adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5770f374-7cc4-40d6-9d1f-46f8950d210f.json

581 lines
25 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5770f374-7cc4-40d6-9d1f-46f8950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:58.000Z",
"modified": "2016-06-27T09:40:58.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5770f374-7cc4-40d6-9d1f-46f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:58.000Z",
"modified": "2016-06-27T09:40:58.000Z",
"name": "OSINT - Doh! New \"Bart\" Ransomware from Threat Actors Spreading Dridex and Locky",
"published": "2016-06-27T09:43:43Z",
"object_refs": [
"observed-data--5770f38c-1824-4bb7-b138-461a950d210f",
"url--5770f38c-1824-4bb7-b138-461a950d210f",
"x-misp-attribute--5770f39f-083c-402d-983a-443e950d210f",
"indicator--5770f3e3-9a60-40d1-b67d-46fe950d210f",
"indicator--5770f3e4-5d3c-49b9-9751-44de950d210f",
"indicator--5770f3e4-89ec-4e84-8a65-49b6950d210f",
"indicator--5770f3e5-747c-4544-8ef5-4cbf950d210f",
"indicator--5770f3e5-3fd8-46d0-8db2-4062950d210f",
"indicator--5770f3fa-9888-452b-99ca-4afc950d210f",
"indicator--5770f42c-7760-4e9b-bd75-3123950d210f",
"indicator--5770f42d-90cc-4a11-a948-3123950d210f",
"indicator--5770f4aa-bc0c-4416-9044-42e102de0b81",
"indicator--5770f4ab-4e1c-42ff-a419-4ea802de0b81",
"observed-data--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"url--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"indicator--5770f4ac-c42c-4a7e-bd79-4b3402de0b81",
"indicator--5770f4ac-3c28-4572-b1f0-44e702de0b81",
"observed-data--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"url--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"indicator--5770f4ad-1500-4ca1-a628-4c5902de0b81",
"indicator--5770f4ad-0968-41cc-80ee-404802de0b81",
"observed-data--5770f4ae-7678-403c-9b07-4bb102de0b81",
"url--5770f4ae-7678-403c-9b07-4bb102de0b81",
"indicator--5770f4ae-d228-48f7-b9f8-402002de0b81",
"indicator--5770f4af-ed3c-4a99-8a7b-4e8902de0b81",
"observed-data--5770f4af-9f58-4ffe-a278-4cdc02de0b81",
"url--5770f4af-9f58-4ffe-a278-4cdc02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\"",
"ecsirt:malicious-code=\"ransomware\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f38c-1824-4bb7-b138-461a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:36:12.000Z",
"modified": "2016-06-27T09:36:12.000Z",
"first_observed": "2016-06-27T09:36:12Z",
"last_observed": "2016-06-27T09:36:12Z",
"number_observed": 1,
"object_refs": [
"url--5770f38c-1824-4bb7-b138-461a950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f38c-1824-4bb7-b138-461a950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threat-Actors-Spreading-Dridex-and-Locky"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5770f39f-083c-402d-983a-443e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:36:31.000Z",
"modified": "2016-06-27T09:36:31.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Overview\r\n\r\nThe actors behind Dridex 220 and Locky Affid=3 have introduced a new ransomware called \u00e2\u20ac\u0153Bart\u00e2\u20ac\u009d. They are using the RockLoader malware to download Bart over HTTPS. Bart has a payment screen like Locky but encrypts files without first connecting to a command and control (C&C) server.\r\n\r\nAnalysis\r\n\r\nOn June 24, Proofpoint researchers detected a large campaign with .zip attachments containing JavaScript code. If opened, these attachments download and install the intermediary loader RockLoader (previously discovered by Proofpoint and used with Locky), which in turn downloads the new ransomware called \u00e2\u20ac\u0153Bart\u00e2\u20ac\u009d. The messages in this campaign had the subjects \"Photos\u00e2\u20ac\u009d with the attachment \"photos.zip\", \"image.zip\", \"Photos.zip\", \"photo.zip\", \"Photo.zip\", or \"picture.zip.\" The zip files contained JavaScript file such as \"PDF_123456789.js.\""
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e3-9a60-40d1-b67d-46fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:39.000Z",
"modified": "2016-06-27T09:37:39.000Z",
"description": "Photos.zip email attachment",
"pattern": "[file:hashes.SHA256 = '247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e4-5d3c-49b9-9751-44de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:40.000Z",
"modified": "2016-06-27T09:37:40.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'Photos.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e4-89ec-4e84-8a65-49b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:40.000Z",
"modified": "2016-06-27T09:37:40.000Z",
"description": "FILE 21076073.js file inside Photos.zip",
"pattern": "[file:hashes.SHA256 = '7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e5-747c-4544-8ef5-4cbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:41.000Z",
"modified": "2016-06-27T09:37:41.000Z",
"description": "RockLoader",
"pattern": "[file:hashes.SHA256 = '5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e5-3fd8-46d0-8db2-4062950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:41.000Z",
"modified": "2016-06-27T09:37:41.000Z",
"description": "6kuTU1.exe (Bart ransomware)",
"pattern": "[file:hashes.SHA256 = '51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3fa-9888-452b-99ca-4afc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:38:02.000Z",
"modified": "2016-06-27T09:38:02.000Z",
"description": "JavaScript Payload (RockLoader)",
"pattern": "[url:value = 'http://camera-test.hi2.ro/89ug6b7ui?voQeTqDw=RUYEzU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f42c-7760-4e9b-bd75-3123950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:38:52.000Z",
"modified": "2016-06-27T09:38:52.000Z",
"description": "Rockloader C&C",
"pattern": "[url:value = 'https://summerr554fox.su/api/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f42d-90cc-4a11-a948-3123950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:38:53.000Z",
"modified": "2016-06-27T09:38:53.000Z",
"description": "RockLoader Payload",
"pattern": "[url:value = 'https://summerr554fox.su/files/6kuTU1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4aa-bc0c-4416-9044-42e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:58.000Z",
"modified": "2016-06-27T09:40:58.000Z",
"description": "6kuTU1.exe (Bart ransomware) - Xchecked via VT: 51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705",
"pattern": "[file:hashes.SHA1 = '158137d4835f7596ad0ef2a191d0e0d8976f0089']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:40:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ab-4e1c-42ff-a419-4ea802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:59.000Z",
"modified": "2016-06-27T09:40:59.000Z",
"description": "6kuTU1.exe (Bart ransomware) - Xchecked via VT: 51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705",
"pattern": "[file:hashes.MD5 = '65535f2b1ecee54718233e40e3f333b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:40:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:59.000Z",
"modified": "2016-06-27T09:40:59.000Z",
"first_observed": "2016-06-27T09:40:59Z",
"last_observed": "2016-06-27T09:40:59Z",
"number_observed": 1,
"object_refs": [
"url--5770f4ab-8ff4-4327-8fac-4ff002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"value": "https://www.virustotal.com/file/51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705/analysis/1466936803/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ac-c42c-4a7e-bd79-4b3402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:00.000Z",
"modified": "2016-06-27T09:41:00.000Z",
"description": "RockLoader - Xchecked via VT: 5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d",
"pattern": "[file:hashes.SHA1 = '960ec30ad5e94a35991a30b36411a4144b97b0d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ac-3c28-4572-b1f0-44e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:00.000Z",
"modified": "2016-06-27T09:41:00.000Z",
"description": "RockLoader - Xchecked via VT: 5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d",
"pattern": "[file:hashes.MD5 = '846171e2629b712429a903811d19c12b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:01.000Z",
"modified": "2016-06-27T09:41:01.000Z",
"first_observed": "2016-06-27T09:41:01Z",
"last_observed": "2016-06-27T09:41:01Z",
"number_observed": 1,
"object_refs": [
"url--5770f4ad-d7e0-4ed6-a52f-426502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"value": "https://www.virustotal.com/file/5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d/analysis/1466991759/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ad-1500-4ca1-a628-4c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:01.000Z",
"modified": "2016-06-27T09:41:01.000Z",
"description": "FILE 21076073.js file inside Photos.zip - Xchecked via VT: 7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b",
"pattern": "[file:hashes.SHA1 = '387e6c2936af749d34690a8090127d75eb0970ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ad-0968-41cc-80ee-404802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:01.000Z",
"modified": "2016-06-27T09:41:01.000Z",
"description": "FILE 21076073.js file inside Photos.zip - Xchecked via VT: 7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b",
"pattern": "[file:hashes.MD5 = '2808adab51f43b747ce61034a96ab9de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4ae-7678-403c-9b07-4bb102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:02.000Z",
"modified": "2016-06-27T09:41:02.000Z",
"first_observed": "2016-06-27T09:41:02Z",
"last_observed": "2016-06-27T09:41:02Z",
"number_observed": 1,
"object_refs": [
"url--5770f4ae-7678-403c-9b07-4bb102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4ae-7678-403c-9b07-4bb102de0b81",
"value": "https://www.virustotal.com/file/7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b/analysis/1467016185/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ae-d228-48f7-b9f8-402002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:02.000Z",
"modified": "2016-06-27T09:41:02.000Z",
"description": "Photos.zip email attachment - Xchecked via VT: 247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d",
"pattern": "[file:hashes.SHA1 = '929b26eb040c5976af32be4f19e059d016df2273']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4af-ed3c-4a99-8a7b-4e8902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:03.000Z",
"modified": "2016-06-27T09:41:03.000Z",
"description": "Photos.zip email attachment - Xchecked via VT: 247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d",
"pattern": "[file:hashes.MD5 = 'c9c69655db4a45686f9dcef0108b49b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4af-9f58-4ffe-a278-4cdc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:03.000Z",
"modified": "2016-06-27T09:41:03.000Z",
"first_observed": "2016-06-27T09:41:03Z",
"last_observed": "2016-06-27T09:41:03Z",
"number_observed": 1,
"object_refs": [
"url--5770f4af-9f58-4ffe-a278-4cdc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4af-9f58-4ffe-a278-4cdc02de0b81",
"value": "https://www.virustotal.com/file/247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d/analysis/1467017028/"
}
]
}
Reference in a new issue Copy permalink