01d974d94d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:36:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--7b382898-bd12-421e-9a5c-80a51d64e9ba",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:04.000Z",
|
||
|
"modified": "2018-10-26T13:37:04.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T12:44:42",
|
||
|
"category": "Other",
|
||
|
"uuid": "730b0105-441f-401a-9f43-2c50f5f163aa"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d555dcb6da4a6b87e256ef75c0150780b8a343c4a1e09935b0647f01d974d94d/analysis/1536237882/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "265fe10f-0597-445e-aba4-fe7cd20e8ed0"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "47/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "891aadde-5215-45ea-9efc-0d7f8de872f8"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--72f8726d-7521-4b8a-bf1d-65decf2f9ca0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:12.000Z",
|
||
|
"modified": "2018-10-26T13:37:12.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cafda7b3e9a4f86d4bd005075040a712' AND file:hashes.SHA1 = '2707b7d9becb01d81b1b8e2a8858447ddbe6769c' AND file:hashes.SHA256 = '7c61fc881b84a60c84876f9d6ff74003349345694f3b7f0b08059687b5e6b846']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:37:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--838d564e-8276-45f3-9e49-c0abd287ea4d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:14.000Z",
|
||
|
"modified": "2018-10-26T13:37:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-23T18:57:46",
|
||
|
"category": "Other",
|
||
|
"uuid": "484c625a-631c-4f2d-b8ce-0ccf162d5914"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/7c61fc881b84a60c84876f9d6ff74003349345694f3b7f0b08059687b5e6b846/analysis/1535050666/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "50889588-65e3-49fb-a392-9a1382044353"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "42/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "65f9731e-51e2-4965-8e03-dc4a9b9be0bf"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0eae6d47-696e-4503-af17-c9883dcc57a5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:15.000Z",
|
||
|
"modified": "2018-10-26T13:37:15.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cd6796f324ecb7cf34bc9bc38ce4e649' AND file:hashes.SHA1 = '1abd0583b4ef0de8bbb29073aca8e1340c055ef3' AND file:hashes.SHA256 = '0b6056e7ce278fb31bf644ef41e9532009e5dfbc33849b29f59c77ec993a8f46']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:37:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--ea64b90b-6673-4998-9f90-f6fbc3041c6c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:25.000Z",
|
||
|
"modified": "2018-10-26T13:37:25.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-07T05:25:48",
|
||
|
"category": "Other",
|
||
|
"uuid": "52bd2cbe-562b-4ce0-bd06-456e66858d39"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/0b6056e7ce278fb31bf644ef41e9532009e5dfbc33849b29f59c77ec993a8f46/analysis/1536297948/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "a03e21f8-6a20-488e-a8a4-d8189b8d8832"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "40/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "3e097a55-b461-465c-aba1-f5b5d68597fc"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ec05b2e1-413c-4bde-9999-e0efbf661643",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:27.000Z",
|
||
|
"modified": "2018-10-26T13:37:27.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '0bdb652bbe15942e866083f29fb6dd62' AND file:hashes.SHA1 = '5ff9cbaec255fffdf119b24e007af777d71534ab' AND file:hashes.SHA256 = '4f9a8e4f807b52f941213b0d55990a317b6466484847f51effc73a2180cf8eaf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:37:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f0ac4378-f39e-49b7-93e3-8c5f41578733",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:28.000Z",
|
||
|
"modified": "2018-10-26T13:37:28.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-12T04:31:19",
|
||
|
"category": "Other",
|
||
|
"uuid": "75dc98c9-24d0-4e52-810a-6e1436b4ac4a"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/4f9a8e4f807b52f941213b0d55990a317b6466484847f51effc73a2180cf8eaf/analysis/1539318679/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "ffc1f07c-16c2-4ce9-8738-d504bfceec94"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "32/58",
|
||
|
"category": "Other",
|
||
|
"uuid": "a9a389c3-8a25-4753-b3df-9775e6d095a3"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--41b36758-3651-4382-aba5-33202b135de2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:35.000Z",
|
||
|
"modified": "2018-10-26T13:37:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '14b6d24873f19332701177208f85e776' AND file:hashes.SHA1 = '8596dc6dee6089318ab1d97f1dacd1f2cf36d1ab' AND file:hashes.SHA256 = '7f000893320d77e012686e20e1212e297408d5684335f7f24e40889401e24dff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:37:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--aa249112-7421-48ef-aced-34a5e1cdff34",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:37.000Z",
|
||
|
"modified": "2018-10-26T13:37:37.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-03T00:38:46",
|
||
|
"category": "Other",
|
||
|
"uuid": "f659c736-91ab-4c93-bfef-ee7ddfd719c5"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/7f000893320d77e012686e20e1212e297408d5684335f7f24e40889401e24dff/analysis/1535935126/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "88ba177e-554e-4555-bb98-2ba2fca148ca"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "36/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "e7af5ac1-8187-466d-8cfb-2ba9a12b4954"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0ad45ff4-96d7-40c5-8287-2b9405931e06",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:38.000Z",
|
||
|
"modified": "2018-10-26T13:37:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '9e740241ca2acdc79f30ad2c3f50990a' AND file:hashes.SHA1 = '0c5e4cec03d2eea2b1dd5356fe05de64a0278cd6' AND file:hashes.SHA256 = '6ee19085ad5c17f989616d17ef68041910b3d0cbcf7e08cc7d7c1a1cb09e6b69']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:37:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8bcf6c80-a4fc-42b4-a551-d67747c5fcf3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:37:50.000Z",
|
||
|
"modified": "2018-10-26T13:37:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-15T11:52:20",
|
||
|
"category": "Other",
|
||
|
"uuid": "46482731-0918-4b1a-9c1c-db75dc8c306f"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6ee19085ad5c17f989616d17ef68041910b3d0cbcf7e08cc7d7c1a1cb09e6b69/analysis/1539604340/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "fd314919-d3a5-46af-af39-dab3f0fe70ed"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "34/58",
|
||
|
"category": "Other",
|
||
|
"uuid": "749fc609-017a-4228-b80c-0b20ded0dad3"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--73eeed1a-3e38-4d43-9e43-3fd2a140882a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:04.000Z",
|
||
|
"modified": "2018-10-26T13:38:04.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '56f5088f488e50999ee6cced1f5dd6aa' AND file:hashes.SHA1 = '597a06bd3b9987859d13658ff2d72689523cbd5b' AND file:hashes.SHA256 = 'fe29ed0336d7b3259ab8c391e0d0f40d2876f6fc83f5e57af888578636fccb7f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:38:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--2ba1e0da-4d99-42ff-998e-183353fd98b3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:06.000Z",
|
||
|
"modified": "2018-10-26T13:38:06.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-23T18:33:20",
|
||
|
"category": "Other",
|
||
|
"uuid": "c5d3a24e-ca0b-4b9b-85aa-56a6f5c95aca"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/fe29ed0336d7b3259ab8c391e0d0f40d2876f6fc83f5e57af888578636fccb7f/analysis/1535049200/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "19c77b42-491b-4a3a-a4a5-25762a5d304c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "48/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "103a2582-3092-452a-af9f-ac0205415123"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--560fd814-5524-484c-a8a5-a243cad76780",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:07.000Z",
|
||
|
"modified": "2018-10-26T13:38:07.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'cea1a63656fb199dd5ab90528188e87c' AND file:hashes.SHA1 = 'ebd7186ff1968fab758b089ad726b02c6761e7b6' AND file:hashes.SHA256 = '0c06e129902925c7ebd70e93d4d09707add781d8bd89cd557cda023045f3853e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:38:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--62ab9f1b-fda8-43f3-9501-48006d175686",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:09.000Z",
|
||
|
"modified": "2018-10-26T13:38:09.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-03T07:06:54",
|
||
|
"category": "Other",
|
||
|
"uuid": "bfc026cb-6d84-412d-b743-1abd68f32e65"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/0c06e129902925c7ebd70e93d4d09707add781d8bd89cd557cda023045f3853e/analysis/1535958414/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "03d5740d-88f8-4784-a1e3-f03c6e6242a2"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "42/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "6cc946dc-89e5-47b7-b2ef-d94f27633a7a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6dbac290-a64e-449e-99d3-f6fde4774b0a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:10.000Z",
|
||
|
"modified": "2018-10-26T13:38:10.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b054a7382adf6b774b15f52d971f3799' AND file:hashes.SHA1 = 'b4d43cd2d81d17dec523915c0fc61b4b29e62c58' AND file:hashes.SHA256 = 'bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:38:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e33cba87-573e-4649-bb3e-28409afafd5e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:12.000Z",
|
||
|
"modified": "2018-10-26T13:38:12.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-22T20:12:42",
|
||
|
"category": "Other",
|
||
|
"uuid": "260f7944-6d0d-4fdf-ae6a-9e3435767b08"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69eb/analysis/1540239162/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "42b72a7b-e17e-4a16-abef-a3b6afc8db85"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "48/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "2b775835-e29f-437b-95e5-b2486368c296"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f9fd2ead-4e36-4938-93bd-e45d32ada0d7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:13.000Z",
|
||
|
"modified": "2018-10-26T13:38:13.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c501ea6c56ba9133c3c26a7d5ed4ce49' AND file:hashes.SHA1 = 'aa08f8e721dfd875de6139a1ad795620f1b2340a' AND file:hashes.SHA256 = 'c0e22e80ea020ca8f71f58a8b53855293abdf8d4e0b34a69068004abaac60f42']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-10-26T13:38:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--9727dbb6-a8b8-41df-883a-0792bf695df6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:38:17.000Z",
|
||
|
"modified": "2018-10-26T13:38:17.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-27T19:17:37",
|
||
|
"category": "Other",
|
||
|
"uuid": "9db75639-fc1d-48dd-9b91-8dd9fc2a145d"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/c0e22e80ea020ca8f71f58a8b53855293abdf8d4e0b34a69068004abaac60f42/analysis/1535397457/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "46f0fe44-40b8-4ffd-92d7-f756a36d6cec"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "200d0042-8f64-4bac-a7d3-e1b1f1ae7e32"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5df1a9a1-e8d3-4b8f-af17-a212d7d13c6c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:36.000Z",
|
||
|
"modified": "2018-10-26T13:59:36.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-16T11:13:35",
|
||
|
"category": "Other",
|
||
|
"uuid": "5141e67a-72d0-4315-9b06-41ba50849c16"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/08012e68f4f84bba8b74690c379cb0b1431cdcadc9ed076ff068de289e0f6774/analysis/1539688415/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "d484d143-7934-48bf-ac5c-4efb441105e7"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "03597df1-738d-4c14-ae7b-fad4dc07bba5"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8e7e9a50-4555-4d2e-ad70-c875e120f280",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:37.000Z",
|
||
|
"modified": "2018-10-26T13:59:37.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-23T18:34:15",
|
||
|
"category": "Other",
|
||
|
"uuid": "bc9c2a80-7b0d-416e-b574-525da3edbb43"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d3ef262bae0beb5d35841d131b3f89a9b71a941a86dab1913bda72b935744d2e/analysis/1535049255/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "961dd50a-cc83-4547-a43b-c34d1f395296"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "31/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "63c4f25b-e9de-4894-94ba-43d1071e0964"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--37f4c1cb-984c-427a-bad7-74753a1c5b68",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:38.000Z",
|
||
|
"modified": "2018-10-26T13:59:38.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T12:44:42",
|
||
|
"category": "Other",
|
||
|
"uuid": "e1ee0ffa-c305-44df-bda8-4b0cb58a5b05"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d555dcb6da4a6b87e256ef75c0150780b8a343c4a1e09935b0647f01d974d94d/analysis/1536237882/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "a876d388-e8fe-4166-bf01-e7b921f44019"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "47/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "87f408e2-5a3e-4072-bb37-43f1e0965e51"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--91867296-98cb-4195-927e-ec2f07837c44",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:39.000Z",
|
||
|
"modified": "2018-10-26T13:59:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-23T18:57:46",
|
||
|
"category": "Other",
|
||
|
"uuid": "356b1653-1953-47ed-bfd1-7d1587242211"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/7c61fc881b84a60c84876f9d6ff74003349345694f3b7f0b08059687b5e6b846/analysis/1535050666/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "3f0e2911-8cd5-437d-a829-a58fe4c8655f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "42/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "0805d49f-fcc1-4eba-88b3-6ed4810ab7e0"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--da01dcf1-22db-48e5-88d7-67bdb76d5a65",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:40.000Z",
|
||
|
"modified": "2018-10-26T13:59:40.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-12T04:31:19",
|
||
|
"category": "Other",
|
||
|
"uuid": "3c25766b-5ae0-4343-ab86-def0d2823883"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/4f9a8e4f807b52f941213b0d55990a317b6466484847f51effc73a2180cf8eaf/analysis/1539318679/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "37bdf76f-cdce-452b-9c8c-8aa774643ae0"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "32/58",
|
||
|
"category": "Other",
|
||
|
"uuid": "487a36c6-3a8e-483f-bffe-22b4f0aee4f5"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--523c58ae-4fb4-4289-8541-835a177c3825",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:41.000Z",
|
||
|
"modified": "2018-10-26T13:59:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-15T11:52:20",
|
||
|
"category": "Other",
|
||
|
"uuid": "d05b7e73-519b-407b-88f2-47ba34e64b54"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6ee19085ad5c17f989616d17ef68041910b3d0cbcf7e08cc7d7c1a1cb09e6b69/analysis/1539604340/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "e67261ee-f3dc-41de-9edb-82e222fed967"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "34/58",
|
||
|
"category": "Other",
|
||
|
"uuid": "78b13890-27a8-48af-80a4-1749cc3dd126"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f4627b38-7e54-444f-8e64-d4c1414ff41a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:42.000Z",
|
||
|
"modified": "2018-10-26T13:59:42.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-23T18:33:20",
|
||
|
"category": "Other",
|
||
|
"uuid": "f515d965-5863-4f55-8da5-453f71eac3ed"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/fe29ed0336d7b3259ab8c391e0d0f40d2876f6fc83f5e57af888578636fccb7f/analysis/1535049200/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "6ea0ea6f-f09d-4d31-b1b8-88b84a33c37e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "48/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "e5ff31de-e43f-43a5-8a42-b1c260f91cde"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d7a3431d-c624-464c-8849-e5530e5cb087",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:43.000Z",
|
||
|
"modified": "2018-10-26T13:59:43.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-22T20:12:42",
|
||
|
"category": "Other",
|
||
|
"uuid": "3feb0cba-9aef-4f65-9445-540e4112a89e"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69eb/analysis/1540239162/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "04991519-8a7c-41de-9bae-1c379c88fb1e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "48/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "9cb98854-6e3d-48c8-a434-623899ec71b3"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5a415b19-6671-44dc-86d4-8006edbd73f2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:44.000Z",
|
||
|
"modified": "2018-10-26T13:59:44.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-03T14:59:04",
|
||
|
"category": "Other",
|
||
|
"uuid": "841e8a38-8fb4-4b24-a990-383e109213f8"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/1b8d3e69fc214cb7a08bef3c00124717f4b4d7fd6be65f2829e9fd337fc7c03c/analysis/1535986744/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "7cd3a56c-2ef6-4007-9df9-e27aac45e848"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "46/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "9299dd9e-dacb-45ea-ba44-58ca209de635"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--0a95b23d-be04-48fc-8696-45f1e5c20802",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:55.000Z",
|
||
|
"modified": "2018-10-26T13:59:55.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-04T11:17:30",
|
||
|
"category": "Other",
|
||
|
"uuid": "a0a4b85c-e53f-4d66-bfff-bfc3547a478f"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/8ae766795cda6336fd5cad9e89199ea2a1939a35e03eb0e54c503b1029d870c4/analysis/1536059850/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "02cfecbd-f423-4c57-990f-6d38357feaaa"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "5dba2b1e-b18a-4ac9-bfe2-9f1f776dda42"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--57cce45d-bd28-466d-aed2-aae7e6e5d7f9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T13:59:59.000Z",
|
||
|
"modified": "2018-10-26T13:59:59.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-26T04:00:32",
|
||
|
"category": "Other",
|
||
|
"uuid": "9b807e08-8a83-43b5-957c-752d770b9b7f"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/ef400d73c6920ac811af401259e376458b498eb0084631386136747dfc3dcfa8/analysis/1535256032/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "fb9f348f-0b4b-4c5c-ae40-efc74b5fe125"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "42/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "24dcd85e-74e8-4c74-9315-25617d7f2635"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--6c4f65aa-d78c-4cb5-bf8e-a9eb28bc2979",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:00.000Z",
|
||
|
"modified": "2018-10-26T14:00:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-19T00:13:43",
|
||
|
"category": "Other",
|
||
|
"uuid": "2d05adb6-ea7b-4d29-8bc1-82619561b21e"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/ca70aa2f89bee0c22ebc18bd5569e542f09d3c4a060b094ec6abeeeb4768a143/analysis/1539908023/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "753f7fee-cb1d-4344-8439-a3826bb2ff29"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "47/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "d0ec6794-7487-47a7-bc6a-f118c67993b3"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--1a9bebf7-05fe-42e0-8b64-56a506005c3d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:01.000Z",
|
||
|
"modified": "2018-10-26T14:00:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T06:43:05",
|
||
|
"category": "Other",
|
||
|
"uuid": "00628478-3649-4e9a-95fd-f5b29dc59d3b"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6829b51523f69bd0ea6ebc6157e989d269661567f3e62d92ae26d71e6abf6652/analysis/1536216185/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "75437047-df51-4349-9853-53cabbff632d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "32/57",
|
||
|
"category": "Other",
|
||
|
"uuid": "d2cbcc4b-1d59-481d-bc3d-3b12357a6085"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--3a1b28e1-1814-493b-b6dd-dc1122647ad4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:02.000Z",
|
||
|
"modified": "2018-10-26T14:00:02.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-10-08T18:26:16",
|
||
|
"category": "Other",
|
||
|
"uuid": "f3237f5b-5c47-48ba-99cd-4b92bdc83caa"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d404c0a634cef0d32029286fde8efccb6dfe1809066bbec7ac32d42c5ce3bc04/analysis/1539023176/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "4dafb52c-3a66-46a2-a1dc-e5fc90764d9f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "20/57",
|
||
|
"category": "Other",
|
||
|
"uuid": "4937617f-7442-4f86-8214-c9d06f19fdc5"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--be039ea8-ee2e-41d4-b0b0-f5bec7b30ba0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:11.000Z",
|
||
|
"modified": "2018-10-26T14:00:11.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T07:43:27",
|
||
|
"category": "Other",
|
||
|
"uuid": "513cd9a6-05e3-4364-8335-c95165cf1e07"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/efa6c2894896343e55337231989d46c665f84930ce99fa5a259f398e62d211f4/analysis/1536219807/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "4bc2d006-a578-4a55-890d-027b9dc33834"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "2c64817a-3cd7-4745-966a-bb8b4d58fe7d"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--6f6d7954-c7b2-48e1-bc03-9397978a8249",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:25.000Z",
|
||
|
"modified": "2018-10-26T14:00:25.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-06T09:44:02",
|
||
|
"category": "Other",
|
||
|
"uuid": "d8e69658-da48-4573-8dcd-694e8a1433be"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/e4226e9f6faaafaafca5f572770eeffa1512c496aa9ed63977729a01513d27a9/analysis/1536227042/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "448893c3-8315-4fe5-884e-8bc2b4e1a731"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "37/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "10acfb4e-2c57-4ebd-a2b5-1cbf9a6fd898"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8f12f6da-6b48-4f90-93f1-482eeda63605",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:27.000Z",
|
||
|
"modified": "2018-10-26T14:00:27.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-27T12:36:49",
|
||
|
"category": "Other",
|
||
|
"uuid": "562944f2-4214-4f69-8ddd-addbd9257656"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/e2199fc4e4b31f7e4c61f6d9038577633ed6ad787718ed7c39b36f316f38befd/analysis/1535373409/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "1bb6b1c0-8488-4604-9fbe-d0c927a94d98"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "37/68",
|
||
|
"category": "Other",
|
||
|
"uuid": "f3385c7e-991e-4d74-bdbb-82980ef9ef33"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--7701a378-4acd-4cc2-b8af-9477b79fb4ed",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:28.000Z",
|
||
|
"modified": "2018-10-26T14:00:28.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-07T05:25:48",
|
||
|
"category": "Other",
|
||
|
"uuid": "89c68f73-e82b-43d3-84af-24428d22bc2d"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/0b6056e7ce278fb31bf644ef41e9532009e5dfbc33849b29f59c77ec993a8f46/analysis/1536297948/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "865a9c5a-febb-41dc-bcaa-2932c4139ef0"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "40/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "76b38090-24fe-409c-87b3-fdfd95e520dd"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c211aec8-756e-4d1e-8e32-05644b06bfb9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:30.000Z",
|
||
|
"modified": "2018-10-26T14:00:30.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-03T00:38:46",
|
||
|
"category": "Other",
|
||
|
"uuid": "f9fa4b7f-ac2e-4320-a9fb-ba91bacd3acf"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/7f000893320d77e012686e20e1212e297408d5684335f7f24e40889401e24dff/analysis/1535935126/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "651e2b4a-d444-4441-9961-1569e6a8903a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "36/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "c11e4010-6214-468e-be59-50c87161b082"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a6d9f960-39af-4cc8-ae32-3d92846eb8b0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:44.000Z",
|
||
|
"modified": "2018-10-26T14:00:44.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-09-03T07:06:54",
|
||
|
"category": "Other",
|
||
|
"uuid": "da92d44d-e295-4afc-82a7-4ac729da0ddc"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/0c06e129902925c7ebd70e93d4d09707add781d8bd89cd557cda023045f3853e/analysis/1535958414/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "93bbaa39-30be-414a-810f-30c3f6e2b06d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "42/65",
|
||
|
"category": "Other",
|
||
|
"uuid": "4065ca64-c647-4ed3-adbb-996096d4d9b2"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d6cf1798-bd22-499b-a0b7-0e9457214789",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-10-26T14:00:53.000Z",
|
||
|
"modified": "2018-10-26T14:00:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-08-27T19:17:37",
|
||
|
"category": "Other",
|
||
|
"uuid": "cf9054c8-fd32-4056-844e-a77a77cb1709"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/c0e22e80ea020ca8f71f58a8b53855293abdf8d4e0b34a69068004abaac60f42/analysis/1535397457/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "21525f34-0d63-4ea8-ac35-6b0e26f6f215"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "1c87d370-03d1-43a7-a94d-a899f47a5bcb"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|