{ "type": "bundle", "id": "bundle--e6d2f7c9-c183-43c9-bd3c-3dcfbb34665c", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:48:11.000Z", "modified": "2020-12-15T08:48:11.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--e6d2f7c9-c183-43c9-bd3c-3dcfbb34665c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:48:11.000Z", "modified": "2020-12-15T08:48:11.000Z", "name": "OSINT Threat Advisory: SolarWinds supply chain attack", "published": "2020-12-15T08:48:30Z", "object_refs": [ "indicator--c07901d2-ca25-4986-84c4-f45a3d4f9937", "indicator--16bb46e1-e3ee-41a5-b1d4-b0adff96a433", "indicator--432b2d64-6a64-404c-adf6-4bba616cbc7b", "indicator--c2c90e65-9240-4223-92b1-5cdf29b413e6", "indicator--b2f7c60c-95e0-41a0-94f6-a07b3aeb7ba3", "indicator--c8dd6cd6-2013-4ca2-9662-bf47ec8fabe4", "indicator--35eb0eb7-c945-41f5-85f2-ee28e4b088e6", "indicator--a576de5e-3459-4748-abf7-e524283a2097", "indicator--3889ee21-49be-459b-8c01-064532e02b75", "indicator--00645cce-0a90-454f-bffa-42c82953f638", "indicator--ea49694a-96f1-430d-b809-e4026a06db8c", "indicator--ea94b805-134d-45b9-95e7-e35ac94579a7", "indicator--4494738b-8193-49b7-9765-f594448319fb", "indicator--b82f53a3-007d-44cc-ae1d-58b717e46126", "indicator--70aa6792-60ef-41b3-972f-4d3ec5c3f717", "indicator--cdff90cd-9e2e-4f54-929f-1836956a914c", "indicator--d760f240-4654-4bb3-8bf5-9d33763e7c0f", "indicator--ecd50b7b-338a-4e92-8531-6c99094f3de7", "indicator--aff00f43-175b-4c0f-b347-fc140c8a8e87", "indicator--64c1e9eb-0647-4333-9a10-f4bca1232aef", "indicator--d108c2c1-5063-43da-b244-13b578932877", "indicator--cbe65ce5-1942-493c-a528-d3a84ac0997f", "indicator--23fe01ed-a5b5-419b-add3-4c69d41e2a96", "observed-data--2d2d112b-d8d6-4402-b4e7-65e76744e1a1", "url--2d2d112b-d8d6-4402-b4e7-65e76744e1a1", "indicator--a20fef59-369c-49a0-8e44-90f88f0b4026", "x-misp-object--f8629dcd-1aac-4818-a9ab-491c2344c795", "indicator--094b634a-771e-4086-a212-7d72fb6b3989", "x-misp-object--3fc73855-0ef4-4a27-8fc5-83b812d489eb", "indicator--37dbabfb-262e-4835-889e-2e5595f7c0e4", "x-misp-object--1b572e2c-d1ce-4cdf-a083-130a37e2db24", "indicator--15a9eca3-03a5-49b3-ba45-63f381932aad", "x-misp-object--1f475208-7094-488e-805e-9c3fdc643171", "indicator--2daa2208-4a80-4d53-9e40-43714e196dc2", "x-misp-object--3e830e40-5537-4262-8890-6662846770c8", "relationship--d53cf854-e0c3-4ef5-9b3f-73119b9fd87f", "relationship--d9aa5139-9bf4-4e47-bd0d-f5247b070154", "relationship--7c17600f-e443-4da8-96b1-e405ee25b509", "relationship--986279d5-cc96-4f61-9e67-e3ff7497c7d0", "relationship--0ade6952-be00-4210-befb-74fbc80fd5fe" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c07901d2-ca25-4986-84c4-f45a3d4f9937", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'avsvmcloud.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16bb46e1-e3ee-41a5-b1d4-b0adff96a433", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'zupertech.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--432b2d64-6a64-404c-adf6-4bba616cbc7b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'panhardware.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2c90e65-9240-4223-92b1-5cdf29b413e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'databasegalore.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2f7c60c-95e0-41a0-94f6-a07b3aeb7ba3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'incomeupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8dd6cd6-2013-4ca2-9662-bf47ec8fabe4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'highdatabase.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--35eb0eb7-c945-41f5-85f2-ee28e4b088e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'websitetheme.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a576de5e-3459-4748-abf7-e524283a2097", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'freescanonline.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3889ee21-49be-459b-8c01-064532e02b75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'virtualdataserver.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00645cce-0a90-454f-bffa-42c82953f638", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'deftsecurity.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea49694a-96f1-430d-b809-e4026a06db8c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'thedoccloud.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea94b805-134d-45b9-95e7-e35ac94579a7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'digitalcollege.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4494738b-8193-49b7-9765-f594448319fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'globalnetworkissues.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b82f53a3-007d-44cc-ae1d-58b717e46126", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'seobundlekit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70aa6792-60ef-41b3-972f-4d3ec5c3f717", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:20.000Z", "modified": "2020-12-15T08:16:20.000Z", "pattern": "[domain-name:value = 'virtualwebdata.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cdff90cd-9e2e-4f54-929f-1836956a914c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = '019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d760f240-4654-4bb3-8bf5-9d33763e7c0f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = '32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ecd50b7b-338a-4e92-8531-6c99094f3de7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = 'ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aff00f43-175b-4c0f-b347-fc140c8a8e87", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = 'c09040d35630d75dfef0f804f320f8b3d16a481071076918e9b236a321c1ea77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64c1e9eb-0647-4333-9a10-f4bca1232aef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d108c2c1-5063-43da-b244-13b578932877", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = 'ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbe65ce5-1942-493c-a528-d3a84ac0997f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = 'd0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23fe01ed-a5b5-419b-add3-4c69d41e2a96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:16:35.000Z", "modified": "2020-12-15T08:16:35.000Z", "pattern": "[file:hashes.SHA256 = 'dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2d2d112b-d8d6-4402-b4e7-65e76744e1a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:17:01.000Z", "modified": "2020-12-15T08:17:01.000Z", "first_observed": "2020-12-15T08:17:01Z", "last_observed": "2020-12-15T08:17:01Z", "number_observed": 1, "object_refs": [ "url--2d2d112b-d8d6-4402-b4e7-65e76744e1a1" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--2d2d112b-d8d6-4402-b4e7-65e76744e1a1", "value": "https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a20fef59-369c-49a0-8e44-90f88f0b4026", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "pattern": "[file:hashes.MD5 = '02af7cec58b9a5da1c542b5a32151ba1' AND file:hashes.SHA1 = '1b476f58ca366b54f34d714ffce3fd73cc30db1a' AND file:hashes.SHA256 = 'd0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f8629dcd-1aac-4818-a9ab-491c2344c795", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-15T08:08:23+00:00", "category": "Other", "uuid": "4b114d22-6e88-4edd-a380-447c957f6b00" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600/detection/f-d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600-1608019703", "category": "Payload delivery", "uuid": "3cc15b9f-7b5d-4772-947e-21f2deab16d6" }, { "type": "text", "object_relation": "detection-ratio", "value": "6/48", "category": "Payload delivery", "uuid": "b0daaf8c-4ba1-464b-9dbe-e23adf6bbc9a" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--094b634a-771e-4086-a212-7d72fb6b3989", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "pattern": "[file:hashes.MD5 = '2c4a910a1299cdae2a4e55988a2f102e' AND file:hashes.SHA1 = '2f1a5a7411d015d01aaee4535835400191645023' AND file:hashes.SHA256 = '019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3fc73855-0ef4-4a27-8fc5-83b812d489eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-15T08:07:29+00:00", "category": "Other", "uuid": "aabd4c40-51c2-44db-aff9-e22d42ff8073" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1608019649", "category": "Payload delivery", "uuid": "2bd19d5b-2579-46b2-83e2-802aeb053746" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/69", "category": "Payload delivery", "uuid": "49603f27-23c5-47da-8b0c-d467bfaec90d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37dbabfb-262e-4835-889e-2e5595f7c0e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "pattern": "[file:hashes.MD5 = '56ceb6d0011d87b6e4d7023d7ef85676' AND file:hashes.SHA1 = '75af292f34789a1c782ea36c7127bf6106f595e8' AND file:hashes.SHA256 = 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1b572e2c-d1ce-4cdf-a083-130a37e2db24", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-15T08:02:48+00:00", "category": "Other", "uuid": "6cc5b161-ca94-401a-ac7e-c88c80c83535" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1608019368", "category": "Payload delivery", "uuid": "9e33a77b-2ac6-4575-89ff-6a8b4267ed01" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/68", "category": "Payload delivery", "uuid": "8aa4bec2-67e3-4f3b-979e-6ddc36335eeb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--15a9eca3-03a5-49b3-ba45-63f381932aad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "pattern": "[file:hashes.MD5 = 'b91ce2fa41029f6955bff20079468448' AND file:hashes.SHA1 = '76640508b1e7759e548771a5359eaed353bf1eec' AND file:hashes.SHA256 = '32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1f475208-7094-488e-805e-9c3fdc643171", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-15T08:06:06+00:00", "category": "Other", "uuid": "9f9f7467-bb1e-487e-a310-a356bbbba48c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1608019566", "category": "Payload delivery", "uuid": "adaee742-60b7-4662-92b3-54c2ac7f0aa0" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/66", "category": "Payload delivery", "uuid": "6ac308e3-251a-40b6-9cd9-b0611bdfa5ab" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2daa2208-4a80-4d53-9e40-43714e196dc2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "pattern": "[file:hashes.MD5 = '846e27a652a5e1bfbd0ddd38a16dc865' AND file:hashes.SHA1 = 'd130bd75645c2433f88ac03e73395fba172ef676' AND file:hashes.SHA256 = 'ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-15T08:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3e830e40-5537-4262-8890-6662846770c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-15T08:18:26.000Z", "modified": "2020-12-15T08:18:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-15T08:11:50+00:00", "category": "Other", "uuid": "21cb4f65-7f18-4e2e-b9b7-c504ccb796c4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1608019910", "category": "Payload delivery", "uuid": "47343bb3-e08d-48d2-b02d-e505db8558d9" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/70", "category": "Payload delivery", "uuid": "b9305874-956b-4547-b2e2-75b94c05d537" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d53cf854-e0c3-4ef5-9b3f-73119b9fd87f", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a20fef59-369c-49a0-8e44-90f88f0b4026", "target_ref": "x-misp-object--f8629dcd-1aac-4818-a9ab-491c2344c795" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d9aa5139-9bf4-4e47-bd0d-f5247b070154", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--094b634a-771e-4086-a212-7d72fb6b3989", "target_ref": "x-misp-object--3fc73855-0ef4-4a27-8fc5-83b812d489eb" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--7c17600f-e443-4da8-96b1-e405ee25b509", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--37dbabfb-262e-4835-889e-2e5595f7c0e4", "target_ref": "x-misp-object--1b572e2c-d1ce-4cdf-a083-130a37e2db24" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--986279d5-cc96-4f61-9e67-e3ff7497c7d0", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--15a9eca3-03a5-49b3-ba45-63f381932aad", "target_ref": "x-misp-object--1f475208-7094-488e-805e-9c3fdc643171" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0ade6952-be00-4210-befb-74fbc80fd5fe", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--2daa2208-4a80-4d53-9e40-43714e196dc2", "target_ref": "x-misp-object--3e830e40-5537-4262-8890-6662846770c8" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }