1992 lines
86 KiB
JSON
1992 lines
86 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5e7a18bc-abe8-4fc7-ab5f-4ae1950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:40:42.000Z",
|
||
|
"modified": "2020-03-24T14:40:42.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5e7a18bc-abe8-4fc7-ab5f-4ae1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:40:42.000Z",
|
||
|
"modified": "2020-03-24T14:40:42.000Z",
|
||
|
"name": "OSINT - Pivot from IP address (105.235.129.138) where the C2 was running",
|
||
|
"published": "2020-03-24T14:40:54Z",
|
||
|
"object_refs": [
|
||
|
"indicator--5e7a1968-b19c-41dd-b781-1930950d210f",
|
||
|
"indicator--5e7a19d5-45b4-4bea-bf5b-46ca950d210f",
|
||
|
"indicator--5e7a19d6-db94-4f91-82bf-490f950d210f",
|
||
|
"indicator--5e7a19d6-ae7c-4818-b93d-43d8950d210f",
|
||
|
"indicator--5e7a19d6-9eb0-4d30-89ed-4df2950d210f",
|
||
|
"indicator--5e7a19d6-cb24-46b0-b1c7-47d3950d210f",
|
||
|
"indicator--5e7a19d6-4c30-46e5-b66b-4555950d210f",
|
||
|
"indicator--5e7a19d6-9cdc-4f5b-813a-41a8950d210f",
|
||
|
"indicator--5e7a19d6-ccf8-4693-bdd8-4005950d210f",
|
||
|
"indicator--5e7a19d6-5a70-4037-8f86-42e0950d210f",
|
||
|
"indicator--5e7a19d6-8680-4702-84c5-4a82950d210f",
|
||
|
"indicator--5e7a19d6-633c-441c-9fe9-4f14950d210f",
|
||
|
"indicator--5e7a19d6-c98c-4a7a-9b89-4f0a950d210f",
|
||
|
"indicator--5e7a19d6-429c-4715-bb1f-479e950d210f",
|
||
|
"indicator--5e7a19d6-9928-4b34-8fd0-4769950d210f",
|
||
|
"indicator--5e7a19d6-5950-44c9-8eca-4718950d210f",
|
||
|
"indicator--5e7a19d6-21fc-4005-8088-4fc2950d210f",
|
||
|
"indicator--5e7a19d6-66c4-4a2f-bfd2-4894950d210f",
|
||
|
"indicator--5e7a19d6-8bcc-4f0f-bda9-4e54950d210f",
|
||
|
"indicator--5e7a19d6-0770-4af0-97b4-466e950d210f",
|
||
|
"indicator--f76a681a-8320-432a-971c-d6af19b497f8",
|
||
|
"x-misp-object--432f1504-8445-4a8e-a7eb-883ba6b0b52e",
|
||
|
"indicator--5d9c7cce-7ad2-4479-9ab0-8d1e0cafc544",
|
||
|
"x-misp-object--25a1e4ec-1fef-4774-8c69-eff8d494e892",
|
||
|
"indicator--204301ea-d686-4d16-9981-9bd004e4afb8",
|
||
|
"x-misp-object--b5b7c881-daec-4fc8-a43b-83344548d6e4",
|
||
|
"indicator--3d55c00e-a69f-4227-bf8c-7566418430b8",
|
||
|
"x-misp-object--75899f14-fde0-470c-8a97-73d10c6228e5",
|
||
|
"indicator--20d43fe6-f333-4e0a-b4e5-bed417807b67",
|
||
|
"x-misp-object--1b7e0ae2-7040-4243-b455-426833f0610e",
|
||
|
"indicator--8b47a154-fc00-4edf-b90a-d03cf5552b95",
|
||
|
"x-misp-object--e13e2f5a-e8b3-4115-9d02-ef2c09335cba",
|
||
|
"indicator--ec2159c6-1e9d-42eb-8d30-4c324682727f",
|
||
|
"x-misp-object--0fb8dde5-db9d-4325-ab53-0e7404037f2f",
|
||
|
"indicator--d348d543-7258-4136-9561-fdcb09094cf8",
|
||
|
"x-misp-object--77435506-8369-4930-8582-b36ca661fd4e",
|
||
|
"indicator--d99b5879-0d8e-4974-bdcd-7d07cda14e8f",
|
||
|
"x-misp-object--e15b15b3-8717-4f39-8320-50589c8c41c0",
|
||
|
"indicator--3db629ff-cb1a-4e1b-800d-7d569005b015",
|
||
|
"x-misp-object--77febe5a-7f90-45b1-bb57-1d99f458fd78",
|
||
|
"indicator--71633f2d-548f-4a5c-9d94-977cc1e9d480",
|
||
|
"x-misp-object--15954897-e5fa-466a-a676-a421b2523bf2",
|
||
|
"indicator--e573e735-58a3-45d0-9238-b5b61723b376",
|
||
|
"x-misp-object--e5cec23a-f3eb-4505-9acb-c7384f488c9d",
|
||
|
"indicator--b8fe9dc2-a017-44f3-8c66-4b75c18b2a7c",
|
||
|
"x-misp-object--0c2996b2-a4d4-428f-833e-c9d476cd0084",
|
||
|
"indicator--37b61c47-5345-472c-ad8a-7c42424eec35",
|
||
|
"x-misp-object--19556fee-a174-4697-ba43-73fde89f550f",
|
||
|
"indicator--bb5ff5a6-c9da-4e5d-8c82-8236abfb7b4e",
|
||
|
"x-misp-object--361058b9-f2cc-485c-bbc9-43c08acfb535",
|
||
|
"indicator--e1d45267-77c9-4a93-b863-269ae13a7ffa",
|
||
|
"x-misp-object--3a343bcb-20bf-408c-b484-25366a9999c7",
|
||
|
"indicator--61187cb2-d89c-4480-8d84-b2058c6fc2c8",
|
||
|
"x-misp-object--67e97413-2f49-4d8a-8596-90b2ab38a09e",
|
||
|
"indicator--1c206342-00ee-4a05-9851-d871a7fb36f9",
|
||
|
"x-misp-object--6e46b743-a59f-44fc-8758-aac9654faf1a",
|
||
|
"indicator--ce558851-5e8d-4e60-b5b1-ec8f05d36c21",
|
||
|
"x-misp-object--4e863807-bb6e-4a10-9602-84f289931607",
|
||
|
"relationship--3a484d79-db1e-48e4-a982-81efdc96d369",
|
||
|
"relationship--f75fa875-8dd4-4242-9742-a8432a3e3102",
|
||
|
"relationship--c397af3a-097c-406a-b3aa-48aa11ed253c",
|
||
|
"relationship--c386759f-9f8f-4467-a37b-6792576020fc",
|
||
|
"relationship--258be5fa-a025-4565-9bde-1aff51739ac2",
|
||
|
"relationship--a4392dee-e6ae-4b99-9378-e80eb200af2a",
|
||
|
"relationship--4d363402-40b2-4d30-bbef-0569454bc3e6",
|
||
|
"relationship--3895ee53-e6a7-40b1-892b-d0f4ada1dab3",
|
||
|
"relationship--f0becd62-5e0d-4196-9e1e-5fc48f8356be",
|
||
|
"relationship--3dd8546a-4c74-4b66-9825-b01fe194c4ef",
|
||
|
"relationship--05ff30b5-8cec-45cc-80c5-3a5b3a1184a5",
|
||
|
"relationship--d519bb2c-e2cc-47de-9cb3-80ec3ced44b8",
|
||
|
"relationship--01ef6b3c-811d-40d5-826e-e80f8463c29c",
|
||
|
"relationship--776507a6-84b7-4406-8d07-c4cc506b016e",
|
||
|
"relationship--4d5c2716-67a6-4416-877c-c5e13ecd6851",
|
||
|
"relationship--dcf672eb-7d0e-4c63-a3d9-ffad0c329b3b",
|
||
|
"relationship--1bd6cdb6-10cc-4d47-b881-3641bffae9c5",
|
||
|
"relationship--2786492d-5826-4742-ba5b-be491c4c4bc7",
|
||
|
"relationship--58d8564d-99c8-4d1e-a6e2-bafed95052f4"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a1968-b19c-41dd-b781-1930950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:30:00.000Z",
|
||
|
"modified": "2020-03-24T14:30:00.000Z",
|
||
|
"description": "C2 seen in RevengeRAT",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '105.235.129.138']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:30:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d5-45b4-4bea-bf5b-46ca950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:49.000Z",
|
||
|
"modified": "2020-03-24T14:31:49.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '44a072d0d5f531d245f1d4afdd698045']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-db94-4f91-82bf-490f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '491576d3fa9656a2e7dfb04853054d20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-ae7c-4818-b93d-43d8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = 'dfb087fc27d6ae637dfe9dc5815f8d69']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-9eb0-4d30-89ed-4df2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = 'e64bd29b1927aed005addefe3a67f4c0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-cb24-46b0-b1c7-47d3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '82ea81845bf0e7da6cde6ce688a27e93']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-4c30-46e5-b66b-4555950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = 'c93e9d4ebc7cd210003ada07c7bf08b6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-9cdc-4f5b-813a-41a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '725e847eca66f9fd882239a73ae066d1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-ccf8-4693-bdd8-4005950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '53d4d4cc977362c09fd466bb676567c8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-5a70-4037-8f86-42e0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '38881d950eb4269b047ff95f2f5c1ba3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-8680-4702-84c5-4a82950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '3bf3208b13b3fa71fed6e982ea97ba24']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-633c-441c-9fe9-4f14950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = 'd08e5af0738841307d920b0da3fea555']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-c98c-4a7a-9b89-4f0a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '3ed826708dd257795420951450b3986c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-429c-4715-bb1f-479e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '4e713b040bd5fcf38533c4fbab817a0a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-9928-4b34-8fd0-4769950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '2c323b2676106a7d1952cb8a2765b307']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-5950-44c9-8eca-4718950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '7434cdc8b2e9b33d195a38ce795a06e5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-21fc-4005-8088-4fc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '3019d4ae2c559ac4dbf531acfc3fa780']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-66c4-4a2f-bfd2-4894950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = 'fea3e01abc57cef587c2383d488fd98a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-8bcc-4f0f-bda9-4e54950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = '34a485d7ab1c84b0f925e88b008b2c53']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e7a19d6-0770-4af0-97b4-466e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:31:50.000Z",
|
||
|
"modified": "2020-03-24T14:31:50.000Z",
|
||
|
"description": "RiskIQ expansion",
|
||
|
"pattern": "[file:hashes.MD5 = 'fbebccbe2a1665199b46dcb21634b71d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:31:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f76a681a-8320-432a-971c-d6af19b497f8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:19.000Z",
|
||
|
"modified": "2020-03-24T14:36:19.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '53d4d4cc977362c09fd466bb676567c8' AND file:hashes.SHA1 = '721ca63682c4a34c86585f80eceead43f20e10f3' AND file:hashes.SHA256 = '5e94b03664c3674f3eab1e750ffde61d3d21d938ec0ce21f6f64bc9362aeb084']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--432f1504-8445-4a8e-a7eb-883ba6b0b52e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:20.000Z",
|
||
|
"modified": "2020-03-24T14:36:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-24T11:50:00+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "5f231374-0e4a-4514-be39-783f8a1b4464"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/5e94b03664c3674f3eab1e750ffde61d3d21d938ec0ce21f6f64bc9362aeb084/analysis/1585050600/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "89498e6d-c95c-4e50-b58c-e2d0cca2693a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "53/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "d7592b9e-6331-45ce-beb8-8cc626a54caa"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d9c7cce-7ad2-4479-9ab0-8d1e0cafc544",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:20.000Z",
|
||
|
"modified": "2020-03-24T14:36:20.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '38881d950eb4269b047ff95f2f5c1ba3' AND file:hashes.SHA1 = 'd3fb78a1ae45330b4b7231559b9c7aa81b19904c' AND file:hashes.SHA256 = '6432378da1a760f6eb9e3a02eda5433a91f3dc056948269c04a8cfae0c7831f0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--25a1e4ec-1fef-4774-8c69-eff8d494e892",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:20.000Z",
|
||
|
"modified": "2020-03-24T14:36:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-20T02:24:25+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "6e37e8c5-9059-4d5e-bbc3-0cc82ed3bbff"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6432378da1a760f6eb9e3a02eda5433a91f3dc056948269c04a8cfae0c7831f0/analysis/1584671065/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "a724a99b-4bd6-4c12-9e8a-b52b4d287fa4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/72",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "e779adf9-1b7c-4cb4-8502-7336b868f2d4"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--204301ea-d686-4d16-9981-9bd004e4afb8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:20.000Z",
|
||
|
"modified": "2020-03-24T14:36:20.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '491576d3fa9656a2e7dfb04853054d20' AND file:hashes.SHA1 = '1ee3b37f196d0d94634fb89e4298ebbe014b3da1' AND file:hashes.SHA256 = '053aea685891f94d757153fea5829ab89fe2d09007c584bd4bac62c65ec801ed']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b5b7c881-daec-4fc8-a43b-83344548d6e4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:20.000Z",
|
||
|
"modified": "2020-03-24T14:36:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-20T02:16:41+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "745bd7e6-3eb9-4957-9607-06b572104230"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/053aea685891f94d757153fea5829ab89fe2d09007c584bd4bac62c65ec801ed/analysis/1584670601/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "95751986-8055-4a4e-801c-32aebe01deca"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "46/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "1cbd68b1-86bc-4435-90f5-c7e2032539c7"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3d55c00e-a69f-4227-bf8c-7566418430b8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:21.000Z",
|
||
|
"modified": "2020-03-24T14:36:21.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fea3e01abc57cef587c2383d488fd98a' AND file:hashes.SHA1 = '5ca083ae368e9848c7f5602f09dea1cac2d2c05d' AND file:hashes.SHA256 = 'be5d07b405aea2c17b26ecb4cea2ce64c6a996019768d5334d5e3ebf90818b52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--75899f14-fde0-470c-8a97-73d10c6228e5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:21.000Z",
|
||
|
"modified": "2020-03-24T14:36:21.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-16T10:09:04+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "36e4c74d-c95f-4143-98ed-349fb82b09e2"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/be5d07b405aea2c17b26ecb4cea2ce64c6a996019768d5334d5e3ebf90818b52/analysis/1584353344/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "df067739-59cd-49e0-a319-9e895e7e3126"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "0/63",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "538c3ff0-a3c5-415b-91b2-4a144decdf7f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--20d43fe6-f333-4e0a-b4e5-bed417807b67",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:21.000Z",
|
||
|
"modified": "2020-03-24T14:36:21.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2c323b2676106a7d1952cb8a2765b307' AND file:hashes.SHA1 = '68314c818b251aa2034675cd2b62db14a392a3de' AND file:hashes.SHA256 = '6b322007395cfdf163596e62575c52f0123c5f4a8b49407f8d4364b44299d5d1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--1b7e0ae2-7040-4243-b455-426833f0610e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:21.000Z",
|
||
|
"modified": "2020-03-24T14:36:21.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-19T07:13:21+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "21ab625b-6023-433b-8272-fdc79cd8298d"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6b322007395cfdf163596e62575c52f0123c5f4a8b49407f8d4364b44299d5d1/analysis/1584602001/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "1392c9fd-c405-49c1-bf03-e29b05ca4874"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "43/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "cd124ee7-363e-4d68-bb19-826e9904898d"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8b47a154-fc00-4edf-b90a-d03cf5552b95",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:21.000Z",
|
||
|
"modified": "2020-03-24T14:36:21.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7434cdc8b2e9b33d195a38ce795a06e5' AND file:hashes.SHA1 = '2544b6f5ed98151d36d466d2377897703c85a12e' AND file:hashes.SHA256 = 'fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e13e2f5a-e8b3-4115-9d02-ef2c09335cba",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:22.000Z",
|
||
|
"modified": "2020-03-24T14:36:22.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-17T09:22:54+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "2e407895-02cf-4b56-8578-bb6b1fb3b623"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9/analysis/1584436974/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "51adb1f2-d3f3-4fd6-b02f-1dbb6961a9ef"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "43/72",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "b567561e-685a-4290-be4b-704c6179c4fd"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ec2159c6-1e9d-42eb-8d30-4c324682727f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:22.000Z",
|
||
|
"modified": "2020-03-24T14:36:22.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'fbebccbe2a1665199b46dcb21634b71d' AND file:hashes.SHA1 = 'bbb1d9b5468b16c8f27ae43fbf0f4ef3f7ddbff7' AND file:hashes.SHA256 = '846f37da180b23f1e5a314fcf9d3804ea398ce6eead594bcff614f1384160c57']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--0fb8dde5-db9d-4325-ab53-0e7404037f2f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:22.000Z",
|
||
|
"modified": "2020-03-24T14:36:22.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-19T06:13:08+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "fe997fa5-c948-4956-98cd-eb0093018b05"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/846f37da180b23f1e5a314fcf9d3804ea398ce6eead594bcff614f1384160c57/analysis/1584598388/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "4c98e2a0-64e3-4aa8-b3d9-b99a68c8d6c2"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "48/72",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "ba9b9f51-e769-433e-906d-1d453778e5e8"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d348d543-7258-4136-9561-fdcb09094cf8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:22.000Z",
|
||
|
"modified": "2020-03-24T14:36:22.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e64bd29b1927aed005addefe3a67f4c0' AND file:hashes.SHA1 = '83c0bd612bb435245cb6f76b0ba18c1d4450c9ef' AND file:hashes.SHA256 = '33e8487c8a72debf50a23376a9127cba419f9515fb053dd24d2c0ed302243318']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--77435506-8369-4930-8582-b36ca661fd4e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:22.000Z",
|
||
|
"modified": "2020-03-24T14:36:22.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-19T02:57:26+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "773fd8e1-786e-4223-8547-ec28c332ff54"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/33e8487c8a72debf50a23376a9127cba419f9515fb053dd24d2c0ed302243318/analysis/1584586646/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "e8dffea3-5df3-410a-b59c-2e77155aeb64"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "46/72",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "e7aa7dac-d23f-49e1-92d9-6acd8ed7c04a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d99b5879-0d8e-4974-bdcd-7d07cda14e8f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:22.000Z",
|
||
|
"modified": "2020-03-24T14:36:22.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'dfb087fc27d6ae637dfe9dc5815f8d69' AND file:hashes.SHA1 = 'f04c5549d76d04869e1b0bf9955dfc3f00cab8ff' AND file:hashes.SHA256 = '69999d817290dc8211d359cd719de6b3c440f99b9ab84c34ce4ab405a1f5135e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e15b15b3-8717-4f39-8320-50589c8c41c0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:23.000Z",
|
||
|
"modified": "2020-03-24T14:36:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-20T02:00:30+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "10d6e461-b479-4b0a-8dd7-add503d19e24"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/69999d817290dc8211d359cd719de6b3c440f99b9ab84c34ce4ab405a1f5135e/analysis/1584669630/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "a7ce8ed8-f56c-4376-b1c1-83eee0b11383"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "48/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "fdf47deb-a49b-4af3-bcd9-fc69f254411f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3db629ff-cb1a-4e1b-800d-7d569005b015",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:23.000Z",
|
||
|
"modified": "2020-03-24T14:36:23.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd08e5af0738841307d920b0da3fea555' AND file:hashes.SHA1 = '044c07dc58da47445dcb1b7bcbe35896fcda6403' AND file:hashes.SHA256 = '7bf85eaa32be3f39c824168cbef850dfe17914b84078930ddc0fe6c1691ae29b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--77febe5a-7f90-45b1-bb57-1d99f458fd78",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:23.000Z",
|
||
|
"modified": "2020-03-24T14:36:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-21T18:00:18+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "67184b05-f8ca-4e1c-bd15-0a054e3933d6"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/7bf85eaa32be3f39c824168cbef850dfe17914b84078930ddc0fe6c1691ae29b/analysis/1584813618/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "b40be2fd-3ba1-416d-a95e-fb571d8982bb"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "12/59",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "5771d627-a23b-4abb-9698-e68c3fb6938c"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--71633f2d-548f-4a5c-9d94-977cc1e9d480",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:23.000Z",
|
||
|
"modified": "2020-03-24T14:36:23.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3019d4ae2c559ac4dbf531acfc3fa780' AND file:hashes.SHA1 = '816394af6c74dfd85c493ed8e440679531ff3f40' AND file:hashes.SHA256 = 'ac01b105cd96549cb4360e3a919624c1fff57aa902cb897042ff8b8a19b20007']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--15954897-e5fa-466a-a676-a421b2523bf2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:23.000Z",
|
||
|
"modified": "2020-03-24T14:36:23.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-19T11:41:15+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "a520da6f-3020-4c98-b9e6-f053eb84cb4b"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/ac01b105cd96549cb4360e3a919624c1fff57aa902cb897042ff8b8a19b20007/analysis/1584618075/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "6b332797-ea40-4337-8bde-696c7b046655"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "44/72",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "4128d7ae-ab72-422e-a107-f96eea3f5c26"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e573e735-58a3-45d0-9238-b5b61723b376",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:23.000Z",
|
||
|
"modified": "2020-03-24T14:36:23.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '82ea81845bf0e7da6cde6ce688a27e93' AND file:hashes.SHA1 = 'eab91506996ca7061e689d8197c8c70aae446a69' AND file:hashes.SHA256 = '06bf3044c702c820aca25ece35cf76d13df0d806d164df573a89f0b9d08132f1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e5cec23a-f3eb-4505-9acb-c7384f488c9d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:24.000Z",
|
||
|
"modified": "2020-03-24T14:36:24.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-19T03:15:13+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "03248e8c-ea25-4566-80dd-f03426f010e1"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/06bf3044c702c820aca25ece35cf76d13df0d806d164df573a89f0b9d08132f1/analysis/1584587713/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "24c8a319-1dcc-4f4a-a930-ee04e90a8d47"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "44/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "c30c27f5-ba27-4ca9-abcb-56bc025a4a06"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b8fe9dc2-a017-44f3-8c66-4b75c18b2a7c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:24.000Z",
|
||
|
"modified": "2020-03-24T14:36:24.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '4e713b040bd5fcf38533c4fbab817a0a' AND file:hashes.SHA1 = 'd35eb5ca2ca01f2aaac9dc4357743fdca3682738' AND file:hashes.SHA256 = '44b6bea1d0693d6c08b3a9c10f06c58bafc4bc43460b4416c213844fe287bae8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--0c2996b2-a4d4-428f-833e-c9d476cd0084",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:24.000Z",
|
||
|
"modified": "2020-03-24T14:36:24.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-24T00:05:29+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "e7ac84b1-17c8-4a22-a72f-2c76aa531f56"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/44b6bea1d0693d6c08b3a9c10f06c58bafc4bc43460b4416c213844fe287bae8/analysis/1585008329/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "54298460-16af-411e-90ae-762601c54e3d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "10/59",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "ee1f6192-aba9-42c5-8fbb-d986260fc8c9"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--37b61c47-5345-472c-ad8a-7c42424eec35",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:24.000Z",
|
||
|
"modified": "2020-03-24T14:36:24.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3ed826708dd257795420951450b3986c' AND file:hashes.SHA1 = 'b8a684cdb0c36b4a9c11964c014bad3dff0b2edf' AND file:hashes.SHA256 = '6ff34f66d54e8e349f9ec9b05a2d8ffb80aa46f1c7ee2cf51d296248d53cf89e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--19556fee-a174-4697-ba43-73fde89f550f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:24.000Z",
|
||
|
"modified": "2020-03-24T14:36:24.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-18T11:29:12+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "8c9ab266-ff62-4bc7-b637-4008e6a655df"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6ff34f66d54e8e349f9ec9b05a2d8ffb80aa46f1c7ee2cf51d296248d53cf89e/analysis/1584530952/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "8af7f63d-1803-494d-81a1-040696c2d19e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "48/72",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "a9e2d709-645d-440c-ae02-f70d149a7472"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bb5ff5a6-c9da-4e5d-8c82-8236abfb7b4e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:24.000Z",
|
||
|
"modified": "2020-03-24T14:36:24.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '34a485d7ab1c84b0f925e88b008b2c53' AND file:hashes.SHA1 = 'a457431bb958e563c182ab2804301f66fbb9ca9c' AND file:hashes.SHA256 = '656053240832a63cdd1ae2cffcf2231a0f6ee7406091cedcb94116b594849dbf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--361058b9-f2cc-485c-bbc9-43c08acfb535",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:25.000Z",
|
||
|
"modified": "2020-03-24T14:36:25.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-19T04:01:50+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "0780afcf-eb32-427d-abc2-c02c8814499a"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/656053240832a63cdd1ae2cffcf2231a0f6ee7406091cedcb94116b594849dbf/analysis/1584590510/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "d78a64e4-4c72-4413-9953-e15c791a3f06"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "1336d755-3294-402b-b66c-3c0d53aca083"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e1d45267-77c9-4a93-b863-269ae13a7ffa",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:25.000Z",
|
||
|
"modified": "2020-03-24T14:36:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c93e9d4ebc7cd210003ada07c7bf08b6' AND file:hashes.SHA1 = 'd81738892dca1a6823da27d886bbdb9f242b3584' AND file:hashes.SHA256 = 'eef8248e20dfa95ac1ceb46bfffd4126d238cd5c244fead8c0991014ffa436f1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--3a343bcb-20bf-408c-b484-25366a9999c7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:25.000Z",
|
||
|
"modified": "2020-03-24T14:36:25.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-19T06:30:09+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "a85dd139-a53d-4e31-9303-0af17f9813ad"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/eef8248e20dfa95ac1ceb46bfffd4126d238cd5c244fead8c0991014ffa436f1/analysis/1584599409/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "fd4d8529-aad6-4c6c-a525-a3028116a68f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "47/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "07f81196-2184-49fd-912f-775ccfe96d85"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--61187cb2-d89c-4480-8d84-b2058c6fc2c8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:25.000Z",
|
||
|
"modified": "2020-03-24T14:36:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '725e847eca66f9fd882239a73ae066d1' AND file:hashes.SHA1 = 'abbbe10e3c6e5ed480a0743c540dbaba62ecaaf6' AND file:hashes.SHA256 = '1d20fca6089bb0f967b4d2b203eee43ae0d9f2d52417d608fb886be8e68dfa92']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--67e97413-2f49-4d8a-8596-90b2ab38a09e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:25.000Z",
|
||
|
"modified": "2020-03-24T14:36:25.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-16T23:04:04+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "f5559fd0-febb-4cac-9909-f4d1845e4e66"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/1d20fca6089bb0f967b4d2b203eee43ae0d9f2d52417d608fb886be8e68dfa92/analysis/1584399844/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "3e881f65-866c-44e4-a7e4-edcb939fe9d8"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "32/71",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "3ce3c86a-6fd5-493e-a0bb-383a1cbefa7a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1c206342-00ee-4a05-9851-d871a7fb36f9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:25.000Z",
|
||
|
"modified": "2020-03-24T14:36:25.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '44a072d0d5f531d245f1d4afdd698045' AND file:hashes.SHA1 = '1a81675040a7ce679d7802695245a8ea8e6424d3' AND file:hashes.SHA256 = '451e4d4584232f3bce46b448ca6ab1c8210276bfbebd8d254709503c80c960f3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--6e46b743-a59f-44fc-8758-aac9654faf1a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-20T07:01:30+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "f47dd028-cfad-4077-a4e1-5e92d52211cc"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/451e4d4584232f3bce46b448ca6ab1c8210276bfbebd8d254709503c80c960f3/analysis/1584687690/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "20376095-8886-4d92-91ea-60f1cdacba66"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/73",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "bcdd319a-3ca2-45ad-9ee9-363e55714592"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ce558851-5e8d-4e60-b5b1-ec8f05d36c21",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '3bf3208b13b3fa71fed6e982ea97ba24' AND file:hashes.SHA1 = 'ab78a81c43b153153de83f432608f8f2e6578341' AND file:hashes.SHA256 = 'fe1e416fced8f9557f471531c3b7f965d73606f6102e5a339e40237865d60eb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-03-24T14:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--4e863807-bb6e-4a10-9602-84f289931607",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2020-03-20T07:25:15+00:00",
|
||
|
"category": "Other",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "8e711621-0a71-4ff2-b05a-e3c952828408"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/fe1e416fced8f9557f471531c3b7f965d73606f6102e5a339e40237865d60eb4/analysis/1584689115/",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "199c4dd0-2fa2-4a6e-9b3f-83c7c529f938"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "46/71",
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "RiskIQ expansion",
|
||
|
"uuid": "ed6d16cd-57d4-45bf-a05c-a66f5fe8c8eb"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--3a484d79-db1e-48e4-a982-81efdc96d369",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--f76a681a-8320-432a-971c-d6af19b497f8",
|
||
|
"target_ref": "x-misp-object--432f1504-8445-4a8e-a7eb-883ba6b0b52e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f75fa875-8dd4-4242-9742-a8432a3e3102",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--5d9c7cce-7ad2-4479-9ab0-8d1e0cafc544",
|
||
|
"target_ref": "x-misp-object--25a1e4ec-1fef-4774-8c69-eff8d494e892"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c397af3a-097c-406a-b3aa-48aa11ed253c",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--204301ea-d686-4d16-9981-9bd004e4afb8",
|
||
|
"target_ref": "x-misp-object--b5b7c881-daec-4fc8-a43b-83344548d6e4"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c386759f-9f8f-4467-a37b-6792576020fc",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--3d55c00e-a69f-4227-bf8c-7566418430b8",
|
||
|
"target_ref": "x-misp-object--75899f14-fde0-470c-8a97-73d10c6228e5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--258be5fa-a025-4565-9bde-1aff51739ac2",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--20d43fe6-f333-4e0a-b4e5-bed417807b67",
|
||
|
"target_ref": "x-misp-object--1b7e0ae2-7040-4243-b455-426833f0610e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a4392dee-e6ae-4b99-9378-e80eb200af2a",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--8b47a154-fc00-4edf-b90a-d03cf5552b95",
|
||
|
"target_ref": "x-misp-object--e13e2f5a-e8b3-4115-9d02-ef2c09335cba"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4d363402-40b2-4d30-bbef-0569454bc3e6",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ec2159c6-1e9d-42eb-8d30-4c324682727f",
|
||
|
"target_ref": "x-misp-object--0fb8dde5-db9d-4325-ab53-0e7404037f2f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--3895ee53-e6a7-40b1-892b-d0f4ada1dab3",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--d348d543-7258-4136-9561-fdcb09094cf8",
|
||
|
"target_ref": "x-misp-object--77435506-8369-4930-8582-b36ca661fd4e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f0becd62-5e0d-4196-9e1e-5fc48f8356be",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--d99b5879-0d8e-4974-bdcd-7d07cda14e8f",
|
||
|
"target_ref": "x-misp-object--e15b15b3-8717-4f39-8320-50589c8c41c0"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--3dd8546a-4c74-4b66-9825-b01fe194c4ef",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--3db629ff-cb1a-4e1b-800d-7d569005b015",
|
||
|
"target_ref": "x-misp-object--77febe5a-7f90-45b1-bb57-1d99f458fd78"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--05ff30b5-8cec-45cc-80c5-3a5b3a1184a5",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--71633f2d-548f-4a5c-9d94-977cc1e9d480",
|
||
|
"target_ref": "x-misp-object--15954897-e5fa-466a-a676-a421b2523bf2"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d519bb2c-e2cc-47de-9cb3-80ec3ced44b8",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--e573e735-58a3-45d0-9238-b5b61723b376",
|
||
|
"target_ref": "x-misp-object--e5cec23a-f3eb-4505-9acb-c7384f488c9d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--01ef6b3c-811d-40d5-826e-e80f8463c29c",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--b8fe9dc2-a017-44f3-8c66-4b75c18b2a7c",
|
||
|
"target_ref": "x-misp-object--0c2996b2-a4d4-428f-833e-c9d476cd0084"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--776507a6-84b7-4406-8d07-c4cc506b016e",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--37b61c47-5345-472c-ad8a-7c42424eec35",
|
||
|
"target_ref": "x-misp-object--19556fee-a174-4697-ba43-73fde89f550f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4d5c2716-67a6-4416-877c-c5e13ecd6851",
|
||
|
"created": "2020-03-24T14:36:26.000Z",
|
||
|
"modified": "2020-03-24T14:36:26.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--bb5ff5a6-c9da-4e5d-8c82-8236abfb7b4e",
|
||
|
"target_ref": "x-misp-object--361058b9-f2cc-485c-bbc9-43c08acfb535"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--dcf672eb-7d0e-4c63-a3d9-ffad0c329b3b",
|
||
|
"created": "2020-03-24T14:36:27.000Z",
|
||
|
"modified": "2020-03-24T14:36:27.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--e1d45267-77c9-4a93-b863-269ae13a7ffa",
|
||
|
"target_ref": "x-misp-object--3a343bcb-20bf-408c-b484-25366a9999c7"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1bd6cdb6-10cc-4d47-b881-3641bffae9c5",
|
||
|
"created": "2020-03-24T14:36:27.000Z",
|
||
|
"modified": "2020-03-24T14:36:27.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--61187cb2-d89c-4480-8d84-b2058c6fc2c8",
|
||
|
"target_ref": "x-misp-object--67e97413-2f49-4d8a-8596-90b2ab38a09e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2786492d-5826-4742-ba5b-be491c4c4bc7",
|
||
|
"created": "2020-03-24T14:36:27.000Z",
|
||
|
"modified": "2020-03-24T14:36:27.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--1c206342-00ee-4a05-9851-d871a7fb36f9",
|
||
|
"target_ref": "x-misp-object--6e46b743-a59f-44fc-8758-aac9654faf1a"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--58d8564d-99c8-4d1e-a6e2-bafed95052f4",
|
||
|
"created": "2020-03-24T14:36:27.000Z",
|
||
|
"modified": "2020-03-24T14:36:27.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ce558851-5e8d-4e60-b5b1-ec8f05d36c21",
|
||
|
"target_ref": "x-misp-object--4e863807-bb6e-4a10-9602-84f289931607"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|