{ "type": "bundle", "id": "bundle--5dc12abf-dbec-4acb-83a5-419d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5dc12abf-dbec-4acb-83a5-419d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "name": "OSINT - Turla/Venomous Bear Implants", "published": "2019-12-10T09:28:18Z", "object_refs": [ "x-misp-object--5dc12b04-4520-4f4d-bdc4-43fa950d210f", "indicator--c329341a-9840-40f5-a7bc-ed64a2ec7820", "indicator--ff441ee8-3fda-4c78-800f-fa48072df42b", "indicator--896deec8-8e3c-4a6b-926e-de60c02d9c47", "indicator--12b2a838-6f7c-4b4a-a1e6-46c033185348", "indicator--77802fc2-8e23-4b3f-8c0b-e06ea8570015", "indicator--ae94dbdf-74c8-4d41-bbe4-f92e921b960a", "indicator--cf81da33-c913-4f1e-b78f-a8acab71f9cb", "indicator--ced4d2d6-f1fb-4722-b7b5-7791ef662199", "indicator--5942762c-c826-4076-90ff-9e4beb34430e", "x-misp-object--8beecab4-010e-4450-8dac-a31df82c3279", "indicator--4e097b0f-e05c-400b-98d3-af0ce5432479", "x-misp-object--8940fb6d-41a6-4268-96fa-a9a0c9d36780", "indicator--ba9b7334-d60e-48dd-a675-8f99e0291e0a", "x-misp-object--a82564a5-e84b-4697-83a4-d70c3ff8b320", "indicator--0755c767-324a-4687-b231-d565cfaf10ec", "x-misp-object--4ece2478-f095-4408-85c8-23dc011fadcc", "indicator--75b7df34-d401-46d9-99f1-e6ef1e4f9cc2", "x-misp-object--dcf6461e-eabe-4050-b75a-183f1fca9199", "indicator--529f959d-3e86-4c0a-8a74-617284841a81", "x-misp-object--7e6ffeb9-c041-45ab-bd40-12f1827d706a", "indicator--21d50aa1-ce06-4e01-b17b-650b0a4259fb", "x-misp-object--624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b", "indicator--62c2c068-3e13-4646-a264-2498ecdc21dc", "x-misp-object--00429de3-12c5-4a51-a22a-ebfb1c3cd3eb", "relationship--1b6d373f-9f5e-4dd1-bebe-5de95da1a1f4", "relationship--76d2f01f-bfe8-4ea9-b6f9-7da35364a05f", "relationship--b74efa42-da92-4b78-9828-fef299f9326b", "relationship--8a43fb30-5077-4310-8fd0-961425b09ebf", "relationship--19d22fc5-657c-4ce0-8f77-2acad65a1c22", "relationship--8a0cb6a6-474e-45ce-aab5-8d463b3fbe72", "relationship--563405e0-d78b-4eea-a17b-469b862aa73f", "relationship--3f013512-ce97-4301-b194-e57fd51b518f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:malpedia=\"Turla RAT\"", "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla\"", "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"", "misp-galaxy:mitre-intrusion-set=\"Turla\"", "misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"", "misp-galaxy:threat-actor=\"Turla Group\"", "misp-galaxy:tool=\"Turla\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5dc12b04-4520-4f4d-bdc4-43fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:55:48.000Z", "modified": "2019-11-05T07:55:48.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "Casey Brooks\r\n@DrunkBinary\r\nTurla/Venomous Bear Implants\r\n687d7ddb080fb769b26a0c054f4cd422\r\n5b3ff56e7fe3e3a71fca4c844d1e02db\r\n535e67930dfbec1a0ae2671b63e2ef8e\r\n2d4578a2bbf5418de1fd4783e555f100\r\n198ee041e8f3eb12a19bc321f86ccb88\r\n1753424464a00c628d7166152cc30d1e\r\n6e4b7f13178ebc04304ee2b5ee646d09", "category": "Other", "uuid": "5dc12b04-c32c-4304-a463-4b3b950d210f" }, { "type": "link", "object_relation": "link", "value": "https://mobile.twitter.com/DrunkBinary/status/1191382141579476998", "category": "External analysis", "uuid": "5dc12b05-07c4-4553-bf3a-45a1950d210f" }, { "type": "text", "object_relation": "type", "value": "Twitter", "category": "Other", "uuid": "5dc12b05-8388-4289-b089-439e950d210f" }, { "type": "text", "object_relation": "username", "value": "DrunkBinary", "category": "Other", "uuid": "5dc12b05-603c-418d-8712-477d950d210f" }, { "type": "text", "object_relation": "state", "value": "Informative", "category": "Other", "uuid": "5dc12b05-08ac-4652-9e94-44f0950d210f" }, { "type": "datetime", "object_relation": "creation-date", "value": "2019-11-04T16:50:00", "category": "Other", "uuid": "5dc12b05-81e8-4306-b82f-4968950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c329341a-9840-40f5-a7bc-ed64a2ec7820", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:40.000Z", "modified": "2019-11-05T07:58:40.000Z", "pattern": "[file:hashes.MD5 = '687d7ddb080fb769b26a0c054f4cd422']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff441ee8-3fda-4c78-800f-fa48072df42b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:40.000Z", "modified": "2019-11-05T07:58:40.000Z", "pattern": "[file:hashes.MD5 = '5b3ff56e7fe3e3a71fca4c844d1e02db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--896deec8-8e3c-4a6b-926e-de60c02d9c47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:41.000Z", "modified": "2019-11-05T07:58:41.000Z", "pattern": "[file:hashes.MD5 = '535e67930dfbec1a0ae2671b63e2ef8e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--12b2a838-6f7c-4b4a-a1e6-46c033185348", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:41.000Z", "modified": "2019-11-05T07:58:41.000Z", "pattern": "[file:hashes.MD5 = '2d4578a2bbf5418de1fd4783e555f100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--77802fc2-8e23-4b3f-8c0b-e06ea8570015", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:42.000Z", "modified": "2019-11-05T07:58:42.000Z", "pattern": "[file:hashes.MD5 = '198ee041e8f3eb12a19bc321f86ccb88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae94dbdf-74c8-4d41-bbe4-f92e921b960a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:43.000Z", "modified": "2019-11-05T07:58:43.000Z", "pattern": "[file:hashes.MD5 = '1753424464a00c628d7166152cc30d1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf81da33-c913-4f1e-b78f-a8acab71f9cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:43.000Z", "modified": "2019-11-05T07:58:43.000Z", "pattern": "[file:hashes.MD5 = '6e4b7f13178ebc04304ee2b5ee646d09']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ced4d2d6-f1fb-4722-b7b5-7791ef662199", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-05T07:58:44.000Z", "modified": "2019-11-05T07:58:44.000Z", "pattern": "[file:hashes.MD5 = 'afcf3936639b706221d5f67afa75d80b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-05T07:58:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5942762c-c826-4076-90ff-9e4beb34430e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:25:35.000Z", "modified": "2019-12-10T09:25:35.000Z", "pattern": "[file:hashes.MD5 = '6e4b7f13178ebc04304ee2b5ee646d09' AND file:hashes.SHA1 = '663a78cb5e6f3ab54cd0d3f67bd8c9545b341d6f' AND file:hashes.SHA256 = '24fe571f3066045497b1d8316040734c81c71dcb1747f1d7026cda810085fad7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:25:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8beecab4-010e-4450-8dac-a31df82c3279", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:25:40.000Z", "modified": "2019-12-10T09:25:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-23T13:06:09", "category": "Other", "uuid": "39464f1b-abd9-4278-8984-ed2605ebc764" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/24fe571f3066045497b1d8316040734c81c71dcb1747f1d7026cda810085fad7/analysis/1571835969/", "category": "Payload delivery", "uuid": "009c4163-da4a-425e-baa8-9f39a81f47c2" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/67", "category": "Payload delivery", "uuid": "88b75e39-9615-4833-9bfb-912eb249492e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e097b0f-e05c-400b-98d3-af0ce5432479", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:25:42.000Z", "modified": "2019-12-10T09:25:42.000Z", "pattern": "[file:hashes.MD5 = '198ee041e8f3eb12a19bc321f86ccb88' AND file:hashes.SHA1 = 'ee583451c832b07d8f2b4d6b8dd36ccb280ff421' AND file:hashes.SHA256 = 'c63f425d96365d906604b1529611eefe5524432545a7977ebe2ac8c79f90ad7e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:25:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8940fb6d-41a6-4268-96fa-a9a0c9d36780", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:25:51.000Z", "modified": "2019-12-10T09:25:51.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-12T15:05:11", "category": "Other", "uuid": "db8e2be8-5902-4322-9da5-536f77a869cc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c63f425d96365d906604b1529611eefe5524432545a7977ebe2ac8c79f90ad7e/analysis/1573571111/", "category": "Payload delivery", "uuid": "13f2f09d-83ec-4f87-a0c3-b2b48db6c7bf" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "uuid": "cbe967c3-f348-4174-b1f9-d56f84af11cf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ba9b7334-d60e-48dd-a675-8f99e0291e0a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:02.000Z", "modified": "2019-12-10T09:26:02.000Z", "pattern": "[file:hashes.MD5 = '535e67930dfbec1a0ae2671b63e2ef8e' AND file:hashes.SHA1 = '3b203f328048b837030b6f0ff595968486cc1b44' AND file:hashes.SHA256 = 'db9902cb42f6dc9f1c02bd3413ab3969d345eb6b0660bd8356a0c328f1ec0c07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:26:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a82564a5-e84b-4697-83a4-d70c3ff8b320", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:05.000Z", "modified": "2019-12-10T09:26:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-23T13:07:53", "category": "Other", "uuid": "9687daad-0e1b-4197-ac07-af6faedc2130" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/db9902cb42f6dc9f1c02bd3413ab3969d345eb6b0660bd8356a0c328f1ec0c07/analysis/1571836073/", "category": "Payload delivery", "uuid": "47135dc2-701d-433d-9930-d692cf6bdb9d" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/69", "category": "Payload delivery", "uuid": "5f598518-92a3-4dda-b5fa-852e10d79a01" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0755c767-324a-4687-b231-d565cfaf10ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:06.000Z", "modified": "2019-12-10T09:26:06.000Z", "pattern": "[file:hashes.MD5 = 'afcf3936639b706221d5f67afa75d80b' AND file:hashes.SHA1 = 'd98643af5619781280b4418d224a07c36d462a84' AND file:hashes.SHA256 = '43eb5196379c3394f60014335871457b19a6784dd1de5fd490042a3801a9fa89']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:26:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4ece2478-f095-4408-85c8-23dc011fadcc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:06.000Z", "modified": "2019-12-10T09:26:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-23T13:05:51", "category": "Other", "uuid": "859a70c4-0b4d-4fa1-86dc-1a23c2409f73" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/43eb5196379c3394f60014335871457b19a6784dd1de5fd490042a3801a9fa89/analysis/1571835951/", "category": "Payload delivery", "uuid": "c88401f1-1d62-4b5a-960b-4ba03e10518d" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/67", "category": "Payload delivery", "uuid": "e5c2c08c-79ef-47a5-9ee3-55d93a159361" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75b7df34-d401-46d9-99f1-e6ef1e4f9cc2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:06.000Z", "modified": "2019-12-10T09:26:06.000Z", "pattern": "[file:hashes.MD5 = '1753424464a00c628d7166152cc30d1e' AND file:hashes.SHA1 = '05071cf5da3040d6cbdfd9413a79029e605ac364' AND file:hashes.SHA256 = '7bd3ff9ba43020688acaa05ce4e0a8f92f53d9d9264053255a5937cbd7a5465e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:26:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dcf6461e-eabe-4050-b75a-183f1fca9199", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:06.000Z", "modified": "2019-12-10T09:26:06.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-23T13:06:27", "category": "Other", "uuid": "202ca9e6-3d55-4e52-ab2f-5c0164d2d9fa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7bd3ff9ba43020688acaa05ce4e0a8f92f53d9d9264053255a5937cbd7a5465e/analysis/1571835987/", "category": "Payload delivery", "uuid": "dff115c3-2d30-4f79-a525-27fbdb3054d1" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/68", "category": "Payload delivery", "uuid": "f0645ffb-2291-48ef-a6d7-4d0233af89eb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--529f959d-3e86-4c0a-8a74-617284841a81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:07.000Z", "modified": "2019-12-10T09:26:07.000Z", "pattern": "[file:hashes.MD5 = '2d4578a2bbf5418de1fd4783e555f100' AND file:hashes.SHA1 = '6c24db5a4d30a8287c36d21c16c0d45050a975c4' AND file:hashes.SHA256 = '5f56627cf168fcf5ffc3f5bcb9bf7f968f8428d53d8b2e00c1622c2da67965cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:26:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7e6ffeb9-c041-45ab-bd40-12f1827d706a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:07.000Z", "modified": "2019-12-10T09:26:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-23T13:07:36", "category": "Other", "uuid": "97bbdbe3-56cc-435b-8365-4e34e19147c8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5f56627cf168fcf5ffc3f5bcb9bf7f968f8428d53d8b2e00c1622c2da67965cf/analysis/1571836056/", "category": "Payload delivery", "uuid": "19a18bf2-de93-48e2-a6b9-4333cbeaaef5" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/69", "category": "Payload delivery", "uuid": "f11e5be1-6cfb-4e2a-a983-5e176a12b585" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--21d50aa1-ce06-4e01-b17b-650b0a4259fb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:07.000Z", "modified": "2019-12-10T09:26:07.000Z", "pattern": "[file:hashes.MD5 = '5b3ff56e7fe3e3a71fca4c844d1e02db' AND file:hashes.SHA1 = '1b8e06751ecc87826bd258d5182ab33c1e20c8f7' AND file:hashes.SHA256 = 'ba9a2b8573282e9f449e53142542acd2e854206b67db12058a4195cfbd692f79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:26:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:07.000Z", "modified": "2019-12-10T09:26:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-23T13:41:54", "category": "Other", "uuid": "4812d651-6871-44c6-951f-e5d047e26e46" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ba9a2b8573282e9f449e53142542acd2e854206b67db12058a4195cfbd692f79/analysis/1571838114/", "category": "Payload delivery", "uuid": "26a72c15-240b-4d2a-ae5a-9dfad7d14c3e" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/68", "category": "Payload delivery", "uuid": "30609a1d-5955-4c9c-a353-6794ebad86b4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62c2c068-3e13-4646-a264-2498ecdc21dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:07.000Z", "modified": "2019-12-10T09:26:07.000Z", "pattern": "[file:hashes.MD5 = '687d7ddb080fb769b26a0c054f4cd422' AND file:hashes.SHA1 = '3227e0b8181f05e393be41d633b08da07fadf194' AND file:hashes.SHA256 = '66893ab83a7d4e298720da28cd2ea4a860371ae938cdd86035ce920b933c9d85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:26:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--00429de3-12c5-4a51-a22a-ebfb1c3cd3eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-14T08:28:17", "category": "Other", "uuid": "93ec40f8-6f63-41ff-a27e-1891c57b456b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/66893ab83a7d4e298720da28cd2ea4a860371ae938cdd86035ce920b933c9d85/analysis/1573720097/", "category": "Payload delivery", "uuid": "eda19702-19eb-4e5a-9c8d-31de2e456e05" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "uuid": "6c063632-74a2-4192-8570-2501e90ac8ab" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1b6d373f-9f5e-4dd1-bebe-5de95da1a1f4", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5942762c-c826-4076-90ff-9e4beb34430e", "target_ref": "x-misp-object--8beecab4-010e-4450-8dac-a31df82c3279" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--76d2f01f-bfe8-4ea9-b6f9-7da35364a05f", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4e097b0f-e05c-400b-98d3-af0ce5432479", "target_ref": "x-misp-object--8940fb6d-41a6-4268-96fa-a9a0c9d36780" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b74efa42-da92-4b78-9828-fef299f9326b", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ba9b7334-d60e-48dd-a675-8f99e0291e0a", "target_ref": "x-misp-object--a82564a5-e84b-4697-83a4-d70c3ff8b320" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a43fb30-5077-4310-8fd0-961425b09ebf", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0755c767-324a-4687-b231-d565cfaf10ec", "target_ref": "x-misp-object--4ece2478-f095-4408-85c8-23dc011fadcc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--19d22fc5-657c-4ce0-8f77-2acad65a1c22", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--75b7df34-d401-46d9-99f1-e6ef1e4f9cc2", "target_ref": "x-misp-object--dcf6461e-eabe-4050-b75a-183f1fca9199" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a0cb6a6-474e-45ce-aab5-8d463b3fbe72", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--529f959d-3e86-4c0a-8a74-617284841a81", "target_ref": "x-misp-object--7e6ffeb9-c041-45ab-bd40-12f1827d706a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--563405e0-d78b-4eea-a17b-469b862aa73f", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--21d50aa1-ce06-4e01-b17b-650b0a4259fb", "target_ref": "x-misp-object--624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3f013512-ce97-4301-b194-e57fd51b518f", "created": "2019-12-10T09:26:08.000Z", "modified": "2019-12-10T09:26:08.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--62c2c068-3e13-4646-a264-2498ecdc21dc", "target_ref": "x-misp-object--00429de3-12c5-4a51-a22a-ebfb1c3cd3eb" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }