misp-circl-feed/feeds/circl/stix-2.1/5c4a2972-fd10-4470-936d-4d2a02de0b81.json

675 lines
105 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c4a2972-fd10-4470-936d-4d2a02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:10:13.000Z",
"modified": "2019-01-24T21:10:13.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c4a2972-fd10-4470-936d-4d2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:10:13.000Z",
"modified": "2019-01-24T21:10:13.000Z",
"name": "IOCs Associated with DNS Infrastructure Tampering",
"published": "2019-01-24T21:10:52Z",
"object_refs": [
"x-misp-attribute--95924852-631e-42e7-aa8b-c6a33b8b6f55",
"indicator--e0bc1d90-2009-11e9-82a3-d89ef344f46d",
"indicator--e0bc1d93-2009-11e9-88e3-d89ef344f46d",
"indicator--e0bc1d96-2009-11e9-9efa-d89ef344f46d",
"indicator--e0bc1d99-2009-11e9-9294-d89ef344f46d",
"indicator--e0bc1d9c-2009-11e9-af0f-d89ef344f46d",
"indicator--e0bc1d9f-2009-11e9-8bc6-d89ef344f46d",
"indicator--e0bc1da2-2009-11e9-9b93-d89ef344f46d",
"indicator--e0bc1db7-2009-11e9-b508-d89ef344f46d",
"indicator--e0bc1da5-2009-11e9-b493-d89ef344f46d",
"indicator--e0bc1da8-2009-11e9-b8b3-d89ef344f46d",
"indicator--e0bc1db1-2009-11e9-8d13-d89ef344f46d",
"indicator--e0bc1dab-2009-11e9-9492-d89ef344f46d",
"indicator--e0bc1dae-2009-11e9-881a-d89ef344f46d",
"indicator--e0bc1db4-2009-11e9-a9d7-d89ef344f46d",
"indicator--e0bc1dba-2009-11e9-babc-d89ef344f46d",
"indicator--e0be6782-2009-11e9-b60b-d89ef344f46d",
"indicator--e0be6785-2009-11e9-9867-d89ef344f46d",
"indicator--e0be6788-2009-11e9-9b1e-d89ef344f46d",
"x-misp-object--5c4a2973-421c-4138-9787-4b8902de0b81",
"x-misp-object--1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0",
"x-misp-object--a576549e-7bae-4dd1-a5f3-4e0a66209a64",
"x-misp-object--d6bc7998-9cad-4353-851f-f31860ed8366",
2023-12-14 14:30:15 +00:00
"relationship--26100faa-109b-4877-81fa-0a25f4d67911",
"relationship--f7000104-81b5-4498-8017-ac227b85c6b9",
"relationship--454bc5fa-6bed-4b83-bd43-9aae4b726c69"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--95924852-631e-42e7-aa8b-c6a33b8b6f55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "Imported from STIX header description",
"x_misp_type": "comment",
"x_misp_value": "The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization\u00e2\u20ac\u2122s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization\u00e2\u20ac\u2122s domain names, enabling man-in-the-middle attacks."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1d90-2009-11e9-82a3-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[url:value = 'http://hr-suncor.com/Suncor_employment_form.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1d93-2009-11e9-88e3-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[url:value = 'http://hr-wipro.com/Wipro_Working_Conditions.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1d96-2009-11e9-9efa-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[domain-name:value = 'hr-wipro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1d99-2009-11e9-9294-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[domain-name:value = 'hr-suncor.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1d9c-2009-11e9-af0f-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[domain-name:value = '0ffice36o.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1d9f-2009-11e9-8bc6-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.20.184.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1da2-2009-11e9-9b93-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.161.211.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1db7-2009-11e9-b508-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.161.23.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1da5-2009-11e9-b493-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.20.187.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1da8-2009-11e9-b8b3-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.174.101.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1db1-2009-11e9-8d13-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.187.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1dab-2009-11e9-9492-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.161.211.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1dae-2009-11e9-881a-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.236.78.63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1db4-2009-11e9-a9d7-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.141.38.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0bc1dba-2009-11e9-babc-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"pattern": "[file:hashes.MD5 = '9c8507a1fd7d2579777723b53fee1f3e' AND file:hashes.SHA1 = '48b620df71087bd333284c91e52f0cfed1f2d00e' AND file:hashes.SHA256 = '82285b6743cc5e3545d8e67740a4d04c5aed138d9f31d7c16bd11188a2042969']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0be6782-2009-11e9-b60b-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:49.000Z",
"modified": "2019-01-24T21:09:49.000Z",
"pattern": "[file:hashes.MD5 = '807482efce3397ece64a1ded3d436139' AND file:hashes.SHA1 = '9ea865e000e3e15cec15efc466801bb181ba40a1' AND file:hashes.SHA256 = '9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14' AND file:hashes.SSDEEP = '6144:2LOUuU4uDIOjsHFtXwIUPgTiN13sh/2xWoV/hGkWC92Vr3Lu19RmAMZQzm18IBHf:tU4jdltXwnQ01txj4kB257qmJkm1ldU' AND file:name = 'Suncor_employment_form.doc' AND file:size = '623616']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0be6785-2009-11e9-9867-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:49.000Z",
"modified": "2019-01-24T21:09:49.000Z",
"pattern": "[file:hashes.MD5 = 'c00c9f6ebf2979292d524acff19dd306' AND file:hashes.SHA1 = '1022620da25db2497dc237adedb53755e6b859e3' AND file:hashes.SHA256 = '45a9edb24d4174592c69d9d37a534a518fbe2a88d3817fc0cc739e455883b8ff' AND file:hashes.SSDEEP = '3072:t3zwUAyRvKFnQStbQQYZrmQC2mCe0t4zu9Cv/QQ3TFnDSF0bNg0+B0tguKtEfT5s:dydXtbiktzu96QItD46NgjA0mFs' AND file:size = '368640']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0be6788-2009-11e9-9b1e-d89ef344f46d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:49.000Z",
"modified": "2019-01-24T21:09:49.000Z",
"pattern": "[file:hashes.MD5 = 'd2052cb9016dab6592c532d5ea47cb7e' AND file:hashes.SHA1 = '1c1fbda6ffc4d19be63a630bd2483f3d2f7aa1f5' AND file:hashes.SHA256 = '2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec' AND file:hashes.SSDEEP = '3072:OL1w0Cyf/TYsq6wjRbQC2mCr2v4Q/DfvBgLCOledbqIyWu0jPhVyWxg/MB/RzS:Oz4xI1Q/DxWleNqgu0jpjZS' AND file:size = '372736']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-24T21:09:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c4a2973-421c-4138-9787-4b8902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:07.000Z",
"modified": "2019-01-24T21:09:07.000Z",
"labels": [
"misp:name=\"original-imported-file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "imported-sample",
"value": "AA19-024_IOCs.stix.xml",
"category": "External analysis",
"uuid": "5c4a2974-2724-4cc3-a3f4-44a402de0b81",
"data": "PCEtLSBHZW5lcmF0ZWQgYnkgSUJUb29sIHYxLjF0IG9uIDAxLzI0LzIwMTkgLS0+CjxzdGl4OlNUSVhfUGFja2FnZSB4bWxuczpjeWJveENvbW1vbj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiIgeG1sbnM6Y3lib3g9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY3lib3gtMiIgeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIgeG1sbnM6QWRkcmVzc09iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FkZHJlc3NPYmplY3QtMiIgeG1sbnM6RG9tYWluTmFtZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0RvbWFpbk5hbWVPYmplY3QtMSIgeG1sbnM6RmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiIgeG1sbnM6VVJJT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjVVJJT2JqZWN0LTIiIHhtbG5zOm1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL01hcmtpbmctMSIgeG1sbnM6dGxwTWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1RMUC0xIiB4bWxuczpUT1VNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEiIHhtbG5zOmluZGljYXRvcj0iaHR0cDovL3N0aXgubWl0cmUub3JnL0luZGljYXRvci0yIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpOQ0NJQz0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi9uY2NpYyIgeG1sbnM6Q0lTQ1A9Imh0dHA6Ly91cy1jZXJ0Lmdvdi9jaXNjcCIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSIgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY29tbW9uLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29tbW9uLzIuMS9jeWJveF9jb21tb24ueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2N5Ym94LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8yLjEvY3lib3hfY29yZS54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9kZWZhdWx0X3ZvY2FidWxhcmllcy8yLjEvY3lib3hfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQWRkcmVzc09iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvQWRkcmVzcy8yLjEvQWRkcmVzc19PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRG9tYWluTmFtZU9iamVjdC0xIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvRG9tYWluX05hbWUvMS4wL0RvbWFpbl9OYW1lX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNGaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9GaWxlLzIuMS9GaWxlX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNVUklPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1VSSS8yLjEvVVJJX09iamVjdC54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL01hcmtpbmctMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2RhdGFfbWFya2luZy8xLjEuMS9kYXRhX21hcmtpbmcueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGxwLzEuMS4xL3RscF9tYXJraW5nLnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1Rlcm1zX09mX1VzZS0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZXh0ZW5zaW9ucy9tYXJraW5nL3Rlcm1zX29mX3VzZS8xLjAuMS90ZXJtc19vZl91c2VfbWFya2luZy54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2luZGljYXRvci8yLjEuMS9pbmRpY2F0b3IueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMS4xLjEvc3RpeF9jb21tb24ueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzEuMS4xL3N0aXhfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8xLjEuMS9zdGl4X2NvcmUueHNkICAgICBodHRwOi8vdXMtY2VydC5nb3YvY2lzY3AgaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi9zaXRlcy9kZWZhdWx0L2ZpbGVzL1NUSVhfTmFtZXNwYWNlL2Npc2NwX3ZvY2FiX3YxLjEuMS54c2QiIGlkPSJBQTE5LTAyNCIgdmVyc2lvbj0iMS4xLjEiIHRpbWVzdGFtcD0iMjAxOS0wMS0yNFQxOTowODozNi4yMTAwMDArMDA6MDAiPgogICAgPHN0aXg6U1RJWF9IZWFkZXI+CiAgICAgICAgPHN0aXg6VGl0bGU+SU9DcyBBc3NvY2lhdGVkIHdpdGggRE5TIEluZnJhc3RydWN0dXJlIFRhbXBlcmluZzwvc3RpeDpUaXRsZT4KICAgICAgICA8c3RpeDpQYWNrYWdlX0ludGVudCB4c2k6dHlwZT0ic3RpeFZvY2FiczpQYW
},
{
"type": "text",
"object_relation": "format",
"value": "STIX 1.1",
"category": "Other",
"uuid": "5c4a2974-7748-4706-8091-4c4802de0b81"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "original-imported-file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:49.000Z",
"modified": "2019-01-24T21:09:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-21T08:26:28",
"category": "Other",
"uuid": "cfe9477f-3ede-4bce-8564-222ef3d4cda5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec/analysis/1545380788/",
"category": "External analysis",
"uuid": "f20424f6-7426-4b05-888f-29ecb1ba2442"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/69",
"category": "Other",
"uuid": "255ad5e5-bbea-4778-9210-91b1f6dc2b55"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a576549e-7bae-4dd1-a5f3-4e0a66209a64",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:50.000Z",
"modified": "2019-01-24T21:09:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-24T11:12:00",
"category": "Other",
"uuid": "a7fc880f-5658-46fb-93f5-d846f65d468b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/45a9edb24d4174592c69d9d37a534a518fbe2a88d3817fc0cc739e455883b8ff/analysis/1548328320/",
"category": "External analysis",
"uuid": "8565d497-f3c7-4a33-9e07-9188424467be"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/68",
"category": "Other",
"uuid": "949483e4-f6f1-423e-8a7a-1401a5ff37a4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d6bc7998-9cad-4353-851f-f31860ed8366",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-24T21:09:50.000Z",
"modified": "2019-01-24T21:09:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-22T03:41:06",
"category": "Other",
"uuid": "7fb9f7c7-be46-49b9-a7c3-f8138f713052"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14/analysis/1545450066/",
"category": "External analysis",
"uuid": "ccb14e9f-f755-496f-be9a-ec2bbb0f74e4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/60",
"category": "Other",
"uuid": "6777c875-4914-40a7-a8ab-1e0d02b1f494"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--26100faa-109b-4877-81fa-0a25f4d67911",
2023-04-21 14:44:17 +00:00
"created": "2019-01-24T21:09:50.000Z",
"modified": "2019-01-24T21:09:50.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e0be6782-2009-11e9-b60b-d89ef344f46d",
"target_ref": "x-misp-object--d6bc7998-9cad-4353-851f-f31860ed8366"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f7000104-81b5-4498-8017-ac227b85c6b9",
2023-04-21 14:44:17 +00:00
"created": "2019-01-24T21:09:50.000Z",
"modified": "2019-01-24T21:09:50.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e0be6785-2009-11e9-9867-d89ef344f46d",
"target_ref": "x-misp-object--a576549e-7bae-4dd1-a5f3-4e0a66209a64"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--454bc5fa-6bed-4b83-bd43-9aae4b726c69",
2023-04-21 14:44:17 +00:00
"created": "2019-01-24T21:09:50.000Z",
"modified": "2019-01-24T21:09:50.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e0be6788-2009-11e9-9b1e-d89ef344f46d",
"target_ref": "x-misp-object--1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}