{ "type": "bundle", "id": "bundle--5a4c9342-6d0c-43af-bd8d-45ae950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:13.000Z", "modified": "2018-01-03T21:00:13.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a4c9342-6d0c-43af-bd8d-45ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:13.000Z", "modified": "2018-01-03T21:00:13.000Z", "name": "M2M - GlobeImposter \"..doc\" 2017-12-26 :\n \"CCE26122017_001234\" - \"CCE26122017_001234.7z\"", "context": "suspicious-activity", "object_refs": [ "indicator--5a4c9343-40f0-4ce2-846b-4111950d210f", "indicator--5a4c9345-3f4c-4a63-99b7-4cfa950d210f", "observed-data--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "indicator--5a4c9349-a040-499f-a47c-4dbf950d210f", "observed-data--5a4c934c-dbc0-4caf-9085-46fe950d210f", "network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f", "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f", "indicator--5a4c934e-e494-4d21-b6e2-4781950d210f", "observed-data--5a4c934f-4970-45ca-be63-4040950d210f", "network-traffic--5a4c934f-4970-45ca-be63-4040950d210f", "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f", "indicator--5a4c9351-b7c8-4acd-bd78-41d4950d210f", "observed-data--5a4c9354-e4fc-4246-bed3-42c1950d210f", "network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f", "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f", "indicator--5a4c9357-0ae8-48ca-ab7c-4711950d210f", "observed-data--5a4c935d-1f14-4ceb-8023-41e8950d210f", "network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f", "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f", "indicator--5a4c9360-daf8-4fda-b153-4cbf950d210f", "observed-data--5a4c9361-0bf8-4741-966e-4f75950d210f", "network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f", "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f", "indicator--5a4c9363-b514-49be-ba68-4a1f950d210f", "observed-data--5a4c9365-9ad4-4148-a48f-4263950d210f", "network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f", "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f", "indicator--5a4c9366-4e2c-49e4-8f54-4a64950d210f", "indicator--5a4c9369-9360-4f29-b2be-46c9950d210f", "observed-data--5a4c936b-a718-4cac-8d9b-4372950d210f", "network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f", "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f", "indicator--5a4c936d-a89c-4d5d-aeb8-409a950d210f", "indicator--5a4c936f-56bc-426e-82b3-4424950d210f", "observed-data--5a4c9371-7718-4100-a2fd-4691950d210f", "network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f", "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f", "indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341", "x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2", "relationship--2c670523-5004-4c88-af54-5dadf473b24e" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:ransomware=\"Fake Globe Ransomware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9343-40f0-4ce2-846b-4111950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T08:24:35.000Z", "modified": "2018-01-03T08:24:35.000Z", "pattern": "[file:hashes.MD5 = '2ca016fa98dd5227625befe9edfaba98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T08:24:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9345-3f4c-4a63-99b7-4cfa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'www.caynannews.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "dst_ref": "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f", "value": "213.168.251.122" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9349-a040-499f-a47c-4dbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'www.pspmagic.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c934c-dbc0-4caf-9085-46fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f", "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f", "dst_ref": "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f", "value": "185.181.116.171" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c934e-e494-4d21-b6e2-4781950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'www.software24x7.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c934f-4970-45ca-be63-4040950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c934f-4970-45ca-be63-4040950d210f", "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c934f-4970-45ca-be63-4040950d210f", "dst_ref": "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f", "value": "67.59.136.100" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9351-b7c8-4acd-bd78-41d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'www.ta-pu.ir']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9354-e4fc-4246-bed3-42c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f", "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f", "dst_ref": "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f", "value": "164.215.130.66" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9357-0ae8-48ca-ab7c-4711950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'www.thedournalist.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c935d-1f14-4ceb-8023-41e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f", "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f", "dst_ref": "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f", "value": "86.106.30.37" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9360-daf8-4fda-b153-4cbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'www.trafik-site.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9361-0bf8-4741-966e-4f75950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f", "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f", "dst_ref": "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f", "value": "31.31.196.247" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9363-b514-49be-ba68-4a1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'www.zhaksylyk.kz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9365-9ad4-4148-a48f-4263950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f", "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f", "dst_ref": "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f", "value": "185.98.7.180" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9366-4e2c-49e4-8f54-4a64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c9369-9360-4f29-b2be-46c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c936b-a718-4cac-8d9b-4372950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f", "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f", "dst_ref": "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f", "value": "103.198.0.2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c936d-a89c-4d5d-aeb8-409a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a4c936f-56bc-426e-82b3-4424950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "pattern": "[domain-name:value = 'psoeiras.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a4c9371-7718-4100-a2fd-4691950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:05.000Z", "modified": "2018-01-03T21:00:05.000Z", "first_observed": "2018-01-03T21:00:05Z", "last_observed": "2018-01-03T21:00:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f", "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f", "dst_ref": "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f", "value": "74.220.219.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:08.000Z", "modified": "2018-01-03T21:00:08.000Z", "pattern": "[file:hashes.MD5 = '2ca016fa98dd5227625befe9edfaba98' AND file:hashes.SHA1 = 'd0e9dea7f6bf547d854573dd03b6fbeaa1965752' AND file:hashes.SHA256 = '3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-03T21:00:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-03T21:00:06.000Z", "modified": "2018-01-03T21:00:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547/analysis/1514940489/", "category": "External analysis", "uuid": "5a4d4456-62d8-4896-b384-42ce02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Other", "uuid": "5a4d4456-6f60-47f3-bf38-412d02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-03 00:48:09", "category": "Other", "uuid": "5a4d4456-7360-4315-8aa6-4f9c02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c670523-5004-4c88-af54-5dadf473b24e", "created": "2018-01-03T21:00:06.000Z", "modified": "2018-01-03T21:00:06.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341", "target_ref": "x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }