{ "type": "bundle", "id": "bundle--5a587e74-2218-498e-ba91-4165950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-13T03:01:07.000Z", "modified": "2018-01-13T03:01:07.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a587e74-2218-498e-ba91-4165950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-13T03:01:07.000Z", "modified": "2018-01-13T03:01:07.000Z", "name": "OSINT - Suspicious binary delivered as fake jpeg", "published": "2018-02-16T08:47:33Z", "object_refs": [ "indicator--5a587e7f-b82c-4292-b9c3-49b5950d210f", "x-misp-object--5a587f43-fb74-48b6-8dfa-44fe950d210f", "indicator--5a588060-95f8-42ed-83aa-4484950d210f", "indicator--0fe6c4d6-f582-4098-89d9-d183b03b4b24", "x-misp-object--5d071e50-add7-4859-ad1f-38657dee81ce", "relationship--0022dcd6-99d9-48f7-a131-4df8e29b3888", "relationship--11dba585-a6b4-4561-af33-76be0f9615fa" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "osint:source-type=\"microblog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a587e7f-b82c-4292-b9c3-49b5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:23:11.000Z", "modified": "2018-01-12T09:23:11.000Z", "pattern": "[file:hashes.SHA256 = 'abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T09:23:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a587f43-fb74-48b6-8dfa-44fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:34:15.000Z", "modified": "2018-01-12T09:34:15.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "Don\u00e2\u20ac\u2122t panic! Stay zen! :) VT Score is only 5/67 btw", "category": "Other", "uuid": "5a587f43-eedc-435f-b31f-4a21950d210f" }, { "type": "text", "object_relation": "type", "value": "Twitter", "category": "Other", "uuid": "5a587f44-8448-42b3-a221-4672950d210f" }, { "type": "url", "object_relation": "link", "value": "https://twitter.com/xme/status/951395985707675649", "category": "External analysis", "to_ids": true, "uuid": "5a587f44-19d8-430b-9fe1-49b7950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a588060-95f8-42ed-83aa-4484950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:33:41.000Z", "modified": "2018-01-12T09:33:41.000Z", "pattern": "[url:value = 'http://80.82.67.217/xanax.jpg' AND url:x_misp_host = '80.82.67.217' AND url:x_misp_scheme = 'http' AND url:x_misp_resource_path = 'xanax.jpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T09:33:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0fe6c4d6-f582-4098-89d9-d183b03b4b24", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:34:46.000Z", "modified": "2018-01-12T09:34:46.000Z", "pattern": "[file:hashes.MD5 = '071d734036a4ce8a1913d48715f26001' AND file:hashes.SHA1 = '9fec9b390a304fb810a5f31644e8003016bf8b45' AND file:hashes.SHA256 = 'abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-12T09:34:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5d071e50-add7-4859-ad1f-38657dee81ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-01-12T09:34:43.000Z", "modified": "2018-01-12T09:34:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045/analysis/1515742614/", "category": "External analysis", "uuid": "5a588133-e654-4dae-95f5-48ff02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/67", "category": "Other", "uuid": "5a588133-1e18-4c55-87db-4db202de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-12T07:36:54", "category": "Other", "uuid": "5a588133-f488-40d4-87e7-4c3102de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0022dcd6-99d9-48f7-a131-4df8e29b3888", "created": "2018-02-16T08:47:33.000Z", "modified": "2018-02-16T08:47:33.000Z", "relationship_type": "indicates", "source_ref": "x-misp-object--5a587f43-fb74-48b6-8dfa-44fe950d210f", "target_ref": "indicator--5a588060-95f8-42ed-83aa-4484950d210f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--11dba585-a6b4-4561-af33-76be0f9615fa", "created": "2018-02-16T08:47:33.000Z", "modified": "2018-02-16T08:47:33.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0fe6c4d6-f582-4098-89d9-d183b03b4b24", "target_ref": "x-misp-object--5d071e50-add7-4859-ad1f-38657dee81ce" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }