{ "type": "bundle", "id": "bundle--5e27f3d8-e238-4290-8b2c-422e950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:41:10.000Z", "modified": "2020-01-22T07:41:10.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5e27f3d8-e238-4290-8b2c-422e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:41:10.000Z", "modified": "2020-01-22T07:41:10.000Z", "name": "Muhstik Botnet Attacks Tomato Routers", "published": "2020-01-22T09:14:28Z", "object_refs": [ "indicator--5e27f431-6074-4393-8d36-4643950d210f", "indicator--5e27f432-029c-415b-b8f7-4884950d210f", "indicator--5e27f432-268c-444b-b628-4a10950d210f", "indicator--5e27f432-0558-4d1c-a3aa-444a950d210f", "indicator--5e27f432-b7b8-4264-af32-43e6950d210f", "indicator--5e27f432-6fb4-4896-a5a4-4ec5950d210f", "indicator--5e27f432-f41c-4b03-b2e8-4854950d210f", "indicator--5e27f432-cd80-4a00-9121-4536950d210f", "indicator--5e27f432-f3fc-4a5b-b104-40a3950d210f", "indicator--5e27f454-9754-44e2-8360-49a1950d210f", "indicator--5e27f454-f6b8-4a7f-aac6-4a66950d210f", "indicator--5e27f454-b2dc-430c-a7e2-4e01950d210f", "indicator--5e27f454-ded0-4a34-b6c6-47c9950d210f", "indicator--5e27f454-4ab0-485f-930d-4fb5950d210f", "indicator--5e27f454-ec38-4063-94da-4e10950d210f", "indicator--5e27f454-b2e4-4773-a425-4766950d210f", "observed-data--5e27f61d-4a0c-426c-b827-42f1950d210f", "url--5e27f61d-4a0c-426c-b827-42f1950d210f", "indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014", "x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641", "indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4", "x-misp-object--59005259-d99c-4501-b679-27cc1352be06", "indicator--d0e82d91-4339-424a-9b54-4b665bec0acd", "x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b", "indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56", "x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe", "indicator--bd930756-f6fa-414c-ab91-40111e80a4c7", "x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a", "relationship--cecb1ab3-a762-4408-8640-0185e737999e", "relationship--9b4beb79-1179-4511-b122-175a559e6ce5", "relationship--5daf23fc-68a7-491b-b832-37d9687e2a41", "relationship--fdb88a47-648d-4d9b-9bff-4a4d84ac8596", "relationship--a474d799-df92-49fe-999a-0deb24c07656" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:botnet=\"Muhstik\"", "misp-galaxy:malpedia=\"Tsunami (ELF)\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f431-6074-4393-8d36-4643950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:21.000Z", "modified": "2020-01-22T07:05:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.149.233.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-029c-415b-b8f7-4884950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.66.253.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-268c-444b-b628-4a10950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.61.149.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-0558-4d1c-a3aa-444a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[url:value = 'http://y.fd6fq54s6df541q23sdxfg.eu/nvr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-b7b8-4264-af32-43e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[url:value = 'http://159.89.156.190/.y/pty1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-6fb4-4896-a5a4-4ec5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[url:value = 'http://159.89.156.190/.y/pty3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-f41c-4b03-b2e8-4854950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[url:value = 'http://159.89.156.190/.y/pty5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-cd80-4a00-9121-4536950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[url:value = 'http://159.89.156.190/.y/pty6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f432-f3fc-4a5b-b104-40a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:22.000Z", "modified": "2020-01-22T07:05:22.000Z", "pattern": "[domain-name:value = 's.shadow.mods.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f454-9754-44e2-8360-49a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:56.000Z", "modified": "2020-01-22T07:05:56.000Z", "pattern": "[file:hashes.SHA256 = '492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f454-f6b8-4a7f-aac6-4a66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:56.000Z", "modified": "2020-01-22T07:05:56.000Z", "pattern": "[file:hashes.SHA256 = '2548f5b1613f6ebba2ff589c7b3416ccdd066b73644d4d212232beb1cecd9c31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f454-b2dc-430c-a7e2-4e01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:56.000Z", "modified": "2020-01-22T07:05:56.000Z", "pattern": "[file:hashes.SHA256 = 'a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f454-ded0-4a34-b6c6-47c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:56.000Z", "modified": "2020-01-22T07:05:56.000Z", "pattern": "[file:hashes.SHA256 = '7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f454-4ab0-485f-930d-4fb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:56.000Z", "modified": "2020-01-22T07:05:56.000Z", "pattern": "[file:hashes.SHA256 = '72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f454-ec38-4063-94da-4e10950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:56.000Z", "modified": "2020-01-22T07:05:56.000Z", "pattern": "[file:hashes.SHA256 = 'cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e27f454-b2e4-4773-a425-4766950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:05:56.000Z", "modified": "2020-01-22T07:05:56.000Z", "pattern": "[file:hashes.SHA256 = 'dc52a1193ecf6096192f771ae663de6e0389840cb5ceb7b979091333ce6f7f02']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:05:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5e27f61d-4a0c-426c-b827-42f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:17:41.000Z", "modified": "2020-01-22T07:17:41.000Z", "first_observed": "2020-01-22T07:17:41Z", "last_observed": "2020-01-22T07:17:41Z", "number_observed": 1, "object_refs": [ "url--5e27f61d-4a0c-426c-b827-42f1950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "type:OSINT", "osint:source-type=\"blog-post\"", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5e27f61d-4a0c-426c-b827-42f1950d210f", "value": "https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:13.000Z", "modified": "2020-01-22T07:25:13.000Z", "pattern": "[file:hashes.MD5 = '2d8a62b8a27e14f741098fe1ced8eae4' AND file:hashes.SHA1 = 'e9a8aebc6822f01199ff311b94641044c4a38dd3' AND file:hashes.SHA256 = '492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:25:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:26.000Z", "modified": "2020-01-22T07:25:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-01-22T02:13:52", "category": "Other", "uuid": "08464849-dffa-4bfe-981b-c6ac353080c5" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f/analysis/1579659232/", "category": "Payload delivery", "uuid": "62282ccb-bfe8-4f86-9345-c1ed07e2c6b3" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/57", "category": "Payload delivery", "uuid": "b2164fbc-0292-4439-9a3f-556c2873ed7f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:26.000Z", "modified": "2020-01-22T07:25:26.000Z", "pattern": "[file:hashes.MD5 = '8154ace62f0dcf7c47447153746c4be5' AND file:hashes.SHA1 = '6c9f004c977d3ce1ebda3b6e50313556f977d654' AND file:hashes.SHA256 = 'a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:25:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--59005259-d99c-4501-b679-27cc1352be06", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:26.000Z", "modified": "2020-01-22T07:25:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-01-22T02:11:30", "category": "Other", "uuid": "62de76cd-7eeb-4c9b-bf8e-917137803cd6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687/analysis/1579659090/", "category": "Payload delivery", "uuid": "6858ce27-5914-41ea-a246-40cfdc33e04a" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/57", "category": "Payload delivery", "uuid": "9089e013-f176-4f78-a05e-8624247c7115" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0e82d91-4339-424a-9b54-4b665bec0acd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:27.000Z", "modified": "2020-01-22T07:25:27.000Z", "pattern": "[file:hashes.MD5 = '167c2f5e0d6abe5b9b35348fd0269928' AND file:hashes.SHA1 = '7914fb8e72e6a7a57998f8b7817c2508ce9ec865' AND file:hashes.SHA256 = '7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:25:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:27.000Z", "modified": "2020-01-22T07:25:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-01-22T02:14:04", "category": "Other", "uuid": "ee761208-581a-463f-bd07-a6a16db38a4f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435/analysis/1579659244/", "category": "Payload delivery", "uuid": "fa0222dd-230a-4c6d-9ac8-4f382cd21ef9" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/57", "category": "Payload delivery", "uuid": "55ee0b95-4cb9-4805-8669-e8766e01ceb2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:27.000Z", "modified": "2020-01-22T07:25:27.000Z", "pattern": "[file:hashes.MD5 = 'a3e3809eb10bae7d19787f6c52d2b289' AND file:hashes.SHA1 = '00e4457de90df173b51757fcf120bc31ce16040e' AND file:hashes.SHA256 = '72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:25:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:27.000Z", "modified": "2020-01-22T07:25:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-01-22T02:12:09", "category": "Other", "uuid": "5d6040e0-a8c8-44e4-ac5e-8f7ca6fd856a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0/analysis/1579659129/", "category": "Payload delivery", "uuid": "a1431de8-5639-40e8-b902-f7f51a47c035" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/57", "category": "Payload delivery", "uuid": "0abc5f32-ac9a-435d-9ae4-3f26fc75c0bf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bd930756-f6fa-414c-ab91-40111e80a4c7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:27.000Z", "modified": "2020-01-22T07:25:27.000Z", "pattern": "[file:hashes.MD5 = 'b66fbdec14a7f7b0087aebb9c176ac12' AND file:hashes.SHA1 = '0c6484d5bc91a75cb0d94a55795d543c409b3fb8' AND file:hashes.SHA256 = 'cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-01-22T07:25:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-22T07:25:28.000Z", "modified": "2020-01-22T07:25:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-01-22T02:12:56", "category": "Other", "uuid": "ce51439d-924b-4d65-b570-88a97c546fdc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c/analysis/1579659176/", "category": "Payload delivery", "uuid": "d5f26a7b-7151-43d4-91d3-03f7456f886b" }, { "type": "text", "object_relation": "detection-ratio", "value": "32/57", "category": "Payload delivery", "uuid": "b2de9ec0-3be3-462b-9250-e457f57ba795" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cecb1ab3-a762-4408-8640-0185e737999e", "created": "2020-01-22T07:25:28.000Z", "modified": "2020-01-22T07:25:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014", "target_ref": "x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b4beb79-1179-4511-b122-175a559e6ce5", "created": "2020-01-22T07:25:28.000Z", "modified": "2020-01-22T07:25:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4", "target_ref": "x-misp-object--59005259-d99c-4501-b679-27cc1352be06" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5daf23fc-68a7-491b-b832-37d9687e2a41", "created": "2020-01-22T07:25:28.000Z", "modified": "2020-01-22T07:25:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d0e82d91-4339-424a-9b54-4b665bec0acd", "target_ref": "x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fdb88a47-648d-4d9b-9bff-4a4d84ac8596", "created": "2020-01-22T07:25:28.000Z", "modified": "2020-01-22T07:25:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56", "target_ref": "x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a474d799-df92-49fe-999a-0deb24c07656", "created": "2020-01-22T07:25:28.000Z", "modified": "2020-01-22T07:25:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bd930756-f6fa-414c-ab91-40111e80a4c7", "target_ref": "x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }