2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5e3be06f-d0a8-4ed9-abe9-46be950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:51:44.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:44.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5e3be06f-d0a8-4ed9-abe9-46be950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:51:44.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:44.000Z",
|
|
|
|
"name": "Warzone RAT",
|
|
|
|
"published": "2020-02-06T09:52:22Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--fbf11cfc-a457-eaf8-3dfb-6abe2df5f666",
|
|
|
|
"indicator--5513bd0d-2b40-401e-9367-bb4d3e39e502",
|
|
|
|
"indicator--205c7727-2319-4f00-af2a-997357604a0c",
|
|
|
|
"indicator--ecf2c227-969a-c8b9-6a3c-b4c3b1db748a",
|
|
|
|
"indicator--e7173efd-93b2-475b-8abc-60f140bcf25c",
|
|
|
|
"indicator--ca82ea25-3ba9-63c8-f056-984aa585384a",
|
|
|
|
"x-misp-object--5e3be071-1350-430b-9f34-4bbe950d210f",
|
|
|
|
"indicator--c53a3956-bd1c-48f9-817e-1805443e5903",
|
|
|
|
"x-misp-object--f9adf39d-f254-432d-a3c9-2229170df07f",
|
|
|
|
"indicator--33a3d10b-1db8-4ccb-9182-8afa3091d7b5",
|
|
|
|
"x-misp-object--9b5e1555-70e4-4ab9-9d15-9c275c4c246f",
|
|
|
|
"indicator--0756ce6a-a014-4acb-bad4-7ad09bffa51b",
|
|
|
|
"x-misp-object--acc5dfc6-cf65-45fa-a6a9-fb4330cc31f4",
|
2023-06-24 09:36:52 +00:00
|
|
|
"relationship--091c8920-d24c-4e61-be7e-644d3e1ea497",
|
|
|
|
"relationship--15115764-98b3-4b33-b9cf-b914fea0af23",
|
|
|
|
"relationship--dc968dc4-47ff-4c08-af49-4d3a0d7bf0b0"
|
2023-06-14 17:31:25 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--fbf11cfc-a457-eaf8-3dfb-6abe2df5f666",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:46:23.000Z",
|
|
|
|
"modified": "2020-02-06T09:46:23.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '263433966d28f1e6e5f6ae389ca3694495dd8fcc08758ea113dddc45fe6b3741']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:46:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5513bd0d-2b40-401e-9367-bb4d3e39e502",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:46:25.000Z",
|
|
|
|
"modified": "2020-02-06T09:46:25.000Z",
|
|
|
|
"pattern": "[url:value = 'warzonedns.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:46:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--205c7727-2319-4f00-af2a-997357604a0c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:46:25.000Z",
|
|
|
|
"modified": "2020-02-06T09:46:25.000Z",
|
|
|
|
"pattern": "[url:value = 'warzone.pw']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:46:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ecf2c227-969a-c8b9-6a3c-b4c3b1db748a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:46:25.000Z",
|
|
|
|
"modified": "2020-02-06T09:46:25.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '531d967b9204291e70e3aab161a5b7f1001339311ece4f2eed8e52e91559c755']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:46:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e7173efd-93b2-475b-8abc-60f140bcf25c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:46:25.000Z",
|
|
|
|
"modified": "2020-02-06T09:46:25.000Z",
|
|
|
|
"pattern": "[url:value = 'warzone.io']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:46:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ca82ea25-3ba9-63c8-f056-984aa585384a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:46:25.000Z",
|
|
|
|
"modified": "2020-02-06T09:46:25.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a03764da06bbf52678d65500fa266609d45b972709b3213a8f83f52347524cf2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:46:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5e3be071-1350-430b-9f34-4bbe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:46:25.000Z",
|
|
|
|
"modified": "2020-02-06T09:46:25.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"original-imported-file\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "attachment",
|
|
|
|
"object_relation": "imported-sample",
|
|
|
|
"value": "xfe-collection_44b31b168cb53262c1b08f1b06e0a1f9.json",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5e3be071-ddbc-4cb6-a049-420e950d210f",
|
|
|
|
"data": "eyJzcGVjX3ZlcnNpb24iOiIyLjAiLCJ0eXBlIjoiYnVuZGxlIiwib2JqZWN0cyI6W3siaWQiOiJpbmRpY2F0b3ItLWNhODJlYTI1LTNiYTktNjNjOC1mMDU2LTk4NGFhNTg1Mzg0YSIsInR5cGUiOiJpbmRpY2F0b3IiLCJjcmVhdGVkIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDFaIiwibW9kaWZpZWQiOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MVoiLCJsYWJlbHMiOlsieGZlLW1hbHdhcmUtcmlzay1oaWdoIl0sIm5hbWUiOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCBhMDM3NjRkYTA2YmJmNTI2NzhkNjU1MDBmYTI2NjYwOWQ0NWI5NzI3MDliMzIxM2E4ZjgzZjUyMzQ3NTI0Y2YyIiwiZGVzY3JpcHRpb24iOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCBhMDM3NjRkYTA2YmJmNTI2NzhkNjU1MDBmYTI2NjYwOWQ0NWI5NzI3MDliMzIxM2E4ZjgzZjUyMzQ3NTI0Y2YyIiwicGF0dGVybiI6IlsgZmlsZTpoYXNoZXMuJ1NIQS0yNTYnID0gJ2EwMzc2NGRhMDZiYmY1MjY3OGQ2NTUwMGZhMjY2NjA5ZDQ1Yjk3MjcwOWIzMjEzYThmODNmNTIzNDc1MjRjZjInIF0iLCJ2YWxpZF9mcm9tIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDFaIn0seyJpZCI6ImluZGljYXRvci0tZWNmMmMyMjctOTY5YS1jOGI5LTZhM2MtYjRjM2IxZGI3NDhhIiwidHlwZSI6ImluZGljYXRvciIsImNyZWF0ZWQiOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MloiLCJtb2RpZmllZCI6IjIwMjAtMDItMDZUMDk6NDU6NTguMjQyWiIsImxhYmVscyI6WyJ4ZmUtbWFsd2FyZS1yaXNrLWhpZ2giXSwibmFtZSI6IkZpbGUgaGFzaCBpbmRpY2F0b3IgZm9yIHNoYTI1NiBoYXNoIDUzMWQ5NjdiOTIwNDI5MWU3MGUzYWFiMTYxYTViN2YxMDAxMzM5MzExZWNlNGYyZWVkOGU1MmU5MTU1OWM3NTUiLCJkZXNjcmlwdGlvbiI6IkZpbGUgaGFzaCBpbmRpY2F0b3IgZm9yIHNoYTI1NiBoYXNoIDUzMWQ5NjdiOTIwNDI5MWU3MGUzYWFiMTYxYTViN2YxMDAxMzM5MzExZWNlNGYyZWVkOGU1MmU5MTU1OWM3NTUiLCJwYXR0ZXJuIjoiWyBmaWxlOmhhc2hlcy4nU0hBLTI1NicgPSAnNTMxZDk2N2I5MjA0MjkxZTcwZTNhYWIxNjFhNWI3ZjEwMDEzMzkzMTFlY2U0ZjJlZWQ4ZTUyZTkxNTU5Yzc1NScgXSIsInZhbGlkX2Zyb20iOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MloifSx7ImlkIjoiaW5kaWNhdG9yLS1lNzE3M2VmZC05M2IyLTQ3NWItOGFiYy02MGYxNDBiY2YyNWMiLCJ0eXBlIjoiaW5kaWNhdG9yIiwiY3JlYXRlZCI6IjIwMjAtMDItMDRUMjA6MTM6NDkuNTU0WiIsIm1vZGlmaWVkIjoiMjAyMC0wMi0wNFQyMDoxMzo0OS41NTRaIiwibGFiZWxzIjpbImJlbmlnbiIsInhmZS10aHJlYXQtc2NvcmUtdW5kZWZpbmVkIl0sIm5hbWUiOiJVUkwgUmVwb3J0IGZvciB3YXJ6b25lLmlvIiwiZGVzY3JpcHRpb24iOiIiLCJwYXR0ZXJuIjoiWyB1cmw6dmFsdWUgPSAnd2Fyem9uZS5pbycgXSIsInZhbGlkX2Zyb20iOiIyMDIwLTAyLTA0VDIwOjEzOjQ5LjU1NFoifSx7ImlkIjoiaW5kaWNhdG9yLS0yMDVjNzcyNy0yMzE5LTRmMDAtYWYyYS05OTczNTc2MDRhMGMiLCJ0eXBlIjoiaW5kaWNhdG9yIiwiY3JlYXRlZCI6IjIwMjAtMDItMDRUMjA6MTM6NDkuMzM0WiIsIm1vZGlmaWVkIjoiMjAyMC0wMi0wNFQyMDoxMzo0OS4zMzRaIiwibGFiZWxzIjpbImJlbmlnbiIsInhmZS10aHJlYXQtc2NvcmUtMSJdLCJuYW1lIjoiVVJMIFJlcG9ydCBmb3Igd2Fyem9uZS5wdyIsImRlc2NyaXB0aW9uIjoiQ2F0ZWdvcnk6IEdlbmVyYWwgQnVzaW5lc3NcbiAgICAgIERlc2NyaXB0aW9uOiBUaGlzIGNhdGVnb3J5IGluY2x1ZGVzIFdlYiBzaXRlcyBvZiBpbmR1c3RyeSwgYnVzaW5lc3MsIGVjb25vbXkgYW5kIHN1cHBseSBvZiBzZXJ2aWNlcy4iLCJwYXR0ZXJuIjoiWyB1cmw6dmFsdWUgPSAnd2Fyem9uZS5wdycgXSIsInZhbGlkX2Zyb20iOiIyMDIwLTAyLTA0VDIwOjEzOjQ5LjMzNFoifSx7ImlkIjoiaW5kaWNhdG9yLS01NTEzYmQwZC0yYjQwLTQwMWUtOTM2Ny1iYjRkM2UzOWU1MDIiLCJ0eXBlIjoiaW5kaWNhdG9yIiwiY3JlYXRlZCI6IjIwMjAtMDItMDRUMjA6MTM6NDkuMjU4WiIsIm1vZGlmaWVkIjoiMjAyMC0wMi0wNFQyMDoxMzo0OS4yNThaIiwibGFiZWxzIjpbImJlbmlnbiIsInhmZS10aHJlYXQtc2NvcmUtMSJdLCJuYW1lIjoiVVJMIFJlcG9ydCBmb3Igd2Fyem9uZWRucy5jb20iLCJkZXNjcmlwdGlvbiI6IkNhdGVnb3J5OiBHZW5lcmFsIEJ1c2luZXNzXG4gICAgICBEZXNjcmlwdGlvbjogVGhpcyBjYXRlZ29yeSBpbmNsdWRlcyBXZWIgc2l0ZXMgb2YgaW5kdXN0cnksIGJ1c2luZXNzLCBlY29ub215IGFuZCBzdXBwbHkgb2Ygc2VydmljZXMuIiwicGF0dGVybiI6IlsgdXJsOnZhbHVlID0gJ3dhcnpvbmVkbnMuY29tJyBdIiwidmFsaWRfZnJvbSI6IjIwMjAtMDItMDRUMjA6MTM6NDkuMjU4WiJ9LHsiaWQiOiJpbmRpY2F0b3ItLWZiZjExY2ZjLWE0NTctZWFmOC0zZGZiLTZhYmUyZGY1ZjY2NiIsInR5cGUiOiJpbmRpY2F0b3IiLCJjcmVhdGVkIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDJaIiwibW9kaWZpZWQiOiIyMDIwLTAyLTA2VDA5OjQ1OjU4LjI0MloiLCJsYWJlbHMiOlsieGZlLW1hbHdhcmUtcmlzay1oaWdoIl0sIm5hbWUiOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCAyNjM0MzM5NjZkMjhmMWU2ZTVmNmFlMzg5Y2EzNjk0NDk1ZGQ4ZmNjMDg3NThlYTExM2RkZGM0NWZlNmIzNzQxIiwiZGVzY3JpcHRpb24iOiJGaWxlIGhhc2ggaW5kaWNhdG9yIGZvciBzaGEyNTYgaGFzaCAyNjM0MzM5NjZkMjhmMWU2ZTVmNmFlMzg5Y2EzNjk0NDk1ZGQ4ZmNjMDg3NThlYTExM2RkZGM0NWZlNmIzNzQxIiwicGF0dGVybiI6IlsgZmlsZTpoYXNoZXMuJ1NIQS0yNTYnID0gJzI2MzQzMzk2NmQyOGYxZTZlNWY2YWUzODljYTM2OTQ0OTVkZDhmY2MwODc1OGVhMTEzZGRkYzQ1ZmU2YjM3NDEnIF0iLCJ2YWxpZF9mcm9tIjoiMjAyMC0wMi0wNlQwOTo0NTo1OC4yNDJaIn1dLCJjdXN0b21fb2JqZWN0cyI6W3sidHlwZSI6IngteGZlLWNvbGxlY3Rpb24iLCJpZCI6IngteGZlLWNvbG
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "format",
|
|
|
|
"value": "STIX 2.0",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e3be071-4b10-40f0-b3e8-40f3950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "original-imported-file"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c53a3956-bd1c-48f9-817e-1805443e5903",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:50:41.000Z",
|
|
|
|
"modified": "2020-02-06T09:50:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '16ba8719479baaaf2649690a13eb1e8e' AND file:hashes.SHA1 = '92caa2eb703d011755ead3ab9073b319a077d1a7' AND file:hashes.SHA256 = '263433966d28f1e6e5f6ae389ca3694495dd8fcc08758ea113dddc45fe6b3741']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:50:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f9adf39d-f254-432d-a3c9-2229170df07f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:51:19.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:19.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-02-06T08:45:24",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "61927374-e7d4-4bdc-ba0a-4537421dac4f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/263433966d28f1e6e5f6ae389ca3694495dd8fcc08758ea113dddc45fe6b3741/analysis/1580978724/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "70aec802-ee6a-470e-9815-7144ef416d99"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "59/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "991907ba-f62a-4939-9d6d-288dbff24416"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--33a3d10b-1db8-4ccb-9182-8afa3091d7b5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:51:31.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:31.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '08e869b11b70f084263bf01e730b1650' AND file:hashes.SHA1 = 'bbf009d679c218d9856cb9c0b14f38b43f5b75c0' AND file:hashes.SHA256 = 'a03764da06bbf52678d65500fa266609d45b972709b3213a8f83f52347524cf2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:51:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9b5e1555-70e4-4ab9-9d15-9c275c4c246f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:51:43.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:43.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-07-07T19:20:05",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "33192d6a-2439-4ce0-a3ef-1cae0a9fa721"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/a03764da06bbf52678d65500fa266609d45b972709b3213a8f83f52347524cf2/analysis/1562527205/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "b7e155b1-560f-47e5-ba88-fdd01594e224"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "56/72",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "6f67e866-aaa0-4cbe-bd20-ae533def40ac"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0756ce6a-a014-4acb-bad4-7ad09bffa51b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:51:44.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:44.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd93bc04fd77f7762aaadffc707c5d3ae' AND file:hashes.SHA1 = 'a1bc0cbd855222231cd06682444dbafd3553ee13' AND file:hashes.SHA256 = '531d967b9204291e70e3aab161a5b7f1001339311ece4f2eed8e52e91559c755']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2020-02-06T09:51:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--acc5dfc6-cf65-45fa-a6a9-fb4330cc31f4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2020-02-06T09:51:44.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:44.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-02-06T08:25:33",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3be90cad-ccff-414e-ace1-cd894f097b97"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/531d967b9204291e70e3aab161a5b7f1001339311ece4f2eed8e52e91559c755/analysis/1580977533/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ea078951-7b95-4c1d-9b46-4726caee60e1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "58/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "90a6caef-8a54-41f3-8359-8b6715df251a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--091c8920-d24c-4e61-be7e-644d3e1ea497",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-02-06T09:51:44.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:44.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--c53a3956-bd1c-48f9-817e-1805443e5903",
|
|
|
|
"target_ref": "x-misp-object--f9adf39d-f254-432d-a3c9-2229170df07f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--15115764-98b3-4b33-b9cf-b914fea0af23",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-02-06T09:51:45.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:45.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--33a3d10b-1db8-4ccb-9182-8afa3091d7b5",
|
|
|
|
"target_ref": "x-misp-object--9b5e1555-70e4-4ab9-9d15-9c275c4c246f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--dc968dc4-47ff-4c08-af49-4d3a0d7bf0b0",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2020-02-06T09:51:45.000Z",
|
|
|
|
"modified": "2020-02-06T09:51:45.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--0756ce6a-a014-4acb-bad4-7ad09bffa51b",
|
|
|
|
"target_ref": "x-misp-object--acc5dfc6-cf65-45fa-a6a9-fb4330cc31f4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|