misp-circl-feed/feeds/circl/stix-2.1/5c687cb3-08c4-46d3-9981-093702de0b81.json

777 lines
32 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c687cb3-08c4-46d3-9981-093702de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:23:33.000Z",
"modified": "2019-02-16T21:23:33.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c687cb3-08c4-46d3-9981-093702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:23:33.000Z",
"modified": "2019-02-16T21:23:33.000Z",
"name": "Fake amf-fr.org website delivering malicious Word document and binaries",
"published": "2019-02-16T21:25:34Z",
"object_refs": [
"observed-data--5c687ce0-c8a8-403a-8182-0a7902de0b81",
"url--5c687ce0-c8a8-403a-8182-0a7902de0b81",
"indicator--5c687cf5-6ed8-4a61-b92f-444d02de0b81",
"indicator--5c687d3c-6974-4753-90ef-4ca302de0b81",
"indicator--5c687d3c-df04-49a6-bd7d-4de102de0b81",
"indicator--5c687d3c-b928-4705-aa8e-4c1e02de0b81",
"indicator--5c687d3c-7354-4f21-940d-4eb402de0b81",
"indicator--5c687d3c-0670-42ad-b4ba-4a1d02de0b81",
"indicator--5c687d3c-60e8-40ad-bba5-419602de0b81",
"indicator--5c687d3c-b814-49f9-a110-488102de0b81",
"indicator--5c687d3c-1480-41fb-9406-437002de0b81",
"indicator--5c687d3c-f0cc-4229-87cc-49ec02de0b81",
"indicator--5c687d3c-89e8-4e4e-a36d-4f9f02de0b81",
"indicator--5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81",
"indicator--5c687d80-4cc0-4ca7-875e-44a702de0b81",
"indicator--5c687d80-c348-4494-8fc8-4d1502de0b81",
"indicator--5c687db7-0758-4215-ac9f-0a7902de0b81",
"indicator--5c687db7-abdc-465d-b2a1-0a7902de0b81",
"indicator--5c687db7-b9e0-4080-a8e6-0a7902de0b81",
"indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
"x-misp-object--4727229f-b670-4858-96fd-767498563eb3",
"indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
"x-misp-object--dce07551-b2f6-465f-8974-3641d201f213",
"indicator--87116905-ee45-4287-a160-b0a4394d7a72",
"x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b",
"indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
"x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701",
"relationship--ea7fabcd-4b54-473d-90f0-dcefa974b2b6",
"relationship--fa1cdad1-a36c-48e7-ac29-cdcfd05fd742",
"relationship--a5331da5-277d-46e0-9492-5cab5331b84e",
"relationship--d11a4448-264a-4faf-9c66-78b06f15d173"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"",
"misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"",
"circl:topic=\"finance\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c687ce0-c8a8-403a-8182-0a7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:13:04.000Z",
"modified": "2019-02-16T21:13:04.000Z",
"first_observed": "2019-02-16T21:13:04Z",
"last_observed": "2019-02-16T21:13:04Z",
"number_observed": 1,
"object_refs": [
"url--5c687ce0-c8a8-403a-8182-0a7902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c687ce0-c8a8-403a-8182-0a7902de0b81",
"value": "https://www.amf-france.org/en_US/Actualites/Communiques-de-presse/AMF/annee-2018?docId=workspace%3A%2F%2FSpacesStore%2F3d58f35b-f448-438e-9923-cd6e8e903fc0"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687cf5-6ed8-4a61-b92f-444d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:13:25.000Z",
"modified": "2019-02-16T21:13:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.150.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:13:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-6974-4753-90ef-4ca302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'http://amf-fr.org/d1.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-df04-49a6-bd7d-4de102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'http://amf-fr.org/files/litigations/complaint-96.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-b928-4705-aa8e-4c1e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'http://amf-fr.org/litigations/complaint-201.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-7354-4f21-940d-4eb402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'http://amf-fr.org/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-0670-42ad-b4ba-4a1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'http://www.amf-fr.org/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-60e8-40ad-bba5-419602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'https://amf-fr.org/files/litigations/complaint-96.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-b814-49f9-a110-488102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'https://amf-fr.org/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-1480-41fb-9406-437002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'https://www.amf-fr.org/documents/document-a1657.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-f0cc-4229-87cc-49ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'https://www.amf-fr.org/litigations/compliant-201.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d3c-89e8-4e4e-a36d-4f9f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:14:36.000Z",
"modified": "2019-02-16T21:14:36.000Z",
"pattern": "[url:value = 'https://www.amf-fr.org/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:14:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:15:43.000Z",
"modified": "2019-02-16T21:15:43.000Z",
"pattern": "[file:hashes.MD5 = 'efbcffc10763a287bdedfb6e892ae20c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d80-4cc0-4ca7-875e-44a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:15:44.000Z",
"modified": "2019-02-16T21:15:44.000Z",
"pattern": "[file:hashes.SHA1 = '0dfe75a01e525bc599dff0c17204129b7ac3a437']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687d80-c348-4494-8fc8-4d1502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:15:44.000Z",
"modified": "2019-02-16T21:15:44.000Z",
"pattern": "[file:hashes.SHA256 = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687db7-0758-4215-ac9f-0a7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:16:39.000Z",
"modified": "2019-02-16T21:16:39.000Z",
"pattern": "[file:hashes.SHA256 = '49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687db7-abdc-465d-b2a1-0a7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:16:39.000Z",
"modified": "2019-02-16T21:16:39.000Z",
"pattern": "[file:hashes.SHA256 = 'd57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c687db7-b9e0-4080-a8e6-0a7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:16:39.000Z",
"modified": "2019-02-16T21:16:39.000Z",
"pattern": "[file:hashes.SHA256 = '1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:27.000Z",
"modified": "2019-02-16T21:21:27.000Z",
"pattern": "[file:hashes.MD5 = 'efbcffc10763a287bdedfb6e892ae20c' AND file:hashes.SHA1 = '0dfe75a01e525bc599dff0c17204129b7ac3a437' AND file:hashes.SHA256 = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:21:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4727229f-b670-4858-96fd-767498563eb3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:27.000Z",
"modified": "2019-02-16T21:21:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-15T11:14:58",
"category": "Other",
"uuid": "9855c53c-9fa6-4ddc-8d31-1289c1de6275"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b/analysis/1550229298/",
"category": "External analysis",
"uuid": "75ebbd07-bb66-4db7-af0b-5b506c6c3a3b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/59",
"category": "Other",
"uuid": "1c675ba2-05ca-4790-82bd-bdd2049c0914"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:27.000Z",
"modified": "2019-02-16T21:21:27.000Z",
"pattern": "[file:hashes.MD5 = '28202ac7689aaef894840c773b7e1e56' AND file:hashes.SHA1 = 'b0f4377953f59ba0d5b295861e2ab7fc5c6d03de' AND file:hashes.SHA256 = '49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:21:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dce07551-b2f6-465f-8974-3641d201f213",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:27.000Z",
"modified": "2019-02-16T21:21:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-14T09:56:32",
"category": "Other",
"uuid": "f9a9b973-ba12-4fc6-afff-200d07e7e703"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0/analysis/1550138192/",
"category": "External analysis",
"uuid": "5e41e640-8995-4536-ab09-da2fc06c37b5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/54",
"category": "Other",
"uuid": "455f9992-cfd2-43bc-a839-a9072fcaafc3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--87116905-ee45-4287-a160-b0a4394d7a72",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:27.000Z",
"modified": "2019-02-16T21:21:27.000Z",
"pattern": "[file:hashes.MD5 = '11df89bd965bbd85bed31b90f1481312' AND file:hashes.SHA1 = '79ee5019cebead10c6527e2531e7b0ee69322405' AND file:hashes.SHA256 = '1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:21:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:28.000Z",
"modified": "2019-02-16T21:21:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-29T14:41:31",
"category": "Other",
"uuid": "5e121da8-35b8-43a9-a3c5-7e8775bcff8a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a/analysis/1543502491/",
"category": "External analysis",
"uuid": "b2067c10-5f14-4cf3-9588-c5027f9c3a62"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/57",
"category": "Other",
"uuid": "a15b1066-3af7-4989-a398-7b6615d82931"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:28.000Z",
"modified": "2019-02-16T21:21:28.000Z",
"pattern": "[file:hashes.MD5 = '8ec83dba30c4f4d014899fbcc9a78171' AND file:hashes.SHA1 = '96a942174c55f5f3ab7236eb7e3ac549b67c88db' AND file:hashes.SHA256 = 'd57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-16T21:21:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-16T21:21:28.000Z",
"modified": "2019-02-16T21:21:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-30T10:14:04",
"category": "Other",
"uuid": "4930b271-4207-4c55-98ee-b2ad7aad0333"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44/analysis/1543572844/",
"category": "External analysis",
"uuid": "69e9a82f-bfbd-401e-bd63-ae39bfcaab3e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/59",
"category": "Other",
"uuid": "95e48f3e-8da2-4521-b203-dbe94341995f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ea7fabcd-4b54-473d-90f0-dcefa974b2b6",
"created": "2019-02-16T21:21:28.000Z",
"modified": "2019-02-16T21:21:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
"target_ref": "x-misp-object--4727229f-b670-4858-96fd-767498563eb3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fa1cdad1-a36c-48e7-ac29-cdcfd05fd742",
"created": "2019-02-16T21:21:28.000Z",
"modified": "2019-02-16T21:21:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
"target_ref": "x-misp-object--dce07551-b2f6-465f-8974-3641d201f213"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a5331da5-277d-46e0-9492-5cab5331b84e",
"created": "2019-02-16T21:21:28.000Z",
"modified": "2019-02-16T21:21:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--87116905-ee45-4287-a160-b0a4394d7a72",
"target_ref": "x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d11a4448-264a-4faf-9c66-78b06f15d173",
"created": "2019-02-16T21:21:28.000Z",
"modified": "2019-02-16T21:21:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
"target_ref": "x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}