2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5c1def50-7570-4012-bbe0-46e202de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:28.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:28.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5c1def50-7570-4012-bbe0-46e202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:28.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:28.000Z",
|
|
|
|
"name": "Malicious ELF binary (Mirai) - 2018-12-22 (collected on a router)",
|
|
|
|
"published": "2018-12-22T08:14:09Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5c1def74-e454-428d-8915-3dd202de0b81",
|
|
|
|
"indicator--5c1def75-ee28-4f8d-a610-3dd202de0b81",
|
|
|
|
"indicator--5c1def75-68b0-451a-96db-3dd202de0b81",
|
|
|
|
"indicator--5c1def76-2cb4-4473-a5f2-3dd202de0b81",
|
|
|
|
"indicator--5c1def76-2ca0-4717-9662-3dd202de0b81",
|
|
|
|
"indicator--5c1def77-d8e0-4e42-a98c-3dd202de0b81",
|
|
|
|
"indicator--5c1def77-c78c-4723-90a3-3dd202de0b81",
|
|
|
|
"indicator--5c1def78-126c-4caa-ae75-3dd202de0b81",
|
|
|
|
"indicator--5c1def79-5d98-4f86-9579-3dd202de0b81",
|
|
|
|
"indicator--5c1defe8-91ec-459f-a759-3ee202de0b81",
|
|
|
|
"indicator--5c1defe9-3338-43ec-b9ef-3ee202de0b81",
|
|
|
|
"indicator--5c1df1e7-9e28-4d57-8210-48ca02de0b81",
|
|
|
|
"indicator--5c1df1e7-6cf8-4335-a539-424702de0b81",
|
|
|
|
"indicator--5c1df1e8-46d4-4a00-a2d4-453502de0b81",
|
|
|
|
"indicator--5c1df1e8-1d9c-457e-b592-454a02de0b81",
|
|
|
|
"indicator--5c1df1e9-1178-45a9-87c0-4ff102de0b81",
|
|
|
|
"indicator--5c1df1e9-1568-451c-a1bf-44d602de0b81",
|
|
|
|
"indicator--5c1df1ea-4d64-4f4e-aac4-44fe02de0b81",
|
|
|
|
"indicator--5c1df1ea-50e4-426c-89bb-4c4302de0b81",
|
|
|
|
"indicator--5c1df1eb-be1c-4091-ba0e-486702de0b81",
|
|
|
|
"indicator--5c1df1eb-59b4-47bf-ad3e-439202de0b81",
|
|
|
|
"indicator--5c1defb7-6034-48ab-87a7-3de502de0b81",
|
|
|
|
"indicator--ffb32990-7cd3-4e8c-960c-3be57bf8cf63",
|
|
|
|
"x-misp-object--a9ebf3b6-c4b9-4cc5-a1d8-1f85b24c1b84",
|
|
|
|
"indicator--02667750-2846-4aa3-9b4d-e3bc900d83ac",
|
|
|
|
"x-misp-object--cbb33856-2445-495d-a539-8beb680ddcf2",
|
|
|
|
"indicator--5a461f37-ea74-4114-8f56-dec17767d75a",
|
|
|
|
"x-misp-object--da3b0176-135b-49c4-acf4-9f397271c19b",
|
|
|
|
"indicator--65ffa251-69ee-4531-ba89-98c6169d959e",
|
|
|
|
"x-misp-object--dfefbb21-10b8-4bc9-b81b-fbe0ca7f1569",
|
|
|
|
"indicator--23a97df0-169d-4dd6-8b75-9a29d76b669b",
|
|
|
|
"x-misp-object--be8f89c6-f7cd-4e0d-bea3-e1fb1510b9fa",
|
|
|
|
"x-misp-object--a7a85b34-4c6a-49f1-ada4-cd1a2cfe5cc1",
|
|
|
|
"indicator--d46c5216-771c-498b-93a7-c2ae86b8fc85",
|
|
|
|
"x-misp-object--70dae729-bf15-4fdb-8b17-88b25ad655f9",
|
|
|
|
"indicator--3dc38322-437e-49e6-9d44-c21cd68cb10a",
|
|
|
|
"x-misp-object--506d006d-bc83-4e3a-8cd5-ec4f98e0a081",
|
|
|
|
"indicator--fcab5eef-60e1-4685-a6eb-0d8a2ac9bbce",
|
|
|
|
"x-misp-object--5da3946b-e14b-44e0-b9c0-c1ebe8318907",
|
|
|
|
"indicator--eed9e7c8-7134-4d41-96b8-48f149ff2bf5",
|
|
|
|
"x-misp-object--92a95325-d5d0-476c-8998-16eb966d1706",
|
|
|
|
"relationship--f6ab84ea-1d6e-48eb-9789-a37dc9bbf933",
|
|
|
|
"relationship--f16276a7-62fe-498f-bf62-b10ff0ecc400"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:tool=\"Mirai\"",
|
|
|
|
"misp-galaxy:malpedia=\"Mirai\"",
|
|
|
|
"misp-galaxy:botnet=\"Mirai\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def74-e454-428d-8915-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:01:56.000Z",
|
|
|
|
"modified": "2018-12-22T08:01:56.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tutos.sh']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:01:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def75-ee28-4f8d-a610-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:01:57.000Z",
|
|
|
|
"modified": "2018-12-22T08:01:57.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'purenetworks.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:01:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def75-68b0-451a-96db-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:01:57.000Z",
|
|
|
|
"modified": "2018-12-22T08:01:57.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'adb.sh']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:01:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def76-2cb4-4473-a5f2-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:01:58.000Z",
|
|
|
|
"modified": "2018-12-22T08:01:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'gpon8080.sh']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:01:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def76-2ca0-4717-9662-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:01:58.000Z",
|
|
|
|
"modified": "2018-12-22T08:01:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rce.trade']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:01:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def77-d8e0-4e42-a98c-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:01:59.000Z",
|
|
|
|
"modified": "2018-12-22T08:01:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'realtek.sh']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:01:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def77-c78c-4723-90a3-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:01:59.000Z",
|
|
|
|
"modified": "2018-12-22T08:01:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'airlink.sh']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:01:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def78-126c-4caa-ae75-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:02:00.000Z",
|
|
|
|
"modified": "2018-12-22T08:02:00.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dlink.sh']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:02:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1def79-5d98-4f86-9579-3dd202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:02:01.000Z",
|
|
|
|
"modified": "2018-12-22T08:02:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dzs.sh']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:02:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1defe8-91ec-459f-a759-3ee202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:03:52.000Z",
|
|
|
|
"modified": "2018-12-22T08:03:52.000Z",
|
|
|
|
"pattern": "[url:value = 'http://145.239.138.69/bins/rift.m68k']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:03:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1defe9-3338-43ec-b9ef-3ee202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:03:53.000Z",
|
|
|
|
"modified": "2018-12-22T08:03:53.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rce.trade/bins/rift.m68k']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:03:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1e7-9e28-4d57-8210-48ca02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:23.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:23.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '145.239.138.69']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1e7-6cf8-4335-a539-424702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:23.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:23.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dd56f13b244a2b8a33fe5a112156fd89c9157406198f053354e6471b75c24554']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1e8-46d4-4a00-a2d4-453502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:24.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:24.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e82a45de78fbf8b1b9577270924b100d1c094c6d1a84086a168543aed23c264b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1e8-1d9c-457e-b592-454a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:24.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:24.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5c03fa1d9b7d551f738fa8cf0937aff842b019789ffa15cb97823f921dcdedcb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1e9-1178-45a9-87c0-4ff102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:25.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:25.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0a1c9cc1d2ff521996cf46fe40e0ba9dc010a9b67b45f56bc4824a8e6c505524']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1e9-1568-451c-a1bf-44d602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:25.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:25.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '22c6b6bd77ee2fcd16dcbb3f2ae400eafd741a4fc92a5ee167445334145e4242']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1ea-4d64-4f4e-aac4-44fe02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:26.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:26.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f57ad9b7c5ca6bf64b32860298a88e2912800ce564890e4f44da46490af205a4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1ea-50e4-426c-89bb-4c4302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:26.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:26.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cd31099d2dd701e259ab0bf490467a5fcf6ecebeb387e7b6b295ad53e5f83687']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1eb-be1c-4091-ba0e-486702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:27.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:27.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '21c8d8ca54284ca7aa92f5d1c2f8b931c13150cc8561f5bab4dc21cebba1fb27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1df1eb-59b4-47bf-ad3e-439202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:12:27.000Z",
|
|
|
|
"modified": "2018-12-22T08:12:27.000Z",
|
|
|
|
"description": "related samples collected the 2018-12-22",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6f81576fe9e215ab361150385eb0542e3fe07507f8a96fd2642d70ac3568106a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:12:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c1defb7-6034-48ab-87a7-3de502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:01.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:01.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b20e3369d72ca79df0362398ae81d4c8' AND file:hashes.SHA1 = 'f6a079a809e65ca8007d7959f5eedacf852e7351' AND file:hashes.SHA256 = '1c484f5eab8549071f2c1643daf947d7fde459080a0b87337342a8e629c9a9d0' AND file:name = '1c484f5eab8549071f2c1643daf947d7fde459080a0b87337342a8e629c9a9d0' AND file:size = '215184' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAGJAlk15z0bLozUBAJBIAwAgABwAYjIwZTMzNjlkNzJjYTc5ZGYwMzYyMzk4YWU4MWQ0YzhVVAkAA7fvHVy37x1cdXgLAAEEIQAAAAQhAAAAPvHHrxRQ/U4nYMa26p68qZ2MEH1N9BS1rROz3iazsAqFNrFiBWNYr8ZkCtxb0P5jtFYr0MhdhEBoqJcK57y6dPAOijs8zfstQFZ6HARPz7yFnqgMFl4SeBYPzxyHyXdZysoycE27smXO/8KVMZDmZGDc9tLDzqpRDHEcTmTQpTT4ZXe88Kwx7C0TV+dG4GgAhuO6WNl8WcLVwQC7QrShTV3qp7cZSyKXUODOU+IUjsXRbKMzYmYjrY9eRAB+F3x+NBMBzS5oP/3nq6kXBouuJsMwj3NxFsyJSCABNcq7ZD4ry1NNjnegt5wMUC5OCGvRdkz01XJJGEJwl9dnngI6HOeGzmGBYOTdIx7QzhhO2uPPgCExzuXGARAMRBkVutBszdrtlWVwZTn40JswnDOYDirKz3TQqYdORsKDwQR4uHl3c81D3aW37mY28lDzdN7Gz8xnQrrIbPv2SpS+NxWXF0ScTRYJpVnfM9disGr9lz4EkxYsZsQ9aIhd9qDUCpnsiH1Sv+aWT1Xzpg4lXKd5fsXEoOjEfLWcI7Lwl4raJOCdQRtPb3TlkfpCOMAbxU+Ol3HWtG9QIoXhZFvbo620lwHyXijgrKRscKLoQrTFHddMX03tPvpkCqx+zWRQ0SPtc7Ll4BjAytNbCw/Or1GXlFu8I6NzryFE7Q2nzBE5eaUSrPZdo9Wljv27e+epdiL+538wacfXNvavZg37oySedK9s325HL8vFjwzDsGpMtw7WeUztdsPdkWPz7BEYpHwB+A7hHpY2ztTJBsjgJBV0Uz3OPHkPODg3L4onWblmh1lm11RZHe5ftOTkD3jTxwBNVfMDJcCNGtOE8azjKaKq9wrL1J+ird5oyvP5RmuQJS08VPR1j3ss9ep26scwDNJ2M4UmS2XlCnnWfXVsGsfXkMOG5LE6qqErtNKEysMLIMUsGeatRG3nib3smgBPkWmApuh85oDRuSVUUpK/lfHRviRkEiBAfJGGWfm8BSvt+7M5ncd5ZFlQ1rC3sC2f79Lg+GyQCb/fmSX3OxCmGuvh4HJXON8+DunhEA0MVC85e3ikFzWJ0b32kWd9sXZyhCSmoMvK6YnO2a8ROF9YsmAuijeMvwtbqVTP17t0SHxC2VPlawm/hi1+YXYcv2l1DvxYW5gS9CciI5zUgW1ZKMIMuKqunmIhBIZyq7uWf/hbMZdLY62IRHo8RUqYSQlUM/5K/0k0GCCpMrCOd6HcbkZzpUT5VsdeUd6faJxgjynGQjsvwDNSygJSEpiPU2eEoMqnvNn+N652fm57Pqr6dsNOZgXgoxraQf72YDrXHeWoQQVzOLGGQJGIuPdxWTM5nK2Ay2ClSOkssXXSsJyhq9r91Du2wyB8gqoc2b4OPZkG9ThJmfYxwF44J1VWI6o+Hb+KuM1jjv3OGc6pyjnfGWR73Z4B01l2GZ09ZRao3xHyU12Xbj9/uTxPYWCpK3z9LrwcxvVNriUFGwv6QCEx5QGVzu2AYd2nSG3CAqrONWy2XhFVbEM2AUg+GAJ3Rtm0ov/yUlRVL7MDx/AAc2gOn/MBxKZAqCUnd11W0lzhnVpr1t9JTBHo3OGs6ueMGiRpOI7JshVzhCLs1UDcHQ/0iBBjqsNpzc0kEzXFSDxPqfrFRThFOhhMI2cIdMog9BzS7BzUWh7mJ+n/lnUq5POEBFvgAMPt7TrxofjOHjf2dXrP//cUULd07Q0iC1r5God8sWCpXIMeH8HJtb8sjUMFtVL6YdIrO2twOSaLSBnCrNXK6ZbmyTjaXXDtGKPISZpfpK8GBvdck6EsW8nBB6aQE2KAZBBrRq4E+BwOGvBq3uFo1Djn+UAG+pXF52ocPyTWi0PhpygjvRxtXX+EkFXKTzacaUli+sy2gO7ZOXHQ535gGQMcLC1+t5XTTb51Z2M9ijJRbVsigf0e1ruEmGuzD/et/ndJpWmqvIcXTVBttD7Cq3XFnwP6Fykr1G4igI4ELjsh4TXNl/DJRgyCZHI1Z4jgBIjvURLg5jURrDbb8G445qbOl1RCKxhb4eQXQP4FSyZ6V4XHLV1l8/WppLWNm4Wzx3F4TZdfJhehTHe5a9Ng0GxpzSpJ6zeEsPUvN7NgRANex2tmoQzd1QtJm2OTLJ1dxhvRtBmE0QZC3IfKw5KfBwTDhhE0ruz+u35uuNwSj6M3QVGHOy6RBn6fPC/Ye98Jj0WZvrySzMwk63hyVmKMSRM4jU4f9mE7LjnGzjOuSYZ8Yxag/hMWBkD7SPPNYUFjSwjIvMmYZRnzTsc3FFe3b4rvO1qZJXeGK/EBqVx6k1D5LnTrpCFg+CkA/6kHh5KdibqIsW1i9pNcU7CPqGIdNooTCzR/zrBfjro2lQk7v2fVlh89/JQT90EZw4zEJO8QzzfnKMNBm+HTXihkSxwDnjxf8ge7UCu7J2hwLVLzOrTTVa35k+Uu7QSCQXADjkifMsI8K1jz5lLxEHJTgaPN43gUAXfZZNMCOVLMuzdtRuDxAZkw1jFjmdFm88Temdm9XuxjxG2vklcFOZ+9KowIk3lMHvvL/A6J/rviiyzYIxTavSttdabxYY4ghg+x0tGo62f5SrGyAOFrlO98qiBvtElFNo0QxNzm/Tqq1xnUwMc2xsRuLMcLcXdxBTFNR5fT9/Po09aPgcN39SpEKhW8GmJfIYXBQcnsjh5oTSuxxRwzFNx3Ke4CipJ0Z1OL2UhYFvrY2kwgpR+CUq6ktUAp0AflASQuJtBaCByJoCzQCb4ReZCYcsw07/oMaT5E/YrwEqe97OtT3pykWq08gjJQheuHQW1bYG+fqfSvLlgjwNNk6wLHD3PalT4cFvGvuGyPfVw8oo4kA0XJvGoUs2UVnY5T1fteSXtR6df9xow6M4UDDngyT9eC04n8pIgRjmpG8BDrC+T17bV/uJIsE5feZWPsGk2RszdwJ0TZ2d4+hbPwtUmZGfMq0dIcecDrcuCFZ8+490qDHphsDSmUrobToPltDF0i5Y5hkJ5WJxZ/WVYc5Xsq9ehzPmF5Env/+0/qsNcDMapX5idjKSCYhqNlDBagJzVfuTYfd0301V6vhewzuR4xkbLidjh9gg6ImD3x3Uo8oD6mb5yyvtTlow1SUURxADPQoEEzGWV7oN73VWsHxL7M59CNzbK13nGKO5Ylb6rhC0Bk+Lrw/lER2ibq1tIoVplPfznXPEBQqCWORo7VRQAUpwvYBp3/a3+nZVfNoIt1X4nee18Iic1VPCyn17vBEZ9q83Eg/himSPBaphJqwCJy0NgTf619J701y7ca5uHfaejRfpLWbkaHD+M/sqgcAMbTDQ7lhEYYZRAp7su4JGo92W7FOVgyiVBgMJ11TV8RT07nqaFtSIdmQ+4dpLZotRSFrt52sQzqBcjfmhoKraI++oaZlKc5qOg8BS+HrcTMcykS8YK5edOIYGyBiifJsiAhET0lIXCkrF2FWHaJYPESRjtZLp98QkdbSVqZm/6+ZN6UC3pw/PZ9HSD0bZbrlL7imjNa2hVhSOTlmvFiEFNsTtZbsRdLxx5iVu+PL4+LTEbZswu27XL/dviaTjCk2EJsIw/EGhz7lBZhYgcBqcvBuhBvat
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ffb32990-7cd3-4e8c-960c-3be57bf8cf63",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:01.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:01.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a6574b0af5a2d91c52d59b8e68e21387' AND file:hashes.SHA1 = 'b3f89c2cbf180251d3ce60cc275cfa37faceadf6' AND file:hashes.SHA256 = 'cd31099d2dd701e259ab0bf490467a5fcf6ecebeb387e7b6b295ad53e5f83687']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a9ebf3b6-c4b9-4cc5-a1d8-1f85b24c1b84",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:03.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:03.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:27:45",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c80f0c78-cefd-4226-aee1-3d197cc264fe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/cd31099d2dd701e259ab0bf490467a5fcf6ecebeb387e7b6b295ad53e5f83687/analysis/1545460065/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5d21b982-03ca-4fe6-8d5d-ef928f0f6691"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "17/56",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2e5f2514-eb71-412f-96eb-79bb48e1578b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--02667750-2846-4aa3-9b4d-e3bc900d83ac",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:04.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:04.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '32a075fb231e42678581b83f0be2c001' AND file:hashes.SHA1 = '21fd9c9332ba3b9da8f169a5a9e926fd4f25b8e0' AND file:hashes.SHA256 = 'f57ad9b7c5ca6bf64b32860298a88e2912800ce564890e4f44da46490af205a4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--cbb33856-2445-495d-a539-8beb680ddcf2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:05.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:05.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:33:55",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cd5513f4-fb38-4c97-9313-66b3d747c52c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/f57ad9b7c5ca6bf64b32860298a88e2912800ce564890e4f44da46490af205a4/analysis/1545460435/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "01619c73-072e-46b3-a208-2313e9f1cb66"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "20/58",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "98bbf5c1-d931-498c-adce-5ba514b3e183"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a461f37-ea74-4114-8f56-dec17767d75a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:06.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:06.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e2ddf17217c528e08cf13b9cb55937f2' AND file:hashes.SHA1 = 'b236d8b3e4ceab7d2d6729a8a955aa36ee871ce6' AND file:hashes.SHA256 = 'dd56f13b244a2b8a33fe5a112156fd89c9157406198f053354e6471b75c24554']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--da3b0176-135b-49c4-acf4-9f397271c19b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:09.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:09.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T07:12:20",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5754190d-81f5-481b-90e6-f1eb32f5925f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/dd56f13b244a2b8a33fe5a112156fd89c9157406198f053354e6471b75c24554/analysis/1545462740/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "1cf12112-a093-4939-bb5e-edab6a62235d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "22/56",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ab32b420-39ad-40ea-90ab-d8d7caab2a8d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--65ffa251-69ee-4531-ba89-98c6169d959e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:10.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c09bc77edcb32573a10da99197c51162' AND file:hashes.SHA1 = '65f218fd4c85c565270ca1b2ba5271bf9792da62' AND file:hashes.SHA256 = '0a1c9cc1d2ff521996cf46fe40e0ba9dc010a9b67b45f56bc4824a8e6c505524']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--dfefbb21-10b8-4bc9-b81b-fbe0ca7f1569",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:12.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:12.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:41:28",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5ffa5231-2e39-4f3b-9fda-efd22ba6852e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/0a1c9cc1d2ff521996cf46fe40e0ba9dc010a9b67b45f56bc4824a8e6c505524/analysis/1545460888/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "94f8cdf6-1a5b-48df-a939-f3271596ae59"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "16/56",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2f7f44e8-b43e-4f2b-a54b-f4308810f205"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--23a97df0-169d-4dd6-8b75-9a29d76b669b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:13.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:13.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5dfc1bc753a257824c8010ed4bdd4092' AND file:hashes.SHA1 = 'ff782a7c66eb769ab6542948da3f33a0f83bc497' AND file:hashes.SHA256 = '6f81576fe9e215ab361150385eb0542e3fe07507f8a96fd2642d70ac3568106a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--be8f89c6-f7cd-4e0d-bea3-e1fb1510b9fa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:14.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:14.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:22:14",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a3374a39-e472-4b6d-a58c-cd2401fe8e5c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/6f81576fe9e215ab361150385eb0542e3fe07507f8a96fd2642d70ac3568106a/analysis/1545459734/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "386018e1-0346-4fec-b77b-19cfa3b65bec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "16/56",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0f902e65-c349-4519-8702-fab4ce47f821"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a7a85b34-4c6a-49f1-ada4-cd1a2cfe5cc1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:15.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:15.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T07:43:25",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e02cf85c-31a8-4c6c-9c6b-2153dc6196e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1c484f5eab8549071f2c1643daf947d7fde459080a0b87337342a8e629c9a9d0/analysis/1545464605/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "280516f8-86d7-4d90-9339-a8462a1cac0f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "22/55",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "df45df49-855e-4165-aa01-4ecd55864c59"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d46c5216-771c-498b-93a7-c2ae86b8fc85",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:16.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:16.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd201a06381a07c96a0ca0527f8ec2912' AND file:hashes.SHA1 = 'dc52f94c6a0e44aae56b78109113c4b8e39ff4da' AND file:hashes.SHA256 = '21c8d8ca54284ca7aa92f5d1c2f8b931c13150cc8561f5bab4dc21cebba1fb27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--70dae729-bf15-4fdb-8b17-88b25ad655f9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:18.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:18.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:22:47",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ea341628-bc26-4d88-81c1-c1f955ad33b3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/21c8d8ca54284ca7aa92f5d1c2f8b931c13150cc8561f5bab4dc21cebba1fb27/analysis/1545459767/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "de0c14e1-6e22-4d65-9773-1193074fcc9c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "10/57",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "77a3f3a1-1ff1-4ce9-865a-3a9f8bf10cee"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--3dc38322-437e-49e6-9d44-c21cd68cb10a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:19.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:19.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4ee9d50632e0c7c36899cecf1b8f2547' AND file:hashes.SHA1 = 'c200a35d1dbbfe9639fc942755701dee3f1c415e' AND file:hashes.SHA256 = 'e82a45de78fbf8b1b9577270924b100d1c094c6d1a84086a168543aed23c264b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--506d006d-bc83-4e3a-8cd5-ec4f98e0a081",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:21.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:21.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:55:01",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1d6891d5-a90a-4608-b49d-fb6fc776fb07"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/e82a45de78fbf8b1b9577270924b100d1c094c6d1a84086a168543aed23c264b/analysis/1545461701/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "05f2bee3-95e7-4953-912c-14c1f4f4bdb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "11/55",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "416e7bc8-308f-4add-b03f-a08967caf518"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--fcab5eef-60e1-4685-a6eb-0d8a2ac9bbce",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:23.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:23.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '48db654726a8758af7f2b3b31d1476f2' AND file:hashes.SHA1 = '1229375497e371eb2ce3e8e670fb554804eea42d' AND file:hashes.SHA256 = '22c6b6bd77ee2fcd16dcbb3f2ae400eafd741a4fc92a5ee167445334145e4242']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5da3946b-e14b-44e0-b9c0-c1ebe8318907",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:25.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:25.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:33:59",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "447eecca-7803-47d1-b37c-c5b9d480e6cc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/22c6b6bd77ee2fcd16dcbb3f2ae400eafd741a4fc92a5ee167445334145e4242/analysis/1545460439/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "378938a3-856a-4b92-9550-01d388d07893"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "20/58",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8737dce0-10c8-4725-947f-aebc44b028b8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--eed9e7c8-7134-4d41-96b8-48f149ff2bf5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:26.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ad124ff5c8d0a2afab61bb8c29b8a8a8' AND file:hashes.SHA1 = 'ddf38f8cc07b05085ca6b9508975449c474a49d4' AND file:hashes.SHA256 = '5c03fa1d9b7d551f738fa8cf0937aff842b019789ffa15cb97823f921dcdedcb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-12-22T08:13:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--92a95325-d5d0-476c-8998-16eb966d1706",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-12-22T08:13:27.000Z",
|
|
|
|
"modified": "2018-12-22T08:13:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-12-22T06:45:30",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "746f860a-6825-4c2d-ac85-0b8ecf01b3ba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5c03fa1d9b7d551f738fa8cf0937aff842b019789ffa15cb97823f921dcdedcb/analysis/1545461130/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "24611e72-2e99-44ac-84f4-0c65da414aa2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "20/56",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "bfd8765c-61eb-4474-b343-7f7216238673"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--f6ab84ea-1d6e-48eb-9789-a37dc9bbf933",
|
|
|
|
"created": "2018-12-22T08:06:59.000Z",
|
|
|
|
"modified": "2018-12-22T08:06:59.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "related-to",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--5c1defb7-6034-48ab-87a7-3de502de0b81",
|
|
|
|
"target_ref": "indicator--5c1def75-68b0-451a-96db-3dd202de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--f16276a7-62fe-498f-bf62-b10ff0ecc400",
|
|
|
|
"created": "2018-12-22T08:07:13.000Z",
|
|
|
|
"modified": "2018-12-22T08:07:13.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "related-to",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--5c1defb7-6034-48ab-87a7-3de502de0b81",
|
|
|
|
"target_ref": "indicator--5c1defe9-3338-43ec-b9ef-3ee202de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|