2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5c912339-5ab4-4226-a5b2-9fc2950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:16:29.000Z",
|
|
|
|
"modified": "2019-03-19T17:16:29.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5c912339-5ab4-4226-a5b2-9fc2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:16:29.000Z",
|
|
|
|
"modified": "2019-03-19T17:16:29.000Z",
|
|
|
|
"name": "LockerGoga - yara rules",
|
|
|
|
"published": "2019-03-19T17:17:56Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5c912348-2ec0-4864-b4c0-9abd950d210f",
|
|
|
|
"url--5c912348-2ec0-4864-b4c0-9abd950d210f",
|
|
|
|
"indicator--5c912364-5284-4c79-a948-287f950d210f",
|
|
|
|
"indicator--5c912364-5e3c-422f-aad8-287f950d210f",
|
|
|
|
"indicator--5c912364-a690-4ac1-b9e9-287f950d210f",
|
|
|
|
"indicator--5c912364-c830-48fd-9a06-287f950d210f",
|
|
|
|
"indicator--5c912364-5194-42e5-9028-287f950d210f",
|
|
|
|
"indicator--5c912364-4118-4277-b547-287f950d210f",
|
|
|
|
"indicator--5c912364-5ab4-448c-b7f5-287f950d210f",
|
|
|
|
"indicator--5c912364-1a50-4191-b106-287f950d210f",
|
|
|
|
"indicator--5c912379-4278-4663-bf46-4cbc950d210f",
|
|
|
|
"indicator--5c9123ca-0b0c-49f1-8b86-20ae950d210f",
|
|
|
|
"indicator--a3f2530b-30fe-41cd-b059-ad99969eff30",
|
|
|
|
"x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8",
|
|
|
|
"indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0",
|
|
|
|
"x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8",
|
|
|
|
"indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
|
|
|
|
"x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60",
|
|
|
|
"indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51",
|
|
|
|
"x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e",
|
|
|
|
"indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1",
|
|
|
|
"x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d",
|
|
|
|
"indicator--14547b7b-c28e-4574-8cc4-106899809c9e",
|
|
|
|
"x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe",
|
|
|
|
"indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43",
|
|
|
|
"x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43",
|
|
|
|
"indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4",
|
|
|
|
"x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597",
|
|
|
|
"indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac",
|
|
|
|
"x-misp-object--817671be-adde-446b-ac04-6532dd96a481",
|
|
|
|
"relationship--ee5c9141-fbe0-4347-bbe3-7e2913e34afe",
|
|
|
|
"relationship--f51f8ccf-3f19-4ed9-ba51-487cd562dcb2",
|
|
|
|
"relationship--41652956-9595-45cf-a888-f31051b1b990",
|
|
|
|
"relationship--854142fe-c33b-437f-aa57-84980de8190f",
|
|
|
|
"relationship--cfb615b4-bc87-4bad-af0a-eedb4cd5ed7a",
|
|
|
|
"relationship--c2532405-4cd6-49f7-8fc6-2bc313fdefe6",
|
|
|
|
"relationship--9209dfa3-d0b2-43a5-9e5a-3847ecd6c610",
|
|
|
|
"relationship--12f6486c-c5b6-45e5-a1af-1e9496d63130",
|
|
|
|
"relationship--9999e7b6-1b99-49a7-b6f9-b457be825f34"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"misp-galaxy:ransomware=\"LockerGoga\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c912348-2ec0-4864-b4c0-9abd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:13:44.000Z",
|
|
|
|
"modified": "2019-03-19T17:13:44.000Z",
|
|
|
|
"first_observed": "2019-03-19T17:13:44Z",
|
|
|
|
"last_observed": "2019-03-19T17:13:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5c912348-2ec0-4864-b4c0-9abd950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5c912348-2ec0-4864-b4c0-9abd950d210f",
|
|
|
|
"value": "https://pastebin.com/5LCC0HNp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-5284-4c79-a948-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-5e3c-422f-aad8-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-a690-4ac1-b9e9-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-c830-48fd-9a06-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-5194-42e5-9028-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-4118-4277-b547-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-5ab4-448c-b7f5-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912364-1a50-4191-b106-287f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:12.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c912379-4278-4663-bf46-4cbc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:14:33.000Z",
|
|
|
|
"modified": "2019-03-19T17:14:33.000Z",
|
|
|
|
"description": "Ransom notes",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:14:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c9123ca-0b0c-49f1-8b86-20ae950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:54.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:54.000Z",
|
|
|
|
"pattern": "[rule lockergoga {\r\n meta:\r\n description = \"LockerGoga Ransomware\"\r\n author = \"jeFF0Falltrades\"\r\n hash = \"bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f\"\r\n \r\n strings:\r\n $dinkum = \"licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED\" wide ascii nocase\r\n $ransom_1 = \"You should be thankful that the flaw was exploited by serious people and not some rookies.\" wide ascii nocase\r\n $ransom_2 = \"Your files are encrypted with the strongest military algorithms RSA4096 and AES-256\" wide ascii nocase\r\n $str_1 = \"(readme-now\" wide ascii nocase\r\n $mlcrosoft = \"Mlcrosoft\" wide ascii nocase\r\n $cert_1 = \"16 Australia Road Chickerell\" wide ascii nocase\r\n $cert_2 = { 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF } // MIKL LIMITED\r\n $cert_3 = { 3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF } // CCOMODO RSA Code Signing CA\r\n $cert_4 = { 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D } // COMODO SECURE\r\n \r\n condition:\r\n 4 of them\r\n}]",
|
|
|
|
"pattern_type": "yara",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"yara\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a3f2530b-30fe-41cd-b059-ad99969eff30",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:25.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2e2e4988a49f8b22d5909cf1964851cb' AND file:hashes.SHA1 = 'cd3f6121705a3df9156d823b7da34c4745588ac5' AND file:hashes.SHA256 = 'b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:25.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:25.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-04T05:50:46",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Ransom notes",
|
|
|
|
"uuid": "64db9dc1-3590-4b94-8372-48dd723f7d61"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7/analysis/1549259446/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Ransom notes",
|
|
|
|
"uuid": "88349f79-00a6-44e8-a104-5a643c5a2515"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "2/56",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Ransom notes",
|
|
|
|
"uuid": "4a13a84f-9f6b-42b4-b5eb-411be8e0a106"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '164f72dfb729ca1e15f99d456b7cf811' AND file:hashes.SHA1 = 'f92339e73c7e901c0c852d8e65615cfb588a4ff6' AND file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-19T13:53:33",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a678d856-09a1-49ad-bd69-59488e77d3b7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29/analysis/1553003613/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ca56e3c8-2c6c-4848-ba56-ff6ce2b3d5d3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "48/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "5794acde-ad4f-4ba3-8562-a92204ad10a6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '174e3d9c7b0380dd7576187c715c4681' AND file:hashes.SHA1 = '31fbfe814628db3b459ddc87bf5ed538700db17a' AND file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-12T13:06:36",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3a5e67c7-c74a-4315-9175-065963d5a8e4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4/analysis/1552395996/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c30aefba-5765-4246-8a36-0145c476abee"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "27/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "56f36d81-5d79-4378-918a-276b2d12f9aa"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4da135516f3da1c6ca04d17f83b99e65' AND file:hashes.SHA1 = '127b2c4403995d35622487bd250d673d74b613b9' AND file:hashes.SHA256 = 'bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-19T13:40:41",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "312ca56e-c396-4c37-884e-b7ebbf0bff58"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3/analysis/1553002841/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "508ee025-224d-4c90-84d2-fc69ce4ebabf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "38/58",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "eab40452-c7e1-43b7-9b51-15f8ffcd6477"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a1d732aa27e1ca2ae45a189451419ed5' AND file:hashes.SHA1 = '50f5a5ec13d21d4df119140547d63bc40f93b079' AND file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-12T12:39:49",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b1e65ff2-9d0e-43f3-9c2b-4baadd8cc1d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a/analysis/1552394389/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "edfa165d-5946-473b-963c-46fe77f0d672"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "45/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "fea3eff1-2ffe-4120-8ab6-c8351102e057"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--14547b7b-c28e-4574-8cc4-106899809c9e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '52340664fe59e030790c48b66924b5bd' AND file:hashes.SHA1 = '73171ffa6dfee5f9264e3d20a1b6926ec1b60897' AND file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-19T16:58:13",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b5962ae5-9f5f-4139-b4f8-32c00cf915a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f/analysis/1553014693/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "184fef18-605c-425d-bfc6-ab172d04ecd3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "50/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "4f40e57e-6c7e-4bd2-8790-69a88b362277"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:26.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3ebca21b1d4e2f482b3eda6634e89211' AND file:hashes.SHA1 = '37cdd1e3225f8da596dc13779e902d8d13637360' AND file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-13T20:19:57",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4d51e5b0-2f13-4636-80e7-04ef5a36146a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77/analysis/1552508397/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "520eb8ef-0225-4e1f-ae81-0401eddd9f4e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "50/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1258ab17-ba69-4fd4-b328-6fc04f405d9d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e8c7c902bcb2191630e10a80ddf9d5de' AND file:hashes.SHA1 = 'e00ec019409a078e9819e09d0f3915cb41fc131f' AND file:hashes.SHA256 = 'f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-02-26T19:40:39",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ecaf0112-f076-4391-9080-21996a134b7a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192/analysis/1551210039/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c417809f-4161-4ce4-8ce7-29842ceaf1e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "47/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "76fedccf-0b16-464e-b7e4-110651d1c6e9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9cad8641ac79688e09c5fa350aef2094' AND file:hashes.SHA1 = '3da0a217bbda09561780f52f163a6aafeb721d60' AND file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-19T17:15:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--817671be-adde-446b-ac04-6532dd96a481",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-18T09:59:21",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8428c83d-d250-47d1-b7cc-ceed25f03b61"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c/analysis/1552903161/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "0caaa8c4-1527-47bd-9e69-976486cbe6d7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "40/66",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "23f17631-48af-4ea1-a977-57a2fa95234d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--ee5c9141-fbe0-4347-bbe3-7e2913e34afe",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--a3f2530b-30fe-41cd-b059-ad99969eff30",
|
|
|
|
"target_ref": "x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--f51f8ccf-3f19-4ed9-ba51-487cd562dcb2",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0",
|
|
|
|
"target_ref": "x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--41652956-9595-45cf-a888-f31051b1b990",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
|
|
|
|
"target_ref": "x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--854142fe-c33b-437f-aa57-84980de8190f",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51",
|
|
|
|
"target_ref": "x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--cfb615b4-bc87-4bad-af0a-eedb4cd5ed7a",
|
|
|
|
"created": "2019-03-19T17:15:27.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:27.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1",
|
|
|
|
"target_ref": "x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--c2532405-4cd6-49f7-8fc6-2bc313fdefe6",
|
|
|
|
"created": "2019-03-19T17:15:28.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:28.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--14547b7b-c28e-4574-8cc4-106899809c9e",
|
|
|
|
"target_ref": "x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--9209dfa3-d0b2-43a5-9e5a-3847ecd6c610",
|
|
|
|
"created": "2019-03-19T17:15:28.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:28.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43",
|
|
|
|
"target_ref": "x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--12f6486c-c5b6-45e5-a1af-1e9496d63130",
|
|
|
|
"created": "2019-03-19T17:15:28.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:28.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4",
|
|
|
|
"target_ref": "x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "relationship--9999e7b6-1b99-49a7-b6f9-b457be825f34",
|
|
|
|
"created": "2019-03-19T17:15:28.000Z",
|
|
|
|
"modified": "2019-03-19T17:15:28.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac",
|
|
|
|
"target_ref": "x-misp-object--817671be-adde-446b-ac04-6532dd96a481"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|