{ "type": "bundle", "id": "bundle--5c687cb3-08c4-46d3-9981-093702de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:23:33.000Z", "modified": "2019-02-16T21:23:33.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5c687cb3-08c4-46d3-9981-093702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:23:33.000Z", "modified": "2019-02-16T21:23:33.000Z", "name": "Fake amf-fr.org website delivering malicious Word document and binaries", "published": "2019-02-16T21:25:34Z", "object_refs": [ "observed-data--5c687ce0-c8a8-403a-8182-0a7902de0b81", "url--5c687ce0-c8a8-403a-8182-0a7902de0b81", "indicator--5c687cf5-6ed8-4a61-b92f-444d02de0b81", "indicator--5c687d3c-6974-4753-90ef-4ca302de0b81", "indicator--5c687d3c-df04-49a6-bd7d-4de102de0b81", "indicator--5c687d3c-b928-4705-aa8e-4c1e02de0b81", "indicator--5c687d3c-7354-4f21-940d-4eb402de0b81", "indicator--5c687d3c-0670-42ad-b4ba-4a1d02de0b81", "indicator--5c687d3c-60e8-40ad-bba5-419602de0b81", "indicator--5c687d3c-b814-49f9-a110-488102de0b81", "indicator--5c687d3c-1480-41fb-9406-437002de0b81", "indicator--5c687d3c-f0cc-4229-87cc-49ec02de0b81", "indicator--5c687d3c-89e8-4e4e-a36d-4f9f02de0b81", "indicator--5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81", "indicator--5c687d80-4cc0-4ca7-875e-44a702de0b81", "indicator--5c687d80-c348-4494-8fc8-4d1502de0b81", "indicator--5c687db7-0758-4215-ac9f-0a7902de0b81", "indicator--5c687db7-abdc-465d-b2a1-0a7902de0b81", "indicator--5c687db7-b9e0-4080-a8e6-0a7902de0b81", "indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3", "x-misp-object--4727229f-b670-4858-96fd-767498563eb3", "indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35", "x-misp-object--dce07551-b2f6-465f-8974-3641d201f213", "indicator--87116905-ee45-4287-a160-b0a4394d7a72", "x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b", "indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9", "x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701", "relationship--c3ea77e0-bf99-4cf3-9297-aff42e3781f0", "relationship--28c43680-af78-4ba9-90f9-ad57baf0a799", "relationship--6be73207-a0c8-4e7a-82f0-a6c740ed8570", "relationship--24ab2385-167d-4074-9d51-42ef63c8f834" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"", "misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"", "circl:topic=\"finance\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c687ce0-c8a8-403a-8182-0a7902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:13:04.000Z", "modified": "2019-02-16T21:13:04.000Z", "first_observed": "2019-02-16T21:13:04Z", "last_observed": "2019-02-16T21:13:04Z", "number_observed": 1, "object_refs": [ "url--5c687ce0-c8a8-403a-8182-0a7902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c687ce0-c8a8-403a-8182-0a7902de0b81", "value": "https://www.amf-france.org/en_US/Actualites/Communiques-de-presse/AMF/annee-2018?docId=workspace%3A%2F%2FSpacesStore%2F3d58f35b-f448-438e-9923-cd6e8e903fc0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687cf5-6ed8-4a61-b92f-444d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:13:25.000Z", "modified": "2019-02-16T21:13:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.150.171']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:13:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-6974-4753-90ef-4ca302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'http://amf-fr.org/d1.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-df04-49a6-bd7d-4de102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'http://amf-fr.org/files/litigations/complaint-96.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-b928-4705-aa8e-4c1e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'http://amf-fr.org/litigations/complaint-201.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-7354-4f21-940d-4eb402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'http://amf-fr.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-0670-42ad-b4ba-4a1d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'http://www.amf-fr.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-60e8-40ad-bba5-419602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'https://amf-fr.org/files/litigations/complaint-96.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-b814-49f9-a110-488102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'https://amf-fr.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-1480-41fb-9406-437002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'https://www.amf-fr.org/documents/document-a1657.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-f0cc-4229-87cc-49ec02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'https://www.amf-fr.org/litigations/compliant-201.doc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d3c-89e8-4e4e-a36d-4f9f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:14:36.000Z", "modified": "2019-02-16T21:14:36.000Z", "pattern": "[url:value = 'https://www.amf-fr.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:14:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:15:43.000Z", "modified": "2019-02-16T21:15:43.000Z", "pattern": "[file:hashes.MD5 = 'efbcffc10763a287bdedfb6e892ae20c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:15:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d80-4cc0-4ca7-875e-44a702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:15:44.000Z", "modified": "2019-02-16T21:15:44.000Z", "pattern": "[file:hashes.SHA1 = '0dfe75a01e525bc599dff0c17204129b7ac3a437']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:15:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687d80-c348-4494-8fc8-4d1502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:15:44.000Z", "modified": "2019-02-16T21:15:44.000Z", "pattern": "[file:hashes.SHA256 = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:15:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687db7-0758-4215-ac9f-0a7902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:16:39.000Z", "modified": "2019-02-16T21:16:39.000Z", "pattern": "[file:hashes.SHA256 = '49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:16:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687db7-abdc-465d-b2a1-0a7902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:16:39.000Z", "modified": "2019-02-16T21:16:39.000Z", "pattern": "[file:hashes.SHA256 = 'd57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:16:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c687db7-b9e0-4080-a8e6-0a7902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:16:39.000Z", "modified": "2019-02-16T21:16:39.000Z", "pattern": "[file:hashes.SHA256 = '1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:16:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:27.000Z", "modified": "2019-02-16T21:21:27.000Z", "pattern": "[file:hashes.MD5 = 'efbcffc10763a287bdedfb6e892ae20c' AND file:hashes.SHA1 = '0dfe75a01e525bc599dff0c17204129b7ac3a437' AND file:hashes.SHA256 = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4727229f-b670-4858-96fd-767498563eb3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:27.000Z", "modified": "2019-02-16T21:21:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-15T11:14:58", "category": "Other", "uuid": "9855c53c-9fa6-4ddc-8d31-1289c1de6275" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b/analysis/1550229298/", "category": "External analysis", "uuid": "75ebbd07-bb66-4db7-af0b-5b506c6c3a3b" }, { "type": "text", "object_relation": "detection-ratio", "value": "33/59", "category": "Other", "uuid": "1c675ba2-05ca-4790-82bd-bdd2049c0914" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:27.000Z", "modified": "2019-02-16T21:21:27.000Z", "pattern": "[file:hashes.MD5 = '28202ac7689aaef894840c773b7e1e56' AND file:hashes.SHA1 = 'b0f4377953f59ba0d5b295861e2ab7fc5c6d03de' AND file:hashes.SHA256 = '49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dce07551-b2f6-465f-8974-3641d201f213", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:27.000Z", "modified": "2019-02-16T21:21:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-14T09:56:32", "category": "Other", "uuid": "f9a9b973-ba12-4fc6-afff-200d07e7e703" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0/analysis/1550138192/", "category": "External analysis", "uuid": "5e41e640-8995-4536-ab09-da2fc06c37b5" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/54", "category": "Other", "uuid": "455f9992-cfd2-43bc-a839-a9072fcaafc3" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87116905-ee45-4287-a160-b0a4394d7a72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:27.000Z", "modified": "2019-02-16T21:21:27.000Z", "pattern": "[file:hashes.MD5 = '11df89bd965bbd85bed31b90f1481312' AND file:hashes.SHA1 = '79ee5019cebead10c6527e2531e7b0ee69322405' AND file:hashes.SHA256 = '1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:21:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:28.000Z", "modified": "2019-02-16T21:21:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-11-29T14:41:31", "category": "Other", "uuid": "5e121da8-35b8-43a9-a3c5-7e8775bcff8a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a/analysis/1543502491/", "category": "External analysis", "uuid": "b2067c10-5f14-4cf3-9588-c5027f9c3a62" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/57", "category": "Other", "uuid": "a15b1066-3af7-4989-a398-7b6615d82931" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:28.000Z", "modified": "2019-02-16T21:21:28.000Z", "pattern": "[file:hashes.MD5 = '8ec83dba30c4f4d014899fbcc9a78171' AND file:hashes.SHA1 = '96a942174c55f5f3ab7236eb7e3ac549b67c88db' AND file:hashes.SHA256 = 'd57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-02-16T21:21:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-02-16T21:21:28.000Z", "modified": "2019-02-16T21:21:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-11-30T10:14:04", "category": "Other", "uuid": "4930b271-4207-4c55-98ee-b2ad7aad0333" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44/analysis/1543572844/", "category": "External analysis", "uuid": "69e9a82f-bfbd-401e-bd63-ae39bfcaab3e" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/59", "category": "Other", "uuid": "95e48f3e-8da2-4521-b203-dbe94341995f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c3ea77e0-bf99-4cf3-9297-aff42e3781f0", "created": "2019-02-16T21:21:28.000Z", "modified": "2019-02-16T21:21:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--06d5a45f-c38b-432c-b5ed-ae6d4678d1b3", "target_ref": "x-misp-object--4727229f-b670-4858-96fd-767498563eb3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--28c43680-af78-4ba9-90f9-ad57baf0a799", "created": "2019-02-16T21:21:28.000Z", "modified": "2019-02-16T21:21:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eed1fbf3-e607-459f-acaa-2c6e95ed0b35", "target_ref": "x-misp-object--dce07551-b2f6-465f-8974-3641d201f213" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6be73207-a0c8-4e7a-82f0-a6c740ed8570", "created": "2019-02-16T21:21:28.000Z", "modified": "2019-02-16T21:21:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--87116905-ee45-4287-a160-b0a4394d7a72", "target_ref": "x-misp-object--41e5f71c-fa1c-4134-b00b-02000993764b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--24ab2385-167d-4074-9d51-42ef63c8f834", "created": "2019-02-16T21:21:28.000Z", "modified": "2019-02-16T21:21:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fcef97bb-467e-4d5c-962b-9f328dc1f3e9", "target_ref": "x-misp-object--3128ae45-b4ce-4757-8b61-047167aed701" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }