adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5caefb63-cb90-4a86-abc2-4fcc950d210f.json

1458 lines
65 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5caefb63-cb90-4a86-abc2-4fcc950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5caefb63-cb90-4a86-abc2-4fcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"name": "OSINT - OSINT Reporting Regarding DPRK and TA505 Overlap",
"published": "2019-04-11T08:57:43Z",
"object_refs": [
"observed-data--5caefb80-627c-44aa-958d-4941950d210f",
"url--5caefb80-627c-44aa-958d-4941950d210f",
"x-misp-attribute--5caefb9e-4ff4-4279-8eb1-4f34950d210f",
"indicator--5caefc2b-536c-4f65-8313-47ff950d210f",
"indicator--5caefc2b-5358-4bd8-a44b-45a2950d210f",
"indicator--5caefc2b-5960-4325-8f02-47de950d210f",
"indicator--5caefc2b-61e4-4911-b7e1-46a5950d210f",
"indicator--5caefc2b-c4c8-47f0-852d-4163950d210f",
"indicator--5caefc2b-b920-4108-818b-4bb7950d210f",
"indicator--5caefc2b-4cd8-4961-8370-4f9a950d210f",
"indicator--5caefc2b-3c5c-4319-b485-47ff950d210f",
"indicator--5caefc2b-03a4-41ba-a412-4114950d210f",
"indicator--5caefc2b-00f8-4b12-b9ce-4afb950d210f",
"indicator--5caefc2b-d480-4029-a1e2-4fa7950d210f",
"indicator--5caefc2b-7860-4a21-8938-4862950d210f",
"indicator--5caefc2b-4c4c-4c03-8cca-4c91950d210f",
"indicator--5caefc56-19c4-499d-b0ab-447b950d210f",
"indicator--5caefc9c-d268-486d-882b-4d9b950d210f",
"x-misp-object--5caeff81-12e0-4a18-bfa2-406b950d210f",
"indicator--0f82f247-68d7-432b-9207-6a651e249789",
"x-misp-object--f09e7ee6-1c63-4b54-8640-c296e0f51a48",
"indicator--ae0407a4-1c88-4dbe-8217-038a7f410235",
"x-misp-object--b02e8fad-5c20-428f-ae2f-97dc1a84a1b6",
"indicator--2826ff14-cad5-43cd-b6cd-6820a2d11785",
"x-misp-object--30b8618d-3d37-49c8-b5ce-d9b0b60bd069",
"indicator--ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
"x-misp-object--d97fb25c-3f24-4bab-acb7-2cb440918538",
"indicator--526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
"x-misp-object--122483b1-248c-4166-84bf-bf59cf4a598f",
"indicator--ab826329-510d-44a0-9899-82e9d734561e",
"x-misp-object--c98a3166-c9c2-4b97-b669-d844f7a15b50",
"indicator--8edf4809-f353-4a04-b77e-3e84960327b5",
"x-misp-object--b33073cd-b85f-46a3-929c-d7893547e63d",
"indicator--a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
"x-misp-object--c2aaa9d9-db45-4eab-9ca8-e285a677dc05",
"indicator--0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
"x-misp-object--8f375dd5-8169-46db-9da5-c71686b424b1",
"indicator--ade3118a-0418-44f4-9967-524ba203ee24",
"x-misp-object--b70df9f5-45ab-4369-a434-263514e9a1a5",
"indicator--e23b9b62-4226-4fd2-be50-d37fb7b643ea",
"x-misp-object--43bfebb6-83a2-48c1-8872-47102ef582aa",
"indicator--27704985-ae7f-4621-bfdb-e6b92e3eabff",
"x-misp-object--5475eb79-4664-4ee7-967d-5c8c1d19b715",
"indicator--847b7779-1090-43be-9436-9c851a0777d5",
"x-misp-object--e5f252bc-b462-4792-9999-ea950b1f633b",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"relationship--14fec91b-cdc9-4682-aaa8-d04ff6ed166b",
"relationship--8a0efc1d-3f92-424d-ae5c-e7f761f944c6",
"relationship--525a6b0c-6e18-4aef-ae90-05300989f6ea",
"relationship--a957237f-356c-490c-98e2-c231ac4713ab",
"relationship--150e8312-d4a2-4041-bf4f-b7c4503dec2d",
"relationship--99aedbb9-94ac-4401-84be-7b68e0faff4f",
"relationship--7e4299be-d4d8-4029-94eb-6525e53fd57d",
"relationship--618c6580-a01d-495d-a582-f634a2e7be2f",
"relationship--1611c029-7427-4038-839d-8eb055570d23",
"relationship--8d88b3e0-e4f4-43bd-b670-83f70bb1e217",
"relationship--a16d4d70-2ff5-4643-aa31-c8fc056bf2af",
"relationship--826ac0d2-3a9f-4c3d-bded-d404e1171877",
"relationship--37628eaa-47dd-4028-8cbb-e8d6b5e87cdb",
"relationship--682e8c4b-54b1-464a-b680-36a06aadcff3"
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:threat-actor=\"TA505\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5caefb80-627c-44aa-958d-4941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:32:00.000Z",
"modified": "2019-04-11T08:32:00.000Z",
"first_observed": "2019-04-11T08:32:00Z",
"last_observed": "2019-04-11T08:32:00Z",
"number_observed": 1,
"object_refs": [
"url--5caefb80-627c-44aa-958d-4941950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5caefb80-627c-44aa-958d-4941950d210f",
"value": "https://norfolkinfosec.com/osint-reporting-on-dprk-and-ta505-overlap/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5caefb9e-4ff4-4279-8eb1-4f34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:32:30.000Z",
"modified": "2019-04-11T08:32:30.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Yesterday, at SAS2019, BAE Systems presented findings related to DPRK SWIFT heist activity that took place in 2018. As part of this research (a leaked video of the presentation is available online), BAE included two key points not previously disclosed in the public domain:\r\n\r\n\u00e2\u20ac\u201c The existence of a PowerShell backdoor attributable to DPRK, which the researchers dubbed PowerBrace\r\n\u00e2\u20ac\u201c A possible overlap between TA505 intrusions and DPRK intrusions, suggesting a possible hand-off between the two groups.\r\n\r\nThis blog will leave a full analysis of those two points and the supporting context to the people that found them, as it\u00e2\u20ac\u2122s theirs to share; however, data that may support such conclusions have been available in open source for quite some time.\r\n\r\nIn early January, VNCert issued an alert regarding attacks targeting financial institutions, containing a mix of DPRK IOCs (including a keylogger referred to as PSLogger previously analyzed by this blog), TA505 IOCs (previously published by 360 TIC), and a handful of PowerShell scripts that are generally identical aside from a handful of configuration changes. Furthermore, the aforementioned keylogger was first uploaded by a submitter (fabd7a52) in Pakistan in December 2018. That same submitter acted as the first uploader for one of the PowerShell samples identified below (b88d4d72fdabfc040ac7fb768bf72dcd), further corroborating a possible link.\r\n\r\nGiven the multi-sourced reporting overlaps and the additional Pakistan findings mentioned above, this blog assesses that the PowerShell scripts in question likely belong to the same family of DPRK-attributable malware reported by BAE systems."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-536c-4f65-8313-47ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '5b7244c47104f169b0840440cdede788']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-5358-4bd8-a44b-45a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = 'cc29adb5b78300b0f17e566ad461b2c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-5960-4325-8f02-47de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = 'e00499e21f9dcf77fc990400b8b3c2b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-61e4-4911-b7e1-46a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '53f7be945d5755bb628deecb71cdcbf2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-c4c8-47f0-852d-4163950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '9c35e9aa9255aa2214d704668b039ef6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-b920-4108-818b-4bb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '2e0d13266b45024153396f002e882f15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-4cd8-4961-8370-4f9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '26f09267d0ec0d339e70561a610fb1fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-3c5c-4319-b485-47ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '09e4f724e73fccc1f659b8a46bfa7184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-03a4-41ba-a412-4114950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = 'b12325a1e6379b213d35def383da2986']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-00f8-4b12-b9ce-4afb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '8a41520c89dce75a345ab20ee352fef0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-d480-4029-a1e2-4fa7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '7c651d115109fd8f35fddfc44fd24518']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-7860-4a21-8938-4862950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = 'b88d4d72fdabfc040ac7fb768bf72dcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc2b-4c4c-4c03-8cca-4c91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:34:51.000Z",
"modified": "2019-04-11T08:34:51.000Z",
"pattern": "[file:hashes.MD5 = '3be75036010f1f2102b6ce09a9299bca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc56-19c4-499d-b0ab-447b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:35:34.000Z",
"modified": "2019-04-11T08:35:34.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.95.14.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5caefc9c-d268-486d-882b-4d9b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:38:08.000Z",
"modified": "2019-04-11T08:38:08.000Z",
"description": "PowerShell Backdoor",
"pattern": "[file:hashes.MD5 = 'b12325a1e6379b213d35def383da2986' AND file:name = 'ICAS.ps1' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5caeff81-12e0-4a18-bfa2-406b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:49:05.000Z",
"modified": "2019-04-11T08:49:05.000Z",
"labels": [
"misp:name=\"script\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "script",
"value": "import base64\r\nimport re\r\n\r\nc = open(\"c:\\\\users\\\\[username]\\\\desktop\\\\[filename]\").readlines()\r\n\r\nline_list = []\r\n\r\nfor line in c:\r\n #print(line)\r\n try:\r\n enc = re.search(\"(?<=\\$\\(\\[Text.Encoding\\]::Unicode.GetString\\(\\[Convert\\]::FromBase64String\\().*?(?=\\))\",line).group()\r\n\t\tprint(line)\r\n\t\tprint(enc)\r\n\t\td = ('\"' + base64.b64decode(enc) + '\"')\r\n\t\te = (re.sub(\"\\$\\(\\[Text.Encoding\\]::Unicode.GetString\\(\\[Convert\\]::FromBase64String\\(.*?\\)\\)\\)\",d,line))\r\n\t\tf = re.sub(\"\\0\",\"\",e)\r\n\t\tline_list.append(f)\r\n \r\n except:\r\n line_list.append(line)\r\n\r\n\r\nwith open(\"c:\\\\users\\\\[username]\\\\desktop\\\\laz_decoded.ps1\",\"wt\") as t:\r\n for unit in line_list:\r\n t.write(unit)",
"category": "Other",
"uuid": "5caeff81-5fac-4c75-9599-4c5c950d210f"
},
{
"type": "text",
"object_relation": "language",
"value": "Python",
"category": "Other",
"uuid": "5caeff81-ebc8-44c0-a1a5-4c95950d210f"
},
{
"type": "text",
"object_relation": "comment",
"value": "Support for decrypting",
"category": "Other",
"uuid": "5caeff81-901c-4033-975f-404d950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Trusted",
"category": "Other",
"uuid": "5caeff81-08f0-4464-8219-479b950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "script"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0f82f247-68d7-432b-9207-6a651e249789",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:38.000Z",
"modified": "2019-04-11T08:54:38.000Z",
"pattern": "[file:hashes.MD5 = 'b12325a1e6379b213d35def383da2986' AND file:hashes.SHA1 = 'c48ff39e5efc6ca60c31200344c47b5de3b3605d' AND file:hashes.SHA256 = '6ed6ac7b499f7fa613949c412b4245dd21c684192afd3de5614575c37cf35e1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f09e7ee6-1c63-4b54-8640-c296e0f51a48",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:38.000Z",
"modified": "2019-04-11T08:54:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-02T21:11:05",
"category": "Other",
"uuid": "03826117-eb1a-42e4-bd88-75ffe1331ae3"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6ed6ac7b499f7fa613949c412b4245dd21c684192afd3de5614575c37cf35e1f/analysis/1551561065/",
"category": "Payload delivery",
"uuid": "f472bf32-b7a3-4727-978c-4b0cc5a28951"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "18/53",
"category": "Payload delivery",
"uuid": "3d6944b2-214f-44b3-915c-b7f214edec33"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae0407a4-1c88-4dbe-8217-038a7f410235",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:38.000Z",
"modified": "2019-04-11T08:54:38.000Z",
"pattern": "[file:hashes.MD5 = 'b88d4d72fdabfc040ac7fb768bf72dcd' AND file:hashes.SHA1 = '3f1735ddba2fffa2814319079bcf8d8c4431147e' AND file:hashes.SHA256 = '52eb8f654d33f1d5c34b5bae0d83360158d8eccc32ddcbb555d7b1b7c943842c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b02e8fad-5c20-428f-ae2f-97dc1a84a1b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:38.000Z",
"modified": "2019-04-11T08:54:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-13T11:40:15",
"category": "Other",
"uuid": "67a5a105-747a-495f-88e5-fe4154efefa2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/52eb8f654d33f1d5c34b5bae0d83360158d8eccc32ddcbb555d7b1b7c943842c/analysis/1552477215/",
"category": "Payload delivery",
"uuid": "eff5c459-06ee-4f01-8fd4-67fb402a01db"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "15/57",
"category": "Payload delivery",
"uuid": "ac1bb17b-a429-4ea9-bc8f-e79587181035"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2826ff14-cad5-43cd-b6cd-6820a2d11785",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:38.000Z",
"modified": "2019-04-11T08:54:38.000Z",
"pattern": "[file:hashes.MD5 = '53f7be945d5755bb628deecb71cdcbf2' AND file:hashes.SHA1 = 'dc560698ced8b4dffd7b35c7dcb82822a2d3c134' AND file:hashes.SHA256 = 'a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--30b8618d-3d37-49c8-b5ce-d9b0b60bd069",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-28T10:36:15",
"category": "Other",
"uuid": "95a8bf34-e34f-4726-a1bc-3f38cec9bf23"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a/analysis/1553769375/",
"category": "Payload delivery",
"uuid": "bb5bf427-258a-4898-8f5c-f55f512674e6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/60",
"category": "Payload delivery",
"uuid": "94da223c-c4ac-4bb8-aaba-9997177c2e30"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"pattern": "[file:hashes.MD5 = '5b7244c47104f169b0840440cdede788' AND file:hashes.SHA1 = '0415eda9cbd038a8aed69cc35641338b65bb89f6' AND file:hashes.SHA256 = '4939fcb4ef14b21219c55c9de93f607915cc8b36399b47ef5edd8fa6e693ce08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d97fb25c-3f24-4bab-acb7-2cb440918538",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-09T05:38:29",
"category": "Other",
"uuid": "6b1e308e-d573-402f-a5a1-3a2c524a89cf"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4939fcb4ef14b21219c55c9de93f607915cc8b36399b47ef5edd8fa6e693ce08/analysis/1554788309/",
"category": "Payload delivery",
"uuid": "beef1671-1aa1-4056-b511-24f26bb631b7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/67",
"category": "Payload delivery",
"uuid": "639f2415-b7fa-45bc-9eca-013da84ad048"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"pattern": "[file:hashes.MD5 = 'e00499e21f9dcf77fc990400b8b3c2b5' AND file:hashes.SHA1 = '04b5be447def79e43d4329611c0e0800d784820a' AND file:hashes.SHA256 = 'c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--122483b1-248c-4166-84bf-bf59cf4a598f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-29T01:50:32",
"category": "Other",
"uuid": "a2f2a35a-38f1-4baf-9f1c-911bbf33b34a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c354467ec5d323fecf94d33bc05eab65f90a916c39137d2b751b0e637ca5a3e4/analysis/1553824232/",
"category": "Payload delivery",
"uuid": "96a16ff6-d8d9-4090-90f0-cf846ec2a861"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/66",
"category": "Payload delivery",
"uuid": "ce5bebb0-870f-45aa-89a8-a140adf6d741"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ab826329-510d-44a0-9899-82e9d734561e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"pattern": "[file:hashes.MD5 = '2e0d13266b45024153396f002e882f15' AND file:hashes.SHA1 = 'f4b9f05f9c774b65c9581aa06a2fac1eca94704d' AND file:hashes.SHA256 = '54e35e0b763d45d3974fc5d01c446a6a1cc123fb7bb09646064ea008137adffe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c98a3166-c9c2-4b97-b669-d844f7a15b50",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-01T01:42:59",
"category": "Other",
"uuid": "6cf19386-ae30-42f3-acc1-9e09454bb2a2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/54e35e0b763d45d3974fc5d01c446a6a1cc123fb7bb09646064ea008137adffe/analysis/1551404579/",
"category": "Payload delivery",
"uuid": "2b0f36cb-0e63-4bbc-b115-3cd04d4b509b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/52",
"category": "Payload delivery",
"uuid": "846d62d1-661f-4760-8119-c80945b1b121"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8edf4809-f353-4a04-b77e-3e84960327b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"pattern": "[file:hashes.MD5 = '8a41520c89dce75a345ab20ee352fef0' AND file:hashes.SHA1 = '3ad86e1776018eb3743be06996d7a63963673a57' AND file:hashes.SHA256 = '8a0e6c50a6483f2f01a458cd0cb4e485605778c42c9708b07b820968132efb76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b33073cd-b85f-46a3-929c-d7893547e63d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-15T04:42:30",
"category": "Other",
"uuid": "ad30c3eb-63ff-4472-9be6-9e94096a9fcc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8a0e6c50a6483f2f01a458cd0cb4e485605778c42c9708b07b820968132efb76/analysis/1550205750/",
"category": "Payload delivery",
"uuid": "81d19681-e6df-4292-8879-f08548f83b3c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/56",
"category": "Payload delivery",
"uuid": "1cea6915-795d-467a-a6d1-a5e13b4cc244"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"pattern": "[file:hashes.MD5 = '9c35e9aa9255aa2214d704668b039ef6' AND file:hashes.SHA1 = '9b47b600e25f6f552acd6228d08e1bac0861c082' AND file:hashes.SHA256 = '752ab2023ef74bd2974e18e81dbb9f969c347e2104c045ae8f6f778a77f6199f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c2aaa9d9-db45-4eab-9ca8-e285a677dc05",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:39.000Z",
"modified": "2019-04-11T08:54:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-21T00:44:10",
"category": "Other",
"uuid": "df2b4a00-71b9-444d-b078-56c85e283350"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/752ab2023ef74bd2974e18e81dbb9f969c347e2104c045ae8f6f778a77f6199f/analysis/1550709850/",
"category": "Payload delivery",
"uuid": "e85ec22e-ec4f-46df-b1f8-e42dbeecc797"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/57",
"category": "Payload delivery",
"uuid": "f7b1e661-152d-42a5-ab45-e3faa856230c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:40.000Z",
"modified": "2019-04-11T08:54:40.000Z",
"pattern": "[file:hashes.MD5 = 'cc29adb5b78300b0f17e566ad461b2c7' AND file:hashes.SHA1 = '67d2d7af7d04565b252eeea28d58fcfb61d4aa4c' AND file:hashes.SHA256 = 'db3d9a3f3e44818853e7273cae5dc9b0921c38ceb8b554a980251826e985e37f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8f375dd5-8169-46db-9da5-c71686b424b1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:40.000Z",
"modified": "2019-04-11T08:54:40.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-21T00:30:03",
"category": "Other",
"uuid": "c1abf0e9-f39e-409e-b0a2-45182ec40e87"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/db3d9a3f3e44818853e7273cae5dc9b0921c38ceb8b554a980251826e985e37f/analysis/1550709003/",
"category": "Payload delivery",
"uuid": "48454521-3db4-43eb-b51d-101cb51ba7ca"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/59",
"category": "Payload delivery",
"uuid": "81aaf368-3c2d-410f-bdff-5f4b8e51f80c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ade3118a-0418-44f4-9967-524ba203ee24",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:40.000Z",
"modified": "2019-04-11T08:54:40.000Z",
"pattern": "[file:hashes.MD5 = '3be75036010f1f2102b6ce09a9299bca' AND file:hashes.SHA1 = 'c47c00040779225593d23fb105892f544e4f7966' AND file:hashes.SHA256 = 'fd7c2afabbfc3b20ec73d5719eba04195c59b4a70b2de266995438032e1e80ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b70df9f5-45ab-4369-a434-263514e9a1a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-19T05:20:12",
"category": "Other",
"uuid": "2b3f2295-7e97-4d86-bc07-0bc9c3a979ce"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fd7c2afabbfc3b20ec73d5719eba04195c59b4a70b2de266995438032e1e80ef/analysis/1550553612/",
"category": "Payload delivery",
"uuid": "0b19c5be-e1e2-470f-8821-a2ec8f5ce62e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/56",
"category": "Payload delivery",
"uuid": "35466d48-f6cf-4f90-a1f3-7c9a024e55aa"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e23b9b62-4226-4fd2-be50-d37fb7b643ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"pattern": "[file:hashes.MD5 = '26f09267d0ec0d339e70561a610fb1fd' AND file:hashes.SHA1 = '8d0d5f1bfd5f1d13eb2c44d9dc31a91d80ee69db' AND file:hashes.SHA256 = '6f807662e04b5cfb85bc892e27a29994ddcf78e7c3311581753761fede3d5bd1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--43bfebb6-83a2-48c1-8872-47102ef582aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-28T01:32:54",
"category": "Other",
"uuid": "372f3141-dc25-4241-8cef-b1f6afb29b74"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6f807662e04b5cfb85bc892e27a29994ddcf78e7c3311581753761fede3d5bd1/analysis/1551317574/",
"category": "Payload delivery",
"uuid": "e50ac75b-0881-4ca9-b651-74bafd3239b9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "23/54",
"category": "Payload delivery",
"uuid": "95ea6470-32f9-4e41-a39b-00419bf6eab4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--27704985-ae7f-4621-bfdb-e6b92e3eabff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"pattern": "[file:hashes.MD5 = '7c651d115109fd8f35fddfc44fd24518' AND file:hashes.SHA1 = 'a62b7b3b43127e213090590cae18f3432e2f7f57' AND file:hashes.SHA256 = '56102f70df2e481a91d3be1e33facd7e220e2b685405ddf873f3ab079e99873e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5475eb79-4664-4ee7-967d-5c8c1d19b715",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-13T11:41:37",
"category": "Other",
"uuid": "f4accdef-6776-4be1-883e-1adab8684282"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/56102f70df2e481a91d3be1e33facd7e220e2b685405ddf873f3ab079e99873e/analysis/1552477297/",
"category": "Payload delivery",
"uuid": "2b892246-97bc-478e-99ca-ed590ab43938"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "13/56",
"category": "Payload delivery",
"uuid": "ea38c96f-7044-4892-8dd9-fdfa1a997299"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--847b7779-1090-43be-9436-9c851a0777d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"pattern": "[file:hashes.MD5 = '09e4f724e73fccc1f659b8a46bfa7184' AND file:hashes.SHA1 = '2c98ee7d46006dadff275a3bea49b9a56c0f301d' AND file:hashes.SHA256 = '28a53479fd83579057f9784c14a006d36ea3ed8625bd640cfc64ddb07b58d169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-11T08:54:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e5f252bc-b462-4792-9999-ea950b1f633b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-08T01:22:20",
"category": "Other",
"uuid": "873fed9e-a063-41a9-b665-fc3484492996"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/28a53479fd83579057f9784c14a006d36ea3ed8625bd640cfc64ddb07b58d169/analysis/1554686540/",
"category": "Payload delivery",
"uuid": "e71667f0-1874-45fc-8cc7-ad24c09dd7d9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/59",
"category": "Payload delivery",
"uuid": "c0e860c3-1179-49e1-97d7-df48dfbac249"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--14fec91b-cdc9-4682-aaa8-d04ff6ed166b",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:38:07.000Z",
"modified": "2019-04-11T08:38:07.000Z",
"relationship_type": "connects-to",
"source_ref": "indicator--5caefc9c-d268-486d-882b-4d9b950d210f",
"target_ref": "indicator--5caefc56-19c4-499d-b0ab-447b950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--8a0efc1d-3f92-424d-ae5c-e7f761f944c6",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:41.000Z",
"modified": "2019-04-11T08:54:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0f82f247-68d7-432b-9207-6a651e249789",
"target_ref": "x-misp-object--f09e7ee6-1c63-4b54-8640-c296e0f51a48"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--525a6b0c-6e18-4aef-ae90-05300989f6ea",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ae0407a4-1c88-4dbe-8217-038a7f410235",
"target_ref": "x-misp-object--b02e8fad-5c20-428f-ae2f-97dc1a84a1b6"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--a957237f-356c-490c-98e2-c231ac4713ab",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2826ff14-cad5-43cd-b6cd-6820a2d11785",
"target_ref": "x-misp-object--30b8618d-3d37-49c8-b5ce-d9b0b60bd069"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--150e8312-d4a2-4041-bf4f-b7c4503dec2d",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ad372fac-8693-4e35-a2a5-e433c1a1bc6e",
"target_ref": "x-misp-object--d97fb25c-3f24-4bab-acb7-2cb440918538"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--99aedbb9-94ac-4401-84be-7b68e0faff4f",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--526bf7c4-172a-4ce5-ab74-8966e3c2a6f6",
"target_ref": "x-misp-object--122483b1-248c-4166-84bf-bf59cf4a598f"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--7e4299be-d4d8-4029-94eb-6525e53fd57d",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ab826329-510d-44a0-9899-82e9d734561e",
"target_ref": "x-misp-object--c98a3166-c9c2-4b97-b669-d844f7a15b50"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--618c6580-a01d-495d-a582-f634a2e7be2f",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8edf4809-f353-4a04-b77e-3e84960327b5",
"target_ref": "x-misp-object--b33073cd-b85f-46a3-929c-d7893547e63d"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--1611c029-7427-4038-839d-8eb055570d23",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a15e58c1-7e18-4e05-8c7d-e3564f546b5e",
"target_ref": "x-misp-object--c2aaa9d9-db45-4eab-9ca8-e285a677dc05"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--8d88b3e0-e4f4-43bd-b670-83f70bb1e217",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0e9a38f5-99ff-4423-9da2-1dc12c761e8b",
"target_ref": "x-misp-object--8f375dd5-8169-46db-9da5-c71686b424b1"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--a16d4d70-2ff5-4643-aa31-c8fc056bf2af",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ade3118a-0418-44f4-9967-524ba203ee24",
"target_ref": "x-misp-object--b70df9f5-45ab-4369-a434-263514e9a1a5"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--826ac0d2-3a9f-4c3d-bded-d404e1171877",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e23b9b62-4226-4fd2-be50-d37fb7b643ea",
"target_ref": "x-misp-object--43bfebb6-83a2-48c1-8872-47102ef582aa"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--37628eaa-47dd-4028-8cbb-e8d6b5e87cdb",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--27704985-ae7f-4621-bfdb-e6b92e3eabff",
"target_ref": "x-misp-object--5475eb79-4664-4ee7-967d-5c8c1d19b715"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"id": "relationship--682e8c4b-54b1-464a-b680-36a06aadcff3",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2019-04-11T08:54:42.000Z",
"modified": "2019-04-11T08:54:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--847b7779-1090-43be-9436-9c851a0777d5",
"target_ref": "x-misp-object--e5f252bc-b462-4792-9999-ea950b1f633b"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink