2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--f42c106c-df01-47f3-bc36-16072ad63856",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T17:03:08.000Z",
|
|
|
|
"modified": "2021-01-04T17:03:08.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--f42c106c-df01-47f3-bc36-16072ad63856",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T17:03:08.000Z",
|
|
|
|
"modified": "2021-01-04T17:03:08.000Z",
|
|
|
|
"name": "OSINT - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone",
|
|
|
|
"published": "2021-01-04T17:03:16Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--74cad156-91d4-4974-b45f-7dbeb17136da",
|
|
|
|
"indicator--ce22c70e-aed4-477b-89e9-c3c934680be5",
|
|
|
|
"indicator--c10872fb-d88c-4fd9-a771-56df55a78bff",
|
|
|
|
"indicator--ef97aee5-b10e-44fa-ae8e-8b0a3d19fa07",
|
|
|
|
"indicator--4dd3eeeb-40cf-42c5-83f0-442b5cd71412",
|
|
|
|
"indicator--97983cdb-aa74-4026-80d9-72b93ef80cd2",
|
|
|
|
"indicator--8887629b-f7cb-4078-b0c0-4db1e158bfe1",
|
|
|
|
"indicator--0001119d-bf8f-4b18-bc94-0551defeee01",
|
|
|
|
"indicator--86fd6c5f-646f-456c-98f2-443650a75cbe",
|
|
|
|
"indicator--d12dbf66-cb05-44b1-bca5-6802702927d9",
|
|
|
|
"indicator--85bd8fad-1b6c-4866-81e5-0eec1fc1fa73",
|
|
|
|
"indicator--b750e368-8934-4a0c-bbb0-5b4f6a93ab30",
|
|
|
|
"indicator--f3290617-afee-4fcf-962a-68de76943435",
|
|
|
|
"indicator--729ab1fc-b1a7-46db-93ae-3bce6e19fe7c",
|
|
|
|
"indicator--2e06bc1e-0b19-4ddd-8841-84f4e7c6a663",
|
|
|
|
"indicator--16f9c440-2d03-4db8-892d-5f1aef5295ca",
|
|
|
|
"indicator--ad87bbda-1151-4032-9c4b-33522697dd8e",
|
|
|
|
"indicator--e6869c8c-a730-4dc9-8516-0fc6a5153563",
|
|
|
|
"indicator--5ab2b408-2c9a-42d1-8213-f4b5e20df9ee",
|
|
|
|
"indicator--398b7b2a-ead6-4110-b27d-3b03a7b99327",
|
|
|
|
"indicator--b5737c7e-c8a6-4bb4-8ac0-d2599667c83e",
|
|
|
|
"indicator--1e44deb7-a2ce-4888-9387-cadd1be2becd",
|
|
|
|
"indicator--7b24b7dc-2e80-4f03-b3de-eae1bf1613e9",
|
|
|
|
"indicator--5d253cb8-2d35-4f37-b3b7-f49dca5e1c7a",
|
|
|
|
"indicator--92fade3e-4fc5-4b67-bc5d-3c72683e3910",
|
|
|
|
"indicator--78f388e0-1508-4821-95fb-7151f6a14ea0",
|
|
|
|
"indicator--c38a6e7b-93a2-40a3-9e75-9753ec9ef77e",
|
|
|
|
"indicator--4ed9ae76-5fa1-4108-bf9a-a782051b2bd5",
|
|
|
|
"indicator--18f811ca-2711-4885-ac29-67e176a9a05a",
|
|
|
|
"indicator--01e1230e-fbb8-424e-a362-604526bf2932",
|
|
|
|
"observed-data--0b2ac814-f902-4a9f-aa6a-546adc9359b1",
|
|
|
|
"url--0b2ac814-f902-4a9f-aa6a-546adc9359b1",
|
|
|
|
"observed-data--89476747-0a89-4792-a4a3-e0f76594d982",
|
|
|
|
"url--89476747-0a89-4792-a4a3-e0f76594d982",
|
|
|
|
"observed-data--cb99b28c-e340-43f6-8a41-7a8bc4697fcf",
|
|
|
|
"url--cb99b28c-e340-43f6-8a41-7a8bc4697fcf",
|
|
|
|
"observed-data--5770293d-dd1b-4b28-8d80-f87293a78227",
|
|
|
|
"url--5770293d-dd1b-4b28-8d80-f87293a78227",
|
|
|
|
"indicator--cea95fda-2dd9-4676-8768-f558f0d39e71",
|
|
|
|
"x-misp-object--0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0",
|
|
|
|
"indicator--6417c999-3922-4576-9d5e-b4ae50bbb0bf",
|
|
|
|
"x-misp-object--f1901695-8474-4b6a-b9fd-b373c4244b0c",
|
|
|
|
"indicator--6a026bd8-e76d-4ec8-8dc5-94ad88664df9",
|
|
|
|
"x-misp-object--5f216e8e-983a-4f0c-a17d-370a5cfeb0fc",
|
|
|
|
"indicator--36070fb1-d674-440d-9065-7622c438995e",
|
|
|
|
"x-misp-object--2710f1fd-4267-4340-a33d-ff4a6fdc3928",
|
|
|
|
"indicator--e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa",
|
|
|
|
"x-misp-object--6a310603-3817-4d42-9183-709a7188d99c",
|
|
|
|
"indicator--7ad93f35-96c7-4529-adcc-cc1280740c0e",
|
|
|
|
"x-misp-object--7aa9a533-360b-4b85-8b54-d39e921b834b",
|
|
|
|
"indicator--a17e2776-7f1d-4cad-a29d-9ab5dd2d173b",
|
|
|
|
"x-misp-object--1d6a338a-3388-4226-85fb-ff12991aa9d4",
|
|
|
|
"indicator--cc04c553-5a60-4526-acdc-e6d437440d5b",
|
|
|
|
"x-misp-object--cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa",
|
|
|
|
"indicator--63287a79-1c3f-4036-9873-158e0d81f3d4",
|
|
|
|
"x-misp-object--9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d",
|
|
|
|
"indicator--37ec2791-fa7e-409f-b36c-71f1a301a829",
|
|
|
|
"x-misp-object--bf78eda4-f2d2-4141-a2eb-f3f4a70022be",
|
|
|
|
"indicator--5d6bce96-6c85-4124-a0de-ed5f89f5d956",
|
|
|
|
"x-misp-object--0d39fbbc-c621-4cd1-accb-adaa28dc54d1",
|
|
|
|
"indicator--127fd835-cce8-4ec3-9081-3d846eb2e59a",
|
|
|
|
"x-misp-object--61e087cf-2194-4de6-8557-d6cc07ee69d1",
|
|
|
|
"indicator--61f03b5a-cae9-483c-a8b9-d9dac895f784",
|
|
|
|
"x-misp-object--a5610b99-9939-4579-b6f7-0ef544c12c5c",
|
|
|
|
"indicator--caf4d1ae-260f-491d-b2e9-415b3dd62938",
|
|
|
|
"x-misp-object--25fc14c1-06c3-4eba-b8cb-58094ee9649f",
|
|
|
|
"indicator--7acd8111-ca39-4ca7-8c71-803b109fdbb1",
|
|
|
|
"x-misp-object--f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918",
|
|
|
|
"indicator--29426b95-4459-42eb-a768-16505e1b377c",
|
|
|
|
"x-misp-object--849ff98d-f0ec-47fa-9637-45dbb8dc304e",
|
|
|
|
"indicator--e81e457d-a6d4-4660-a30d-436c4a6feed7",
|
|
|
|
"x-misp-object--462c4e22-eee2-42e5-80c2-0f6a72bb7805",
|
|
|
|
"indicator--0a65ede5-747d-473a-965e-b8cfffe90acd",
|
|
|
|
"x-misp-object--945c2cb2-2d0d-431d-a383-2dbf46b0087a",
|
|
|
|
"indicator--e01e6532-7d60-4367-aa1f-1a34f155ed9d",
|
|
|
|
"x-misp-object--e36355e9-1dae-426d-93bc-662bbd33defc",
|
|
|
|
"x-misp-object--20f9ac21-e557-46c7-b6a7-014870661f3d",
|
2023-06-24 09:36:52 +00:00
|
|
|
"relationship--fd103a9d-cf10-43cb-a1cb-7c7c5e5c0858",
|
|
|
|
"relationship--e4110d5f-4b20-4376-8811-6d7a5b07e1df",
|
|
|
|
"relationship--277cf820-30c7-4e4f-8547-f9cdde23aee6",
|
|
|
|
"relationship--1f758608-f8c6-4e02-82a6-03385a7d749b",
|
|
|
|
"relationship--040214af-9dcb-4605-a22b-39b80ae4d9b9",
|
|
|
|
"relationship--750ba336-39e9-43f3-8b06-a5cad20e4d66",
|
|
|
|
"relationship--afd40fe7-3bfd-459c-8b35-3ebfd7cc32b6",
|
|
|
|
"relationship--8d9e9785-c0f7-41f8-a5fb-fed502c8775f",
|
|
|
|
"relationship--f764c8ec-8e50-4ca0-85f7-7ba97bcdc384",
|
|
|
|
"relationship--c69722fd-cdfc-48c8-a01c-31b8a06a6c45",
|
|
|
|
"relationship--d9147376-ab91-46d5-bbc0-590f28fbb693",
|
|
|
|
"relationship--98ec77d4-1bc1-43fa-bfeb-abbc9b24d455",
|
|
|
|
"relationship--314792fa-59b7-4512-ade6-514286dd64f1",
|
|
|
|
"relationship--2994e413-9152-40a8-82fc-b95a9694564a",
|
|
|
|
"relationship--47b989e8-8ee3-4401-b719-6ba2742786d1",
|
|
|
|
"relationship--2fba03ad-895e-48db-b05a-cbbafc2bda34",
|
|
|
|
"relationship--16d9cd2f-a210-40fe-9887-7a66a0aa3c32",
|
|
|
|
"relationship--854e23bf-46fe-4c4b-9c78-3ee3b4a53148",
|
|
|
|
"relationship--fe95b534-5459-4a02-ac30-628a1b506b65"
|
2023-06-14 17:31:25 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:ransomware=\"Egregor\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--74cad156-91d4-4974-b45f-7dbeb17136da",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:21.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:21.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.153.242.129']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ce22c70e-aed4-477b-89e9-c3c934680be5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:21.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:21.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.8.117.148']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c10872fb-d88c-4fd9-a771-56df55a78bff",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:21.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:21.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.11.19.70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ef97aee5-b10e-44fa-ae8e-8b0a3d19fa07",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:21.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:21.000Z",
|
|
|
|
"description": "On port 81",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.12.104.241' AND network-traffic:dst_port = '81']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst|port\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4dd3eeeb-40cf-42c5-83f0-442b5cd71412",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:21.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:21.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.238.0.233']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--97983cdb-aa74-4026-80d9-72b93ef80cd2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--8887629b-f7cb-4078-b0c0-4db1e158bfe1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0001119d-bf8f-4b18-bc94-0551defeee01",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--86fd6c5f-646f-456c-98f2-443650a75cbe",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d12dbf66-cb05-44b1-bca5-6802702927d9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--85bd8fad-1b6c-4866-81e5-0eec1fc1fa73",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b750e368-8934-4a0c-bbb0-5b4f6a93ab30",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f3290617-afee-4fcf-962a-68de76943435",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--729ab1fc-b1a7-46db-93ae-3bce6e19fe7c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--2e06bc1e-0b19-4ddd-8841-84f4e7c6a663",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--16f9c440-2d03-4db8-892d-5f1aef5295ca",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ad87bbda-1151-4032-9c4b-33522697dd8e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e6869c8c-a730-4dc9-8516-0fc6a5153563",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5ab2b408-2c9a-42d1-8213-f4b5e20df9ee",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--398b7b2a-ead6-4110-b27d-3b03a7b99327",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b5737c7e-c8a6-4bb4-8ac0-d2599667c83e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--1e44deb7-a2ce-4888-9387-cadd1be2becd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7b24b7dc-2e80-4f03-b3de-eae1bf1613e9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d253cb8-2d35-4f37-b3b7-f49dca5e1c7a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:55:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:55:46.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:55:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--92fade3e-4fc5-4b67-bc5d-3c72683e3910",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:57:56.000Z",
|
|
|
|
"modified": "2021-01-04T16:57:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://185.238.0.233/p.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--78f388e0-1508-4821-95fb-7151f6a14ea0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:57:56.000Z",
|
|
|
|
"modified": "2021-01-04T16:57:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://185.238.0.233/b.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c38a6e7b-93a2-40a3-9e75-9753ec9ef77e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:57:56.000Z",
|
|
|
|
"modified": "2021-01-04T16:57:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://185.238.0.233/sed.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--4ed9ae76-5fa1-4108-bf9a-a782051b2bd5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:57:56.000Z",
|
|
|
|
"modified": "2021-01-04T16:57:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://185.238.0.233/hnt.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--18f811ca-2711-4885-ac29-67e176a9a05a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:57:56.000Z",
|
|
|
|
"modified": "2021-01-04T16:57:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://185.238.0.233/88/k057.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--01e1230e-fbb8-424e-a362-604526bf2932",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:57:56.000Z",
|
|
|
|
"modified": "2021-01-04T16:57:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://185.238.0.233/newsvc.zip']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:57:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--0b2ac814-f902-4a9f-aa6a-546adc9359b1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:58:36.000Z",
|
|
|
|
"modified": "2021-01-04T16:58:36.000Z",
|
|
|
|
"first_observed": "2021-01-04T16:58:36Z",
|
|
|
|
"last_observed": "2021-01-04T16:58:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--0b2ac814-f902-4a9f-aa6a-546adc9359b1"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--0b2ac814-f902-4a9f-aa6a-546adc9359b1",
|
|
|
|
"value": "http://egregoranrmzapcv.onion"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--89476747-0a89-4792-a4a3-e0f76594d982",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:58:36.000Z",
|
|
|
|
"modified": "2021-01-04T16:58:36.000Z",
|
|
|
|
"first_observed": "2021-01-04T16:58:36Z",
|
|
|
|
"last_observed": "2021-01-04T16:58:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--89476747-0a89-4792-a4a3-e0f76594d982"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--89476747-0a89-4792-a4a3-e0f76594d982",
|
|
|
|
"value": "https://egregornews.com/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--cb99b28c-e340-43f6-8a41-7a8bc4697fcf",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:59:03.000Z",
|
|
|
|
"modified": "2021-01-04T16:59:03.000Z",
|
|
|
|
"first_observed": "2021-01-04T16:59:03Z",
|
|
|
|
"last_observed": "2021-01-04T16:59:03Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--cb99b28c-e340-43f6-8a41-7a8bc4697fcf"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--cb99b28c-e340-43f6-8a41-7a8bc4697fcf",
|
|
|
|
"value": "http://egregor4u5ipdzhv.onion/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5770293d-dd1b-4b28-8d80-f87293a78227",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T17:03:08.000Z",
|
|
|
|
"modified": "2021-01-04T17:03:08.000Z",
|
|
|
|
"first_observed": "2021-01-04T17:03:08Z",
|
|
|
|
"last_observed": "2021-01-04T17:03:08Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5770293d-dd1b-4b28-8d80-f87293a78227"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5770293d-dd1b-4b28-8d80-f87293a78227",
|
|
|
|
"value": "https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--cea95fda-2dd9-4676-8768-f558f0d39e71",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6f600974c45eec97016c1259e769a4ef' AND file:hashes.SHA1 = '56eed20ea731d28d621723130518ac00bf50170d' AND file:hashes.SHA256 = '9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-10T13:44:49+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "68dc4419-0558-4181-aac0-33425fea6cb1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44/detection/f-9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44-1607607889",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a97d258a-9e81-4c9e-9659-07d83003b101"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "59/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "69c54bcd-2fac-4b08-947d-f1880226c469"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--6417c999-3922-4576-9d5e-b4ae50bbb0bf",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '666f8d920f85f9afffcf0865a98efe69' AND file:hashes.SHA1 = '50c3b800294f7ee4bde577d99f2118fc1c4ba3b9' AND file:hashes.SHA256 = 'a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f1901695-8474-4b6a-b9fd-b373c4244b0c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2021-01-01T01:23:15+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0ed85fbd-cdd8-46d4-87f7-3dfb7e70a3a6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436/detection/f-a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436-1609464195",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d427a8db-0175-4a1e-bc32-e841722bf97d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "54/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "b81fbf40-c112-44b1-9366-0d8c2846bd81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--6a026bd8-e76d-4ec8-8dc5-94ad88664df9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '44a7085f729b68073b5c67bbc66829cc' AND file:hashes.SHA1 = '3c03a1c61932bec2b276600ea52bd2803285ec62' AND file:hashes.SHA256 = '8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5f216e8e-983a-4f0c-a17d-370a5cfeb0fc",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-16T04:36:39+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "725a8741-821a-4741-a137-0ccb3cbcefc6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9/detection/f-8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9-1608093399",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9179348f-4a1a-44ec-9815-a9ea77fbc764"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "54/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "54d0daea-80c1-4c7b-b699-df7297fda21e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--36070fb1-d674-440d-9065-7622c438995e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0de24cec66ef9d1042be7cf12b87cfc4' AND file:hashes.SHA1 = 'f7bf7cea89c6205d78fa42d735d81c1e5c183041' AND file:hashes.SHA256 = '765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2710f1fd-4267-4340-a33d-ff4a6fdc3928",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-30T16:37:33+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ac4775d8-ee5b-4a8e-91d0-03f5b96c4c7d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab/detection/f-765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab-1609346253",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "b42811b0-e68d-4112-8bef-0f0b2b26d98f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "55/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "06f4bbfc-4e7d-4970-9ae8-daa558eac376"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'de3110dce011088cd4add1950a49182f' AND file:hashes.SHA1 = 'c9da06e3dbf406aec50bc145cba1a50b26db853a' AND file:hashes.SHA256 = '608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6a310603-3817-4d42-9183-709a7188d99c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-21T17:59:21+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "bb6ce9f3-8294-4fb8-9753-3a1ae637117e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9/detection/f-608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9-1608573561",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "60ee03df-ac46-4f1f-aca3-643d09828360"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "0/59",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d21dd424-5f59-48c8-a6ee-eee1e5351484"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7ad93f35-96c7-4529-adcc-cc1280740c0e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8ba3a9d73903bd252f8d99a682d60858' AND file:hashes.SHA1 = '95aea6b24ed28c6ad13ec8d7a6f62652b039765e' AND file:hashes.SHA256 = '444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7aa9a533-360b-4b85-8b54-d39e921b834b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-18T09:52:23+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "85c93da2-41a1-44b0-8784-988e39573a27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459/detection/f-444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459-1608285143",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "5f66e7da-826a-4534-bba7-10be772693e4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "14/60",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c8292808-01e1-4b7d-90bf-7e5ac0658be6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a17e2776-7f1d-4cad-a29d-9ab5dd2d173b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '81bc3a2409991325c6e71a06f6b7b881' AND file:hashes.SHA1 = '38c88de0ece0451b0665f3616c02c2bad77a92a2' AND file:hashes.SHA256 = '2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1d6a338a-3388-4226-85fb-ff12991aa9d4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-08T20:04:16+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "92bc8035-bb6f-41df-b3f9-e7ff6069e140"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf/detection/f-2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf-1607457856",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "65b1dcd2-5e1b-4719-8227-efe85a684534"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "60/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e56f42fc-a7e1-44e9-9414-b15c9b0dc269"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--cc04c553-5a60-4526-acdc-e6d437440d5b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '65c320bc5258d8fa86aa9ffd876291d3' AND file:hashes.SHA1 = 'f0215aac7be36a5fedeea51d34d8f8da2e98bf1b' AND file:hashes.SHA256 = '3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-30T20:10:05+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4ba34256-f6e3-409d-8332-ba577e0089aa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f/detection/f-3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f-1609359005",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "4f355ba2-6e10-463c-8a3c-93e2da3801f4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "58/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "22758bee-983d-42b5-baa6-90e1fd51f3d5"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--63287a79-1c3f-4036-9873-158e0d81f3d4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ac33fea4c2a9bbca3559142838441f84' AND file:hashes.SHA1 = '948ef8caef5c1254be551cab8a64c687ea0faf84' AND file:hashes.SHA256 = '932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-14T11:31:47+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "baf8c5c4-3ffa-4b3c-8a7b-5db8ecf65cce"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e/detection/f-932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e-1607945507",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9d7c9c90-3058-4d18-97a6-65208b383b65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "57/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "133c7204-a320-4187-a1a1-1fa4bd6bf8a6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--37ec2791-fa7e-409f-b36c-71f1a301a829",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dd8e8bfb45fcd5f0621fe7085bfcab94' AND file:hashes.SHA1 = '5c99dc80ca69ce0f2d9b4f790ec1b57dba7153c9' AND file:hashes.SHA256 = '3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--bf78eda4-f2d2-4141-a2eb-f3f4a70022be",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:45.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-08T20:09:40+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f75f6008-fdbd-462d-bdf6-8f7672cac8c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07/detection/f-3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07-1607458180",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "0ef96a24-1aae-43c8-8eb2-313fa5da5247"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "55/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "fef98c19-fc83-4f9e-97e5-8e362c74f5fa"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d6bce96-6c85-4124-a0de-ed5f89f5d956",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '427105821263afeeccca05b43ea8dac4' AND file:hashes.SHA1 = 'fa33fd577f5eb4813bc69dce891361871cda860c' AND file:hashes.SHA256 = 'ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0d39fbbc-c621-4cd1-accb-adaa28dc54d1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-11T02:01:31+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2b9f29fa-7853-4d53-8f1e-4f071446260a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541/detection/f-ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541-1607652091",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "906ebc1b-79c6-4ff3-8511-7957be0613ac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "56/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d7057a80-58ca-46bc-9ed9-f963f64db534"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--127fd835-cce8-4ec3-9081-3d846eb2e59a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd1aa0f26f557addd45e0d9fa4afecf15' AND file:hashes.SHA1 = 'f1603f1ddf52391b16ee9e73e68f5dd405ab06b0' AND file:hashes.SHA256 = '14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--61e087cf-2194-4de6-8557-d6cc07ee69d1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-10T13:38:09+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4b0ed049-19e4-4a70-b98c-8546be0bb996"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4/detection/f-14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4-1607607489",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "17a86c25-81fe-4efb-8974-2ec27a3becf5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "57/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "45fc5816-e164-4d0c-ad32-7d0a032fff7b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--61f03b5a-cae9-483c-a8b9-d9dac895f784",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a922987d1488e2dede7e39a99faf98bb' AND file:hashes.SHA1 = 'beb48c2a7ff957d467d9199c954b89f8411d3ca8' AND file:hashes.SHA256 = '6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a5610b99-9939-4579-b6f7-0ef544c12c5c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-08T20:11:25+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "955783ef-594a-4568-9ee5-2060ea06f5c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780/detection/f-6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780-1607458285",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d9d5b5f4-927b-4fe0-8588-fec22f046b5f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "57/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "125abda7-c445-4392-9360-90659bc8e334"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--caf4d1ae-260f-491d-b2e9-415b3dd62938",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5f9fcbdf7ad86583eb2bbcaa5741d88a' AND file:hashes.SHA1 = '03cdec4a0a63a016d0767650cdaf1d4d24669795' AND file:hashes.SHA256 = '004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--25fc14c1-06c3-4eba-b8cb-58094ee9649f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-11T07:11:00+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b3eaf74a-395b-4275-a76e-34645aa838ef"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a/detection/f-004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a-1607670660",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1eb92100-b695-4ea4-b11d-30b077c28e35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "58/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "cab0b346-6344-4ad3-ba1b-0be27594a40f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7acd8111-ca39-4ca7-8c71-803b109fdbb1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9b7ccaa2ae6a5b96e3110ebcbc4311f6' AND file:hashes.SHA1 = '3cc616d959eb2fe59642102f0565c0e55ee67dbc' AND file:hashes.SHA256 = 'c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-08T20:00:16+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7dc497a6-6dec-4c1d-8716-86e884ee2bc1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1/detection/f-c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1-1607457616",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "26fbafe0-c40b-4933-81aa-3653f0a2d151"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "59/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a91bf725-a902-4dc0-8f12-c1f15b39cf96"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--29426b95-4459-42eb-a768-16505e1b377c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1d6aa29e98d3f54b8c891929c34eb426' AND file:hashes.SHA1 = 'ceca1a691c736632b3e98f2ed5b028d33c0f3c64' AND file:hashes.SHA256 = '3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--849ff98d-f0ec-47fa-9637-45dbb8dc304e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-10T13:40:24+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e713fa1f-3407-4696-99ba-846f34eeb4c0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63/detection/f-3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63-1607607624",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "6fd7add1-2a7a-4097-8eef-8839fe071b96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "55/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "68c02290-85de-4630-9b2d-9106a094a6df"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e81e457d-a6d4-4660-a30d-436c4a6feed7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c3c7a97da396085eb48953e638c3c9c6' AND file:hashes.SHA1 = '8768cf56e12a81d838e270dca9b82d30c35d026e' AND file:hashes.SHA256 = '3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--462c4e22-eee2-42e5-80c2-0f6a72bb7805",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2021-01-04T14:00:43+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fcb06cd2-9f93-4579-aa43-ef446a3626cb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55/detection/f-3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55-1609768843",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e448de8a-c8cf-4672-9eaa-d62bca982226"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "58/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "955136df-ae25-4596-922c-3f1b554cb5eb"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0a65ede5-747d-473a-965e-b8cfffe90acd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c96df334b5ed70473ec6a58a545208b6' AND file:hashes.SHA1 = 'f6ad7b0a1d93b7a70e286b87f423119daa4ea4df' AND file:hashes.SHA256 = '4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--945c2cb2-2d0d-431d-a383-2dbf46b0087a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-26T00:01:37+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8da44018-bdf1-4bad-a949-816ad3937766"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97/detection/f-4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97-1608940897",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ae1dbfb3-805c-40a6-b58e-e0b87b70f693"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "54/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9f07ad66-dba8-41ca-8e09-2f9c0d00da46"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e01e6532-7d60-4367-aa1f-1a34f155ed9d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7375083934dd17f0532da3bd6770ab25' AND file:hashes.SHA1 = 'ac6d919b313bbb18624d26745121fca3e4ae0fd3' AND file:hashes.SHA256 = 'f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2021-01-04T16:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e36355e9-1dae-426d-93bc-662bbd33defc",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:56:46.000Z",
|
|
|
|
"modified": "2021-01-04T16:56:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2020-12-29T02:03:45+00:00",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0a6d34f2-2cae-42ef-bafa-11f877992855"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c/detection/f-f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c-1609207425",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "7a28e9c0-fe81-4c22-9f51-c63b948bfccc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "25/60",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "38dc5c8c-cbd8-492c-bf51-a4bea9f621fe"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--20f9ac21-e557-46c7-b6a7-014870661f3d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2021-01-04T16:59:53.000Z",
|
|
|
|
"modified": "2021-01-04T16:59:53.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"crypto-material\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "RSA",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b2776f5a-08af-446f-b299-3653172e3443"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "private",
|
|
|
|
"value": "pWEzuKkw9nY82VRKYfrw4f4wvrnfnKEApQ5JTkf/YQPzxJtJmwKUjXV759aYQnPIZdGN1RUckdpMZWiYGmsWFYzkNJZpsPihvk9c14zLJDJdmpitYvoy22JFox9iBHqhFAjDC37kzpVH6bafVABdUgUdr0r2EzK+ysJBiR0Ge28ToH94wJTXwBC7hi3G42vk4KmLncPm55NUuz9ZzQ+xqovtN/RyDNL8MDbW4lHWe9Lmi5qlNN/ckIgwDh+sI1rO/T+DmS1Uoo62QWeYTgmlRaCp91AfeC7mNFkXvXUVMs3GlqpIrgbMLPBbBi04sra/pmXp9oteZK4b1fAWKgDZ2B0f11AiX9SFIpJn8odT+Z0tVL2H8IKvANB1507SGq3S2JR3a6SLGODy3yjm3vwfnyaVqL1gNNudkDc5dLVx0tavBj2h5v1PMDCFYpuSZ56qYY1VeQfA56bsPKI2J102ztOktaFmU9jI3G3oxBCV9j1JKOJhltPRjyXAmg9o3sqB5VCxPzmMIL+bxJnEelHdBzVdRpY4pPyEPmdrn2mQ5sXwIA1RfdvF9JruxQF/0yl2WKqK0CE4pKazQWdrYdQaLTPCdMxZv7JKO8Dy5vyHBW08+UTJEuEiQa6Q/1qVkGipUPgK4Wpg3iP6xas9SaV1ovy1o2yC0beVhD+Ean6/5/lfIiG1w/ouzyq0Vprhfmr59ftnduimCDgAPi9mv2Fzg1BcGYt5P0qE7Ya0ycGFyvNvS2eoiA5mjvN67R6jeJ8JF0fPnz7O2QMldjZj0uVfAoMHlgaRP74vOKfOzFHCiPhyXwe8V9Wd3xjctlG4PCVMuUvYn7BFSW82AMefXIWTeIhHD4UdoAuZ3sHsgsFyyaTdVo1WCEWJtMMN0FOyhF0m1R5ozQPJSyuaOUzrDU1fKD57v3Cf5T860kath1w+CQAeWXdbXSR0mvN45rPgYN24qVvvB6kle5Vr20x0EZJ4viCERcreKcJqOV/0GwZU4BR8jUGQkokgD3UvJQf0Vu4mIv6vLZUtvRvEl3URsZNWh7nnKR5jjq3Tx911IH+UQznFncGD402REUpyADZpv0aRfyMZzZFecaxlo/EMS8lhkeukkZQJiwXJH2SV77olADcOfnaOQEq+YU23kRJf+YOdKW3E9NsqF1MKLTdn5+31ka4OyN7wed9HVyJj+clXkNT/YJkS/E869Hm1MPBQv+25451tiXgGcKo/9L5BFmmy77TxYuZMjuRVIanXWwK8tQ+kz0gEj1BG4I477yrhqN2yaQQ2cZ7QhpNPFlnsereCoI8rNBRBp/VgxKS+AKqkKj9UyghlABrYlRypEsM7FDC44tvDJILfb+9IL70qEe+BdPmIIv4/HWHJSEI7K9MWLah7cX4OGLG2eqT9pSkLISFvyEM+9ylo3WYWx2G0m5s0r7O+jRAOdZ1Joy5eGx7PPRCnVcEv0IyhNnFpz4HsNibUAR664rZ+Os05SDNitn3t8RgtAcvTdNHAbtNGLZZj/7KFIyGb1f37teR9/oty8BFsaHhRNVHx22+u+AFR/HbucnbY+prvzAWY3dpjQIO2O+3HoCuz2MXx5gFIfJ0pIA6V9px/j4LOPGPfN159CRItKeOy3ZLtKByaD+FwHBzYHpIWgCvL2vWo+eRWF66oYNvDhB5yVtDgXx0LU789ypKu/vjuvo7obGEoF3NoxJhmNS4DfVMzsy4YdBRhHrBfF36a8ahFSBApu9cd0RmuT09hKmV7m+EGGCXr+MNvzlFQSMzt5Ce5Mj9w507PN/IDLQz8h6236WGZSH2iM2PGUq/UF1wADoHSjPXRcfPparHHHPTcZZkil4HMWP6Y+gDlN0BKKl9ntqyd8QiiqDqwcJIZZG4Jm6lRIhvpBZ14P+z83zePzjMNhVkNVnU4sfDRaemkxZFPF+hGM/PEvqFuEOsX4LfWxOpwLAf+OLLpe71+6QdKDAcwf6553t0TOPCqGr3B+flGGAhi0pqCeAsB0KzS28MakLBxJQPkR/E+F0tHmwBYCCl0haxZnBZ9rJVApq2rAAENA2gQLPaStc0DzrdkIRY6r789la7OzAUqvcTyX8fq/xfYJpz+zUt4PUcVWxoO1+1g9+BpCAlPgZEkIKSbqoSNtkeIMz65CthNiCsX817p8nqBb4BdpcuCihoL49fK6fn/WUnj3xaTiQuNDnvcW9NARgIzqu2lvsZa+qvDBW99gsaeLb4feNlGqZUk98zht7GvywgFEAEYASCAAigAOg5QAEgAWABGAFMAMgAAAEIiQgAwADIARAAwAEYAMwAyAEEAMQBDADkAMgBFADAAOAAAAEqQAXwAQQA6AFIAXwAwAC8AMAB8AEMAOgBGAF8ANAA0ADMAMAA4AC8ANwA2ADQANAA3AHwARAA6AEMAXwAwAC8AMAB8AEUAOgBGAF8AMQA3ADEANgA0ADQALwAyADAAOQA3ADEANAA5AHwARgA6AEYAXwAyADkANAA5ADQANQAvADIAMAA0ADcAOAA2ADgAfAAAAFIQagBnAHIAYQBuAGoAYQAAAGgDckBXAGkAbgBkAG8AdwBzACAAUwBlAHIAdgBlAHIAIAAyADAAMQAyACAAUgAyACAAUwB0AGEAbgBkAGEAcgBkAAAAehJJAE0AUABSAEkATQBJAFMAAAA=",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "02863d35-aab0-4536-88d8-3b04ae1eb74d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "origin",
|
|
|
|
"value": "malware-extraction",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8b7fe772-37c8-4029-8805-442991a0c6e3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "crypto-material"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--fd103a9d-cf10-43cb-a1cb-7c7c5e5c0858",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--cea95fda-2dd9-4676-8768-f558f0d39e71",
|
|
|
|
"target_ref": "x-misp-object--0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--e4110d5f-4b20-4376-8811-6d7a5b07e1df",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--6417c999-3922-4576-9d5e-b4ae50bbb0bf",
|
|
|
|
"target_ref": "x-misp-object--f1901695-8474-4b6a-b9fd-b373c4244b0c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--277cf820-30c7-4e4f-8547-f9cdde23aee6",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--6a026bd8-e76d-4ec8-8dc5-94ad88664df9",
|
|
|
|
"target_ref": "x-misp-object--5f216e8e-983a-4f0c-a17d-370a5cfeb0fc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--1f758608-f8c6-4e02-82a6-03385a7d749b",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--36070fb1-d674-440d-9065-7622c438995e",
|
|
|
|
"target_ref": "x-misp-object--2710f1fd-4267-4340-a33d-ff4a6fdc3928"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--040214af-9dcb-4605-a22b-39b80ae4d9b9",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa",
|
|
|
|
"target_ref": "x-misp-object--6a310603-3817-4d42-9183-709a7188d99c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--750ba336-39e9-43f3-8b06-a5cad20e4d66",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--7ad93f35-96c7-4529-adcc-cc1280740c0e",
|
|
|
|
"target_ref": "x-misp-object--7aa9a533-360b-4b85-8b54-d39e921b834b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--afd40fe7-3bfd-459c-8b35-3ebfd7cc32b6",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--a17e2776-7f1d-4cad-a29d-9ab5dd2d173b",
|
|
|
|
"target_ref": "x-misp-object--1d6a338a-3388-4226-85fb-ff12991aa9d4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--8d9e9785-c0f7-41f8-a5fb-fed502c8775f",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--cc04c553-5a60-4526-acdc-e6d437440d5b",
|
|
|
|
"target_ref": "x-misp-object--cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--f764c8ec-8e50-4ca0-85f7-7ba97bcdc384",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--63287a79-1c3f-4036-9873-158e0d81f3d4",
|
|
|
|
"target_ref": "x-misp-object--9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--c69722fd-cdfc-48c8-a01c-31b8a06a6c45",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--37ec2791-fa7e-409f-b36c-71f1a301a829",
|
|
|
|
"target_ref": "x-misp-object--bf78eda4-f2d2-4141-a2eb-f3f4a70022be"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--d9147376-ab91-46d5-bbc0-590f28fbb693",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--5d6bce96-6c85-4124-a0de-ed5f89f5d956",
|
|
|
|
"target_ref": "x-misp-object--0d39fbbc-c621-4cd1-accb-adaa28dc54d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--98ec77d4-1bc1-43fa-bfeb-abbc9b24d455",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--127fd835-cce8-4ec3-9081-3d846eb2e59a",
|
|
|
|
"target_ref": "x-misp-object--61e087cf-2194-4de6-8557-d6cc07ee69d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--314792fa-59b7-4512-ade6-514286dd64f1",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--61f03b5a-cae9-483c-a8b9-d9dac895f784",
|
|
|
|
"target_ref": "x-misp-object--a5610b99-9939-4579-b6f7-0ef544c12c5c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--2994e413-9152-40a8-82fc-b95a9694564a",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--caf4d1ae-260f-491d-b2e9-415b3dd62938",
|
|
|
|
"target_ref": "x-misp-object--25fc14c1-06c3-4eba-b8cb-58094ee9649f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--47b989e8-8ee3-4401-b719-6ba2742786d1",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--7acd8111-ca39-4ca7-8c71-803b109fdbb1",
|
|
|
|
"target_ref": "x-misp-object--f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--2fba03ad-895e-48db-b05a-cbbafc2bda34",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--29426b95-4459-42eb-a768-16505e1b377c",
|
|
|
|
"target_ref": "x-misp-object--849ff98d-f0ec-47fa-9637-45dbb8dc304e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--16d9cd2f-a210-40fe-9887-7a66a0aa3c32",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--e81e457d-a6d4-4660-a30d-436c4a6feed7",
|
|
|
|
"target_ref": "x-misp-object--462c4e22-eee2-42e5-80c2-0f6a72bb7805"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--854e23bf-46fe-4c4b-9c78-3ee3b4a53148",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--0a65ede5-747d-473a-965e-b8cfffe90acd",
|
|
|
|
"target_ref": "x-misp-object--945c2cb2-2d0d-431d-a383-2dbf46b0087a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--fe95b534-5459-4a02-ac30-628a1b506b65",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "1970-01-01T00:00:00.000Z",
|
|
|
|
"modified": "1970-01-01T00:00:00.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--e01e6532-7d60-4367-aa1f-1a34f155ed9d",
|
|
|
|
"target_ref": "x-misp-object--e36355e9-1dae-426d-93bc-662bbd33defc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|