1013 lines
44 KiB
JSON
1013 lines
44 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5a54c404-ccfc-4fae-8f64-416c950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T15:26:11.000Z",
|
||
|
"modified": "2018-01-10T15:26:11.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "grouping",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "grouping--5a54c404-ccfc-4fae-8f64-416c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T15:26:11.000Z",
|
||
|
"modified": "2018-01-10T15:26:11.000Z",
|
||
|
"name": "OSINT - Money-making machine: Monero-mining malware",
|
||
|
"context": "suspicious-activity",
|
||
|
"object_refs": [
|
||
|
"observed-data--5a54c41c-3044-48e5-9443-413a950d210f",
|
||
|
"url--5a54c41c-3044-48e5-9443-413a950d210f",
|
||
|
"indicator--5a560bf5-9958-478b-bdfb-4c16950d210f",
|
||
|
"indicator--5a560bf5-c7f4-4318-84ce-455b950d210f",
|
||
|
"indicator--5a560bf5-5b00-4e01-b429-4fc4950d210f",
|
||
|
"indicator--5a560bf5-f3d0-4a0d-bbc8-4046950d210f",
|
||
|
"indicator--5a560bf5-fdac-4cf5-be6d-4554950d210f",
|
||
|
"indicator--5a560bf5-b4c4-49c8-a21c-49f0950d210f",
|
||
|
"indicator--5a560bf5-8098-4de6-98c5-4667950d210f",
|
||
|
"indicator--5a560bf5-9124-4840-8f5b-465d950d210f",
|
||
|
"indicator--5a560bf5-1ca4-4078-b2a0-4082950d210f",
|
||
|
"indicator--5a560bf5-984c-47c2-961d-4560950d210f",
|
||
|
"indicator--5a560bf5-ff48-44f8-8d2a-42d1950d210f",
|
||
|
"indicator--5a560bf5-4db0-4664-b0cb-493e950d210f",
|
||
|
"indicator--5a560bf5-ac14-4e6f-8bb6-48d7950d210f",
|
||
|
"x-misp-attribute--5a560c0c-1f04-4218-85b7-40f5950d210f",
|
||
|
"vulnerability--5a560de5-4b08-4929-814c-4d5c950d210f",
|
||
|
"indicator--ea1be23a-dfcd-48de-8872-8f836e6ac3c0",
|
||
|
"x-misp-object--b935385d-8974-4c8e-950c-3e68a61d1b8c",
|
||
|
"indicator--d7991877-c64b-473c-9c7c-b2744a41de54",
|
||
|
"x-misp-object--9289df9d-4871-45bb-93fb-79f880b28639",
|
||
|
"indicator--9c910616-22a6-4e08-a3a2-87f4b475d3d1",
|
||
|
"x-misp-object--926ff804-e136-4d43-9fc4-d4750cb05769",
|
||
|
"indicator--e64a6ec9-2bc8-4ef0-9016-a9a5d46d1e14",
|
||
|
"x-misp-object--b992202a-e871-4545-9b50-afbb7006a55b",
|
||
|
"indicator--85cce78c-3a7f-410f-af8a-3b3059d60ffc",
|
||
|
"x-misp-object--525147f2-d882-47c0-979f-1082ab49db86",
|
||
|
"indicator--792c5088-2710-4df6-bb0f-b825c224bc89",
|
||
|
"x-misp-object--e6140541-debe-4885-9b25-545b3ac4b0c4",
|
||
|
"indicator--853fb224-372e-4b63-b73c-8a8af6bd0545",
|
||
|
"x-misp-object--8e253c50-69de-4b63-8921-c0acd42e4eac",
|
||
|
"indicator--10880336-2391-4892-9a3a-eb219b1ab021",
|
||
|
"x-misp-object--1443c499-9846-4744-b176-676dfaa55f00",
|
||
|
"relationship--8662cdd1-cab7-4405-b78b-cb65291edf35",
|
||
|
"relationship--8bc38994-b1e7-4c89-96f6-913d178db17c",
|
||
|
"relationship--f29cb0a4-1213-4cd3-aaaa-5f8216246786",
|
||
|
"relationship--8d611e5a-6719-4190-9307-fd0764ea30cf",
|
||
|
"relationship--7333749f-7c89-4703-aebe-a0b4bb96d0b9",
|
||
|
"relationship--4b8e3507-3bdc-4176-983a-33fb387eaaf1",
|
||
|
"relationship--8e2d7f5b-d24d-4178-ba1d-f5c3f487ada0",
|
||
|
"relationship--9ea48c11-6aea-4389-a72f-b96b7004639f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"workflow:todo=\"create-missing-misp-galaxy-cluster\"",
|
||
|
"circl:incident-classification=\"malware\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"dnc:malware-type=\"CoinMiner\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a54c41c-3044-48e5-9443-413a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:41.000Z",
|
||
|
"modified": "2018-01-10T12:52:41.000Z",
|
||
|
"first_observed": "2018-01-10T12:52:41Z",
|
||
|
"last_observed": "2018-01-10T12:52:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a54c41c-3044-48e5-9443-413a950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a54c41c-3044-48e5-9443-413a950d210f",
|
||
|
"value": "https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-9958-478b-bdfb-4c16950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:41.000Z",
|
||
|
"modified": "2018-01-10T12:52:41.000Z",
|
||
|
"description": "Download Site:",
|
||
|
"pattern": "[url:value = 'http://postgre.tk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-c7f4-4318-84ce-455b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:41.000Z",
|
||
|
"modified": "2018-01-10T12:52:41.000Z",
|
||
|
"description": "Download Site:",
|
||
|
"pattern": "[url:value = 'http://ntpserver.tk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-5b00-4e01-b429-4fc4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:41.000Z",
|
||
|
"modified": "2018-01-10T12:52:41.000Z",
|
||
|
"description": "Source IPs:",
|
||
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '54.197.4.10']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-src\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-f3d0-4a0d-bbc8-4046950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:41.000Z",
|
||
|
"modified": "2018-01-10T12:52:41.000Z",
|
||
|
"description": "Source IPs:",
|
||
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '52.207.232.106']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-src\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-fdac-4cf5-be6d-4554950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:41.000Z",
|
||
|
"modified": "2018-01-10T12:52:41.000Z",
|
||
|
"description": "Source IPs:",
|
||
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '18.220.190.151']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-src\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-b4c4-49c8-a21c-49f0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '31721ae37835f792ee792d8324e307ba423277ae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-8098-4de6-98c5-4667950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a0bc6ea2bfa1d3d895fe8e706737d490d5fe3987']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-9124-4840-8f5b-465d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '37d4cc67351b2bd8067ab99973c4afd7090db1e9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-1ca4-4078-b2a0-4082950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0902181d1b9433b5616763646a089b1bdf428262']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-984c-47c2-961d-4560950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '0ab00045d0d403f2d8f8865120c1089c09ba4fee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-ff48-44f8-8d2a-42d1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '11d7694987a32a91fb766ba221f9a2de3c06d173']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-4db0-4664-b0cb-493e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '9fcb3943660203e99c348f17a8801ba077f7cb40']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a560bf5-ac14-4e6f-8bb6-48d7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:49:57.000Z",
|
||
|
"modified": "2018-01-10T12:49:57.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = '52413ae19bbcdb9339d38a6f305e040fe83dee1b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:49:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a560c0c-1f04-4218-85b7-40f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:41.000Z",
|
||
|
"modified": "2018-01-10T12:52:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "While the world is holding its breath, wondering where notorious cybercriminal groups like Lazarus or Telebots will strike next with another destructive malware such as WannaCryptor or Petya, there are many other, less aggressive, much stealthier and often very profitable operations going on.\r\n\r\nOne such operation has been going on since at least May 2017, with attackers infecting unpatched Windows webservers with a malicious cryptocurrency miner. The goal: use the servers\u2019 computing power to mine Monero (XMR), one of the newer cryptocurrency alternatives to Bitcoin.\r\n\r\nTo achieve this, attackers modified legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to covertly install the miner on unpatched servers. Over the course of three months, the crooks behind the campaign have created a botnet of several hundred infected servers and made over USD 63,000 worth of Monero."
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--5a560de5-4b08-4929-814c-4d5c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:58:13.000Z",
|
||
|
"modified": "2018-01-10T12:58:13.000Z",
|
||
|
"name": "CVE-2017-7269",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"Payload installation\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2017-7269"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ea1be23a-dfcd-48de-8872-8f836e6ac3c0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:44.000Z",
|
||
|
"modified": "2018-01-10T12:52:44.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '618e76e806a2eb4285c996395aec83e2' AND file:hashes.SHA1 = '31721ae37835f792ee792d8324e307ba423277ae' AND file:hashes.SHA256 = '5adf7c44f649de93d7adbac55c9ce2cd19384e627cd5738ddae233512b624453']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b935385d-8974-4c8e-950c-3e68a61d1b8c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:42.000Z",
|
||
|
"modified": "2018-01-10T12:52:42.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/5adf7c44f649de93d7adbac55c9ce2cd19384e627cd5738ddae233512b624453/analysis/1513859719/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9a-2cc0-47bb-baee-41a402de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "53/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-d1bc-4579-b347-46b602de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-12-21 12:35:19",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-7d0c-43f5-95cc-470c02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d7991877-c64b-473c-9c7c-b2744a41de54",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2f0abd9db04be04d2abb653c4e8b312f' AND file:hashes.SHA1 = '52413ae19bbcdb9339d38a6f305e040fe83dee1b' AND file:hashes.SHA256 = 'f89a29c2950f5a920c1473156f050dd913578a1858dcb70c26ee9bb469a20687']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--9289df9d-4871-45bb-93fb-79f880b28639",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:42.000Z",
|
||
|
"modified": "2018-01-10T12:52:42.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/f89a29c2950f5a920c1473156f050dd913578a1858dcb70c26ee9bb469a20687/analysis/1506600788/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9a-ce24-4bc5-a395-46f602de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "43/64",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-9868-44b0-ad20-419702de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-09-28 12:13:08",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-80e4-47ce-be08-464402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9c910616-22a6-4e08-a3a2-87f4b475d3d1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '23a2278fae626df2e134b9d141dc59dc' AND file:hashes.SHA1 = '0902181d1b9433b5616763646a089b1bdf428262' AND file:hashes.SHA256 = 'ea579b7d0cc1106cdb285a41bc031205240b93f438c000a7aee30cd80dc72d52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--926ff804-e136-4d43-9fc4-d4750cb05769",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:42.000Z",
|
||
|
"modified": "2018-01-10T12:52:42.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/ea579b7d0cc1106cdb285a41bc031205240b93f438c000a7aee30cd80dc72d52/analysis/1509047328/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9a-e46c-4323-8caa-4b2602de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "51/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-247c-4c84-9f19-453b02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-10-26 19:48:48",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-655c-4cd2-a65f-4e2d02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e64a6ec9-2bc8-4ef0-9016-a9a5d46d1e14",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '367e73b9299cccf30893c86c8ab152a6' AND file:hashes.SHA1 = '37d4cc67351b2bd8067ab99973c4afd7090db1e9' AND file:hashes.SHA256 = '754d71c198f21b2b711df9f9e74753d9912277a816f04a291f71d656f06450c0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b992202a-e871-4545-9b50-afbb7006a55b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:42.000Z",
|
||
|
"modified": "2018-01-10T12:52:42.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/754d71c198f21b2b711df9f9e74753d9912277a816f04a291f71d656f06450c0/analysis/1509047307/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9a-1ad4-4398-b066-4c3002de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "52/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-0088-4bdd-9f47-4a3202de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-10-26 19:48:27",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9a-73a8-49b7-9e5f-4dea02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--85cce78c-3a7f-410f-af8a-3b3059d60ffc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:46.000Z",
|
||
|
"modified": "2018-01-10T12:52:46.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6b7c5481be0b985d72870468c771de53' AND file:hashes.SHA1 = '9fcb3943660203e99c348f17a8801ba077f7cb40' AND file:hashes.SHA256 = 'a688e0bce6807c05d12371356afe56eabc425104387b3d74a1042fa1e2af15b2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--525147f2-d882-47c0-979f-1082ab49db86",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:43.000Z",
|
||
|
"modified": "2018-01-10T12:52:43.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/a688e0bce6807c05d12371356afe56eabc425104387b3d74a1042fa1e2af15b2/analysis/1509047435/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9b-19ac-4b3f-a7cf-404902de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9b-2760-453b-85de-42de02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-10-26 19:50:35",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9b-7438-4b31-a6e5-480502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--792c5088-2710-4df6-bb0f-b825c224bc89",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:46.000Z",
|
||
|
"modified": "2018-01-10T12:52:46.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '0645bcfc7df878614f9c5a78d2b6225a' AND file:hashes.SHA1 = '0ab00045d0d403f2d8f8865120c1089c09ba4fee' AND file:hashes.SHA256 = '0f76fe343377a1ecfebc9ac5922e6ec667f8d09230ee5b345e4f3aad1c9e44e7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e6140541-debe-4885-9b25-545b3ac4b0c4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:43.000Z",
|
||
|
"modified": "2018-01-10T12:52:43.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/0f76fe343377a1ecfebc9ac5922e6ec667f8d09230ee5b345e4f3aad1c9e44e7/analysis/1509047352/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9b-01b8-40d7-966a-408602de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "47/66",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9b-f2b4-441f-8679-474b02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-10-26 19:49:12",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9b-f164-4a33-941d-44ed02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--853fb224-372e-4b63-b73c-8a8af6bd0545",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:46.000Z",
|
||
|
"modified": "2018-01-10T12:52:46.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b31593fa05990487c8fb61c921f5d9a4' AND file:hashes.SHA1 = '11d7694987a32a91fb766ba221f9a2de3c06d173' AND file:hashes.SHA256 = 'e1a024b3a882f109caf16aa4c07bc98e902f4b66394903283dfbeb14a07755a0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8e253c50-69de-4b63-8921-c0acd42e4eac",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:43.000Z",
|
||
|
"modified": "2018-01-10T12:52:43.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/e1a024b3a882f109caf16aa4c07bc98e902f4b66394903283dfbeb14a07755a0/analysis/1509047377/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9b-9b70-40d0-b83b-4d2e02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9b-0e88-4247-a940-445b02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-10-26 19:49:37",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9b-06ec-44d4-a5db-437502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--10880336-2391-4892-9a3a-eb219b1ab021",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:46.000Z",
|
||
|
"modified": "2018-01-10T12:52:46.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '845a949df30057649cdf1df504033c50' AND file:hashes.SHA1 = 'a0bc6ea2bfa1d3d895fe8e706737d490d5fe3987' AND file:hashes.SHA256 = 'cf3d35232a4ff20cd82fb9c4f87c7bd2bfce32d645dccea23c82424f09d50dae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-10T12:52:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--1443c499-9846-4744-b176-676dfaa55f00",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-10T12:52:43.000Z",
|
||
|
"modified": "2018-01-10T12:52:43.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/cf3d35232a4ff20cd82fb9c4f87c7bd2bfce32d645dccea23c82424f09d50dae/analysis/1514697636/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a560c9c-b330-46fe-94bc-4f9102de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/67",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9c-0308-4e93-9693-4fb202de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2017-12-31 05:20:36",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a560c9c-0f84-49c0-b558-4b3002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--8662cdd1-cab7-4405-b78b-cb65291edf35",
|
||
|
"created": "2018-01-10T12:52:44.000Z",
|
||
|
"modified": "2018-01-10T12:52:44.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ea1be23a-dfcd-48de-8872-8f836e6ac3c0",
|
||
|
"target_ref": "x-misp-object--b935385d-8974-4c8e-950c-3e68a61d1b8c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--8bc38994-b1e7-4c89-96f6-913d178db17c",
|
||
|
"created": "2018-01-10T12:52:44.000Z",
|
||
|
"modified": "2018-01-10T12:52:44.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--d7991877-c64b-473c-9c7c-b2744a41de54",
|
||
|
"target_ref": "x-misp-object--9289df9d-4871-45bb-93fb-79f880b28639"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f29cb0a4-1213-4cd3-aaaa-5f8216246786",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--9c910616-22a6-4e08-a3a2-87f4b475d3d1",
|
||
|
"target_ref": "x-misp-object--926ff804-e136-4d43-9fc4-d4750cb05769"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--8d611e5a-6719-4190-9307-fd0764ea30cf",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--e64a6ec9-2bc8-4ef0-9016-a9a5d46d1e14",
|
||
|
"target_ref": "x-misp-object--b992202a-e871-4545-9b50-afbb7006a55b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--7333749f-7c89-4703-aebe-a0b4bb96d0b9",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--85cce78c-3a7f-410f-af8a-3b3059d60ffc",
|
||
|
"target_ref": "x-misp-object--525147f2-d882-47c0-979f-1082ab49db86"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4b8e3507-3bdc-4176-983a-33fb387eaaf1",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--792c5088-2710-4df6-bb0f-b825c224bc89",
|
||
|
"target_ref": "x-misp-object--e6140541-debe-4885-9b25-545b3ac4b0c4"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--8e2d7f5b-d24d-4178-ba1d-f5c3f487ada0",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--853fb224-372e-4b63-b73c-8a8af6bd0545",
|
||
|
"target_ref": "x-misp-object--8e253c50-69de-4b63-8921-c0acd42e4eac"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--9ea48c11-6aea-4389-a72f-b96b7004639f",
|
||
|
"created": "2018-01-10T12:52:45.000Z",
|
||
|
"modified": "2018-01-10T12:52:45.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--10880336-2391-4892-9a3a-eb219b1ab021",
|
||
|
"target_ref": "x-misp-object--1443c499-9846-4744-b176-676dfaa55f00"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|