2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5c5b1d6e-d824-4fbe-969b-3aea950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:06:02.000Z",
|
|
|
|
"modified": "2019-02-06T18:06:02.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5c5b1d6e-d824-4fbe-969b-3aea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:06:02.000Z",
|
|
|
|
"modified": "2019-02-06T18:06:02.000Z",
|
|
|
|
"name": "Malicious XLS claiming to be from Deloitte",
|
|
|
|
"published": "2019-02-06T20:05:22Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"file--5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"artifact--5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"indicator--5c5b2140-e72c-496a-85a8-d0a9950d210f",
|
|
|
|
"indicator--5c5b21f4-5cc8-4fa6-9ce6-4731950d210f",
|
|
|
|
"indicator--5c5b2209-a91c-4c59-b6b9-4c62950d210f",
|
|
|
|
"indicator--5c5b220a-f3cc-47e2-af51-435e950d210f",
|
|
|
|
"indicator--5c5b220a-f484-4dfe-96f1-4c98950d210f",
|
|
|
|
"indicator--5c5b220a-c5d8-438d-ad6a-4051950d210f",
|
|
|
|
"indicator--5c5b1d9a-4b6c-4631-972a-81b0950d210f",
|
|
|
|
"x-misp-object--0a0f1632-6e99-446c-b282-62e5e71d9795",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--d77526e7-b966-4a74-bc39-f7691376c8f0"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:01:41.000Z",
|
|
|
|
"modified": "2019-02-06T18:01:41.000Z",
|
|
|
|
"first_observed": "2019-02-06T18:01:41Z",
|
|
|
|
"last_observed": "2019-02-06T18:01:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"artifact--5c5b2105-4abc-486b-b212-cb89950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"name": "index.jpeg",
|
|
|
|
"content_ref": "artifact--5c5b2105-4abc-486b-b212-cb89950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "artifact",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "artifact--5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAOwBzQDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwCHwn4M1LxJokWpWlymTkMjKPlwSOpPPStw/D/xNB9wxN/wJR/WmeAjE/w2uEeCeeSKRTCkELSned+MqoPy8nPt0wcVDZ3g/wCEt0samtwoEqJFbzs0ckTbgE4I3GMHkAAAnGeNwr0MZnGMp4idNT0Ta2Xe3Y8dYSg0m47+ZzNxqd1BM8RlyyEgkCoDrV1n/WH8hWv4TtRf+PtPVs7ReeZx/sEt/wCy11V5oFlF4f8AFVxFKSNTjF/ZEEfNboY5SV4+7ukCn6fjX0lPMIQpUvaK8pRi/vaX/BOGOCdRycXom19yv/wDzz+2rr/nofyo/tq6/wCeh/Kuw1zRbBrMare3GozWdlodhJFbiSISAzSOiR7wgG1cckqSc57YrIsNI8PXGm6/q0v9q/YdPe2WBFeMSsJX2HdwR1x0xxXTDG0pQcuXbR6dW7W9SZYOSklffz8rmN/bV1/z0P5Uf21df89D+VdGfCOlrpDq1xdjU00Ma0z/AC+QEyf3eMbs4B5z/hWi/gDSrrVNJt9Nub2WyvJirX/mRSRMBGXKgDBV/lYYIPr7UPH4Zb+fTtf/ACdvTYPqVX+n/Xc4v+2rr/nofyo/tq6/56H8q7jwnouiL4m8K6laJdSWuqR3MsMN2yFonhz8zYXBHQgDGDg5OMVh3k1rqPw2Gsy208upXeteWbm4uBJJt8ouAW8sZUIANowNwyMD5alY6m6ijGOjt97bW3lYr6k1FtvXX8Fcw/7auv8Anofyo/tq6/56H8q6LwtP9j8D+K5vtt7ZYayHn2QzKuZSML86dc4PzDgnr0p3hjwvp3iPRrnVL251NZrSR5b45MrSoVLZQ7Sd+eoJb171c8VCnKfPGyi0r2vur/8AAIjhXOMeV6yv+Bzf9tXX/PQ/lR/bV1/z0P5Vq6tpWh6TZ2ccyak19e6ct/GUkjMcXmE+WjfKC2Ap3MMdBgc4F3xR4V0PQbO8hXVQNUszADFLdQk3JcDdsiU70xuB+bt6jmmsZQvFW+J2Wny/PQPqdTXy8znf7auv+eh/Kj+2rr/nofyrX+IwLfEXWh2V4QB6DyI6566s2tJzC81tI4GT9nuY5gOSMEoxAPB4PNbUKkatOE7W5lexnVo+znKO9i1/bV1/z0P5Uf21df8APQ/lXTTa1rI+GMVwNY1IXL68YzMLyTzNn2ctt3bs7cjOOmaS+8H6dpfh29ubqSZdS0z7L9qtY7oSYErBcE+UAjckgZfAwTnIzzrFwi2qkUteVW1108lpqjZ4S6Tg76X7d/8AJnNf21df89D+VH9tXX/PQ/lXReLPCmmeHtKtru2kvp3v3DWvmDYIotoJ8z5OXycAAjjnsai+Gi4+IOln/rr/AOinrRYmnKhKvBXSv0tt/VjN4ZxqRpyert+Jhf21df8APQ/lR/bV1/z0P5V3VhNb6p4X8JznUdQv5DrqQG9uwqXMbMpKhc+YCudr4JbOMcdnQKyQWsbSPKR4+MbSSY3SbQwycADnGeABXJ/aMVvDX/g+h0fUNdJHB/21df8APQ/lR/bV1/z0P5V2d/p8WpQNDJcXaxXXjSa0miDptOS/zr8m4ELhcEkcZx2DYvBGh391BHa3d9boNal0mY3DI24xo7krgDGdmBnPX8KuOY0LXmrfK/YmWAne0dTjv7auv+eh/Kj+2rr/AJ6H8q1vFnh6z0O30p4I723nvEleW1vHRpIQrALnaAOck1zOyu6hOnWgqkFp6HNVpOlLlluaH9tXX/PQ/lR/bV1/z0P5Vn7KNla8i7GdkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjYaORdgsjQ/tq6/56Gj+2rr/noaz9p9KNp9KPZrsFkaH9tXX/AD0NH9tXX/PQ1n7T6UbT6UezXYLI0P7auv8AnoaP7auv+ehrP2n0o2n0o9muwWRof21df89DR/bV1/z0NZ+0+lG0+lHs12CyND+2rr/noaP7auv+ehrP2n0o2n0o9muwWRof21df89DR/bV1/wA9DWftPpRtPpR7NdgsjQ/tq6/56Gj+2rr/AJ6Gs/afSjafSj2a7BZGh/bV1/z0NH9tXX/PQ1n7T6UbT6UezXYLI0P7auv+eho/tq6/56Gs/afSjafSj2a7BZGh/bV1/wA9DR/bV1/z0NZ+0+lG0+lHs12CyND+2rr/AJ6Gj+2rr/noaz9p9KNp9KPZrsFkaH9tXX/PQ0f21df89DWftPpRtPpR7NdgsjQ/tq6/56Gj+2rr/noaz9p9KNp9KPZrsFkaH9tXX/PQ0f21df8APQ1n7T6UbT6UezXYLI0P7auv+eho/tq6/wCehrP2n0o2n0o9muwWRof21df89DR/bV1/z0NZ+0+lG0+lHs12CyND+2rr/noaP7auv+ehrP2n0o2n0o9muwWRof21df8APQ0f21df89DWftPpRtPpR7NdgsjQ/tq6/wCeho/tq6/
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c5b2140-e72c-496a-85a8-d0a9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:02:40.000Z",
|
|
|
|
"modified": "2019-02-06T18:02:40.000Z",
|
|
|
|
"description": "Spoofed email - Pierre.Laporte@deloitte-canada.com via MTA",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.211.163.26']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-06T18:02:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c5b21f4-5cc8-4fa6-9ce6-4731950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:05:40.000Z",
|
|
|
|
"modified": "2019-02-06T18:05:40.000Z",
|
|
|
|
"description": "Spoofed domain",
|
|
|
|
"pattern": "[domain-name:value = 'deloitte-canada.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-06T18:05:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c5b2209-a91c-4c59-b6b9-4c62950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:06:01.000Z",
|
|
|
|
"modified": "2019-02-06T18:06:01.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.163.26']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-06T18:06:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c5b220a-f3cc-47e2-af51-435e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:06:02.000Z",
|
|
|
|
"modified": "2019-02-06T18:06:02.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.242.210']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-06T18:06:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c5b220a-f484-4dfe-96f1-4c98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:06:02.000Z",
|
|
|
|
"modified": "2019-02-06T18:06:02.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.143.214']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-06T18:06:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c5b220a-c5d8-438d-ad6a-4051950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T18:06:02.000Z",
|
|
|
|
"modified": "2019-02-06T18:06:02.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '134.19.181.154']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-06T18:06:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c5b1d9a-4b6c-4631-972a-81b0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T17:48:32.000Z",
|
|
|
|
"modified": "2019-02-06T17:48:32.000Z",
|
|
|
|
"description": "Spoofed email - Pierre.Laporte@deloitte-canada.com",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'bdc928e2064faf3950aef955c1c9fa8c' AND file:hashes.SHA1 = '9f9d41aabb5e58d765f5ff4d930e6dab5fa2a613' AND file:hashes.SHA256 = '2f00e0bb89d863ee7834ae9cb69d98f8e826e6d328fcdd833d91d62634f675ce' AND file:name = 'Tax_Billing.xls' AND file:size = '58880' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAOONRk7+6a/TdloAAADmAAAgABwAYmRjOTI4ZTIwNjRmYWYzOTUwYWVmOTU1YzFjOWZhOGNVVAkAA5odW1yaHVtcdXgLAAEEIQAAAAQhAAAAlvcvCzkV9fnMIkuIzLMjMAwFiA/r5wPuavqaI2FO3KaIzaTAPoVknmUzv8sKEs+gG1YsOY8ZWw3ZFfk3j3uqnViRmHhjj+HB2mMPx+NY68+t5mYhvXf61/HZqWve336qOlG8OWG0FbaVYKWGSLfuD81mH1vdXTAfNoBSptszZpABVfOc6vJ1gW2DUsuSgpQUQSaiC6nuX4SZN1uNvOxySwgSLic8wN6/p0TbWc11L7MmpXFqtU2jzP7VJdCJnlppX4VM4qcWH5GDGlSHL0hZuwBZv4oMc67tQ0fzD8BDoXM/yrd2osINOtK3cZ0R7hEVxRdcdlquAkdF0fS9ZzT0TvKZbJVjrseBlybd3LvXC5lXqB24fGaNGo+xRy9g9wi9Eee3fyhXQs9tsTTnR/5ztzVaaF/r/PETvlOLyPSweEWQMWZO1qcjjCKqttDyJknzqFcZNEftPkX8fEYKRUio0MRISbg/zApAFza0xoVDsqDuLkRoMsCokE6+RUxlbQf/MqAk5BfsJZdzcXn0QMWmeC6I+YjxdZ5eIp0IPPEffGGSiJt6sxkjPtNptuPtr5iqDW1+9UfxO4DWFyAwndLTTFFKZ6QTVR78ITdRggdBeBSdzrj2A08Xf6RUlkraw5XdD22ieCHUzIzjJIb9oHNQh+EDkq2gNc3Dv0IlaJNoCVGycEmoRGivUwEn+MxPEyCoirZcs8r+R+O88hB9P3lZJST36d4wP0N2JRLXYDo54SR/Sv+wq1xD4wS0lca0X4I6LcJ7jve6DQXwxwLnjVa3B0Y529b7Aw1zxrdnDSq60wpVn7Xw14+JvCQYp0mrJ/Y/gtR+bUCDkZxjYmksUwVH9uTdmp092cFDPZf9kYBthFzNfFHG9rI2WlaJS3aKmybKuwhi+kZOs2lMjihkIwTolLD6E0lF5yFOXRtwcW4NrIPjwkqWJ2+sopW95xiijUAAIh+GXFuPKBCJdolSlZLxTKptYfBA75EQH1ATGGCm8TUFYLdq2sIE8kWwp5kanyr2kJgtJc7jgXDxRAZC64WQOdW3OIjGmjKRK4s6VV/4dWjAJRrcBjRFF8GqIbnYygr1DRiQ5XlNVtFZ58AbSZ55ZyXySTtfXuLyDwYBhBFmKUjqr25qyRJA2egTAmkYpPQuknMjGqlAlC1RwQX44z1+qNM/1i0A0SofjAjqb38Sz/QFqF0e0bAspxa1tEym/9S9+esPfn7njHSvdOX3ApN8ELbUtLMGwUfpncJt3LZaqWwL8Nie52xbjR72rIlFHLriL9Dcbr49t5BGHfAUM8f2iHDPiaS3kCCDxCCgnbeZbv2vul1pcRl6hiS4/gbLCdVLOhrJJ/eAVs4hqdgki3gtwiiy6BeZ0lquzu6E9ABJ7a9NMXUKZATUjwR78OGhVpGIxGv4n1PvzK4fzPZhDhqJHRpiKzLvg5P2ALIbuWuPDwfN85FdfdWzjqA64mW7lrmxFn2W/CQBlRUJ2mBnBgGiiADG2GK4gpyic8KZBg9/bJKqp6z958+cpKpfCxX5j/OGYRm85kuqRvfD2TLL73sVteoSUSGlE8tP5NxFfToafhmlFDQcOaXr0s/m01QRN1NHmVPJpLPuZa/8M+F2ZS9XerbBMav++la64VT6wn9A/+NllQEe1uhqxZP0M/cDsWp1XxmCuMcgLdhNzUO9zeDCA6rV9qHPRQ53LCgejoCIFHbyjUv06qJg9wquttkPjaXnl7xUdd/z6pKnmVlwxD7mjbqGRC0KqYWB0lI3EQ4WUQIVI+9GoSsWdHvbNX2rib1fMHyamp4MCZBX2qQSozH77qDkSEDxdQWRYG/PSDEI7Y12ApvaILIXO/JfvQ3eQU0d28VQJetAvFg7HlBcJnCjMWhoXUDUc3ERvS98y+Yn2qns4zUy+pfzgBQjmdVNG6zZDthWTYOggGlkFRLwzvelvIce79mhrPqJVxltniXma0e5wbMmsbO70vH8T2YYm+QDh5YMFOWqwqDRHc2C6DFVuZmD5jhrY6z8A4eOsIb71YzJEchOxMIQZ5+ZHtkgzOhMAFBjMYeQIT/SNrLP3TEibvDL8g0IG/Fl6SdbN1B61xsLVV+Ew2xVwIBl9wUua4OBYo6RN79SQa6AUweuipIPIAlfancikVdY2zCSB6ZNcJqhqPTR6Kdp0/yLD6Sks9b3v4f4Le88H7YZh+BgDqWVBocSDrapbos9av5A+sLbfQWedH6Xy2u9HAA0X5IQAfYWd8FIpWf5KQhzUEWozLEKmOdQ1F2D0mEXs7Rvgyr39SkA+6kDyvunEQ/zZyxObzghitovljjJowLZ+UukRtlVXyHlRaegoqMKWU66ZItca/EHfU0tp8rY0gngW20C0orQJmjF3G4H921i8z243S9gtotDpZditNSgnuwMLf9lOIH5plTw4jbYq5Rdf1aFXLjyXBxrms5keU9iG/rXQIV8wRrzDSyWoI9kBXJfpVbSlv1ha/Bh3z9652yOskn+6riNGAV1UV3n08RloxBDCpRcd+j7ptIHmFdrSo8ZsMBgt/s2vhyaOHbtkzbsnSRvusIYOHkp97RsqgwsNEedW1pQW2auSYTO7Vo0GZdKEFUSIToN5c4aXlnrGQHsoGtay6FwbsoGNZWyjEhZRy1aIsTBXy4kQRp1ndgmORmad1s5d8eRfZ4eNDTTePdIwQxM/SSaLlC65/wJQ5EZRM9jut16JwlQG5qAzSFzXoNKIGTbLj45PnrHxC+S4WjgO32+mavI1SZzzB6e1rfF4Tvss+vf3dUm+sJXjOpk8pmecFKdtFW5aFXuTqsOGDYyWsmbm5ORi4PR9iUuaXpxeIJmSKnFcKpqvktoMsiopo2np4x3WLPw2eDikz8uofFMRiLWMFuS34oom9SQQKY1jvQYZh9Cz4m7UjRQ2w1hsQmWB5GxYKgsa8vK9hV2g5Rg6cq+XcQ4g50f18fHiNJqQ7PWmockdTn80sknDWl+UICJpHyJ1gGWibEsdtoI8zsRZoJvwhnTl94gY+cZrZVxzfbGRtH5SI5iNrKR7mH98v7yLUex5bHlXQe/duBCDUDcZv4OMSL7LFsGq2H0ang02bt66LM6LOX2KFz34UqIbdusElyb6l7wa6lJkyB7+zmZEu900hRhqucfWPAmdTw7Nt6fAGn7tq1bDJ22um52kUKjSCHcnjWWQChhlzCFywCVF4Pfg7f0/RwpJHYQv2mhBI5c32IOkTHNxO5/GS9ls6M7E326rY/YCi5R7C2hQ2tO3f0pL1VbM2wcov1nKQP4fRgXmelFweicBrlWRDojH3UVOMBTCJfQMFYQzsTlz8tbc0basqT7VsGcGu55hqDAfIIpfGHNBmv16IiuIpFURIPS5UL3Z/MZBKxeMBAR/ycdlu0h5LB0G+2Agyy3w3ri5pMqHmVTTBezRgYHnO8fDGF1kcFoL6MXkKkXSGmlXlSFyXyqqI03gui1c2JCPVqLa+h/joFqBd6u+Ec+7tSgckgnNy+jhOjdNpovC14fhF+aSXDaXxswyk8KGHAT6xT5eoS0fYripVfUuYwM9hikFgrl63cHCkx69V8W9dpt6fINEpt4F/UQHkc2ArbQJyefKXKF3cV1Its0FhVIwtbNoGg6UFb9Z/RZXyz20qXaBxR4P5/3
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-02-06T17:48:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0a0f1632-6e99-446c-b282-62e5e71d9795",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-02-06T17:48:32.000Z",
|
|
|
|
"modified": "2019-02-06T17:48:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-06T17:35:34",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b9506ea8-26cc-4d66-8391-4ba4c520d28f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/2f00e0bb89d863ee7834ae9cb69d98f8e826e6d328fcdd833d91d62634f675ce/analysis/1549474534/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "67dc6c75-2606-4f36-ae58-03d54e2161a1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "10/59",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "46f85060-e7ce-48bf-853f-286855dbc63b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--d77526e7-b966-4a74-bc39-f7691376c8f0",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-02-06T17:48:32.000Z",
|
|
|
|
"modified": "2019-02-06T17:48:32.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--5c5b1d9a-4b6c-4631-972a-81b0950d210f",
|
|
|
|
"target_ref": "x-misp-object--0a0f1632-6e99-446c-b282-62e5e71d9795"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|