{ "type": "bundle", "id": "bundle--5d6532ef-05a0-4a1b-a2ee-4c86950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:46:33.000Z", "modified": "2019-08-27T13:46:33.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d6532ef-05a0-4a1b-a2ee-4c86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:46:33.000Z", "modified": "2019-08-27T13:46:33.000Z", "name": "OSINT - Mirai - Loligang bot", "published": "2019-08-27T13:57:11Z", "object_refs": [ "indicator--5d653369-2484-4ccc-a411-4d15950d210f", "indicator--5d653369-4d30-4ed7-9f4d-443c950d210f", "indicator--5d653369-2f5c-4fda-b306-4cba950d210f", "indicator--5d653369-1b00-48fe-b664-45a8950d210f", "indicator--5d653369-842c-4de7-853c-46b9950d210f", "indicator--5d653369-d99c-4174-86ce-4133950d210f", "indicator--5d653369-89e0-4dc7-8017-42bf950d210f", "indicator--5d653369-cb98-4f5c-a3f6-4442950d210f", "indicator--5d653369-7af0-4175-98a3-4910950d210f", "indicator--5d653369-fe40-4c9a-afa6-42ee950d210f", "indicator--5d653369-3ff0-4e98-8d91-4893950d210f", "indicator--5d653369-444c-42f6-bdb6-47bd950d210f", "indicator--5d653369-d6dc-44e8-8212-419b950d210f", "indicator--5d653369-33a4-4992-9f35-4fc0950d210f", "indicator--5d653369-3ea4-4507-95b5-4053950d210f", "indicator--5d653369-8374-4c32-92ed-4778950d210f", "indicator--5d653369-6444-4580-abb1-45eb950d210f", "indicator--5d653369-8e44-449f-8c7d-41d6950d210f", "indicator--5d653369-e2dc-4499-93af-48a9950d210f", "indicator--5d653369-673c-484f-8131-47fd950d210f", "indicator--5d653369-d878-4c31-95fd-4887950d210f", "indicator--5d653369-2754-4c2f-8ce3-409f950d210f", "indicator--5d653369-e660-4365-8bef-4ff8950d210f", "indicator--5d653369-ae30-4d8e-82af-489d950d210f", "indicator--5d653369-3848-4ffa-a320-4c6b950d210f", "indicator--5d653369-4258-4ae6-807b-40bf950d210f", "indicator--5d653369-dc38-429c-9d34-489e950d210f", "indicator--5d653369-07b8-4229-bfaf-417e950d210f", "indicator--5d653369-ecc4-4624-a9e8-4b52950d210f", "indicator--5d653369-979c-467f-8941-46d1950d210f", "indicator--5d653369-e0a8-4747-ac7a-4a03950d210f", "indicator--5d653369-0e5c-4b87-a090-4a72950d210f", "indicator--5d653369-bdc0-4c2b-adbd-452c950d210f", "indicator--5d653369-26dc-4b39-988d-4dc3950d210f", "indicator--5d653369-0f7c-43ef-acc9-42a5950d210f", "indicator--5d653369-a990-4bd8-bc6a-407e950d210f", "indicator--5d653369-6a58-4df5-a91c-4d1d950d210f", "indicator--5d653369-5550-4e1b-9154-4750950d210f", "indicator--5d653369-3340-4137-9cf2-4f77950d210f", "indicator--5d653369-5fc8-4684-a863-420a950d210f", "indicator--5d653369-6a40-4817-9779-489c950d210f", "indicator--5d653369-bf78-4d93-8474-4f5c950d210f", "indicator--5d653369-26c4-43a8-a291-4f8e950d210f", "indicator--5d653369-4310-4699-8e3d-4b4e950d210f", "indicator--5d653369-4a44-4eb2-89f6-4683950d210f", "observed-data--5d65337c-f0f4-4c18-9c06-4235950d210f", "url--5d65337c-f0f4-4c18-9c06-4235950d210f", "indicator--0817c131-b50c-45a1-a1a3-a3072f5e21c6", "x-misp-object--f0889f07-a335-4483-b790-bbd8384cd71c", "indicator--b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0", "x-misp-object--6cb3e0a7-3216-4eb8-98c6-06e79a5f2995", "indicator--79e1f030-379c-4127-aa04-b3603f1a3824", "x-misp-object--254ac2d2-ddbf-46d3-b400-3636b8595f92", "indicator--23c7e1ee-00f6-45ae-a4a9-f08888078fc2", "x-misp-object--af3d2aae-9c33-4cac-8b18-5338ae1450c2", "indicator--e04e0d05-85fc-44a7-87f7-32746aada35a", "x-misp-object--a9480e09-5437-40db-94c9-5dfbe5bc98c9", "indicator--4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3", "x-misp-object--1c5d190e-a3c9-44e2-9225-7204e2439319", "indicator--70b72a57-ea6e-46e7-83ad-31298af63206", "x-misp-object--9fa18b29-a098-494a-8c9f-aba9ce301f9a", "relationship--62c69a44-2b2c-4007-a000-995ee1e86b9f", "relationship--b2b3bdb3-4da6-4184-becf-4f336e1f256b", "relationship--09dde0e7-cb7b-4bf5-98fc-88831f0e644c", "relationship--8a9b7625-d066-4a6b-afaa-5f1dc57e04f9", "relationship--efc5008b-9eab-4168-814e-81d3c85936ca", "relationship--f8c69842-0fa3-438f-adb1-884fbcef3457", "relationship--fe54c5db-bd65-40f9-95e1-592290bdb594" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:botnet=\"Mirai\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-2484-4ccc-a411-4d15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:04.000Z", "modified": "2019-08-27T13:43:04.000Z", "pattern": "[file:hashes.SHA256 = '93130f4edabb095aaa584dd76c03fcec701e7bf7e9772c1ccfb140f049d6cfff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-4d30-4ed7-9f4d-443c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = 'fc231bb098cf67c9c56df59ba43e128388cc04e76b72b2d2ee5f1e02a6537699']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-2f5c-4fda-b306-4cba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = 'feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-1b00-48fe-b664-45a8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = '84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-842c-4de7-853c-46b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = 'b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-d99c-4174-86ce-4133950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = 'cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-89e0-4dc7-8017-42bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = '53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-cb98-4f5c-a3f6-4442950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = '2439ffb7966e7d4521ff55f1c7df438a1d51cc21693edf82e46ff39dde2ef7d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-7af0-4175-98a3-4910950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = 'e1f10b070c575eae46cc89ae9638d58c348d754e24beacb0d1b0a2e613335c60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-fe40-4c9a-afa6-42ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = 'b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-3ff0-4e98-8d91-4893950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA256 = '7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-444c-42f6-bdb6-47bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.mpsl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-d6dc-44e8-8212-419b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-33a4-4992-9f35-4fc0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-3ea4-4507-95b5-4053950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-8374-4c32-92ed-4778950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.spc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-6444-4580-abb1-45eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.arm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-8e44-449f-8c7d-41d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.m68k']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-e2dc-4499-93af-48a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.mips']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-673c-484f-8131-47fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.ppc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-d878-4c31-95fd-4887950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.x86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-2754-4c2f-8ce3-409f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[url:value = 'ftp://165.22.153.245/loligang.sh4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-e660-4365-8bef-4ff8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '4d6b2efa2bba2bb86c26aa827f0cc531']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-ae30-4d8e-82af-489d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '9e00aa8e675a88db881b1d4909745d2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-3848-4ffa-a320-4c6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '657bcdd6be43d48b3a664ae7f8b047a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-4258-4ae6-807b-40bf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = 'ae006853961580175c88b1b91c126620']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-dc38-429c-9d34-489e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '7d2dcfdad728c946d2d97405c618f2c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-07b8-4229-bfaf-417e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = 'a8672298a8b6ce167d8bebff1252bc6a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-ecc4-4624-a9e8-4b52950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '9b66bc34acbf90fa299109dbf2195194']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-979c-467f-8941-46d1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '001c1a6c30eb5a93d0b8dbddeb873b32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-e0a8-4747-ac7a-4a03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '2afaf4d7344b34d0ba11d61ec6978dcd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-0e5c-4b87-a090-4a72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '0420409b6b89b1eb141192902d7b7704']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-bdc0-4c2b-adbd-452c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.MD5 = '8b04de9e996f11bf1e047760cd758ebb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-26dc-4b39-988d-4dc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = 'ab4b298e59b01cc0a37edd7fa9be7dadb08e35a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-0f7c-43ef-acc9-42a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '3b2d1af776ea516411099c20bf02dfa095002dc0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-a990-4bd8-bc6a-407e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '6922753a6c844350e4b2440bc70eb27ef91cdc7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-6a58-4df5-a91c-4d1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = 'b6ab78139561b22c909266e1b906b882255cf4d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-5550-4e1b-9154-4750950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '3302347dbff47ad6271c8e402f2bce18a0df1983']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-3340-4137-9cf2-4f77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '4c06370189b9154b44a6a975a05a0a3bbb6c5382']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-5fc8-4684-a863-420a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '3252d21dc0cb2817673f92d1b00e13f6f9542b1e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-6a40-4817-9779-489c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '1893faeab933826ac3a85bab919a9ba0b734d2f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-bf78-4d93-8474-4f5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '488734ad3fa96f647ac1f23fb97649c36b1b87a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-26c4-43a8-a291-4f8e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '6835affc0e893edb626b609198ceb4ba457acdc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-4310-4699-8e3d-4b4e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[file:hashes.SHA1 = '567caadc5b269770a5c401869a18471dfa344d44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d653369-4a44-4eb2-89f6-4683950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:05.000Z", "modified": "2019-08-27T13:43:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.22.153.245']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:43:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d65337c-f0f4-4c18-9c06-4235950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:43:24.000Z", "modified": "2019-08-27T13:43:24.000Z", "first_observed": "2019-08-27T13:43:24Z", "last_observed": "2019-08-27T13:43:24Z", "number_observed": 1, "object_refs": [ "url--5d65337c-f0f4-4c18-9c06-4235950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d65337c-f0f4-4c18-9c06-4235950d210f", "value": "https://otx.alienvault.com/pulse/5d652c579d3ca47ab1d8aff4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0817c131-b50c-45a1-a1a3-a3072f5e21c6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:27.000Z", "modified": "2019-08-27T13:45:27.000Z", "pattern": "[file:hashes.MD5 = '657bcdd6be43d48b3a664ae7f8b047a6' AND file:hashes.SHA1 = 'b6ab78139561b22c909266e1b906b882255cf4d1' AND file:hashes.SHA256 = 'b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f0889f07-a335-4483-b790-bbd8384cd71c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:27.000Z", "modified": "2019-08-27T13:45:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-27T13:10:59", "category": "Other", "uuid": "c0b4c7ef-9a55-45e1-af49-078072c675e8" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87/analysis/1566911459/", "category": "Payload delivery", "uuid": "b9451c41-a02e-4843-be13-99d1d18c757f" }, { "type": "text", "object_relation": "detection-ratio", "value": "21/57", "category": "Payload delivery", "uuid": "9f7c1fab-cf70-4703-ac64-9c0ef70a5790" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:27.000Z", "modified": "2019-08-27T13:45:27.000Z", "pattern": "[file:hashes.MD5 = '9b66bc34acbf90fa299109dbf2195194' AND file:hashes.SHA1 = '3252d21dc0cb2817673f92d1b00e13f6f9542b1e' AND file:hashes.SHA256 = '84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6cb3e0a7-3216-4eb8-98c6-06e79a5f2995", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:28.000Z", "modified": "2019-08-27T13:45:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-27T13:10:57", "category": "Other", "uuid": "e884b15b-2e8e-449d-9a40-4bb70c26f386" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe/analysis/1566911457/", "category": "Payload delivery", "uuid": "a28a7598-8070-4145-bb6f-110a3b2268b2" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/57", "category": "Payload delivery", "uuid": "bd3af045-5bcd-488d-b08b-62c08cad8201" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79e1f030-379c-4127-aa04-b3603f1a3824", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:28.000Z", "modified": "2019-08-27T13:45:28.000Z", "pattern": "[file:hashes.MD5 = '001c1a6c30eb5a93d0b8dbddeb873b32' AND file:hashes.SHA1 = '6835affc0e893edb626b609198ceb4ba457acdc4' AND file:hashes.SHA256 = 'feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:45:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--254ac2d2-ddbf-46d3-b400-3636b8595f92", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:28.000Z", "modified": "2019-08-27T13:45:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-26T13:58:32", "category": "Other", "uuid": "44eca0fc-84c9-4341-b7cd-bc060f188eb9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c/analysis/1566827912/", "category": "Payload delivery", "uuid": "0b7e65b1-e6b0-4103-9bbb-ad81cb091c89" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/55", "category": "Payload delivery", "uuid": "fe764259-0dbe-4934-b8a0-8e1a279399f0" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23c7e1ee-00f6-45ae-a4a9-f08888078fc2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:28.000Z", "modified": "2019-08-27T13:45:28.000Z", "pattern": "[file:hashes.MD5 = '0420409b6b89b1eb141192902d7b7704' AND file:hashes.SHA1 = '488734ad3fa96f647ac1f23fb97649c36b1b87a0' AND file:hashes.SHA256 = 'cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:45:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af3d2aae-9c33-4cac-8b18-5338ae1450c2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:28.000Z", "modified": "2019-08-27T13:45:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-26T13:58:32", "category": "Other", "uuid": "787556d0-4b2f-44e7-aaf9-3075ea47e7da" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba/analysis/1566827912/", "category": "Payload delivery", "uuid": "76d8279d-e5fe-49c9-a228-e13b2a44dd05" }, { "type": "text", "object_relation": "detection-ratio", "value": "24/55", "category": "Payload delivery", "uuid": "c0066020-5fc6-4e58-bf3c-77f210d7c98b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e04e0d05-85fc-44a7-87f7-32746aada35a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:28.000Z", "modified": "2019-08-27T13:45:28.000Z", "pattern": "[file:hashes.MD5 = '2afaf4d7344b34d0ba11d61ec6978dcd' AND file:hashes.SHA1 = '1893faeab933826ac3a85bab919a9ba0b734d2f1' AND file:hashes.SHA256 = '53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:45:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a9480e09-5437-40db-94c9-5dfbe5bc98c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:28.000Z", "modified": "2019-08-27T13:45:28.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-27T13:10:57", "category": "Other", "uuid": "7e6cef86-122e-47ce-bfb5-c96dcd8be92c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582/analysis/1566911457/", "category": "Payload delivery", "uuid": "ffb82c5b-f099-4a08-8a75-e90a5c087550" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/57", "category": "Payload delivery", "uuid": "458d1e5e-abfe-48db-a852-e8f566228319" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "pattern": "[file:hashes.MD5 = '7d2dcfdad728c946d2d97405c618f2c9' AND file:hashes.SHA1 = '6922753a6c844350e4b2440bc70eb27ef91cdc7c' AND file:hashes.SHA256 = 'b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:45:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1c5d190e-a3c9-44e2-9225-7204e2439319", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-27T09:30:02", "category": "Other", "uuid": "35a02550-3a30-4aff-ade1-e029f71962de" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6/analysis/1566898202/", "category": "Payload delivery", "uuid": "93016d9b-6885-4799-b4f4-3232438c2995" }, { "type": "text", "object_relation": "detection-ratio", "value": "28/56", "category": "Payload delivery", "uuid": "27537950-34df-48e2-96fb-5f51e4d1a0b5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70b72a57-ea6e-46e7-83ad-31298af63206", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "pattern": "[file:hashes.MD5 = 'ae006853961580175c88b1b91c126620' AND file:hashes.SHA1 = 'ab4b298e59b01cc0a37edd7fa9be7dadb08e35a8' AND file:hashes.SHA256 = '7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-08-27T13:45:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9fa18b29-a098-494a-8c9f-aba9ce301f9a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-08-26T10:57:13", "category": "Other", "uuid": "674ff6df-7692-41e8-85ce-2dcbc25a9013" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d/analysis/1566817033/", "category": "Payload delivery", "uuid": "154ee7cb-c514-4b31-8b03-8512a25207a4" }, { "type": "text", "object_relation": "detection-ratio", "value": "20/57", "category": "Payload delivery", "uuid": "2c118fa2-b70f-4f30-86bf-69013711a34e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--62c69a44-2b2c-4007-a000-995ee1e86b9f", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0817c131-b50c-45a1-a1a3-a3072f5e21c6", "target_ref": "x-misp-object--f0889f07-a335-4483-b790-bbd8384cd71c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b2b3bdb3-4da6-4184-becf-4f336e1f256b", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0", "target_ref": "x-misp-object--6cb3e0a7-3216-4eb8-98c6-06e79a5f2995" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--09dde0e7-cb7b-4bf5-98fc-88831f0e644c", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--79e1f030-379c-4127-aa04-b3603f1a3824", "target_ref": "x-misp-object--254ac2d2-ddbf-46d3-b400-3636b8595f92" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8a9b7625-d066-4a6b-afaa-5f1dc57e04f9", "created": "2019-08-27T13:45:29.000Z", "modified": "2019-08-27T13:45:29.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--23c7e1ee-00f6-45ae-a4a9-f08888078fc2", "target_ref": "x-misp-object--af3d2aae-9c33-4cac-8b18-5338ae1450c2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--efc5008b-9eab-4168-814e-81d3c85936ca", "created": "2019-08-27T13:45:30.000Z", "modified": "2019-08-27T13:45:30.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e04e0d05-85fc-44a7-87f7-32746aada35a", "target_ref": "x-misp-object--a9480e09-5437-40db-94c9-5dfbe5bc98c9" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f8c69842-0fa3-438f-adb1-884fbcef3457", "created": "2019-08-27T13:45:30.000Z", "modified": "2019-08-27T13:45:30.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3", "target_ref": "x-misp-object--1c5d190e-a3c9-44e2-9225-7204e2439319" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fe54c5db-bd65-40f9-95e1-592290bdb594", "created": "2019-08-27T13:45:30.000Z", "modified": "2019-08-27T13:45:30.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--70b72a57-ea6e-46e7-83ad-31298af63206", "target_ref": "x-misp-object--9fa18b29-a098-494a-8c9f-aba9ce301f9a" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }