{ "type": "bundle", "id": "bundle--1edd5ee1-7c91-4233-840a-6c419d6afc62", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--1edd5ee1-7c91-4233-840a-6c419d6afc62", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "name": "OSINT - IronNetInjector: Turla\u2019s New Malware Loading Tool", "published": "2021-02-20T16:53:20Z", "object_refs": [ "x-misp-attribute--191d97b2-d7ea-49cb-a19a-2f560bc94b3b", "indicator--d9c8070f-ea2b-47e8-ae78-30a1f85a788c", "indicator--f4642726-7d3a-4f77-ac23-59c220678eb0", "indicator--7218aec5-416f-438e-936a-1ba1f92ab346", "indicator--25def1c1-4edf-46dd-b831-d21ae46b1a48", "indicator--3e136590-6d34-418c-9896-78defc1c3f1c", "indicator--8c99b060-e98f-4903-a660-9b179da4f06b", "indicator--103f647f-76fc-4698-8193-2c29df55f26e", "indicator--00f2f454-0978-43f9-9dd8-55d407f1c190", "indicator--8389a593-98d2-4ae2-ae3a-3efbe519672a", "indicator--c803c285-7b5e-41a2-8039-4cf867cc0cd3", "indicator--eeeffb3a-b92e-43d8-a954-60e99fd478d4", "indicator--490b1de9-53aa-4776-81fb-3ddd8f226dbf", "indicator--61288f48-9193-4986-942d-8186dc5832c3", "indicator--c01c2b14-2df0-48be-a8b9-151d1eb6cabb", "indicator--ee49fa56-c0d1-4cf6-bd09-2a7c41e82812", "x-misp-attribute--1af7dfc6-d905-4932-aa29-6e8b580c1419", "x-misp-attribute--f77b67e3-040f-43c6-b27f-7b3adb17acbc", "x-misp-object--b380f86c-fab0-4725-9f44-75c0066c3443", "indicator--b98e2b87-92d7-423a-ab0c-c2b959ed1531", "x-misp-object--c344702e-a806-4c8f-b775-73df55233630", "indicator--bb6d2897-d966-484f-a16e-ef0d4883382c", "x-misp-object--0999e1c5-edb5-4951-bb60-8439a93b7d1f", "indicator--9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1", "x-misp-object--b267c9dd-a93a-485d-8669-f183f000e830", "indicator--fd84b821-3908-4308-82c5-3e80414485c0", "x-misp-object--8952247a-923b-45d0-aeb2-e205c1471a97", "indicator--ed5dc5f9-19a2-4c52-b860-6e397828864c", "x-misp-object--0628a0ba-1c51-4611-973f-127abfcbd35d", "indicator--f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e", "x-misp-object--ad644c7f-4026-413d-b7fd-c7d9b092715c", "indicator--9429ddde-5558-4980-b168-6adae4f881ee", "x-misp-object--75ee7887-867a-44c9-99fa-c69874e6c3d2", "indicator--f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75", "x-misp-object--d6e00d51-3e6b-4568-9cec-dd77c1c0de47", "indicator--cd640421-1b74-4819-80e6-1c92cf4344e4", "x-misp-object--521e7905-f504-432c-ad34-54b87b7896b3", "indicator--0c0447cb-deb3-4606-b74e-5d016a305472", "x-misp-object--d03967cc-5531-4f85-9fd7-c89057ee0c22", "indicator--0ad792f3-1b7b-4510-a584-a113276453bc", "x-misp-object--98cec741-7605-4ec0-8d35-7a8fa6037977", "indicator--76c0248c-4198-4bea-b5d0-d33e7d28a020", "x-misp-object--ee307c62-c260-4da8-9d74-ceff7b11ea45", "relationship--0d87868b-cdcc-4c69-baf6-8b2bdbf6d560", "relationship--87acd184-a610-43dc-9873-8d58ae3d5327", "relationship--0addde89-794a-4963-ac15-da594383c84c", "relationship--419f8139-e669-48d5-b9d7-a99cb03b7402", "relationship--e888aa6c-e26b-46bc-8edf-f2e5b18a3091", "relationship--9a76f6bb-f81b-429b-a2ba-7c832aabe9ec", "relationship--270743a6-b76b-4be6-a0ea-4162b78fb7db", "relationship--c7ccc096-2225-47ce-8370-08f4b9a6604f", "relationship--8d2fea37-f936-4801-8f58-131445bc8b93", "relationship--fcaf39dc-f5ba-47f3-b4b5-b8b1cbf511e2", "relationship--89d9c916-8ffb-4688-85ec-8b815d02e8d5", "relationship--3275e726-6b6b-45e2-8da0-c9ad6e9ecd52" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--191d97b2-d7ea-49cb-a19a-2f560bc94b3b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:50:34.000Z", "modified": "2021-02-20T08:50:34.000Z", "labels": [ "misp:type=\"pdb\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pdb", "x_misp_value": "%USERPROFILE%\\source\\repos\\c4\\agent\\build\\_tools\\agent\\_dll\\_to\\_Python\\_loader\\NetInjector\\NetInjector\\obj\\Release\\NetInjector.pdb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9c8070f-ea2b-47e8-ae78-30a1f85a788c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f4642726-7d3a-4f77-ac23-59c220678eb0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = '63d7695dabefb97aa30cbe522647c95395b44321e1a3b08b8028e4000d1be15e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7218aec5-416f-438e-936a-1ba1f92ab346", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--25def1c1-4edf-46dd-b831-d21ae46b1a48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = '3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e136590-6d34-418c-9896-78defc1c3f1c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c99b060-e98f-4903-a660-9b179da4f06b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--103f647f-76fc-4698-8193-2c29df55f26e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00f2f454-0978-43f9-9dd8-55d407f1c190", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8389a593-98d2-4ae2-ae3a-3efbe519672a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'ba17af72a9d90822eed447b8526fb68963f0cde78df07c16902dc5a0c44536c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c803c285-7b5e-41a2-8039-4cf867cc0cd3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = '8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eeeffb3a-b92e-43d8-a954-60e99fd478d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = '18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--490b1de9-53aa-4776-81fb-3ddd8f226dbf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61288f48-9193-4986-942d-8186dc5832c3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'c430ebab4bf827303bc4ad95d40eecc7988bdc17cc139c8f88466bc536755d4e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c01c2b14-2df0-48be-a8b9-151d1eb6cabb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee49fa56-c0d1-4cf6-bd09-2a7c41e82812", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:48:30.000Z", "modified": "2021-02-20T08:48:30.000Z", "pattern": "[file:hashes.SHA256 = 'b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T08:48:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--1af7dfc6-d905-4932-aa29-6e8b580c1419", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:51:54.000Z", "modified": "2021-02-20T08:51:54.000Z", "labels": [ "misp:type=\"pdb\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pdb", "x_misp_value": "F:\\Dev\\NetInjector\\bin\\Release\\NetBootstrapper\\_Win32.pdb" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--f77b67e3-040f-43c6-b27f-7b3adb17acbc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:50:20.000Z", "modified": "2021-02-20T08:50:20.000Z", "labels": [ "misp:type=\"pdb\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pdb", "x_misp_value": "F:\\Dev\\NetInjector\\bin\\Release\\NetBootstrapper\\_x64.pdb" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b380f86c-fab0-4725-9f44-75c0066c3443", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T08:47:53.000Z", "modified": "2021-02-20T08:47:53.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://unit42.paloaltonetworks.com/ironnetinjector/", "category": "External analysis", "uuid": "4f7c4a75-b3d0-4141-a0d5-1ab8216f1ff7" }, { "type": "text", "object_relation": "summary", "value": "In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use \u2013 including threat actors. This not only saves the bad guys development time, but also makes it much easier for them to find new ideas to prevent detection of their malware.\r\n\r\nUnit 42 researchers have found several malicious IronPython scripts whose purpose is to load and run Turla\u2019s malware tools on a victim\u2019s system. The use of IronPython for malicious purposes isn\u2019t new, but the way Turla uses it is new. The overall method is known as Bring Your Own Interpreter (BYOI). It describes the use of an interpreter, not present on a system by default, to run malicious code of an interpreted programming or scripting language.\r\n\r\nThe first malicious IronPython scripts of the tool we describe here were discovered last year by a security researcher from FireEye. At the beginning of this year, another security researcher from Dragos pointed out some new scripts of the same threat actor uploaded to VirusTotal from two different submitters. We found that one of the submitters also uploaded two other samples, which are most likely embedded payloads of one of the IronPython scripts. These samples helped us to understand how this tool works, what malware it loads and which threat actor uses it.\r\n\r\nWhile the IronPython scripts are only the first part of the tool, the main task of loading malware is done by an embedded process injector. We dubbed this toolchain IronNetInjector, the blend of IronPython and the injector\u2019s internal project name NetInjector. In this blog, we describe the IronPython scripts and how they\u2019re used to load one or more payloads with the help of an injector.\r\n\r\nPalo Alto Networks customers are protected from this threat through WildFire and Cortex XDR. AutoFocus customers can investigate this activity with the tag \u201cIronNetInjector\u201d.", "category": "Other", "uuid": "5e9d4958-9976-4f9d-a7e6-25b1268356d3" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b98e2b87-92d7-423a-ab0c-c2b959ed1531", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:03.000Z", "modified": "2021-02-20T09:06:03.000Z", "pattern": "[file:hashes.MD5 = '0674e34d0b01e1c71e4666da1f3b589f' AND file:hashes.SHA1 = '0133512142805b89b5a86dfa67a82aaedbbab69c' AND file:hashes.SHA256 = 'b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c344702e-a806-4c8f-b775-73df55233630", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T19:36:11+00:00", "category": "Other", "uuid": "953df01c-4d2e-450a-afd9-d31ece971d4f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040/detection/f-b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040-1613763371", "category": "Payload delivery", "uuid": "bbfdefe0-60e7-4bfc-a6fa-8491930fd0f8" }, { "type": "text", "object_relation": "detection-ratio", "value": "7/59", "category": "Payload delivery", "uuid": "c6daa0ea-94a8-4656-88a2-9385e163db80" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb6d2897-d966-484f-a16e-ef0d4883382c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = '48f52e0c7aa72c2ccc5f5fcbd8e1290b' AND file:hashes.SHA1 = '347f31769431ad70147e68fbb6bfa1e17fe283e9' AND file:hashes.SHA256 = 'b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0999e1c5-edb5-4951-bb60-8439a93b7d1f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T18:04:13+00:00", "category": "Other", "uuid": "a72d5d15-a703-44ee-85a8-3944ca8c30ee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d/detection/f-b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d-1613757853", "category": "Payload delivery", "uuid": "d35f9f97-e4fd-47fb-bb91-0b848af5ed4c" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/59", "category": "Payload delivery", "uuid": "2d866758-093e-4856-bf2a-e758ce033f7c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = 'f376bc51b1220e5fc520ce60762ac6ce' AND file:hashes.SHA1 = '3e65b2df40001253ad8d9a3430a597c7b028bae9' AND file:hashes.SHA256 = 'a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b267c9dd-a93a-485d-8669-f183f000e830", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-20T03:39:41+00:00", "category": "Other", "uuid": "27d7b061-8f1c-45c8-a1e3-0664f11916e7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061/detection/f-a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061-1613792381", "category": "Payload delivery", "uuid": "3370b374-bfa9-433e-b062-6c64666954d1" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/70", "category": "Payload delivery", "uuid": "ac3a1514-866c-4895-8133-d003a148510f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd84b821-3908-4308-82c5-3e80414485c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = '9446059710c1869fc8aa9f0ef75d82f4' AND file:hashes.SHA1 = 'a91612cadaccc19d101710b0ae77151a7a1b043b' AND file:hashes.SHA256 = '8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8952247a-923b-45d0-aeb2-e205c1471a97", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T18:04:19+00:00", "category": "Other", "uuid": "a81ae9f3-97d4-4ace-8e64-c8e7e7370af4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72/detection/f-8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72-1613757859", "category": "Payload delivery", "uuid": "30a8de8e-8eb2-4ace-855d-e74fcb54608d" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/59", "category": "Payload delivery", "uuid": "f099139a-13f7-46ba-918e-0492e4ca4340" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed5dc5f9-19a2-4c52-b860-6e397828864c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = '7fcd8d3fde761de1d894dcf87827dde3' AND file:hashes.SHA1 = 'f2284d4777d2b5d2faf33844084b94c9552d5294' AND file:hashes.SHA256 = 'a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0628a0ba-1c51-4611-973f-127abfcbd35d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-20T03:38:42+00:00", "category": "Other", "uuid": "67b46cdc-27d2-4d07-9be9-e932cbbcde01" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56/detection/f-a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56-1613792322", "category": "Payload delivery", "uuid": "0091c69d-d04c-4879-aa0c-44616bf64e5a" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/70", "category": "Payload delivery", "uuid": "803cccf0-f675-4664-80b4-f907076d9238" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = '1777b81f3f87648b2344ea480bbcba65' AND file:hashes.SHA1 = 'ae76df8def138b6d4c82984f7172ed5bba737e1b' AND file:hashes.SHA256 = 'c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ad644c7f-4026-413d-b7fd-c7d9b092715c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-20T09:03:32+00:00", "category": "Other", "uuid": "8b32b042-1ddb-443b-a4a7-0679753f79d1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9/detection/f-c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9-1613811812", "category": "Payload delivery", "uuid": "ee58a958-335f-43e6-a69e-cd4a46551abc" }, { "type": "text", "object_relation": "detection-ratio", "value": "3/69", "category": "Payload delivery", "uuid": "1ca876a3-9ff0-4392-84df-11ee11f2c491" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9429ddde-5558-4980-b168-6adae4f881ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = 'eff5881b4bf83386e26c451ff7c34a90' AND file:hashes.SHA1 = 'd7a18413d8c2b2525a0c90aaa392bdaef377e2ec' AND file:hashes.SHA256 = '18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--75ee7887-867a-44c9-99fa-c69874e6c3d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T18:13:50+00:00", "category": "Other", "uuid": "69cb8722-3339-4367-9f5f-19af913184b0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746/detection/f-18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746-1613758430", "category": "Payload delivery", "uuid": "b864d0d7-71ef-4c0c-97a2-96d45559960f" }, { "type": "text", "object_relation": "detection-ratio", "value": "43/70", "category": "Payload delivery", "uuid": "2e321a84-f066-4515-bc1e-ce0ddd84e98f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = '0ebe822e8c7ebb803ae5b6b74601c36f' AND file:hashes.SHA1 = '86681c0c9b171f1afef5b06104abe8abcf0c992e' AND file:hashes.SHA256 = '3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d6e00d51-3e6b-4568-9cec-dd77c1c0de47", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T18:02:33+00:00", "category": "Other", "uuid": "fb9530c3-4758-49cb-a9e9-55a039df9dd8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6/detection/f-3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6-1613757753", "category": "Payload delivery", "uuid": "a5e137aa-eb61-4524-9b88-4113cbe136bb" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/60", "category": "Payload delivery", "uuid": "324b299c-0c8c-4430-97b2-9fc02b095f97" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cd640421-1b74-4819-80e6-1c92cf4344e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = 'd672139849f9855bfb703fcaec020a2f' AND file:hashes.SHA1 = '7e138c1337a29868fddfa99f52dfe1de38e46c9e' AND file:hashes.SHA256 = 'c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--521e7905-f504-432c-ad34-54b87b7896b3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T19:37:27+00:00", "category": "Other", "uuid": "78473fdb-7413-479d-89f9-eaf44270cad9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad/detection/f-c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad-1613763447", "category": "Payload delivery", "uuid": "e92bfb2d-804e-46e9-a1db-bea4af8058b4" }, { "type": "text", "object_relation": "detection-ratio", "value": "4/59", "category": "Payload delivery", "uuid": "3809e013-1036-475c-b671-47e8a0b84008" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0c0447cb-deb3-4606-b74e-5d016a305472", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = 'b11d85844af9fa84bf84ff746557f0b5' AND file:hashes.SHA1 = '44efacb89badadb486839165aba4d1ecdf3f047e' AND file:hashes.SHA256 = 'b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d03967cc-5531-4f85-9fd7-c89057ee0c22", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T18:04:36+00:00", "category": "Other", "uuid": "5d7a76b9-f6f8-4e46-95ed-0b198b71976f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3/detection/f-b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3-1613757876", "category": "Payload delivery", "uuid": "c1e70c66-59bc-4f40-a8cf-4564237a915d" }, { "type": "text", "object_relation": "detection-ratio", "value": "22/58", "category": "Payload delivery", "uuid": "102ea680-2071-42f6-a95e-52d9a87163b0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ad792f3-1b7b-4510-a584-a113276453bc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "pattern": "[file:hashes.MD5 = 'e46da9ab2096ebb33279a808f5a7ee77' AND file:hashes.SHA1 = 'ad81f2f00f25cd0e45151d42d63c46db3ae39bed' AND file:hashes.SHA256 = 'a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--98cec741-7605-4ec0-8d35-7a8fa6037977", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:04.000Z", "modified": "2021-02-20T09:06:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-20T09:04:22+00:00", "category": "Other", "uuid": "ca73ed83-05f6-4bad-be26-36e0433048df" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc/detection/f-a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc-1613811862", "category": "Payload delivery", "uuid": "a4a46491-8771-4a52-8bd6-9bbc4477ae82" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/70", "category": "Payload delivery", "uuid": "9158f2ab-9d6c-48a9-b1d3-37e76f1d6c67" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76c0248c-4198-4bea-b5d0-d33e7d28a020", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "pattern": "[file:hashes.MD5 = '98ce8c41188fcc1a92d0a23569c3765c' AND file:hashes.SHA1 = '2920d5e6c579fce772e5506caf03af65579088bd' AND file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-02-20T09:06:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--ee307c62-c260-4da8-9d74-ceff7b11ea45", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-02-19T18:04:28+00:00", "category": "Other", "uuid": "85f958ed-446d-454f-8b88-4e47a82c063f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93/detection/f-82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93-1613757868", "category": "Payload delivery", "uuid": "f10b6f7e-a1ec-4fb5-8f03-16c6e00c9bf9" }, { "type": "text", "object_relation": "detection-ratio", "value": "18/59", "category": "Payload delivery", "uuid": "1c366e4f-fd00-453f-9f3b-c6cf51c09e3e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0d87868b-cdcc-4c69-baf6-8b2bdbf6d560", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b98e2b87-92d7-423a-ab0c-c2b959ed1531", "target_ref": "x-misp-object--c344702e-a806-4c8f-b775-73df55233630" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--87acd184-a610-43dc-9873-8d58ae3d5327", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bb6d2897-d966-484f-a16e-ef0d4883382c", "target_ref": "x-misp-object--0999e1c5-edb5-4951-bb60-8439a93b7d1f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0addde89-794a-4963-ac15-da594383c84c", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1", "target_ref": "x-misp-object--b267c9dd-a93a-485d-8669-f183f000e830" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--419f8139-e669-48d5-b9d7-a99cb03b7402", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--fd84b821-3908-4308-82c5-3e80414485c0", "target_ref": "x-misp-object--8952247a-923b-45d0-aeb2-e205c1471a97" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e888aa6c-e26b-46bc-8edf-f2e5b18a3091", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ed5dc5f9-19a2-4c52-b860-6e397828864c", "target_ref": "x-misp-object--0628a0ba-1c51-4611-973f-127abfcbd35d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9a76f6bb-f81b-429b-a2ba-7c832aabe9ec", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e", "target_ref": "x-misp-object--ad644c7f-4026-413d-b7fd-c7d9b092715c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--270743a6-b76b-4be6-a0ea-4162b78fb7db", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9429ddde-5558-4980-b168-6adae4f881ee", "target_ref": "x-misp-object--75ee7887-867a-44c9-99fa-c69874e6c3d2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c7ccc096-2225-47ce-8370-08f4b9a6604f", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75", "target_ref": "x-misp-object--d6e00d51-3e6b-4568-9cec-dd77c1c0de47" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8d2fea37-f936-4801-8f58-131445bc8b93", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cd640421-1b74-4819-80e6-1c92cf4344e4", "target_ref": "x-misp-object--521e7905-f504-432c-ad34-54b87b7896b3" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fcaf39dc-f5ba-47f3-b4b5-b8b1cbf511e2", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0c0447cb-deb3-4606-b74e-5d016a305472", "target_ref": "x-misp-object--d03967cc-5531-4f85-9fd7-c89057ee0c22" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--89d9c916-8ffb-4688-85ec-8b815d02e8d5", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0ad792f3-1b7b-4510-a584-a113276453bc", "target_ref": "x-misp-object--98cec741-7605-4ec0-8d35-7a8fa6037977" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3275e726-6b6b-45e2-8da0-c9ad6e9ecd52", "created": "2021-02-20T09:06:05.000Z", "modified": "2021-02-20T09:06:05.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--76c0248c-4198-4bea-b5d0-d33e7d28a020", "target_ref": "x-misp-object--ee307c62-c260-4da8-9d74-ceff7b11ea45" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }