{ "type": "bundle", "id": "bundle--355c00b3-a85f-4a6c-850f-95bc7357abd1", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:21:42.000Z", "modified": "2020-09-22T12:21:42.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--355c00b3-a85f-4a6c-850f-95bc7357abd1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:21:42.000Z", "modified": "2020-09-22T12:21:42.000Z", "name": "Linux/CDRThief\u2009\u2014\u2009Indicators of Compromise - Who is calling? CDRThief targets Linux VoIP softswitches", "published": "2020-09-22T12:23:24Z", "object_refs": [ "indicator--50cd9c70-16e3-4d80-a63f-6a8cccc82068", "indicator--3e5b904b-5895-4b38-a3fe-3f1c45556e2d", "indicator--0e0e63a2-2df9-48bf-a051-033dc07e1c28", "indicator--4bc87d38-3261-47a3-8aed-2f4e6d6a90b9", "observed-data--d0bc874d-f910-42af-8487-49d59744ac09", "url--d0bc874d-f910-42af-8487-49d59744ac09", "indicator--e709726a-d154-43ef-86c7-18eb24a81774", "indicator--7bba10cd-0db9-4236-8351-3e592852b524", "indicator--23f961d6-6059-47a4-854e-9122fe8ad07e", "indicator--509ee329-28fd-433e-866e-8756879ee048", "indicator--19c40342-9c51-4d22-863a-aa043f160819", "indicator--3f66f469-98f7-40d5-b7a8-f8107c5f494a", "indicator--bc967985-2f6a-4ddd-bdf2-65742ffc89c6", "indicator--a753b1c5-18cd-4f49-903a-dbec8618f0c6", "indicator--d4470b8f-b772-415b-a89a-b22c25431d9f", "indicator--aeb2152e-d589-4dce-8691-2eb1b25b0430", "observed-data--b520b0c5-ba26-4f60-8ad4-77a9dd37987e", "url--b520b0c5-ba26-4f60-8ad4-77a9dd37987e", "x-misp-object--88331ce0-09ff-4c8a-93c5-3e27fc8e287c", "indicator--f782bda7-4bcb-4ad0-8c2f-2c5f18863652", "x-misp-object--b53bd1ed-b1e6-46ac-b34d-3bbe67107eae", "indicator--0bc9fcae-fc75-4910-a8c0-61949bd76bb9", "x-misp-object--32b7a65f-d4d2-4920-a244-29c98222f6ff", "indicator--10b7197c-b557-4d29-a593-8f81e682c400", "x-misp-object--1752315a-8a3b-4114-badf-c204312c304b", "indicator--4e2be21d-c114-470c-8845-572d708cdbec", "x-misp-object--25558597-1dd5-4fb9-99b6-53db526d0e6e", "relationship--030af4cd-ef39-450a-8657-070d5647f1f1", "relationship--e28f1cc0-d0fb-480c-a67f-a7c7f4267fe6", "relationship--26e62809-b09a-48ca-823e-c01206c3dcef", "relationship--954ea363-3578-436d-ac63-d894a491d4dc" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50cd9c70-16e3-4d80-a63f-6a8cccc82068", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:15:24.000Z", "modified": "2020-09-22T12:15:24.000Z", "pattern": "[file:hashes.SHA1 = 'cc373d633a16817f7d21372c56955923c9dda825']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e5b904b-5895-4b38-a3fe-3f1c45556e2d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:15:24.000Z", "modified": "2020-09-22T12:15:24.000Z", "description": "(UPX packed)", "pattern": "[file:hashes.SHA1 = '8e2624da4d209abd3364d90f7bc08230f84510db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0e0e63a2-2df9-48bf-a051-033dc07e1c28", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:15:24.000Z", "modified": "2020-09-22T12:15:24.000Z", "pattern": "[file:hashes.SHA1 = 'fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4bc87d38-3261-47a3-8aed-2f4e6d6a90b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:15:24.000Z", "modified": "2020-09-22T12:15:24.000Z", "description": "(Corrupted)", "pattern": "[file:hashes.SHA1 = '8532e858eb24ae38632091d2d790a1299b7bbc87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--d0bc874d-f910-42af-8487-49d59744ac09", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:15:44.000Z", "modified": "2020-09-22T12:15:44.000Z", "first_observed": "2020-09-22T12:15:44Z", "last_observed": "2020-09-22T12:15:44Z", "number_observed": 1, "object_refs": [ "url--d0bc874d-f910-42af-8487-49d59744ac09" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--d0bc874d-f910-42af-8487-49d59744ac09", "value": "https://github.com/eset/malware-ioc/tree/master/cdrthief" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e709726a-d154-43ef-86c7-18eb24a81774", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:04.000Z", "modified": "2020-09-22T12:16:04.000Z", "description": "C&C servers", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.29.173.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7bba10cd-0db9-4236-8351-3e592852b524", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:04.000Z", "modified": "2020-09-22T12:16:04.000Z", "description": "C&C servers", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.211.157.244']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23f961d6-6059-47a4-854e-9122fe8ad07e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:04.000Z", "modified": "2020-09-22T12:16:04.000Z", "description": "C&C servers", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.226.134.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--509ee329-28fd-433e-866e-8756879ee048", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:04.000Z", "modified": "2020-09-22T12:16:04.000Z", "description": "C&C servers", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.109.79.136']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--19c40342-9c51-4d22-863a-aa043f160819", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:04.000Z", "modified": "2020-09-22T12:16:04.000Z", "description": "C&C servers", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.94.199.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f66f469-98f7-40d5-b7a8-f8107c5f494a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:04.000Z", "modified": "2020-09-22T12:16:04.000Z", "description": "C&C servers", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '35.236.173.187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bc967985-2f6a-4ddd-bdf2-65742ffc89c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:57.000Z", "modified": "2020-09-22T12:16:57.000Z", "pattern": "[mutex:name = '/dev/shm/.bin']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a753b1c5-18cd-4f49-903a-dbec8618f0c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:16:57.000Z", "modified": "2020-09-22T12:16:57.000Z", "pattern": "[mutex:name = '/dev/shm/.linux']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:16:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4470b8f-b772-415b-a89a-b22c25431d9f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:17:30.000Z", "modified": "2020-09-22T12:17:30.000Z", "pattern": "[file:name = '/dev/shm/callservice']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aeb2152e-d589-4dce-8691-2eb1b25b0430", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:17:30.000Z", "modified": "2020-09-22T12:17:30.000Z", "pattern": "[file:name = '/dev/shm/sys.png']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--b520b0c5-ba26-4f60-8ad4-77a9dd37987e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:21:25.000Z", "modified": "2020-09-22T12:21:25.000Z", "first_observed": "2020-09-22T12:21:25Z", "last_observed": "2020-09-22T12:21:25Z", "number_observed": 1, "object_refs": [ "url--b520b0c5-ba26-4f60-8ad4-77a9dd37987e" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--b520b0c5-ba26-4f60-8ad4-77a9dd37987e", "value": "https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--88331ce0-09ff-4c8a-93c5-3e27fc8e287c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:19:10.000Z", "modified": "2020-09-22T12:19:10.000Z", "labels": [ "misp:name=\"crypto-material\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "text", "value": "-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQ3k3GgS3FX4pI7s9x0krBYqbMcSaw4BPY91Ln\r\ntt5/X8s9l0BC6PUTbQcUzs6PPXhKKTx8ph5CYQqdWynxOLJah0FMMRYxS8d0HX+Qx9eWUeKRHm2E\r\nAtZQjdHxqTJ9EBpHYWV4RrWmeoOsWAOisvedlb23O0E55e8rrGGrZLhPbwIDAQAB\r\n-----END PUBLIC KEY-----", "category": "Other", "uuid": "d54175fd-fa8c-4446-8b2c-548791780397" }, { "type": "text", "object_relation": "type", "value": "RSA", "category": "Other", "uuid": "a31298ce-323c-49c0-84d7-2662b873a082" }, { "type": "text", "object_relation": "origin", "value": "malware-extraction", "category": "Other", "uuid": "82b73e68-5afe-4e5c-9c52-38242f13c139" } ], "x_misp_meta_category": "misc", "x_misp_name": "crypto-material" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f782bda7-4bcb-4ad0-8c2f-2c5f18863652", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "pattern": "[file:hashes.MD5 = '7124c56ab6d8133e2ed2042fb8c2248e' AND file:hashes.SHA1 = 'cc373d633a16817f7d21372c56955923c9dda825' AND file:hashes.SHA256 = '665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:20:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b53bd1ed-b1e6-46ac-b34d-3bbe67107eae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-09-22T10:56:34+00:00", "category": "Other", "uuid": "9a8f52cd-f16e-49e5-a1ed-d019bbbd082d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b/detection/f-665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b-1600772194", "category": "Payload delivery", "uuid": "1fa1ca4e-2145-4caf-8ab8-4ad2c1052100" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/62", "category": "Payload delivery", "uuid": "80c0cf1c-41e3-4ffa-9e48-374af830eaa4" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0bc9fcae-fc75-4910-a8c0-61949bd76bb9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "pattern": "[file:hashes.MD5 = '926c77d3d9fdad7217a9b49bdf033336' AND file:hashes.SHA1 = '8e2624da4d209abd3364d90f7bc08230f84510db' AND file:hashes.SHA256 = 'ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:20:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--32b7a65f-d4d2-4920-a244-29c98222f6ff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-09-22T10:56:43+00:00", "category": "Other", "comment": "(UPX packed)", "uuid": "7d174551-08ad-4371-819b-4f5ff30ea7e7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c/detection/f-ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c-1600772203", "category": "Payload delivery", "comment": "(UPX packed)", "uuid": "da28f735-72f5-4fe2-9789-adae6df6294f" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/60", "category": "Payload delivery", "comment": "(UPX packed)", "uuid": "83b1dbb1-0edf-4939-80d1-7a0635d14587" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--10b7197c-b557-4d29-a593-8f81e682c400", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "pattern": "[file:hashes.MD5 = '444a5116c6e2b37b33066be16f3e7e6d' AND file:hashes.SHA1 = '8532e858eb24ae38632091d2d790a1299b7bbc87' AND file:hashes.SHA256 = 'af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:20:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1752315a-8a3b-4114-badf-c204312c304b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-09-22T10:56:33+00:00", "category": "Other", "comment": "(Corrupted)", "uuid": "f1afdfdd-941e-4136-a79c-19c30e0c3301" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4/detection/f-af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4-1600772193", "category": "Payload delivery", "comment": "(Corrupted)", "uuid": "46b3ca6a-2d76-4117-9317-92c3c5dd32d8" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/62", "category": "Payload delivery", "comment": "(Corrupted)", "uuid": "df800269-bf3b-432d-b8b3-aea329ae0be8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e2be21d-c114-470c-8845-572d708cdbec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "pattern": "[file:hashes.MD5 = '3339b8c4a522548b67fca732c54fa232' AND file:hashes.SHA1 = 'fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac' AND file:hashes.SHA256 = '6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-09-22T12:20:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--25558597-1dd5-4fb9-99b6-53db526d0e6e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-09-22T12:20:29.000Z", "modified": "2020-09-22T12:20:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-09-22T10:56:24+00:00", "category": "Other", "uuid": "baf23e87-428f-4974-8764-e4bbcd5ea9b4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6/detection/f-6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6-1600772184", "category": "Payload delivery", "uuid": "b397af60-d203-4dfe-bfad-d67bc45763ff" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/61", "category": "Payload delivery", "uuid": "f9400666-419d-444a-b2dd-bf8ea02c78e6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--030af4cd-ef39-450a-8657-070d5647f1f1", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f782bda7-4bcb-4ad0-8c2f-2c5f18863652", "target_ref": "x-misp-object--b53bd1ed-b1e6-46ac-b34d-3bbe67107eae" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e28f1cc0-d0fb-480c-a67f-a7c7f4267fe6", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0bc9fcae-fc75-4910-a8c0-61949bd76bb9", "target_ref": "x-misp-object--32b7a65f-d4d2-4920-a244-29c98222f6ff" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--26e62809-b09a-48ca-823e-c01206c3dcef", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--10b7197c-b557-4d29-a593-8f81e682c400", "target_ref": "x-misp-object--1752315a-8a3b-4114-badf-c204312c304b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--954ea363-3578-436d-ac63-d894a491d4dc", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4e2be21d-c114-470c-8845-572d708cdbec", "target_ref": "x-misp-object--25558597-1dd5-4fb9-99b6-53db526d0e6e" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }