2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5bb61071-d0ac-4b8a-8bba-4dc8950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:15:09.000Z" ,
"modified" : "2018-10-04T19:15:09.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5bb61071-d0ac-4b8a-8bba-4dc8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:15:09.000Z" ,
"modified" : "2018-10-04T19:15:09.000Z" ,
"name" : "OSINT - Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras" ,
"published" : "2018-10-04T19:15:15Z" ,
"object_refs" : [
"observed-data--5bb610da-7840-4316-b213-4905950d210f" ,
"url--5bb610da-7840-4316-b213-4905950d210f" ,
"x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f" ,
"indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f" ,
"indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f" ,
"indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f" ,
"indicator--5bb61740-c0f8-4087-9811-4f8b950d210f" ,
"indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f" ,
"indicator--5bb61a04-0544-461d-9635-46d1950d210f" ,
"indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f" ,
"indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f" ,
"indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f" ,
"indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f" ,
"indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f" ,
"indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f" ,
"indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f" ,
"indicator--5bb61a0e-500c-4155-825b-452b950d210f" ,
"indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f" ,
"indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f" ,
"indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f" ,
"indicator--5bb61a10-ab00-4133-8296-4a96950d210f" ,
"indicator--5bb61a10-469c-473e-ba93-459b950d210f" ,
"indicator--f309283e-f9b3-4936-9534-ef6866f23c40" ,
"x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7" ,
"indicator--12ef2bb3-f2ac-4266-b693-27631eae3930" ,
"x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5" ,
"indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0" ,
"x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd" ,
"indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9" ,
"x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b" ,
"indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8" ,
"x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7" ,
"indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435" ,
"x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa" ,
"indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0" ,
"x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96" ,
"indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb" ,
"x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175" ,
"indicator--ed841816-818e-4245-b6dd-f2309f700681" ,
"x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d" ,
"indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8" ,
"x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b" ,
2024-04-05 12:15:17 +00:00
"relationship--81a9f4ea-213f-4fd5-b383-82ea90529681" ,
"relationship--d3d08d10-d2df-4d02-b8a3-62a38b720529" ,
"relationship--77871df6-f35b-47ff-9f76-4cc9c9223946" ,
"relationship--711b2196-a1fa-4155-9672-544e9b4e64c2" ,
"relationship--c4af0523-d33e-4823-adc6-6d4c20a036d2" ,
"relationship--173b95ad-6278-486f-a258-8e81276e7548" ,
"relationship--443d75f7-ebd3-45ea-9d52-a25542747d44" ,
"relationship--e6d1eac4-ccb5-4b62-9f8c-aefd91337556" ,
"relationship--f0a24c2f-5cdf-4f36-9154-37f38ad34a17" ,
"relationship--89d183a9-81cb-4761-9ce3-28fb4f470dfc"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"malware_classification:malware-category=\"Botnet\"" ,
"\tmalware_classification:malware-category=\"Botnet\"" ,
"misp-galaxy:botnet=\"Persirai\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb610da-7840-4316-b213-4905950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:11:09.000Z" ,
"modified" : "2018-10-04T13:11:09.000Z" ,
"first_observed" : "2018-10-04T13:11:09Z" ,
"last_observed" : "2018-10-04T13:11:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5bb610da-7840-4316-b213-4905950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5bb610da-7840-4316-b213-4905950d210f" ,
"value" : "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5bb612ca-8a64-47a5-a459-485e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:17:07.000Z" ,
"modified" : "2018-10-04T13:17:07.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai\u00e2\u20ac\u201dan open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras\u00e2\u20ac\u201das well as the Hajime botnet.\r\n\r\nWe detected approximately 120,000 IP cameras that are vulnerable to ELF_PERSIRAI.A via Shodan. Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61739-32dc-44d3-bcf5-4c6d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:35:53.000Z" ,
"modified" : "2018-10-04T13:35:53.000Z" ,
"description" : "C&C server" ,
"pattern" : "[domain-name:value = 'load.gtpnet.ir']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:35:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb6173a-5bc8-4746-a7fd-425f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:35:54.000Z" ,
"modified" : "2018-10-04T13:35:54.000Z" ,
"description" : "C&C server" ,
"pattern" : "[domain-name:value = 'ntp.gtpnet.ir']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:35:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb6173f-60ec-47c3-b5da-4bd0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:35:59.000Z" ,
"modified" : "2018-10-04T13:35:59.000Z" ,
"description" : "C&C server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.62.189.232']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:35:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61740-c0f8-4087-9811-4f8b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:36:00.000Z" ,
"modified" : "2018-10-04T13:36:00.000Z" ,
"description" : "C&C server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.85.38.103']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:36:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a03-6aa4-4b22-9f78-4283950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:47.000Z" ,
"modified" : "2018-10-04T13:47:47.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a04-0544-461d-9635-46d1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:48.000Z" ,
"modified" : "2018-10-04T13:47:48.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a04-a6d4-4105-aae4-43c6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:48.000Z" ,
"modified" : "2018-10-04T13:47:48.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a05-85f4-4a0e-92c5-4370950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:49.000Z" ,
"modified" : "2018-10-04T13:47:49.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a05-8904-4c4f-8a5a-4942950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:49.000Z" ,
"modified" : "2018-10-04T13:47:49.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a09-8e34-41ee-a78d-4e7e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:53.000Z" ,
"modified" : "2018-10-04T13:47:53.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a0c-14e8-4a85-ba0d-4311950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:56.000Z" ,
"modified" : "2018-10-04T13:47:56.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a0d-1720-4ec2-a1f0-4b6a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:57.000Z" ,
"modified" : "2018-10-04T13:47:57.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a0d-0208-4bc2-959a-42e2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:57.000Z" ,
"modified" : "2018-10-04T13:47:57.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a0e-500c-4155-825b-452b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:58.000Z" ,
"modified" : "2018-10-04T13:47:58.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a0e-dd6c-4fa2-b250-42c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:58.000Z" ,
"modified" : "2018-10-04T13:47:58.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'ff5db7bdb4de17a77bd4a552f50f0e5488281cedc934fc3707833f90484ef66c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a0f-b75c-4b10-b14b-4d3d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:59.000Z" ,
"modified" : "2018-10-04T13:47:59.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'ec2c39f1dfb75e7b33daceaeda4dbadb8efd9015a9b7e41d595bb28d2cd0180f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a0f-06f0-4fb1-82eb-4ab6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:47:59.000Z" ,
"modified" : "2018-10-04T13:47:59.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'f736948bb4575c10a3175f0078a2b5d36cce1aa4cd635307d03c826e305a7489']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:47:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a10-ab00-4133-8296-4a96950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:48:00.000Z" ,
"modified" : "2018-10-04T13:48:00.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = 'e0b5c9f874f260c840766eb23c1f69828545d7820f959c8601c41c024044f02c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:48:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb61a10-469c-473e-ba93-459b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T13:48:00.000Z" ,
"modified" : "2018-10-04T13:48:00.000Z" ,
"description" : "Hash detected as ELF_PERSIRAI.A:" ,
"pattern" : "[file:hashes.SHA256 = '35317971e346e5b2a8401b2e66b9e62e371ce9532f816cb313216c3647973c32']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T13:48:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f309283e-f9b3-4936-9534-ef6866f23c40" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:11:58.000Z" ,
"modified" : "2018-10-04T19:11:58.000Z" ,
"pattern" : "[file:hashes.MD5 = '2f6e964b3f63b13831314c28185bb51a' AND file:hashes.SHA1 = 'a63417b889491466c912dfbb6d2a34ad27f2bcfe' AND file:hashes.SHA256 = '7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:11:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:11:56.000Z" ,
"modified" : "2018-10-04T19:11:56.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T00:29:01" ,
"category" : "Other" ,
"uuid" : "7815ca32-703b-430e-a06f-dfb802b2617c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0/analysis/1538612941/" ,
"category" : "External analysis" ,
"uuid" : "b872dfe2-e6a4-46be-93cb-d2d39c54e961"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/57" ,
"category" : "Other" ,
"uuid" : "b977ae27-2ed8-42ea-af35-31fa7d975feb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:00.000Z" ,
"modified" : "2018-10-04T19:12:00.000Z" ,
"pattern" : "[file:hashes.MD5 = '428111c22627e1d4ee87705251704422' AND file:hashes.SHA1 = 'ccc90bd76af9d4b538aa88715027dd062f7c946d' AND file:hashes.SHA256 = '264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:11:59.000Z" ,
"modified" : "2018-10-04T19:11:59.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T00:35:09" ,
"category" : "Other" ,
"uuid" : "836c2dac-1246-4175-a7ac-ad7a3246570e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc/analysis/1538613309/" ,
"category" : "External analysis" ,
"uuid" : "34afc7f8-f731-4458-bea0-0a620d0b2948"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/59" ,
"category" : "Other" ,
"uuid" : "42f732a2-5783-4fe1-bf28-a299f63a6f65"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:03.000Z" ,
"modified" : "2018-10-04T19:12:03.000Z" ,
"pattern" : "[file:hashes.MD5 = '9584b6aec418a2af4efac24867a8c7ec' AND file:hashes.SHA1 = '22a8faf351768596500dbe6e27c05ad55744da1d' AND file:hashes.SHA256 = 'af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:01.000Z" ,
"modified" : "2018-10-04T19:12:01.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-28T00:22:07" ,
"category" : "Other" ,
"uuid" : "28299833-823a-4fae-9d26-936806282829"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb/analysis/1535415727/" ,
"category" : "External analysis" ,
"uuid" : "a8b600ec-a940-4775-8d5a-da5e6fb40637"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/59" ,
"category" : "Other" ,
"uuid" : "6ab72e91-286a-4e59-aed6-7ba109b77661"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:05.000Z" ,
"modified" : "2018-10-04T19:12:05.000Z" ,
"pattern" : "[file:hashes.MD5 = '5ebeff1f005804bb8afef91095aac1d9' AND file:hashes.SHA1 = 'c92e07faaad26b4ac98f9cc0c5a24e60dcb25b8a' AND file:hashes.SHA256 = '4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:04.000Z" ,
"modified" : "2018-10-04T19:12:04.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T00:40:15" ,
"category" : "Other" ,
"uuid" : "8f277ab7-05c6-46f8-909c-f3381f65afbc"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b/analysis/1538613615/" ,
"category" : "External analysis" ,
"uuid" : "656ad417-eede-4da8-b924-d1ac777d5cbe"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/59" ,
"category" : "Other" ,
"uuid" : "6b003f1f-e035-40ad-8331-3e79a4f9ed2e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:11.000Z" ,
"modified" : "2018-10-04T19:12:11.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f620fb57352e6f393477a65101a4612e' AND file:hashes.SHA1 = '93515d7442d0240272b8d813b300219c53e88dfd' AND file:hashes.SHA256 = 'a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:10.000Z" ,
"modified" : "2018-10-04T19:12:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-19T23:46:42" ,
"category" : "Other" ,
"uuid" : "3feaaa6c-1944-4d54-b928-151e02b9ba75"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92/analysis/1534722402/" ,
"category" : "External analysis" ,
"uuid" : "4456021c-dde7-45e4-bb39-a42c628b0d31"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/58" ,
"category" : "Other" ,
"uuid" : "e23bb428-95e6-414a-a60f-e666d298495e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:17.000Z" ,
"modified" : "2018-10-04T19:12:17.000Z" ,
"pattern" : "[file:hashes.MD5 = '912681f6be51afa8c5ab36e691b88e74' AND file:hashes.SHA1 = '227d1aa69da8250ddbf8898863799e59bdfeb516' AND file:hashes.SHA256 = 'f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:15.000Z" ,
"modified" : "2018-10-04T19:12:15.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-28T00:21:20" ,
"category" : "Other" ,
"uuid" : "9da3df4d-2a97-4c0f-b9a8-4ee1e3bf41fa"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a/analysis/1535415680/" ,
"category" : "External analysis" ,
"uuid" : "791bd56a-7de3-419e-9984-b3b8f1126ec6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/59" ,
"category" : "Other" ,
"uuid" : "620bf26e-ce72-408a-a9fb-29c061e257be"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:19.000Z" ,
"modified" : "2018-10-04T19:12:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '7e1c3834c38984c34b6fd4c741ae3a21' AND file:hashes.SHA1 = '02b850450fcbcdd6b13f03b2121f124543480d62' AND file:hashes.SHA256 = 'd00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:18.000Z" ,
"modified" : "2018-10-04T19:12:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T00:51:35" ,
"category" : "Other" ,
"uuid" : "50679951-11f3-4163-bca3-c1a71fc25d9f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45/analysis/1538614295/" ,
"category" : "External analysis" ,
"uuid" : "6a957d87-5bf5-4e47-9901-533d3be74a57"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/58" ,
"category" : "Other" ,
"uuid" : "b95271c3-bd73-4a19-ac07-58509fbe8fc6"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:22.000Z" ,
"modified" : "2018-10-04T19:12:22.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b2b129d84723d0ba2f803a546c8b19ae' AND file:hashes.SHA1 = '7a0485e52aa09f63d41e471fd736584c06c3dab6' AND file:hashes.SHA256 = '44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:20.000Z" ,
"modified" : "2018-10-04T19:12:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-18T19:47:01" ,
"category" : "Other" ,
"uuid" : "a6d21e1e-4762-45a8-8397-1e40b79d6f0a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778/analysis/1537300021/" ,
"category" : "External analysis" ,
"uuid" : "25405b32-6b81-42dc-a247-ebc03f770730"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/58" ,
"category" : "Other" ,
"uuid" : "85bba342-833d-452d-ae52-93ca69be210c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ed841816-818e-4245-b6dd-f2309f700681" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:24.000Z" ,
"modified" : "2018-10-04T19:12:24.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cfb80e0b1e3927ebc1069b8fdc468072' AND file:hashes.SHA1 = '64bd5ba88d7e7104dc1a5586171e83825815362d' AND file:hashes.SHA256 = '4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:24.000Z" ,
"modified" : "2018-10-04T19:12:24.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-01T16:00:37" ,
"category" : "Other" ,
"uuid" : "960ff2ae-bf7a-49c3-ab42-4134855d21d9"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a/analysis/1538409637/" ,
"category" : "External analysis" ,
"uuid" : "146485a6-71f5-41d8-800b-4ac4f679f33b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/58" ,
"category" : "Other" ,
"uuid" : "b5bc8306-34a2-4eb6-9dd5-893115f7c124"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:28.000Z" ,
"modified" : "2018-10-04T19:12:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '10d899e46e0df86ba6e6a4754de331d9' AND file:hashes.SHA1 = '29aabf21557507699503251e8e19ff77ee61f1bc' AND file:hashes.SHA256 = 'aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T19:12:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T19:12:26.000Z" ,
"modified" : "2018-10-04T19:12:26.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T00:21:25" ,
"category" : "Other" ,
"uuid" : "0911b7f8-578a-470b-a17b-1d302ea16696"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61/analysis/1538612485/" ,
"category" : "External analysis" ,
"uuid" : "b3cc844b-5bf3-4cb8-b122-eee753b95a86"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/58" ,
"category" : "Other" ,
"uuid" : "dd676758-854f-4bee-b4b2-4942e2c6efc7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--81a9f4ea-213f-4fd5-b383-82ea90529681" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:27.000Z" ,
"modified" : "2018-10-04T19:12:27.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f309283e-f9b3-4936-9534-ef6866f23c40" ,
"target_ref" : "x-misp-object--c32be2ac-252d-404e-a391-de2bec4acaf7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--d3d08d10-d2df-4d02-b8a3-62a38b720529" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:27.000Z" ,
"modified" : "2018-10-04T19:12:27.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--12ef2bb3-f2ac-4266-b693-27631eae3930" ,
"target_ref" : "x-misp-object--9d4269eb-edc5-4513-9cdc-fedcf13523d5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--77871df6-f35b-47ff-9f76-4cc9c9223946" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:27.000Z" ,
"modified" : "2018-10-04T19:12:27.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f2c1f63f-9a45-43a5-b5f0-aa338180c6a0" ,
"target_ref" : "x-misp-object--f27c2edf-b64f-4038-a3a9-d326a05177bd"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--711b2196-a1fa-4155-9672-544e9b4e64c2" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:27.000Z" ,
"modified" : "2018-10-04T19:12:27.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9c0321a0-cf1b-4f6b-b67a-69d45877e2d9" ,
"target_ref" : "x-misp-object--1883c73d-680a-4623-9b78-42cfeb491f5b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--c4af0523-d33e-4823-adc6-6d4c20a036d2" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:28.000Z" ,
"modified" : "2018-10-04T19:12:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--36dd4a13-9d43-48b4-b035-a1dd57e1daa8" ,
"target_ref" : "x-misp-object--077ee3b9-3db4-4025-957b-3944d40c17d7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--173b95ad-6278-486f-a258-8e81276e7548" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:28.000Z" ,
"modified" : "2018-10-04T19:12:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c0fc4a1e-cd67-415a-b8b9-3b8624427435" ,
"target_ref" : "x-misp-object--d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--443d75f7-ebd3-45ea-9d52-a25542747d44" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:28.000Z" ,
"modified" : "2018-10-04T19:12:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7d2c9249-f40e-495c-8f96-64b18ab129e0" ,
"target_ref" : "x-misp-object--41d50336-ea44-4a0b-8e2a-4d5daee47a96"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--e6d1eac4-ccb5-4b62-9f8c-aefd91337556" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:28.000Z" ,
"modified" : "2018-10-04T19:12:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5e99dc31-7b8e-4fc0-b6d2-76c97386fddb" ,
"target_ref" : "x-misp-object--3d0cb0cc-5992-44bd-908d-608dfa518175"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--f0a24c2f-5cdf-4f36-9154-37f38ad34a17" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:28.000Z" ,
"modified" : "2018-10-04T19:12:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ed841816-818e-4245-b6dd-f2309f700681" ,
"target_ref" : "x-misp-object--249cc05d-c4f2-49e8-a6a1-7fb0437d810d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--89d183a9-81cb-4761-9ce3-28fb4f470dfc" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T19:12:28.000Z" ,
"modified" : "2018-10-04T19:12:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--e379a5ec-5b7a-48c0-ad91-c00272e066c8" ,
"target_ref" : "x-misp-object--bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}