2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5b746d63-8c10-46b5-8c1a-49ec02de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:37:14.000Z",
|
|
|
|
"modified": "2018-08-15T18:37:14.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5b746d63-8c10-46b5-8c1a-49ec02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:37:14.000Z",
|
|
|
|
"modified": "2018-08-15T18:37:14.000Z",
|
|
|
|
"name": "OSINT - \u00e8\u201a\u0161\u00e8\u201e\u2018\u00e8\u2122\u00ab\u00e7\u00bb\u201e\u00e7\u00bb\u2021\u00ef\u00bc\u02c6APT-C-35\u00ef\u00bc\u2030\u00e7\u00a7\u00bb\u00e5\u0160\u00a8\u00e7\u00ab\u00af\u00e6\u201d\u00bb\u00e5\u2021\u00bb\u00e6\u00b4\u00bb\u00e5\u0160\u00a8\u00e6\u008f\u00ad\u00e9\u0153\u00b2",
|
|
|
|
"published": "2018-08-15T18:37:22Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5b746da4-59a8-4ef5-80df-d1f902de0b81",
|
|
|
|
"url--5b746da4-59a8-4ef5-80df-d1f902de0b81",
|
|
|
|
"x-misp-attribute--5b746dc1-7888-45bd-8cc2-44c102de0b81",
|
|
|
|
"indicator--5b746e03-43d4-4b3b-86ba-4a5002de0b81",
|
|
|
|
"indicator--5b746e04-c9e0-4a22-a659-46e402de0b81",
|
|
|
|
"indicator--5b746e04-7310-4d3f-a486-490e02de0b81",
|
|
|
|
"indicator--5b746e05-1a38-46f6-bb9a-4a1c02de0b81",
|
|
|
|
"indicator--5b746e05-43b8-4199-8f50-40b002de0b81",
|
|
|
|
"indicator--5b746e05-e1a8-421d-998a-496502de0b81",
|
|
|
|
"indicator--5b746e06-b2fc-4514-b893-443d02de0b81",
|
|
|
|
"indicator--5b746e06-7868-4079-b200-417602de0b81",
|
|
|
|
"indicator--5b746e07-be70-4961-8ea9-452d02de0b81",
|
|
|
|
"indicator--5b746e07-fcc0-4802-9062-425102de0b81",
|
|
|
|
"indicator--5b746e07-b26c-4a13-ad6b-4e1a02de0b81",
|
|
|
|
"indicator--5b746e08-1ec8-42b3-a0ad-481f02de0b81",
|
|
|
|
"indicator--5b746e08-a2b4-487b-90cf-4d5e02de0b81",
|
|
|
|
"indicator--5b746e09-7cfc-4df6-96f3-450602de0b81",
|
|
|
|
"indicator--5b746e09-b750-4f9f-ba62-4e3c02de0b81",
|
|
|
|
"indicator--5b746e0a-77cc-41f9-8731-4fc202de0b81",
|
|
|
|
"indicator--5b746e0a-0428-4b49-9a3f-4d5102de0b81",
|
|
|
|
"indicator--5b746e0b-6f64-4b38-b926-495702de0b81",
|
|
|
|
"indicator--5b746e0b-3868-4c5a-bf11-4ec202de0b81",
|
|
|
|
"indicator--5b746e0c-2494-4fdf-ae99-405702de0b81",
|
|
|
|
"indicator--5b746e0c-1efc-4744-8e16-470a02de0b81",
|
|
|
|
"indicator--5b746e2c-1fc4-40d0-943c-e0ae02de0b81",
|
|
|
|
"indicator--5b746e2d-b2d8-4d82-9e6e-e0ae02de0b81",
|
|
|
|
"indicator--5b746e2d-6834-481c-a42a-e0ae02de0b81",
|
|
|
|
"indicator--5b746e2e-1298-49ca-a655-e0ae02de0b81",
|
|
|
|
"indicator--5b746e2e-2a38-478c-811d-e0ae02de0b81",
|
|
|
|
"indicator--5b746e2e-400c-4a5e-9bec-e0ae02de0b81",
|
|
|
|
"indicator--5b746e2f-8f90-4a76-8a3c-e0ae02de0b81",
|
|
|
|
"indicator--5b746e2f-6e34-462c-8646-e0ae02de0b81",
|
|
|
|
"indicator--ca5d681d-33b4-4ec9-96e6-febd3f3a722b",
|
|
|
|
"x-misp-object--117215e1-1d52-4fff-bc8d-0979cfbd51cf",
|
|
|
|
"indicator--47daea83-d20e-4064-98ff-6a61429bb3f5",
|
|
|
|
"x-misp-object--a8f72315-ebf8-49de-94f3-af53b9fbaa1e",
|
|
|
|
"indicator--0fe484c0-2241-4fc9-bafd-df712f86aca3",
|
|
|
|
"x-misp-object--1d42a1e0-62cc-4174-ac95-49f920e761e2",
|
|
|
|
"indicator--391b876f-a4d1-4c80-93fc-554a2f6ad26c",
|
|
|
|
"x-misp-object--a84adc75-9c11-49db-955f-fcd79e35c28c",
|
|
|
|
"indicator--86dd19f6-a9c7-4fd5-a786-77d48d01e0e4",
|
|
|
|
"x-misp-object--a3a0e935-7112-4262-bd49-cd81bc50a57b",
|
|
|
|
"indicator--23283183-68d7-4a71-9e9e-33939bcdfda3",
|
|
|
|
"x-misp-object--1be51f84-f11e-4e3b-ac1c-da2c2267e28e",
|
|
|
|
"indicator--a56bcd41-6085-4433-bb14-785ac0e793ea",
|
|
|
|
"x-misp-object--06e41e77-daaa-4e37-9863-7e2fe891d6b2",
|
|
|
|
"indicator--4b7183d5-3eab-43dd-a70e-22c3a1967bb8",
|
|
|
|
"x-misp-object--e2419d00-69a3-4e6e-b87e-ec8223a7b5cd",
|
|
|
|
"indicator--ac5e2802-01b5-42a2-a4d7-d1bbbfbe144f",
|
|
|
|
"x-misp-object--e0e980d2-9731-44db-8ccc-921e023bf9e7",
|
|
|
|
"indicator--3630e203-611d-460f-8f70-b44344d5409f",
|
|
|
|
"x-misp-object--4bfff4ec-7aac-4e69-8cac-a90fcfc0130f",
|
|
|
|
"indicator--91cf78e9-e36d-4ccc-af1f-485a4b238560",
|
|
|
|
"x-misp-object--196992e9-5607-4028-b60c-5a22b5839dde",
|
|
|
|
"indicator--a47107f2-a312-40fb-8f78-8b905fa6681d",
|
|
|
|
"x-misp-object--928814bd-64d5-4ecd-bc5f-655ebf15c21a",
|
|
|
|
"indicator--7b1d01d7-f361-413f-91ad-f0d37a870129",
|
|
|
|
"x-misp-object--ffc57365-4cf2-41a6-81f8-3573432a09af",
|
|
|
|
"indicator--162c438c-69f6-4b5e-8e4c-b4f75ed40df4",
|
|
|
|
"x-misp-object--da852be4-9cb2-4bac-a6a5-030bc914e630",
|
|
|
|
"indicator--9a5fabe2-1e0b-4cc5-b0e9-365772adee52",
|
|
|
|
"x-misp-object--bf3e97e8-306a-44e9-91b4-0c274ad51734",
|
|
|
|
"indicator--c760affd-636c-478d-ba6a-a3749a64b781",
|
|
|
|
"x-misp-object--ba15ef40-6ac2-487c-940e-83c3174da083",
|
|
|
|
"indicator--e2e80668-791c-4d9a-80d4-dd25ba800c57",
|
|
|
|
"x-misp-object--28caf2ea-f4fe-4f30-8fa5-4a1ed8b06e46",
|
|
|
|
"indicator--fe9c1e41-f204-4e12-a71c-02f86c3046ae",
|
|
|
|
"x-misp-object--36e12367-4a2f-4c7e-9857-05cbda8aa0be",
|
|
|
|
"indicator--0610b8d6-dd83-4b25-a77a-83003ffd0e11",
|
|
|
|
"x-misp-object--efc8b853-d469-4274-9070-ab6c9da8f164",
|
|
|
|
"indicator--60193ac5-f0d1-42b3-83ac-3261849cd66b",
|
|
|
|
"x-misp-object--836bbef9-5015-4e6e-b2a7-2a09752ddd57",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--8351c595-75b3-45dc-8a10-794ea6776d13",
|
|
|
|
"relationship--1d9c3e7c-e252-4fff-86ff-e730c1bce81f",
|
|
|
|
"relationship--33d19753-3c84-4a8a-b11b-56fb361e0f03",
|
|
|
|
"relationship--260f9237-f7f7-4d6e-bf3e-786fef7ced3a",
|
|
|
|
"relationship--16145a74-048b-4c45-bf99-aebb12fa4057",
|
|
|
|
"relationship--c875ead2-5eaf-4f9c-9c72-7d9d2a4314bd",
|
|
|
|
"relationship--8adb2f73-ccd6-4e0e-9bf9-5e854c078db2",
|
|
|
|
"relationship--499326e6-fc5d-4811-99bb-22789a748139",
|
|
|
|
"relationship--cc4bbf14-fc9d-4df9-85db-2843768c407b",
|
|
|
|
"relationship--c66b016e-b718-4ee6-9fe4-e45b12baf12e",
|
|
|
|
"relationship--0d3cf973-277a-4a93-9c74-597471c8bdaf",
|
|
|
|
"relationship--045a4cd5-9885-4939-94dd-cf936ed7cf67",
|
|
|
|
"relationship--6dd1ce03-4031-4cfa-be5c-efbf6670549b",
|
|
|
|
"relationship--85a4dfde-d3d9-4993-9c26-4f578e417c2a",
|
|
|
|
"relationship--724d50a4-c48e-4d4f-9816-e8189f20542b",
|
|
|
|
"relationship--f925dd71-c703-4ae5-a20d-bd4dc51c0b38",
|
|
|
|
"relationship--7be3a2ed-f8b3-438c-9048-7e18d2e888a0",
|
|
|
|
"relationship--82d80833-84f1-45ab-8600-b2545b3bd646",
|
|
|
|
"relationship--8e6523cc-0fe0-4126-8d5a-58c8026fb49d",
|
|
|
|
"relationship--6af9bf08-eb9d-4804-83ba-b66fbc4648ff"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:threat-actor=\"APT-C-35\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5b746da4-59a8-4ef5-80df-d1f902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:15:00.000Z",
|
|
|
|
"modified": "2018-08-15T18:15:00.000Z",
|
|
|
|
"first_observed": "2018-08-15T18:15:00Z",
|
|
|
|
"last_observed": "2018-08-15T18:15:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5b746da4-59a8-4ef5-80df-d1f902de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5b746da4-59a8-4ef5-80df-d1f902de0b81",
|
|
|
|
"value": "https://ti.360.net/blog/articles/analysis-of-donot-andriod-sample/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5b746dc1-7888-45bd-8cc2-44c102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:15:29.000Z",
|
|
|
|
"modified": "2018-08-15T18:15:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "\u00e4\u00bc\u00a0\u00e7\u00bb\u0178\u00e7\u0161\u201eAPT\u00e6\u201d\u00bb\u00e5\u2021\u00bb\u00e4\u00b8\u00bb\u00e8\u00a6\u0081\u00e6\u02dc\u00af\u00e9\u2019\u02c6\u00e5\u00af\u00b9PC\u00e7\u00ab\u00af\u00e8\u00bf\u203a\u00e8\u00a1\u0152\u00ef\u00bc\u0152\u00e8\u20ac\u0152\u00e9\u0161\u008f\u00e7\u009d\u20ac\u00e6\u2122\u00ba\u00e8\u0192\u00bd\u00e6\u2030\u2039\u00e6\u0153\u00ba\u00e5\u2019\u0152\u00e7\u00a7\u00bb\u00e5\u0160\u00a8\u00e7\u00bd\u2018\u00e7\u00bb\u0153\u00e5\u0153\u00a8\u00e4\u00b8\u2013\u00e7\u2022\u0152\u00e8\u0152\u0192\u00e5\u203a\u00b4\u00e5\u2020\u2026\u00e7\u0161\u201e\u00e6\u2122\u00ae\u00e5\u008f\u0160\u00e5\u008f\u2018\u00e5\u00b1\u2022\u00ef\u00bc\u0152\u00e8\u00b6\u0160\u00e6\u009d\u00a5\u00e8\u00b6\u0160\u00e5\u00a4\u0161\u00e9\u00bb\u2018\u00e5\u00ae\u00a2\u00e7\u00bb\u201e\u00e7\u00bb\u2021\u00e7\u0161\u201e\u00e6\u201d\u00bb\u00e5\u2021\u00bb\u00e7\u203a\u00ae\u00e6\u00a0\u2021\u00e4\u00b9\u0178\u00e8\u00bf\u2026\u00e9\u20ac\u0178\u00e8\u201d\u201c\u00e5\u00bb\u00b6\u00e5\u02c6\u00b0\u00e7\u00a7\u00bb\u00e5\u0160\u00a8\u00e7\u00ab\u00af\u00ef\u00bc\u0152\u00e7\u201d\u0161\u00e8\u2021\u00b3\u00e5\u2021\u00ba\u00e7\u017d\u00b0\u00e5\u2021\u00ba\u00e5\u2019\u0152PC\u00e7\u00ab\u00af\u00e7\u00bb\u201c\u00e5\u0090\u02c6\u00e7\u0161\u201e\u00e8\u00b6\u2039\u00e5\u0160\u00bf\u00e3\u20ac\u201a\u00e8\u00bf\u2018\u00e5\u2021\u00a0\u00e5\u00b9\u00b4\u00e8\u00a2\u00ab\u00e5\u203a\u00bd\u00e5\u2020\u2026\u00e5\u00a4\u2013\u00e5\u00ae\u2030\u00e5\u2026\u00a8\u00e5\u017d\u201a\u00e5\u2022\u2020\u00e9\u2122\u2020\u00e7\u00bb\u00ad\u00e6\u0160\u00ab\u00e9\u0153\u00b2\u00e7\u0161\u201eFancy Bear\u00e3\u20ac\u0081Lazarus\u00e3\u20ac\u0081Operation Manul\u00e3\u20ac\u0081\u00e6\u2018\u00a9\u00e8\u00af\u0192\u00e8\u008d\u2030\u00e3\u20ac\u0081\u00e9\u00bb\u201e\u00e9\u2021\u2018\u00e9\u00bc\u00a0\u00e7\u00ad\u2030\u00e5\u00a4\u0161\u00e4\u00b8\u00aa\u00e6\u201d\u00bb\u00e5\u2021\u00bb\u00e7\u00bb\u201e\u00e7\u00bb\u2021\u00e6\u2014\u00a0\u00e7\u2013\u2018\u00e5\u008d\u00b0\u00e8\u00af\u0081\u00e4\u00ba\u2020\u00e8\u00bf\u2122\u00e7\u201a\u00b9\u00e3\u20ac\u201a\u00e8\u00bf\u2018\u00e6\u0153\u0178\u00ef\u00bc\u0152360\u00e7\u0192\u00bd\u00e7\u0081\u00ab\u00e5\u00ae\u017e\u00e9\u00aa\u0152\u00e5\u00ae\u00a4\u00e5\u008f\u2018\u00e7\u017d\u00b0\u00e8\u201a\u0161\u00e8\u201e\u2018\u00e8\u2122\u00ab\u00e7\u00bb\u201e\u00e7\u00bb\u2021\u00ef\u00bc\u02c6APT-C-35\u00ef\u00bc\u2030\u00e6\u0153\u20ac\u00e6\u2013\u00b0\u00e7\u0161\u201e\u00e6\u201d\u00bb\u00e5\u2021\u00bb\u00e5\u00b7\u00b2\u00e6\u0160\u0160\u00e7\u00a7\u00bb\u00e5\u0160\u00a8\u00e7\u00ab\u00af\u00e4\u00b9\u0178\u00e5\u0160\u00a0\u00e5\u2026\u00a5\u00e5\u02c6\u00b0\u00e5\u2026\u00b6\u00e6\u201d\u00bb\u00e5\u2021\u00bb\u00e7\u203a\u00ae\u00e6\u00a0\u2021\u00e4\u00b8\u00ad\u00e3\u20ac\u201a\r\n\r\n\u00e8\u201a\u0161\u00e8\u201e\u2018\u00e8\u2122\u00ab\u00e7\u00bb\u201e\u00e7\u00bb\u2021\u00ef\u00bc\u02c6APT-C-35, \u00e5\u0090\u017d\u00e6\u2013\u2021\u00e7\u00bb\u0178\u00e7\u00a7\u00b0\u00e8\u201a\u0161\u00e8\u201e\u2018\u00e8\u2122\u00ab\u00e7\u00bb\u201e\u00e7\u00bb\u2021\u00ef\u00bc\u2030\u00ef\u00bc\u0152\u00e5\u008f\u02c6\u00e7\u00a7\u00b0Donot\u00ef\u00bc\u0152\u00e6\u02dc\u00af\u00e4\u00b8\u20ac\u00e4\u00b8\u00aa\u00e9\u2019\u02c6\u00e5\u00af\u00b9\u00e5\u2026\u2039\u00e4\u00bb\u20ac\u00e7\u00b1\u00b3\u00e5\u00b0\u201d\u00e5\u0153\u00b0\u00e5\u0152\u00ba\u00e7\u203a\u00b8\u00e5\u2026\u00b3\u00e5\u203a\u00bd\u00e5\u00ae\u00b6\u00e7\u0161\u201e\u00e6\u201d\u00bf\u00e5\u00ba\u0153\u00e6\u0153\u00ba\u00e6\u017e\u201e\u00e7\u00ad\u2030\u00e9\u00a2\u2020\u00e5\u0178\u0178\u00e8\u00bf\u203a\u00e8\u00a1\u0152\u00e7\u00bd\u2018\u00e7\u00bb\u0153\u00e9\u2014\u00b4\u00e8\u00b0\u008d\u00e6\u00b4\u00bb\u00e5\u0160\u00a8\u00ef\u00bc\u0152\u00e4\u00bb\u00a5\u00e7\u00aa\u0192\u00e5\u008f\u2013\u00e6\u2022\u008f\u00e6\u201e\u0178\u00e4\u00bf\u00a1\u00e6\u0081\u00af\u00e4\u00b8\u00ba\u00e4\u00b8\u00bb\u00e7\u0161\u201e\u00e6\u201d\u00bb\u00e5\u2021\u00bb\u00e7\u00bb\u201e\u00e7\u00bb\u2021\u00e3\u20ac\u201a\u00e8\u00af\u00a5\u00e7\u00bb\u2
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e03-43d4-4b3b-86ba-4a5002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:35.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4efdbdcb3c341f86c4ff40764cd6468f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e04-c9e0-4a22-a659-46e402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:36.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '89b04c7e0b896a30d09a138b6bc3e828']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e04-7310-4d3f-a486-490e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:36.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a1827a948b5d14fb79c87e8d9ec74082']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e05-1a38-46f6-bb9a-4a1c02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:37.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7a2b1c70213ad493a053a1e252c00a54']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e05-43b8-4199-8f50-40b002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:37.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fc385c0f00313ad3ba08576a28ca9b66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e05-e1a8-421d-998a-496502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:37.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '843e633b026c43b63b938effa4a36228']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e06-b2fc-4514-b893-443d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:38.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:38.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b7e6a740d8f1229142b5cebb1c22b8b1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e06-7868-4079-b200-417602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:38.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:38.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c2da8cc0725558304dfd2a59386373f7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e07-be70-4961-8ea9-452d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:39.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '99ce8b2a17f7961a6b88ba0a7e037b5a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e07-fcc0-4802-9062-425102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:39.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1b3693237173c8b7ee2942b69812eb47']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e07-b26c-4a13-ad6b-4e1a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:39.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7b00d9246335fd3fbb2cac2f2fe9354b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e08-1ec8-42b3-a0ad-481f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:40.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2a1de3eefb43479bfbc53f677902c993']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e08-a2b4-487b-90cf-4d5e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:40.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '74aa0abb618f9b898aa293cdbd499a4b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e09-7cfc-4df6-96f3-450602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:41.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '92d79d7a27966ea4668e347fe9a97c62']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e09-b750-4f9f-ba62-4e3c02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:41.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ca9bc074668bb04552610ee835a0e9cf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e0a-77cc-41f9-8731-4fc202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:42.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:42.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '28d30f19e96200bcf5067d5fd3b69439']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e0a-0428-4b49-9a3f-4d5102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:42.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:42.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'be4117d154339e7469d7cbabf7d36dd1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e0b-6f64-4b38-b926-495702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:43.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '397ed4c4c372fe50588123d6885497c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e0b-3868-4c5a-bf11-4ec202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:43.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e5f774df501c631b0c14f3cf32e54dfb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e0c-2494-4fdf-ae99-405702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:44.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:44.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '47fc61cd1d939c99c000afe430451952']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e0c-1efc-4744-8e16-470a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:16:44.000Z",
|
|
|
|
"modified": "2018-08-15T18:16:44.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e8b68543c78b3dc27c7951e1dc8fae89']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:16:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2c-1fc4-40d0-943c-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:16.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:16.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '138.68.81.74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2d-b2d8-4d82-9e6e-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:17.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:17.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.59.46.35']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2d-6834-481c-a42a-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:17.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:17.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.189.42.61']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2e-1298-49ca-a655-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:18.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:18.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.101.204.168']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2e-2a38-478c-811d-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:18.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:18.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.204.74.117']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2e-400c-4a5e-9bec-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:18.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:18.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.85.15.131']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2f-8f90-4a76-8a3c-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:19.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'godspeed.geekgalaxy.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b746e2f-6e34-462c-8646-e0ae02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:17:19.000Z",
|
|
|
|
"modified": "2018-08-15T18:17:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'jasper.drivethrough.top']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:17:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ca5d681d-33b4-4ec9-96e6-febd3f3a722b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:48.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:48.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '74aa0abb618f9b898aa293cdbd499a4b' AND file:hashes.SHA1 = 'e635e0bb63d555edf1f2ae52cb7747b616398542' AND file:hashes.SHA256 = '9ef7031c21675175d39c99e0afa32d9e1a99b53572ae014126bd8374ead4f708']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:20:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--117215e1-1d52-4fff-bc8d-0979cfbd51cf",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:46.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:03",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "481821a5-e70b-492c-ac64-d73c570f07d5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9ef7031c21675175d39c99e0afa32d9e1a99b53572ae014126bd8374ead4f708/analysis/1534351503/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "8b02a5c1-b2ee-4d90-a8de-1ef179812ce0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "31/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d6a5ad70-713e-41c5-a05c-c27b70f1c45d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--47daea83-d20e-4064-98ff-6a61429bb3f5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:50.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:50.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b7e6a740d8f1229142b5cebb1c22b8b1' AND file:hashes.SHA1 = 'a92b8fe659eb2178fa1dad174763851e497913cc' AND file:hashes.SHA256 = '89209624cd354749a520bff574eb1d1f73ef6f17727ccf530c6c3ab71e9408dc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:20:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a8f72315-ebf8-49de-94f3-af53b9fbaa1e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:49.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:49.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:22:09",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b6fcfd89-cc06-472b-94fc-9de3c5a0b7e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/89209624cd354749a520bff574eb1d1f73ef6f17727ccf530c6c3ab71e9408dc/analysis/1534350129/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "87ba62e2-a378-4b5a-9610-d7c97fee4d96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "28/61",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7c4eb019-2d78-40d5-8cb1-d5dd7fa03135"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0fe484c0-2241-4fc9-bafd-df712f86aca3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:52.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:52.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e5f774df501c631b0c14f3cf32e54dfb' AND file:hashes.SHA1 = '34f5f9bd5a58e65f08ca1ddf1d21546c85e0295a' AND file:hashes.SHA256 = '34a80b91dccc2f4c596238eb2a36082437d8ca2672184009ec8d0eaa5eefff4f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:20:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1d42a1e0-62cc-4174-ac95-49f920e761e2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:51.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:51.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:11",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "82b270bc-9fd4-4cea-a518-be48e79e9041"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/34a80b91dccc2f4c596238eb2a36082437d8ca2672184009ec8d0eaa5eefff4f/analysis/1534351511/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "95968e47-0344-44b5-8289-90469171f852"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "27/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "85d7a948-df75-4ebc-be43-9e7b7e4ec4cc"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--391b876f-a4d1-4c80-93fc-554a2f6ad26c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:55.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'be4117d154339e7469d7cbabf7d36dd1' AND file:hashes.SHA1 = 'db313b03288827a7ecd3f6efe2e8ec7ff639e97b' AND file:hashes.SHA256 = 'f9a6a5e807c2567395f2f892058b80f2e47f022c80ee1a3608b7168f30187616']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:20:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a84adc75-9c11-49db-955f-fcd79e35c28c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:53.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:53.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:08",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6bcc0295-4a44-4ca9-b734-b920be942866"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/f9a6a5e807c2567395f2f892058b80f2e47f022c80ee1a3608b7168f30187616/analysis/1534351508/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "32e51f7a-39dd-4e9b-8fa8-6baed62195d7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "dca83336-2095-4204-b367-0ba1766db44f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--86dd19f6-a9c7-4fd5-a786-77d48d01e0e4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:57.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:57.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a1827a948b5d14fb79c87e8d9ec74082' AND file:hashes.SHA1 = '083e28c7fa6ed1bbb054a93439ceee5c77c8f374' AND file:hashes.SHA256 = 'add1ca887148122425d16e308ac199739eab8862fbd66f86a647e5d4986b3fbd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:20:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a3a0e935-7112-4262-bd49-cd81bc50a57b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:56.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:56.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:44:51",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c27129cd-d14b-4663-b8b4-edb763a587d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/add1ca887148122425d16e308ac199739eab8862fbd66f86a647e5d4986b3fbd/analysis/1534351491/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "14436061-95a8-40ad-8813-d849e76221f8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9adf50fb-0912-4c2f-91d6-56ab1281aabe"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--23283183-68d7-4a71-9e9e-33939bcdfda3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:00.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:00.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2a1de3eefb43479bfbc53f677902c993' AND file:hashes.SHA1 = '9f24a7386d0db814bacd304e39be922c736339d5' AND file:hashes.SHA256 = '2295dc79778c05ddb4e7518499075e886f8715429160af103cc928cb1880affb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1be51f84-f11e-4e3b-ac1c-da2c2267e28e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:20:58.000Z",
|
|
|
|
"modified": "2018-08-15T18:20:58.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:01",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fe8e0208-3c88-43ee-8ba1-602b2d69a05e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/2295dc79778c05ddb4e7518499075e886f8715429160af103cc928cb1880affb/analysis/1534351501/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "e8a2807e-c2d2-4959-a3a1-039d600b99d6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "faee17f7-73b6-4a16-aafd-b101e4e19d7d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a56bcd41-6085-4433-bb14-785ac0e793ea",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:02.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7b00d9246335fd3fbb2cac2f2fe9354b' AND file:hashes.SHA1 = '912caa57512e94126cbad3ce9b5f0c676363c2fc' AND file:hashes.SHA256 = 'be40b7601baeeae327ff2faf08944b7764547e1098557979677014490dc4e6c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--06e41e77-daaa-4e37-9863-7e2fe891d6b2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:01.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:01.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d40189af-63c1-48e2-ac5f-13d09bf43bd6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/be40b7601baeeae327ff2faf08944b7764547e1098557979677014490dc4e6c3/analysis/1534351500/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "b95d8dac-d057-4433-8a26-e3b28f1c2dfd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c539ac63-2a87-4e57-9ece-cab82fc434b3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4b7183d5-3eab-43dd-a70e-22c3a1967bb8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:05.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '89b04c7e0b896a30d09a138b6bc3e828' AND file:hashes.SHA1 = '29f90baccaf7de65f4c968cd7f91fa00a4d97137' AND file:hashes.SHA256 = 'cf59012780efc61b5b43f871b930f641aefe5f8ec87290c20ab643fb60d86fc3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e2419d00-69a3-4e6e-b87e-ec8223a7b5cd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:03.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:03.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:44:50",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "20c72063-fb68-4c15-8331-a45a24c7dace"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/cf59012780efc61b5b43f871b930f641aefe5f8ec87290c20ab643fb60d86fc3/analysis/1534351490/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "447b932d-8f5e-4a92-9c88-621b3156b486"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "66583969-6ed2-40ff-8d79-d203215888e5"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ac5e2802-01b5-42a2-a4d7-d1bbbfbe144f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:07.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:07.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '843e633b026c43b63b938effa4a36228' AND file:hashes.SHA1 = 'db1779c91ba7f4a50fed892634e8dade92b277d7' AND file:hashes.SHA256 = '0efaeb17f3febb68b3a14236aa1f231158a1690872914a0a2eb7c48c49fbd27a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e0e980d2-9731-44db-8ccc-921e023bf9e7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:06.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:06.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:44:55",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8a9c97c2-2b66-4bce-b075-47b050d40181"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/0efaeb17f3febb68b3a14236aa1f231158a1690872914a0a2eb7c48c49fbd27a/analysis/1534351495/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "a32246a7-3f13-4830-a3d4-91b30b227f4b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "28/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1ba54acd-17f6-45cf-9f1c-19d88d968dc8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--3630e203-611d-460f-8f70-b44344d5409f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:10.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '47fc61cd1d939c99c000afe430451952' AND file:hashes.SHA1 = 'bb945f4a3e7f0c0477b99cee728272251e23ab70' AND file:hashes.SHA256 = '9ef27402c22f2dca4ff55ffa321b4f01a23504136f74a73c8c88976fa9a00f9c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--4bfff4ec-7aac-4e69-8cac-a90fcfc0130f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:08.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:08.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:13",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b6251096-4dd5-40eb-a21a-81d3a86993df"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9ef27402c22f2dca4ff55ffa321b4f01a23504136f74a73c8c88976fa9a00f9c/analysis/1534351513/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "ca9238f7-8706-45e3-ae93-8ec5dafdcd1c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "29/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "515f350c-5513-4c51-b156-9371debcc1a8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--91cf78e9-e36d-4ccc-af1f-485a4b238560",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:12.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:12.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c2da8cc0725558304dfd2a59386373f7' AND file:hashes.SHA1 = 'a3824ad7c3999c3d55b632eed01cab620f016446' AND file:hashes.SHA256 = '8b1bbd63a5679be8ea1a2249c36534854e25ee264219eab2dc1e915f49865365']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--196992e9-5607-4028-b60c-5a22b5839dde",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:10.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:10.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:44:57",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "aa594984-a7fc-4d08-a4f8-d480dcffef55"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/8b1bbd63a5679be8ea1a2249c36534854e25ee264219eab2dc1e915f49865365/analysis/1534351497/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "b6b0b7e5-7ffc-4d25-88b4-9e4b12d32cc7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "28/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a3fb7918-0b1c-46be-a6ae-58ef218998fb"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a47107f2-a312-40fb-8f78-8b905fa6681d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:14.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:14.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ca9bc074668bb04552610ee835a0e9cf' AND file:hashes.SHA1 = '3fc93b5dbd1b34504d186c10a4d98c1124b5098a' AND file:hashes.SHA256 = 'c3544ddb175689cf3aadc5967f061594c210d78db45b3bb5925dedf3700ad4f7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--928814bd-64d5-4ecd-bc5f-655ebf15c21a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:13.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:13.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:05",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9a606195-57fc-4330-8864-e66304c72ef6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c3544ddb175689cf3aadc5967f061594c210d78db45b3bb5925dedf3700ad4f7/analysis/1534351505/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "d7bb4342-59c9-4332-9cf7-1a9a2de5de55"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "31/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5cfa7544-5cb6-4cd1-bf5e-e7825e22ce19"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7b1d01d7-f361-413f-91ad-f0d37a870129",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:17.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:17.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '397ed4c4c372fe50588123d6885497c3' AND file:hashes.SHA1 = '2367fc3b992e74a48aac7292c94798956e50c28f' AND file:hashes.SHA256 = '5e8f956911ea2980afc7d95afcedd19e7828ee861c5df8c857cf3a7141e81f84']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ffc57365-4cf2-41a6-81f8-3573432a09af",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:15.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:15.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:09",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7bd3d2a5-8644-43fb-9027-03231645ef1c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5e8f956911ea2980afc7d95afcedd19e7828ee861c5df8c857cf3a7141e81f84/analysis/1534351509/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "847ee887-b2b8-4e59-915c-0e745e202ec3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "30/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "98f74e2b-6672-4b4c-a389-66643e2bd607"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--162c438c-69f6-4b5e-8e4c-b4f75ed40df4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:19.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:19.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4efdbdcb3c341f86c4ff40764cd6468f' AND file:hashes.SHA1 = '07181166766b8fdf7296a402406c606bbbad2f90' AND file:hashes.SHA256 = '1d2394e4501d1ed83259333e5aa81cdbc58557c42a4d4976982d84dd6fdd4128']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--da852be4-9cb2-4bac-a6a5-030bc914e630",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:17.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:17.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-14T07:04:09",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3d8ac427-99fa-49b2-a2a7-5f724a150285"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1d2394e4501d1ed83259333e5aa81cdbc58557c42a4d4976982d84dd6fdd4128/analysis/1534230249/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "49e435a2-fa77-48e0-8464-7bfcc6dac210"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "20/60",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "603fac01-1133-43e1-9675-8c75b9750718"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--9a5fabe2-1e0b-4cc5-b0e9-365772adee52",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:21.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:21.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '92d79d7a27966ea4668e347fe9a97c62' AND file:hashes.SHA1 = '8ac9ab3c62acd3e43eb2d5c9ae3f00902218892c' AND file:hashes.SHA256 = '920f18c5ffb59856deccf2d984ab07793fefeea9a5a45d1e8a94a57da9d2347c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--bf3e97e8-306a-44e9-91b4-0c274ad51734",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:20.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:20.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:04",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "07888bc3-7555-4ab1-a46b-ac57956970e9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/920f18c5ffb59856deccf2d984ab07793fefeea9a5a45d1e8a94a57da9d2347c/analysis/1534351504/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "3b931fab-d5d1-452c-8af8-14ce0135f93c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "30/61",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d6031b1b-0a0a-4627-aaf4-18760c5c127d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c760affd-636c-478d-ba6a-a3749a64b781",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:24.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:24.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e8b68543c78b3dc27c7951e1dc8fae89' AND file:hashes.SHA1 = '547f41cf853651eff2d25fd9095d7c24cf129d1f' AND file:hashes.SHA256 = '4c2797e3b0c7975bc861bed2353d036f980ad8ffe289805f72093e860555bc67']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ba15ef40-6ac2-487c-940e-83c3174da083",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:23.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:23.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:14",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d95ccf8c-1e9f-4d4d-a06a-88c6885b79e7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/4c2797e3b0c7975bc861bed2353d036f980ad8ffe289805f72093e860555bc67/analysis/1534351514/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "7f785862-a03d-4ca2-aafd-37c2eb07fe82"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "34/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d2f801fb-7da9-4a0b-84e1-07f54fb13fcc"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e2e80668-791c-4d9a-80d4-dd25ba800c57",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:27.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fc385c0f00313ad3ba08576a28ca9b66' AND file:hashes.SHA1 = 'aa162e03cafbe4322c524fb2b3f2aabb7120b148' AND file:hashes.SHA256 = '47be22bed22c58aad09fde547cb98d007d3ff2cf94c16aaa1d99270e4196e940']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--28caf2ea-f4fe-4f30-8fa5-4a1ed8b06e46",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:26.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:44:54",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d94f59eb-adee-4d95-aebe-4fe9d8774230"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/47be22bed22c58aad09fde547cb98d007d3ff2cf94c16aaa1d99270e4196e940/analysis/1534351494/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "14f53538-dc2e-46b8-a284-fe9114a40efe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "25/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "28679d76-1a32-4f37-bcee-9363c9fbcad2"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--fe9c1e41-f204-4e12-a71c-02f86c3046ae",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:30.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1b3693237173c8b7ee2942b69812eb47' AND file:hashes.SHA1 = '2044e2d76bb67e3d47e5c2014bd6c5b398971b19' AND file:hashes.SHA256 = 'd980e95023e1093b2dfea5ae8e4f60e00a780730e553494aa4b5fd61860dbc64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--36e12367-4a2f-4c7e-9857-05cbda8aa0be",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:28.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:44:59",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "49ddae4c-c5b9-40fe-89c7-ffc424a5bd8a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/d980e95023e1093b2dfea5ae8e4f60e00a780730e553494aa4b5fd61860dbc64/analysis/1534351499/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "de85ed97-ba47-4f92-9bfd-dca343be7e58"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "34/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9b02bf16-dea0-46db-93ef-347219d7cd0c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0610b8d6-dd83-4b25-a77a-83003ffd0e11",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:33.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:33.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7a2b1c70213ad493a053a1e252c00a54' AND file:hashes.SHA1 = 'a6730c4ba67856f7efdb8e50b73bdf76c234a8bc' AND file:hashes.SHA256 = '1924cdf76764a84877baae88ebbed2f9cafdc1b4bae6b9977c6af2350da1201b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--efc8b853-d469-4274-9070-ab6c9da8f164",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:31.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:31.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:44:52",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e3b1f4ef-5707-4ab2-802f-2cfda894a065"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1924cdf76764a84877baae88ebbed2f9cafdc1b4bae6b9977c6af2350da1201b/analysis/1534351492/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "497b0024-60c9-4888-8f88-9088c5774cef"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8425524c-f64f-4974-9687-4410d4b5038d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--60193ac5-f0d1-42b3-83ac-3261849cd66b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:35.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '28d30f19e96200bcf5067d5fd3b69439' AND file:hashes.SHA1 = '3bbe8ba59481ecedc6012d4fd4b6cfb51b565b83' AND file:hashes.SHA256 = '79fecbdeeb6a4d31133359c4b8ecf9035ddc1534fcfa6c0d51d62c27d441a6ad']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-15T18:21:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--836bbef9-5015-4e6e-b2a7-2a09752ddd57",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-08-15T18:21:33.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-08-15T16:45:07",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6bc06611-fef4-4228-951d-9f4277f9ba6e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/79fecbdeeb6a4d31133359c4b8ecf9035ddc1534fcfa6c0d51d62c27d441a6ad/analysis/1534351507/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "d00325bb-dce5-471c-aebe-1246c34c3ad1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "99ff0854-d106-47cd-9e75-bc999593d0ee"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--8351c595-75b3-45dc-8a10-794ea6776d13",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:34.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:34.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--ca5d681d-33b4-4ec9-96e6-febd3f3a722b",
|
|
|
|
"target_ref": "x-misp-object--117215e1-1d52-4fff-bc8d-0979cfbd51cf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--1d9c3e7c-e252-4fff-86ff-e730c1bce81f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:34.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:34.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--47daea83-d20e-4064-98ff-6a61429bb3f5",
|
|
|
|
"target_ref": "x-misp-object--a8f72315-ebf8-49de-94f3-af53b9fbaa1e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--33d19753-3c84-4a8a-b11b-56fb361e0f03",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:35.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:35.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--0fe484c0-2241-4fc9-bafd-df712f86aca3",
|
|
|
|
"target_ref": "x-misp-object--1d42a1e0-62cc-4174-ac95-49f920e761e2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--260f9237-f7f7-4d6e-bf3e-786fef7ced3a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:35.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:35.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--391b876f-a4d1-4c80-93fc-554a2f6ad26c",
|
|
|
|
"target_ref": "x-misp-object--a84adc75-9c11-49db-955f-fcd79e35c28c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--16145a74-048b-4c45-bf99-aebb12fa4057",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:35.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:35.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--86dd19f6-a9c7-4fd5-a786-77d48d01e0e4",
|
|
|
|
"target_ref": "x-misp-object--a3a0e935-7112-4262-bd49-cd81bc50a57b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--c875ead2-5eaf-4f9c-9c72-7d9d2a4314bd",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--23283183-68d7-4a71-9e9e-33939bcdfda3",
|
|
|
|
"target_ref": "x-misp-object--1be51f84-f11e-4e3b-ac1c-da2c2267e28e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--8adb2f73-ccd6-4e0e-9bf9-5e854c078db2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--a56bcd41-6085-4433-bb14-785ac0e793ea",
|
|
|
|
"target_ref": "x-misp-object--06e41e77-daaa-4e37-9863-7e2fe891d6b2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--499326e6-fc5d-4811-99bb-22789a748139",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--4b7183d5-3eab-43dd-a70e-22c3a1967bb8",
|
|
|
|
"target_ref": "x-misp-object--e2419d00-69a3-4e6e-b87e-ec8223a7b5cd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--cc4bbf14-fc9d-4df9-85db-2843768c407b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--ac5e2802-01b5-42a2-a4d7-d1bbbfbe144f",
|
|
|
|
"target_ref": "x-misp-object--e0e980d2-9731-44db-8ccc-921e023bf9e7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--c66b016e-b718-4ee6-9fe4-e45b12baf12e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--3630e203-611d-460f-8f70-b44344d5409f",
|
|
|
|
"target_ref": "x-misp-object--4bfff4ec-7aac-4e69-8cac-a90fcfc0130f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--0d3cf973-277a-4a93-9c74-597471c8bdaf",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--91cf78e9-e36d-4ccc-af1f-485a4b238560",
|
|
|
|
"target_ref": "x-misp-object--196992e9-5607-4028-b60c-5a22b5839dde"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--045a4cd5-9885-4939-94dd-cf936ed7cf67",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--a47107f2-a312-40fb-8f78-8b905fa6681d",
|
|
|
|
"target_ref": "x-misp-object--928814bd-64d5-4ecd-bc5f-655ebf15c21a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--6dd1ce03-4031-4cfa-be5c-efbf6670549b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--7b1d01d7-f361-413f-91ad-f0d37a870129",
|
|
|
|
"target_ref": "x-misp-object--ffc57365-4cf2-41a6-81f8-3573432a09af"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--85a4dfde-d3d9-4993-9c26-4f578e417c2a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--162c438c-69f6-4b5e-8e4c-b4f75ed40df4",
|
|
|
|
"target_ref": "x-misp-object--da852be4-9cb2-4bac-a6a5-030bc914e630"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--724d50a4-c48e-4d4f-9816-e8189f20542b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--9a5fabe2-1e0b-4cc5-b0e9-365772adee52",
|
|
|
|
"target_ref": "x-misp-object--bf3e97e8-306a-44e9-91b4-0c274ad51734"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--f925dd71-c703-4ae5-a20d-bd4dc51c0b38",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--c760affd-636c-478d-ba6a-a3749a64b781",
|
|
|
|
"target_ref": "x-misp-object--ba15ef40-6ac2-487c-940e-83c3174da083"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--7be3a2ed-f8b3-438c-9048-7e18d2e888a0",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--e2e80668-791c-4d9a-80d4-dd25ba800c57",
|
|
|
|
"target_ref": "x-misp-object--28caf2ea-f4fe-4f30-8fa5-4a1ed8b06e46"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--82d80833-84f1-45ab-8600-b2545b3bd646",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--fe9c1e41-f204-4e12-a71c-02f86c3046ae",
|
|
|
|
"target_ref": "x-misp-object--36e12367-4a2f-4c7e-9857-05cbda8aa0be"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--8e6523cc-0fe0-4126-8d5a-58c8026fb49d",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:36.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:36.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--0610b8d6-dd83-4b25-a77a-83003ffd0e11",
|
|
|
|
"target_ref": "x-misp-object--efc8b853-d469-4274-9070-ab6c9da8f164"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--6af9bf08-eb9d-4804-83ba-b66fbc4648ff",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-08-15T18:21:37.000Z",
|
|
|
|
"modified": "2018-08-15T18:21:37.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--60193ac5-f0d1-42b3-83ac-3261849cd66b",
|
|
|
|
"target_ref": "x-misp-object--836bbef9-5015-4e6e-b2a7-2a09752ddd57"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|