{ "type": "bundle", "id": "bundle--5b991442-a9f0-4b5b-bc56-445f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:48:18.000Z", "modified": "2018-09-13T13:48:18.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b991442-a9f0-4b5b-bc56-445f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:48:18.000Z", "modified": "2018-09-13T13:48:18.000Z", "name": "OSINT - Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall", "published": "2018-09-13T13:48:39Z", "object_refs": [ "observed-data--5b991454-051c-4bd8-a0bd-4e4a950d210f", "url--5b991454-051c-4bd8-a0bd-4e4a950d210f", "x-misp-attribute--5b991479-1434-4a91-9224-493c950d210f", "indicator--5b9a17a9-46f4-4829-a645-41bb950d210f", "indicator--5b9a17aa-17d8-479d-a049-4e2d950d210f", "indicator--5b9a17aa-4d98-4ac5-8764-42f4950d210f", "indicator--5b9a0d50-ad90-4793-b2d8-41d2950d210f", "indicator--5b9a11b0-9f94-4354-a268-43aa950d210f", "indicator--5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f", "indicator--5b9a11e6-9cdc-41f5-98f9-4912950d210f", "indicator--5b9a11f0-9c10-492e-9b51-4257950d210f", "indicator--5b9a1248-1f28-48ac-be89-45c3950d210f", "indicator--5b9a125e-9f20-423b-b45f-4054950d210f", "indicator--5b9a1279-20f4-4f5e-b2dc-48ca950d210f", "indicator--5b9a1288-1af0-4da4-8f3a-447b950d210f", "indicator--5b9a1312-b374-493c-986d-49bd950d210f", "indicator--5b9a131f-bec4-4d20-baea-4929950d210f", "indicator--5b9a1333-b508-45d9-9896-4e23950d210f", "indicator--5b9a1346-5384-4908-a5a8-4df7950d210f", "indicator--5b9a14da-00bc-4f8c-92b4-4c86950d210f", "indicator--5b9a14e9-221c-4e02-b682-4575950d210f", "indicator--5b9a1501-cc14-4764-bf87-46cc950d210f", "indicator--5b9a1512-a77c-4500-a8c9-4481950d210f", "indicator--5b9a1527-6be8-4405-8242-44f9950d210f", "indicator--5b9a1534-31f8-4c5b-9d0b-4dc8950d210f", "indicator--5b9a1541-1924-4272-80b3-4240950d210f", "vulnerability--5b9a386e-b6e4-47be-8342-4230950d210f", "vulnerability--5b9a3982-b92c-4520-9b89-4a5c950d210f", "vulnerability--5b9a3a3a-ed68-4f01-9808-438e950d210f", "vulnerability--5b9a3b33-9c4c-4549-b0e2-4c6e950d210f", "indicator--c9655c57-1760-44de-8ccc-7029b572eae9", "x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10", "indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce", "x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a", "indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa", "x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0", "indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd", "x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72", "indicator--3bd19fac-4ad2-4d33-b023-7359e714c116", "x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a", "indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0", "x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085", "indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250", "x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4", "indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5", "x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d", "indicator--b93e361e-6457-475a-8466-3229a898dd5d", "x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146", "indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252", "x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89", "indicator--1409de38-3c59-48e4-bc96-95e5d351ba78", "x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418", "indicator--a85d42ef-debd-451d-815b-ff5467bd75b2", "x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510", "indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d", "x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779", "indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d", "x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f", "indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8", "x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080", "indicator--25927348-f7e5-4c73-bb65-1a697c164887", "x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007", "indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4", "x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0", "indicator--41a04017-73fb-4631-887a-0671543e7f41", "x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7", "indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d", "x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3", "indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9", "x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf", "relationship--d687c492-c08c-460b-85ab-1837a0330b35", "relationship--5b640cef-6493-49ac-80e2-4c3c716349d9", "relationship--82446756-7152-46c5-b433-b8c61d69ddfe", "relationship--f1561136-5f05-474c-bd41-356af10a949b", "relationship--ecd2c3e3-cb9d-487a-b2f2-4b4f6d01cf7d", "relationship--73692aec-97ad-46f6-b423-0ca6bd82ad41", "relationship--58c54bba-c07e-488c-bfe8-45a53fdc73e0", "relationship--f7b80abb-74a6-4b5d-898f-39ab6192f306", "relationship--23eb3d90-4fce-4250-8144-af0113c9328e", "relationship--151ba28a-ea83-4f22-8059-4b613127e6b2", "relationship--5ebe7495-bef0-4978-87a3-d1418197a881", "relationship--da994413-cffc-4832-9cc1-f93e78c1314f", "relationship--34fe4577-2498-47cc-85a2-fcdf4fc42c28", "relationship--4ed3a7d2-39e7-489e-8912-0acf335e50a6", "relationship--bd440033-729d-4499-b811-2fdeeeb7c791", "relationship--27e1c62f-f01b-44e5-aac5-4737af4de7cb", "relationship--f7db49f5-90ad-47d3-b95d-e668650e4803", "relationship--8b22465d-f37d-4916-8f7a-d3789c3491fd", "relationship--1587210c-5126-4582-b2a4-737dd0a865d9", "relationship--e656a10a-4c59-4f1b-928a-1edb2f1dac9f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "malware_classification:malware-category=\"Botnet\"", "misp-galaxy:botnet=\"Mirai\"", "misp-galaxy:tool=\"Mirai\"", "misp-galaxy:tool=\"Gafgyt\"", "misp-galaxy:botnet=\"Gafgyt\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b991454-051c-4bd8-a0bd-4e4a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-12T13:27:58.000Z", "modified": "2018-09-12T13:27:58.000Z", "first_observed": "2018-09-12T13:27:58Z", "last_observed": "2018-09-12T13:27:58Z", "number_observed": 1, "object_refs": [ "url--5b991454-051c-4bd8-a0bd-4e4a950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5b991454-051c-4bd8-a0bd-4e4a950d210f", "value": "https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5b991479-1434-4a91-9224-493c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-12T13:28:25.000Z", "modified": "2018-09-12T13:28:25.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since.\r\n\r\nThese variants are notable for two reasons:\r\n\r\n The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017.\r\n The new Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall\u00e2\u20ac\u2122s Global Management System (GMS).\r\n\r\nThese developments suggest these IOT botnets are increasingly targeting enterprise devices with outdated versions.\r\n\r\nAll organizations should ensure they keep not only their systems up-to-date and patched, but also their IoT devices. For Palo Alto Networks customers, WidlFire detects all related samples with malicious verdicts. Additional protections are noted in the conclusion below." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a17a9-46f4-4829-a645-41bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:54:17.000Z", "modified": "2018-09-13T07:54:17.000Z", "pattern": "[domain-name:value = 'l.ocalhost.host']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:54:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a17aa-17d8-479d-a049-4e2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:54:18.000Z", "modified": "2018-09-13T07:54:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a17aa-4d98-4ac5-8764-42f4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:54:18.000Z", "modified": "2018-09-13T07:54:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.127']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:54:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a0d50-ad90-4793-b2d8-41d2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:10:08.000Z", "modified": "2018-09-13T07:10:08.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = 'd6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:10:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a11b0-9f94-4354-a268-43aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:28:48.000Z", "modified": "2018-09-13T07:28:48.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = '710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:28:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:29:01.000Z", "modified": "2018-09-13T07:29:01.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = '52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:29:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a11e6-9cdc-41f5-98f9-4912950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:29:42.000Z", "modified": "2018-09-13T07:29:42.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = '078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:29:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a11f0-9c10-492e-9b51-4257950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:29:52.000Z", "modified": "2018-09-13T07:29:52.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = 'ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:29:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1248-1f28-48ac-be89-45c3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:31:20.000Z", "modified": "2018-09-13T07:31:20.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = '49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:31:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a125e-9f20-423b-b45f-4054950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:31:42.000Z", "modified": "2018-09-13T07:31:42.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = '99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:31:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1279-20f4-4f5e-b2dc-48ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:32:09.000Z", "modified": "2018-09-13T07:32:09.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = 'ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:32:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1288-1af0-4da4-8f3a-447b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:32:24.000Z", "modified": "2018-09-13T07:32:24.000Z", "description": "Sample with Apache Struts exploit CVE-2017-5638", "pattern": "[file:hashes.SHA256 = '1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:32:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1312-b374-493c-986d-49bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:34:42.000Z", "modified": "2018-09-13T07:34:42.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = '1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:34:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a131f-bec4-4d20-baea-4929950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:34:55.000Z", "modified": "2018-09-13T07:34:55.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = '29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:34:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1333-b508-45d9-9896-4e23950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:35:15.000Z", "modified": "2018-09-13T07:35:15.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = '39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:35:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1346-5384-4908-a5a8-4df7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:35:34.000Z", "modified": "2018-09-13T07:35:34.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = '596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:35:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a14da-00bc-4f8c-92b4-4c86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:42:18.000Z", "modified": "2018-09-13T07:42:18.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = '68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a14e9-221c-4e02-b682-4575950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:42:33.000Z", "modified": "2018-09-13T07:42:33.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = '92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1501-cc14-4764-bf87-46cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:42:57.000Z", "modified": "2018-09-13T07:42:57.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = 'aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:42:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1512-a77c-4500-a8c9-4481950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:43:14.000Z", "modified": "2018-09-13T07:43:14.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = 'd8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:43:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1527-6be8-4405-8242-44f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:43:35.000Z", "modified": "2018-09-13T07:43:35.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = 'dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:43:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1534-31f8-4c5b-9d0b-4dc8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:43:48.000Z", "modified": "2018-09-13T07:43:48.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = 'f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:43:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b9a1541-1924-4272-80b3-4240950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T07:44:01.000Z", "modified": "2018-09-13T07:44:01.000Z", "description": "Sample with Sonicwall GMS exploit CVE-2018-9866", "pattern": "[file:hashes.SHA256 = 'fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T07:44:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--5b9a386e-b6e4-47be-8342-4230950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T10:14:06.000Z", "modified": "2018-09-13T10:14:06.000Z", "name": "CVE-2017-5638", "description": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.", "labels": [ "misp:name=\"vulnerability\"", "misp:meta-category=\"vulnerability\"", "misp:to_ids=\"False\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017-5638" }, { "source_name": "url", "url": "https://cve.circl.lu/cve/CVE-2017-5638" }, { "source_name": "url", "url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" }, { "source_name": "url", "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/" }, { "source_name": "url", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt" }, { "source_name": "url", "url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html" }, { "source_name": "url", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_misp_cvss_score": "10", "x_misp_modified": "2018-03-03T21:29:00", "x_misp_published": "2017-10-03T21:59:00", "x_misp_state": "Published" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--5b9a3982-b92c-4520-9b89-4a5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T10:18:42.000Z", "modified": "2018-09-13T10:18:42.000Z", "name": "CVE-2018-9866", "description": "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance\\'s, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.", "labels": [ "misp:name=\"vulnerability\"", "misp:meta-category=\"vulnerability\"", "misp:to_ids=\"False\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2018-9866" } ], "x_misp_modified": "2018-03-08T16:29:00", "x_misp_published": "2018-03-08T16:29:00", "x_misp_state": "Published" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--5b9a3a3a-ed68-4f01-9808-438e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T10:21:46.000Z", "modified": "2018-09-13T10:21:46.000Z", "name": "CVE-2017-6884", "description": "A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.", "labels": [ "misp:name=\"vulnerability\"", "misp:meta-category=\"vulnerability\"", "misp:to_ids=\"False\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017-6884" } ], "x_misp_cvss_score": "9", "x_misp_published": "2017-06-04T13:59:00", "x_misp_state": "Published" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--5b9a3b33-9c4c-4549-b0e2-4c6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T10:25:55.000Z", "modified": "2018-09-13T10:25:55.000Z", "name": "CVE-2017-17215", "description": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.", "labels": [ "misp:name=\"vulnerability\"", "misp:meta-category=\"vulnerability\"", "misp:to_ids=\"False\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017-17215" } ], "x_misp_cvss_score": "6.5", "x_misp_modified": "2018-04-19T11:04:00", "x_misp_published": "2018-03-20T11:29:00", "x_misp_state": "Published" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c9655c57-1760-44de-8ccc-7029b572eae9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:47.000Z", "modified": "2018-09-13T13:36:47.000Z", "pattern": "[file:hashes.MD5 = 'e0b32c133cedca69b05dd3a9dd6e1910' AND file:hashes.SHA1 = 'ff7c182fb460d62195d1bae8c394b2e81182defe' AND file:hashes.SHA256 = '710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:36:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:45.000Z", "modified": "2018-09-13T13:36:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-13T01:25:45", "category": "Other", "uuid": "cbaa39a5-ae89-497b-ba65-0901ebe6762b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255/analysis/1536801945/", "category": "External analysis", "uuid": "279a4f6c-0ce4-4d69-9af0-dc6b013928db" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/58", "category": "Other", "uuid": "75778552-b07e-4f8b-85bf-eaaeee5be422" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:49.000Z", "modified": "2018-09-13T13:36:49.000Z", "pattern": "[file:hashes.MD5 = '6a77f21e15a0a4763e86d166763dbd05' AND file:hashes.SHA1 = 'a4a4d892d04f516261c2fa4c56de3ff21afd2812' AND file:hashes.SHA256 = '29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:36:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:47.000Z", "modified": "2018-09-13T13:36:47.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-13T01:25:59", "category": "Other", "uuid": "ea58763f-c5f9-4765-a316-a8ee71d3fccd" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb/analysis/1536801959/", "category": "External analysis", "uuid": "c949938e-0e64-43e0-944a-40a3b391d0aa" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/58", "category": "Other", "uuid": "70c9ab68-2528-495d-a5a8-78d179b63a00" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:51.000Z", "modified": "2018-09-13T13:36:51.000Z", "pattern": "[file:hashes.MD5 = '1998b2f489c4da5ecafe7fb5cc790575' AND file:hashes.SHA1 = '13c72eb4c783b74046aeb53f50173eccfb64c7ca' AND file:hashes.SHA256 = 'ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:36:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:50.000Z", "modified": "2018-09-13T13:36:50.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T06:12:03", "category": "Other", "uuid": "1144ae7f-5675-47d6-97f0-df298c23cbb1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79/analysis/1536646323/", "category": "External analysis", "uuid": "c4d12609-ad7a-4cff-8bb6-259c956faaf7" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/59", "category": "Other", "uuid": "bb80ca2b-f4ce-47e0-949f-c3b0b611c005" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:54.000Z", "modified": "2018-09-13T13:36:54.000Z", "pattern": "[file:hashes.MD5 = '218821892d5d5e460101d6914cfe2a3d' AND file:hashes.SHA1 = '1da48a03224df6397f2215cd6b79308dbda7cf86' AND file:hashes.SHA256 = 'dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:36:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:52.000Z", "modified": "2018-09-13T13:36:52.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-10T14:18:14", "category": "Other", "uuid": "db64872a-34a9-4bf5-adf4-a6aaa45cf956" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18/analysis/1536589094/", "category": "External analysis", "uuid": "0a9bcc4e-e99a-4e38-9585-e27415770029" }, { "type": "text", "object_relation": "detection-ratio", "value": "16/59", "category": "Other", "uuid": "84e65e5c-1e5f-41ac-93c2-97f15f9a571d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3bd19fac-4ad2-4d33-b023-7359e714c116", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:56.000Z", "modified": "2018-09-13T13:36:56.000Z", "pattern": "[file:hashes.MD5 = '3df581337af37f4e66be5026062dcfb2' AND file:hashes.SHA1 = '61116e2b1614cebeed29b489d699f4bbcf217fa3' AND file:hashes.SHA256 = '52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:36:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:54.000Z", "modified": "2018-09-13T13:36:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-13T07:59:15", "category": "Other", "uuid": "43e8d1b7-22fd-4ab9-899c-4473ad895757" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2/analysis/1536825555/", "category": "External analysis", "uuid": "01ffe445-591f-4e55-bcb0-8bfbaebf687f" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/57", "category": "Other", "uuid": "5c91c16b-b4f8-4c3a-b62b-236a1c911f46" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:58.000Z", "modified": "2018-09-13T13:36:58.000Z", "pattern": "[file:hashes.MD5 = '9387e4ce5b53ee19af2dafcf8c5aedd1' AND file:hashes.SHA1 = '8588546bc5ca10137fc6d2268085a2173a7638c8' AND file:hashes.SHA256 = 'ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:36:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:57.000Z", "modified": "2018-09-13T13:36:57.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-10T14:15:40", "category": "Other", "uuid": "ceb2089f-f043-4d4b-84b0-744285914f35" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e/analysis/1536588940/", "category": "External analysis", "uuid": "54a8e308-a2f0-4e97-9ecf-ca11a4f431a0" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/57", "category": "Other", "uuid": "8387e690-d923-4f33-8cde-768ab505083f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:01.000Z", "modified": "2018-09-13T13:37:01.000Z", "pattern": "[file:hashes.MD5 = '75cbd3709696219b94d1355349348e84' AND file:hashes.SHA1 = '3a9a06a2f2efdf1fed10793fa7220730bc315af1' AND file:hashes.SHA256 = '49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:36:59.000Z", "modified": "2018-09-13T13:36:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-13T01:26:10", "category": "Other", "uuid": "69f9765e-d423-4a90-b910-952b150e503e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f/analysis/1536801970/", "category": "External analysis", "uuid": "740f1058-5283-4224-8dc0-44d8a81a9214" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/57", "category": "Other", "uuid": "1c63801e-198c-46e3-9eb9-df05d0b1e755" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:05.000Z", "modified": "2018-09-13T13:37:05.000Z", "pattern": "[file:hashes.MD5 = 'af525f736a3d31837e16575136752d2b' AND file:hashes.SHA1 = 'adde5df82821d40c8821452f38704dc70f378eb9' AND file:hashes.SHA256 = '68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:03.000Z", "modified": "2018-09-13T13:37:03.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T06:00:17", "category": "Other", "uuid": "b91a61f5-ebae-4f5e-9556-0f4f47bebc45" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35/analysis/1536645617/", "category": "External analysis", "uuid": "b64fd84b-850e-4cf1-8608-0e345e8ebaec" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/59", "category": "Other", "uuid": "e1074a2c-3c90-45e1-aaed-fb41141987b3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b93e361e-6457-475a-8466-3229a898dd5d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:07.000Z", "modified": "2018-09-13T13:37:07.000Z", "pattern": "[file:hashes.MD5 = '6a6307b57a6baf33f9bf148b3fecd9a4' AND file:hashes.SHA1 = 'a6a3190afc1c87c98c3ba6b8c82c230b11a02565' AND file:hashes.SHA256 = 'f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:07.000Z", "modified": "2018-09-13T13:37:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-10T14:19:02", "category": "Other", "uuid": "7431f176-47a0-4aeb-a93a-b5b8aaa3155d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136/analysis/1536589142/", "category": "External analysis", "uuid": "b9f2a194-9392-41fd-9849-9953d0b6a129" }, { "type": "text", "object_relation": "detection-ratio", "value": "16/59", "category": "Other", "uuid": "767f6eaf-08b2-4b5e-929c-9cd867b9bebe" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:11.000Z", "modified": "2018-09-13T13:37:11.000Z", "pattern": "[file:hashes.MD5 = '9bcf535899fe77d4f3c78f3bd9810e10' AND file:hashes.SHA1 = '0baafb0dc6ecefdda5c131e8128aa6ac698b7c1f' AND file:hashes.SHA256 = 'd8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:10.000Z", "modified": "2018-09-13T13:37:10.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T06:10:07", "category": "Other", "uuid": "39767421-d6e6-4589-aedd-6988492548f7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb/analysis/1536646207/", "category": "External analysis", "uuid": "ecc5384b-1a99-472c-a1fa-79c3d4bdb50e" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/59", "category": "Other", "uuid": "2f4bbc93-4fc7-4d0e-9471-159600402a6b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1409de38-3c59-48e4-bc96-95e5d351ba78", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:14.000Z", "modified": "2018-09-13T13:37:14.000Z", "pattern": "[file:hashes.MD5 = 'e407843bffcf913dfd4fa816b067c33c' AND file:hashes.SHA1 = 'b73865efa77e07a75eb3bdd24d95a92b301a0a74' AND file:hashes.SHA256 = '078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:12.000Z", "modified": "2018-09-13T13:37:12.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-12T10:59:31", "category": "Other", "uuid": "197fd2f8-187a-4dd4-827c-333abecba11e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb/analysis/1536749971/", "category": "External analysis", "uuid": "acd59703-f3e3-4fea-b989-174c2f4e44b4" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/57", "category": "Other", "uuid": "cb23a3ca-b153-4074-bb77-1007af2b3d1b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a85d42ef-debd-451d-815b-ff5467bd75b2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:16.000Z", "modified": "2018-09-13T13:37:16.000Z", "pattern": "[file:hashes.MD5 = 'b324726c2a526fd98b06145b557408f0' AND file:hashes.SHA1 = '95e7b1213aa808678cd04cd1befdebba8b37ebf7' AND file:hashes.SHA256 = '99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:15.000Z", "modified": "2018-09-13T13:37:15.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T07:55:29", "category": "Other", "uuid": "c43399fa-212e-4d49-b8e4-16b9c17a87ee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348/analysis/1536652529/", "category": "External analysis", "uuid": "3b6822a4-4f37-4f1e-91be-01b076bbbbff" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/59", "category": "Other", "uuid": "ba72f04f-02a5-49e6-aa16-29dd0e33b163" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:19.000Z", "modified": "2018-09-13T13:37:19.000Z", "pattern": "[file:hashes.MD5 = '6b33b5c8d7e57e3c1c674eb1ffaf2cb2' AND file:hashes.SHA1 = '8606fd59486682c5fe32e3b1d1df622922e734e8' AND file:hashes.SHA256 = 'aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:17.000Z", "modified": "2018-09-13T13:37:17.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-10T09:43:09", "category": "Other", "uuid": "9aae846b-805c-430a-9fc3-855881423ded" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6/analysis/1536572589/", "category": "External analysis", "uuid": "207f6dfe-b3ac-41ec-8363-228ac90d09c7" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/58", "category": "Other", "uuid": "0677f378-8f0c-4473-a74b-505cc2a6cad0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:21.000Z", "modified": "2018-09-13T13:37:21.000Z", "pattern": "[file:hashes.MD5 = 'd26bf0c4bef27196aae4b0b533877f16' AND file:hashes.SHA1 = '96575a020408a67d03d0058735090d601df2e1a8' AND file:hashes.SHA256 = 'd6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:20.000Z", "modified": "2018-09-13T13:37:20.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-10T13:23:05", "category": "Other", "uuid": "c75451f3-6f0d-436d-a3cf-f526d6f2b115" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397/analysis/1536585785/", "category": "External analysis", "uuid": "9147ab65-176e-4e95-a4ae-1a21d12d51a9" }, { "type": "text", "object_relation": "detection-ratio", "value": "19/60", "category": "Other", "uuid": "034e3e61-12fc-4acf-8974-1301ef7d8113" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:23.000Z", "modified": "2018-09-13T13:37:23.000Z", "pattern": "[file:hashes.MD5 = 'f8e0ec8a7c6629c2f206c2b8860ded3f' AND file:hashes.SHA1 = '9d00562ca754411b4158d4e0e953e486cc4b3886' AND file:hashes.SHA256 = '596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:22.000Z", "modified": "2018-09-13T13:37:22.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T05:10:56", "category": "Other", "uuid": "f757360f-d424-412b-9e62-c6c4ef056a61" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99/analysis/1536642656/", "category": "External analysis", "uuid": "164f4b29-d0f9-4c29-adde-2b124d558914" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/58", "category": "Other", "uuid": "fca216f8-84e9-4497-9ad3-090cb3a399ed" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25927348-f7e5-4c73-bb65-1a697c164887", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:26.000Z", "modified": "2018-09-13T13:37:26.000Z", "pattern": "[file:hashes.MD5 = 'd1dffadb8f075c8d4fe822fa81a3ddb1' AND file:hashes.SHA1 = 'c90535a54d0494b981c6a4f09b331762cebbfcc9' AND file:hashes.SHA256 = 'fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:24.000Z", "modified": "2018-09-13T13:37:24.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T05:09:31", "category": "Other", "uuid": "4dcd8a36-6411-416b-aba9-64c1818398cb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3/analysis/1536642571/", "category": "External analysis", "uuid": "aac80e1e-6cdc-467f-8771-7e72effbc129" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/60", "category": "Other", "uuid": "08caff6d-2bd9-48af-8850-d27b75126967" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:28.000Z", "modified": "2018-09-13T13:37:28.000Z", "pattern": "[file:hashes.MD5 = '943aa993dd600b3c8080e7a064cf5568' AND file:hashes.SHA1 = '9828898850d3e69d16b8ff312635e95ecf4478e9' AND file:hashes.SHA256 = '39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:26.000Z", "modified": "2018-09-13T13:37:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T05:54:54", "category": "Other", "uuid": "771d6784-63d7-403d-aeb5-a20134c399f2" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6/analysis/1536645294/", "category": "External analysis", "uuid": "b3fa45af-080f-4132-a8de-4c8f487f2a2c" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/59", "category": "Other", "uuid": "edc16cb6-6700-4b30-99be-5f415c0f498c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41a04017-73fb-4631-887a-0671543e7f41", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:31.000Z", "modified": "2018-09-13T13:37:31.000Z", "pattern": "[file:hashes.MD5 = 'dd0d4d4196735db691a77ad2201fcb2a' AND file:hashes.SHA1 = '2e9676699462fbb3b36ad205a8189e93fd68599e' AND file:hashes.SHA256 = '1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:29.000Z", "modified": "2018-09-13T13:37:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T05:50:49", "category": "Other", "uuid": "5d064180-dde6-47df-9e92-52108e0b2c1b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208/analysis/1536645049/", "category": "External analysis", "uuid": "0a7cb0a0-13d8-40d4-9e47-8f273ce41258" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/59", "category": "Other", "uuid": "d0ec1e2b-44aa-4792-9faf-1a294393e2a5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:33.000Z", "modified": "2018-09-13T13:37:33.000Z", "pattern": "[file:hashes.MD5 = 'f6388e1650573bac1f933011acda71f2' AND file:hashes.SHA1 = '86e7114c21dfdbcefd90f61426b9ce88d2698b12' AND file:hashes.SHA256 = '1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:31.000Z", "modified": "2018-09-13T13:37:31.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-11T05:50:55", "category": "Other", "uuid": "127ea910-669d-448c-962d-5688970e3f1c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669/analysis/1536645055/", "category": "External analysis", "uuid": "9e604b76-733e-41a3-a577-cebe99f787b6" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/59", "category": "Other", "uuid": "5052f9c6-992e-4ea7-a3c0-8c9e1b4c3e16" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "pattern": "[file:hashes.MD5 = '2b0919caab591515af6ff99fb76896e8' AND file:hashes.SHA1 = '99ff9c25bc2e0a874ca4090abb6c612ea984c30c' AND file:hashes.SHA256 = '92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-09-13T13:37:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-09-13T13:37:34.000Z", "modified": "2018-09-13T13:37:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-09-12T01:40:46", "category": "Other", "uuid": "4f66e666-cc07-49b1-95d4-649d6b094a43" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1/analysis/1536716446/", "category": "External analysis", "uuid": "8ec552cc-d839-4117-a6e0-824ba5d25e68" }, { "type": "text", "object_relation": "detection-ratio", "value": "23/59", "category": "Other", "uuid": "26b9502d-8ad2-45bf-b828-6b68cba58d6b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d687c492-c08c-460b-85ab-1837a0330b35", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c9655c57-1760-44de-8ccc-7029b572eae9", "target_ref": "x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5b640cef-6493-49ac-80e2-4c3c716349d9", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce", "target_ref": "x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--82446756-7152-46c5-b433-b8c61d69ddfe", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa", "target_ref": "x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1561136-5f05-474c-bd41-356af10a949b", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd", "target_ref": "x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ecd2c3e3-cb9d-487a-b2f2-4b4f6d01cf7d", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3bd19fac-4ad2-4d33-b023-7359e714c116", "target_ref": "x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--73692aec-97ad-46f6-b423-0ca6bd82ad41", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0", "target_ref": "x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--58c54bba-c07e-488c-bfe8-45a53fdc73e0", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250", "target_ref": "x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7b80abb-74a6-4b5d-898f-39ab6192f306", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5", "target_ref": "x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--23eb3d90-4fce-4250-8144-af0113c9328e", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b93e361e-6457-475a-8466-3229a898dd5d", "target_ref": "x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--151ba28a-ea83-4f22-8059-4b613127e6b2", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252", "target_ref": "x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5ebe7495-bef0-4978-87a3-d1418197a881", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--1409de38-3c59-48e4-bc96-95e5d351ba78", "target_ref": "x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da994413-cffc-4832-9cc1-f93e78c1314f", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a85d42ef-debd-451d-815b-ff5467bd75b2", "target_ref": "x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--34fe4577-2498-47cc-85a2-fcdf4fc42c28", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d", "target_ref": "x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4ed3a7d2-39e7-489e-8912-0acf335e50a6", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d", "target_ref": "x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bd440033-729d-4499-b811-2fdeeeb7c791", "created": "2018-09-13T13:37:35.000Z", "modified": "2018-09-13T13:37:35.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8", "target_ref": "x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--27e1c62f-f01b-44e5-aac5-4737af4de7cb", "created": "2018-09-13T13:37:36.000Z", "modified": "2018-09-13T13:37:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--25927348-f7e5-4c73-bb65-1a697c164887", "target_ref": "x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7db49f5-90ad-47d3-b95d-e668650e4803", "created": "2018-09-13T13:37:36.000Z", "modified": "2018-09-13T13:37:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4", "target_ref": "x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8b22465d-f37d-4916-8f7a-d3789c3491fd", "created": "2018-09-13T13:37:36.000Z", "modified": "2018-09-13T13:37:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--41a04017-73fb-4631-887a-0671543e7f41", "target_ref": "x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1587210c-5126-4582-b2a4-737dd0a865d9", "created": "2018-09-13T13:37:36.000Z", "modified": "2018-09-13T13:37:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d", "target_ref": "x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e656a10a-4c59-4f1b-928a-1edb2f1dac9f", "created": "2018-09-13T13:37:36.000Z", "modified": "2018-09-13T13:37:36.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9", "target_ref": "x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }