369 lines
540 KiB
JSON
369 lines
540 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5d00a18b-fa28-4f72-bd72-4e6a950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T12:43:53.000Z",
|
||
|
"modified": "2019-06-12T12:43:53.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5d00a18b-fa28-4f72-bd72-4e6a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T12:43:53.000Z",
|
||
|
"modified": "2019-06-12T12:43:53.000Z",
|
||
|
"name": "OSINT - ThreatHunting/India/",
|
||
|
"published": "2019-06-12T12:44:03Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5d00a24c-d1c4-4149-84e4-beec950d210f",
|
||
|
"url--5d00a24c-d1c4-4149-84e4-beec950d210f",
|
||
|
"x-misp-attribute--5d00a413-fec0-4693-9d9f-7f9e950d210f",
|
||
|
"observed-data--5d00a449-d428-48a1-801a-9d26950d210f",
|
||
|
"file--5d00a449-d428-48a1-801a-9d26950d210f",
|
||
|
"artifact--5d00a449-d428-48a1-801a-9d26950d210f",
|
||
|
"indicator--5d00ae11-0b5c-41ac-9833-4916950d210f",
|
||
|
"indicator--5d00a3f8-9638-4961-8a3d-7f9f950d210f",
|
||
|
"indicator--5d00ab99-cac0-4996-88c5-45f2950d210f",
|
||
|
"indicator--5d00ac61-6384-430f-9a79-7f59950d210f",
|
||
|
"indicator--de24d809-f7d2-43cb-834f-4cfdc17da71b",
|
||
|
"x-misp-object--8a7bf1e7-288c-4392-8334-d291846cd5df",
|
||
|
"indicator--f961a3dc-041c-4443-b6d2-5777e128b264",
|
||
|
"x-misp-object--77f080dd-8ce0-4570-8bb4-cfd5cb678dbd",
|
||
|
"relationship--c679d759-d8f9-49ac-9173-694182d8c42a",
|
||
|
"relationship--24c0c61f-a4b7-4710-91b7-9db9c9b34827"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5d00a24c-d1c4-4149-84e4-beec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T06:57:16.000Z",
|
||
|
"modified": "2019-06-12T06:57:16.000Z",
|
||
|
"first_observed": "2019-06-12T06:57:16Z",
|
||
|
"last_observed": "2019-06-12T06:57:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5d00a24c-d1c4-4149-84e4-beec950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5d00a24c-d1c4-4149-84e4-beec950d210f",
|
||
|
"value": "https://github.com/jacobsoo/ThreatHunting/blob/master/India/d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c.md"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5d00a413-fec0-4693-9d9f-7f9e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T07:04:51.000Z",
|
||
|
"modified": "2019-06-12T07:04:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "The document seems to be targeting attendees to Islamic Microfinance Forum"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5d00a449-d428-48a1-801a-9d26950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T07:05:45.000Z",
|
||
|
"modified": "2019-06-12T07:05:45.000Z",
|
||
|
"first_observed": "2019-06-12T07:05:45Z",
|
||
|
"last_observed": "2019-06-12T07:05:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5d00a449-d428-48a1-801a-9d26950d210f",
|
||
|
"artifact--5d00a449-d428-48a1-801a-9d26950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5d00a449-d428-48a1-801a-9d26950d210f",
|
||
|
"name": "d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c_0001.png",
|
||
|
"content_ref": "artifact--5d00a449-d428-48a1-801a-9d26950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5d00a449-d428-48a1-801a-9d26950d210f",
|
||
|
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAB0AAAAOxCAYAAABsdLR8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAGdYAABnWARjRyu0AAP+lSURBVHhe7N35fxR1nvjxzn2fhCPch4joeM3ojOio431DIGcn6SRExdlxd2fn+O7Ozo474xzOoTOo44EHKh4oZ4BASAIBwhEgQIC/6P19v6tTpPzYUt1sRxt4/fB8VN7vVL27qj5VTTfvVFVk3Xsb5O13PpQ3162XN95eL/988z15/Y13Pa+98c5XvGr+ue5L1r4e8NrbAAAAAAAAAAAAAPCtiLy17gOv8fnGW+97Tc8LDU1/ptff/lKT89Vxlg8WWvvaW3GvTvjHq2/K39e+Kf8ISDVOlPs2akxGzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVyp1Ij4V33a1Z1+49NmeGXtGx5rYnrNztfHG5zqVW+qeWO/H/ePV3V+XWbtuL8HWN6mVjMYu78PxsnMY9OL1UxHDTdOtsZkr1cw58Z+zqbp2DY3Zr0uXsONk10vP5coTsd6uTUme72COTf2czZNx7a5Met18RpunOx6+blEcTrWy60x2esVzLmxn7NpOrbNjVmvi9dw42TXy88litOxXm6NyV6vYM6N/ZxN07Ftbsx6XbyGGye7Xn4uUZyO9XJrTPZ6BXNu7Odsmo5tc2PW6+I13DjZ9fJzieJ0rJdbY7LXK5hzYz9n03RsmxuzXhev4cbJrpefSxSnY73Y51+t4cZ+zqasV/pquPFk1nDjy32fu7Gfsynrlb4abjyZNdz4ct/nbuznbMp6pa+GG09mDTe+3Pe5G/s5m7Je6avhxpNZw40v933uxn7OpherEfFveWtXef7zzXflnfc/kvUffSrrP/zE88GGT2XDxxvlo48/k482fCYbAj7S35kN49MPx8Xzn8iHH+nyyqb+z8E4US7VOJl5ko2TmSfZOJl5wuJk5kk1TmaesDiZeVKNk5knLE5mnlTjZOYJi5OZJ9k4mXmSjZOZJyxOZp5U42TmCYuTmSfVOJl5wuJk5kk1TmaesDiZeZKNk5kn2TiZecLiZOZJNU5mnrA4mXlSjZOZJyxOZp5U42TmCYuTmSfZOJl5ko2TmScsTmaeVONk5gmLk5kn1TiZecLiZOZJNU5mnrA4mXmSjZOZJ9k4mXnC4mTmSTVOZp6wOJl5Uo2TmScsTmaeVONk5gmLk5kn2TiZeZKNk5knLE5mnlTjZOYJi5OZJ9U4mXnC4mTmSTVOZp6wOJl5ko2TmSfZOJl5wuJk5kk1TmaesDiZeVKNk5knLE5mnlTjZOYJi5OZJ9k4mXmSjZOZJyxOZp5U42TmCYuTmSfVOJl5wuJk5kk1TmaesDiZeZKNk5kn2TiZecLiZOZJNU5mnrA4mXlSjZOZJyxOZp5U42TmCYuTmSfZOJl5ko2TmScsTmaeVONk5gmLk5kn1TiZecLiZOZJNU5mnrA4mXmSjZOZJ9k4mXnC4mTmSTVOZp6wOJl5Uo3dXCT4rM933t8g23f0ytChYRk6GHdAfz44POGQz/Lj7Odg7Ods6i0fEBYn8nXLJPsaiYQt83+pkanrlWycKHcpNVzpqJmOGq7JrMExmliqNRLVTEcNVzpqpqOGazJrcIwmlmqNRDXTUcOVjprpqOGazBoco4mlWiNRzXTUcKWjZjpquCazBsdoYqnWSFQzHTVc6aiZjhquyazBMZpYqjUS1UxHDVc6aqajhmsya3CMJpZqjUQ101HDlY6a6ajhmswaHKOJpVojUc101HClo2Y6argmswbHaGKp1khUMx01XOmomY4arsmswTGaWKo1EtVMRw1XOmqmo4ZrMmtwjCaWao1ENdNRw5VKjYg1Pu3qT5uu//BTGdh/QM6ePy9j5+Ls53MB5wPcXFjs58LiYM6N/VxYHMyFxX4uLA7m3NjPhcXBnBv7ubA4mAuL/VxYHMy5sZ8Li4O5sNjPhcXBnBv7ubA4mAuL/VxYHMy5sZ8Li4O5sNjPhcXBnBv7ubA4mHNjPxcWB3NhsZ8Li4M5N/ZzYXEwFxb7ubA4mHNjPxcWB3NhsZ8Li4M5N/ZzYXEwFxb7ubA4mHNjPxcWB3Nu7OfC4mAuLPZzYXEw58Z+LiwO5sJiPxcWB3Nu7OfC4mAuLPZzYXEw58Z+LiwO5sJiPxcWB3Nu7OfC4mDOjf1cWBzMhcV+LiwO5tzYz4XFwVxY7OfC4mDOjf1cWBzMhcV+LiwO5tzYz4XFwVxY7OfC4mDOjf1cWBzMubGfC4uDubDYz4XFwZwb+7mwOJgLi/1cWBzMubGfC4uDubDYz4XFwZwb+7mwOJgLi/1cWBzMubGfC4uDOTf2c2FxMBcW+7mwOJhzYz8XFgdzYbGfC4uDOTf2c2FxMBcW+7mwOJhzYz8XFgdzYbGfC4uDOTf2c2FxMOfGfi4sDubCYj8XFgdzbuznwuJgLiz2c2FxMOfGfi4sDubCYj8XFgdzbuznwuJgLiz2c2FxMOfGfi4sDubc2M+FxcFcWOznwuJgzo39XFgczIXFfi4sDubc2M+FxcFcWOznwuJgzo39XFgczIXFfi4sDubc2M+FxcGcG/u5sDiYC4v9XFgczLmxnwuLg7mw2M+FxcGcG/u5sDiYC4v9XFgczLmxnwuLg7mw2M+FxcGcG/u5sDiYc2M/FxYHc2GxnwuLgzk39nNhcTAXFvu5sDiYc2M/FxYHc2GxnwuLgzk39nNhcTAXFvu5sDiYc2M/FxYHc27s58LiYC4s9nNhcTDnxn4uLA7mwmI/93VxxJqfEw3QT2Rg/9BXGqDBhQEAAAAAAAAAAAAgU3kN0LWvx5ug739AAxQAAAAAAAAAAADA5Suy9rV1sva1t2mAAgAAAAAAAAAAALjsRf7x6lti7CrQ99Z/LP37aIACAAAAAAAAAAAAuDxF/r72TTF2Feh76zfQAAUAAAAAAAAAAABw2Yq8svYNMXYV6Ls0QAEAAAAAAAAAAABcxiIv//2fYuwq0Hfe3yD9g0MXmp80QAEAAAAAAAAAAABcTiJ/e+V1MXYV6Lr3PpK9AzRAAQAAAAAAAAAAAFyeIn99+TUxL//jDVn37oeyd2A/DVAAAAAAAAAAAAAAl6XIX15+VYzdBpcGKAAAAAAAAAAAAIDLWeTPf1srxm6D+/Y7H0hfPw1QAAAAAAAAAAAAAJenyEt/jTdA7Ta4fgP0zFkaoAAAAAAAAAAAAAAuP5GX/vIPsSaoNUDfWrde+vr3eQ1Qvwl6ViVaEAAAAAAAAAAAAAAyTeRPf/671wC154B+pQGqaIACAAAAAAAAAAAAuFxE/vjSK2JXgQZvgevf/pYrQAEAAAAAAAAAAABcTiJ/eOllsatA//bK67LuvQ+lf3C/99zPoEQLAgAAAAAAAAAAAECmifz+T8EG6EdfaYCeG58RAAAAAAAAAAAAADJd5Pd//JvYbXDtFriJrgClAQoAAAAAAAAAAADgchF5kQYoAAAAAAAAAAAAgCvExRug5+LTRAsCAAAAAAAAAAAAQKb5cgP03YkG6Ni5OBqgAAAAAAAAAAAAAC4XXgP0Dy+9TAMUAAAAAAAAAAAAwGUv8uIf/uo1QP/y8quy7t0PZO8ADVAAAAAAAAAAAAAAl6cvNUDffidBA1QlWhAAAAAAAAAAAAAAMs2FBuif/7b2Kw3QM2dpgAIAAAAAAAAAAAC4fHgN0N//iQYoAAAAAAAAAAAAgMtf5He//wsNUAAAAAAAAAAAAABXBKcBul72DuzzGqB
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d00ae11-0b5c-41ac-9833-4916950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T07:48:23.000Z",
|
||
|
"modified": "2019-06-12T07:48:23.000Z",
|
||
|
"description": "C2",
|
||
|
"pattern": "[url:value = 'http://185.82.202.240/ttryeJte76.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-06-12T07:48:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"kill-chain:Command and Control"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d00a3f8-9638-4961-8a3d-7f9f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T07:04:24.000Z",
|
||
|
"modified": "2019-06-12T07:04:24.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c' AND file:name = 'IMF Registration Form.doc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-06-12T07:04:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d00ab99-cac0-4996-88c5-45f2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T07:47:05.000Z",
|
||
|
"modified": "2019-06-12T07:47:05.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd26333ce8c760e3122c1537ace5b4c9d28bfb71989601e5267a5a499356bbd53' AND file:name = 'pKio.vbE' AND file:parent_directory_ref.path = 'C:\\\\Users<username>\\\\AppData\\\\Roaming\\\\MicroSoft\\\\winDowS\\\\StArt mEnU\\\\pRogRaMS\\\\StaRtuP\\\\' AND file:x_misp_fullpath = 'C:\\\\Users<username>\\\\AppData\\\\Roaming\\\\MicroSoft\\\\winDowS\\\\StArt mEnU\\\\pRogRaMS\\\\StaRtuP\\\\pKio.vbE']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-06-12T07:47:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d00ac61-6384-430f-9a79-7f59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T07:40:17.000Z",
|
||
|
"modified": "2019-06-12T07:40:17.000Z",
|
||
|
"pattern": "[file:name = 'p0pc0rn.tx' AND file:parent_directory_ref.path = 'C:<username>\\\\Public\\\\' AND file:x_misp_fullpath = 'C:<username>\\\\Public\\\\p0pc0rn.tx']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-06-12T07:40:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--de24d809-f7d2-43cb-834f-4cfdc17da71b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T12:43:13.000Z",
|
||
|
"modified": "2019-06-12T12:43:13.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3eb23bc84083e252549e47dbd65b1f8f' AND file:hashes.SHA1 = '8ffdd130ec61f31e04d29a87500f52e44236ee9c' AND file:hashes.SHA256 = 'd9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-06-12T12:43:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8a7bf1e7-288c-4392-8334-d291846cd5df",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T12:43:13.000Z",
|
||
|
"modified": "2019-06-12T12:43:13.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-06-12T01:59:03",
|
||
|
"category": "Other",
|
||
|
"uuid": "d0f112fa-759b-4981-9f85-7114d0d4f9c4"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c/analysis/1560304743/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "0aedafa8-c70b-4b43-b904-02dbc336f702"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "4/57",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "a334e3d0-99df-495a-9c08-6687e7eb56e9"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f961a3dc-041c-4443-b6d2-5777e128b264",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T12:43:13.000Z",
|
||
|
"modified": "2019-06-12T12:43:13.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd7b0eb2f80f415b3171651903ae74a03' AND file:hashes.SHA1 = 'bf4fa31705bc0c9bad70def01f8fd3075046ef79' AND file:hashes.SHA256 = 'd26333ce8c760e3122c1537ace5b4c9d28bfb71989601e5267a5a499356bbd53']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-06-12T12:43:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--77f080dd-8ce0-4570-8bb4-cfd5cb678dbd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-06-12T12:43:13.000Z",
|
||
|
"modified": "2019-06-12T12:43:13.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-06-12T06:58:55",
|
||
|
"category": "Other",
|
||
|
"uuid": "2363404d-5f20-48f0-a0f2-dd6db63724b5"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/d26333ce8c760e3122c1537ace5b4c9d28bfb71989601e5267a5a499356bbd53/analysis/1560322735/",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "cef83eae-b455-4246-b57c-b95dc50228d5"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "6/57",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "09abaac7-4564-46bb-9fe7-bffb8f6ee976"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c679d759-d8f9-49ac-9173-694182d8c42a",
|
||
|
"created": "2019-06-12T12:43:13.000Z",
|
||
|
"modified": "2019-06-12T12:43:13.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--de24d809-f7d2-43cb-834f-4cfdc17da71b",
|
||
|
"target_ref": "x-misp-object--8a7bf1e7-288c-4392-8334-d291846cd5df"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--24c0c61f-a4b7-4710-91b7-9db9c9b34827",
|
||
|
"created": "2019-06-12T12:43:13.000Z",
|
||
|
"modified": "2019-06-12T12:43:13.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--f961a3dc-041c-4443-b6d2-5777e128b264",
|
||
|
"target_ref": "x-misp-object--77f080dd-8ce0-4570-8bb4-cfd5cb678dbd"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|