{ "type": "bundle", "id": "bundle--5d832991-f5e4-4623-945f-4bf6950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:59:17.000Z", "modified": "2019-09-19T12:59:17.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d832991-f5e4-4623-945f-4bf6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:59:17.000Z", "modified": "2019-09-19T12:59:17.000Z", "name": "OSINT - New Gootkit Banking Trojan campaign against Italian Companies and Users.", "published": "2019-09-19T13:09:44Z", "object_refs": [ "x-misp-attribute--5d8379b5-a06c-4378-92f3-c1bb950d210f", "x-misp-attribute--5d8379b5-9278-44d9-ba81-c1bb950d210f", "x-misp-attribute--5d8379b5-8ca4-42bf-a750-c1bb950d210f", "x-misp-attribute--5d8379b5-6ce8-44b5-861c-c1bb950d210f", "x-misp-attribute--5d8379b5-a79c-4138-bd9b-c1bb950d210f", "x-misp-attribute--5d8379b5-a554-4a3c-a460-c1bb950d210f", "x-misp-attribute--5d8379b5-bb98-40a1-9f0d-c1bb950d210f", "x-misp-attribute--5d8379b5-ffd8-421c-86ff-c1bb950d210f", "x-misp-attribute--5d8379b5-a01c-4e29-aff6-c1bb950d210f", "x-misp-attribute--5d8379b5-7d04-4b3e-ba6f-c1bb950d210f", "x-misp-attribute--5d8379b5-0ef4-4904-881d-c1bb950d210f", "x-misp-attribute--5d8379b5-eef0-42d9-9f25-c1bb950d210f", "x-misp-attribute--5d8379b5-b3b0-4eab-86a2-c1bb950d210f", "indicator--5d837a94-cb00-4865-b2c8-c1c3950d210f", "indicator--5d837a94-7960-4cb7-a565-c1c3950d210f", "indicator--5d837a94-b35c-4ba9-80d4-c1c3950d210f", "indicator--5d837a94-af68-40ed-85e3-c1c3950d210f", "indicator--5d837a94-be98-448c-9a29-c1c3950d210f", "indicator--5d837a94-2fd4-407b-99f3-c1c3950d210f", "observed-data--5d837ab1-3664-49ea-aca3-4514e387cbd9", "network-traffic--5d837ab1-3664-49ea-aca3-4514e387cbd9", "ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9", "observed-data--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "network-traffic--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "x-misp-object--5d832cb5-cc3c-43b6-ad5c-4c04950d210f", "indicator--6bbf9a7d-6542-429f-ac4a-333de70ae74b", "x-misp-object--3434304f-aa8f-4e7a-ac4a-4bce602af10e", "indicator--2d9d2fde-e283-457f-af6a-c2ed2d413a2b", "x-misp-object--5e753062-9287-4953-9bdb-0dd05bbbffa7", "relationship--9537f263-eec7-44da-880d-1b64b7876287", "relationship--973536c6-88dd-499c-856b-7c15b962d7ec" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:topic=\"finance\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:tool=\"GootKit\"", "misp-galaxy:malpedia=\"GootKit\"", "misp-galaxy:financial-fraud=\"Malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-a06c-4378-92f3-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Unicredit" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-9278-44d9-ba81-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "In-Bank" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-8ca4-42bf-a750-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Cedacri" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-6ce8-44b5-861c-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Intesa Sanpaolo" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-a79c-4138-bd9b-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Groupe Banque Populaire" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-a554-4a3c-a460-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Poste Italiane" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-bb98-40a1-9f0d-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Cr\u00c3\u00a9dit Agricole" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-ffd8-421c-86ff-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "CariParma" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-a01c-4e29-aff6-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Cr\u00c3\u00a9dit Coop\u00c3\u00a9ratif" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-7d04-4b3e-ba6f-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "BNP Paribas" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-0ef4-4904-881d-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Caisse D'Epargne" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-eef0-42d9-9f25-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Banco BPM" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d8379b5-b3b0-4eab-86a2-c1bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:51:01.000Z", "modified": "2019-09-19T12:51:01.000Z", "labels": [ "misp:type=\"target-org\"", "misp:category=\"Targeting data\"" ], "x_misp_category": "Targeting data", "x_misp_type": "target-org", "x_misp_value": "Raiffeisen" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d837a94-cb00-4865-b2c8-c1c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:54:44.000Z", "modified": "2019-09-19T12:54:44.000Z", "description": "Dropurl", "pattern": "[url:value = 'https://itp.surfpapara.com/b807112.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:54:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d837a94-7960-4cb7-a565-c1c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:54:44.000Z", "modified": "2019-09-19T12:54:44.000Z", "pattern": "[domain-name:value = 'itp.surfpapara.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:54:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d837a94-b35c-4ba9-80d4-c1c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:54:44.000Z", "modified": "2019-09-19T12:54:44.000Z", "description": "C2 (gootkit)", "pattern": "[url:value = 'https://web.mavensd.org/200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:54:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d837a94-af68-40ed-85e3-c1c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:54:44.000Z", "modified": "2019-09-19T12:54:44.000Z", "pattern": "[domain-name:value = 'web.mavensd.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:54:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d837a94-be98-448c-9a29-c1c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:54:44.000Z", "modified": "2019-09-19T12:54:44.000Z", "pattern": "[domain-name:value = 'cdn.areascans.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:54:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d837a94-2fd4-407b-99f3-c1c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:54:44.000Z", "modified": "2019-09-19T12:54:44.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.141.27.101']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:54:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d837ab1-3664-49ea-aca3-4514e387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:55:13.000Z", "modified": "2019-09-19T12:55:13.000Z", "first_observed": "2019-09-19T12:55:13Z", "last_observed": "2019-09-19T12:55:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5d837ab1-3664-49ea-aca3-4514e387cbd9", "ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d837ab1-3664-49ea-aca3-4514e387cbd9", "src_ref": "ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9", "value": "89.238.181.100" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:55:13.000Z", "modified": "2019-09-19T12:55:13.000Z", "first_observed": "2019-09-19T12:55:13Z", "last_observed": "2019-09-19T12:55:13Z", "number_observed": 1, "object_refs": [ "network-traffic--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "src_ref": "ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9", "value": "46.166.176.152" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5d832cb5-cc3c-43b6-ad5c-4c04950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T07:29:47.000Z", "modified": "2019-09-19T07:29:47.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"", "osint:source-type=\"blog-post\"", "osint:source-type=\"pastie-website\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "New Gootkit Banking Trojan campaign against Italian Companies and Users.\r\nhttps://blog.yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/\r\nIOCs:\r\nhttps://pastebin.com/6P5NWa1U\r\n#Gootkit #Banking #Trojan #Malware", "category": "Other", "uuid": "5d832cb5-4318-4aa8-a51e-4e22950d210f" }, { "type": "text", "object_relation": "type", "value": "Twitter", "category": "Other", "uuid": "5d832cb5-5874-420a-92bd-4fb4950d210f" }, { "type": "url", "object_relation": "embedded-link", "value": "https://t.co/3yyykFMc1R?amp=1", "category": "Network activity", "to_ids": true, "uuid": "5d832cb5-a7bc-4969-8d1d-4dab950d210f" }, { "type": "text", "object_relation": "username", "value": "Bank_Security", "category": "Other", "uuid": "5d832cb5-b220-45ea-9690-4d2f950d210f" }, { "type": "link", "object_relation": "link", "value": "https://mobile.twitter.com/Bank_Security/status/1174556512980819968", "category": "External analysis", "uuid": "5d832cb5-c344-49e8-a1a4-47b4950d210f" }, { "type": "text", "object_relation": "state", "value": "Informative", "category": "Other", "uuid": "5d832cdd-7090-4089-88f3-46ca950d210f" }, { "type": "datetime", "object_relation": "creation-date", "value": "2019-09-19T07:31:00", "category": "Other", "uuid": "5d832cdd-6b08-4374-8c0f-4d43950d210f" }, { "type": "url", "object_relation": "embedded-link", "value": "https://t.co/9luSvWSO2e?amp=1", "category": "Network activity", "to_ids": true, "uuid": "5d832e6b-6108-463f-9d4d-46ea950d210f" }, { "type": "link", "object_relation": "embedded-link", "value": "https://blog.yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/", "category": "External analysis", "to_ids": true, "uuid": "5d832e6b-010c-4433-b25e-470c950d210f" }, { "type": "link", "object_relation": "embedded-link", "value": "https://pastebin.com/6P5NWa1U", "category": "External analysis", "to_ids": true, "uuid": "5d832e6b-abfc-4b0c-b672-465c950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6bbf9a7d-6542-429f-ac4a-333de70ae74b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:52:04.000Z", "modified": "2019-09-19T12:52:04.000Z", "pattern": "[file:hashes.MD5 = 'eb2a050f3c7b6fa0dc1d455232e786f3' AND file:hashes.SHA1 = 'da03a783b590c9c998b593b9701cb227322856b9' AND file:hashes.SHA256 = '67a96b2a5657bf39971c50e1b0e7f08f742b62bb1dffe45398298806d2e9fdba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:52:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3434304f-aa8f-4e7a-ac4a-4bce602af10e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:52:04.000Z", "modified": "2019-09-19T12:52:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-19T05:45:56", "category": "Other", "comment": "vbs", "uuid": "a7a82bfa-e573-4fe9-8ce4-a1c1b03717f4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/67a96b2a5657bf39971c50e1b0e7f08f742b62bb1dffe45398298806d2e9fdba/analysis/1568871956/", "category": "Payload delivery", "comment": "vbs", "uuid": "603f9363-bbf0-4a65-8917-3251a4739791" }, { "type": "text", "object_relation": "detection-ratio", "value": "12/56", "category": "Payload delivery", "comment": "vbs", "uuid": "4c4adb3b-c544-4ec3-b57f-4343cabfb5d7" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d9d2fde-e283-457f-af6a-c2ed2d413a2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:52:04.000Z", "modified": "2019-09-19T12:52:04.000Z", "pattern": "[file:hashes.MD5 = '41db936a62634ba98b33051da243632a' AND file:hashes.SHA1 = 'f074c230441a9b682fb5cc4dae8615d4ad1a3fa5' AND file:hashes.SHA256 = 'c18c2e2636ebf84eec95f59b16c3091d02d57ac9f1b9d79fb61e160fb1a32a73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-19T12:52:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5e753062-9287-4953-9bdb-0dd05bbbffa7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-09-19T12:52:05.000Z", "modified": "2019-09-19T12:52:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-18T13:39:42", "category": "Other", "comment": "exe", "uuid": "72ea703a-87e2-421b-9abe-f5c5cc0fe8f1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c18c2e2636ebf84eec95f59b16c3091d02d57ac9f1b9d79fb61e160fb1a32a73/analysis/1568813982/", "category": "Payload delivery", "comment": "exe", "uuid": "e4eeee01-bbc4-41e0-816b-381eb061278f" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/69", "category": "Payload delivery", "comment": "exe", "uuid": "ebd702a3-5b3b-4264-a959-8e9bebc5db73" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9537f263-eec7-44da-880d-1b64b7876287", "created": "2019-09-19T12:52:05.000Z", "modified": "2019-09-19T12:52:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6bbf9a7d-6542-429f-ac4a-333de70ae74b", "target_ref": "x-misp-object--3434304f-aa8f-4e7a-ac4a-4bce602af10e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--973536c6-88dd-499c-856b-7c15b962d7ec", "created": "2019-09-19T12:52:05.000Z", "modified": "2019-09-19T12:52:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2d9d2fde-e283-457f-af6a-c2ed2d413a2b", "target_ref": "x-misp-object--5e753062-9287-4953-9bdb-0dd05bbbffa7" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }