adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a390de6-4a58-4a19-89fb-4620950d210f.json

767 lines
No EOL
34 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5a390de6-4a58-4a19-89fb-4620950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T03:00:39.000Z",
"modified": "2017-12-21T03:00:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a390de6-4a58-4a19-89fb-4620950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T03:00:39.000Z",
"modified": "2017-12-21T03:00:39.000Z",
"name": "OSINT - Zeus Panda Banking Trojan Targets Online Holiday Shoppers",
"published": "2017-12-28T13:33:53Z",
"object_refs": [
"observed-data--5a390e33-a644-4e3a-957d-1606950d210f",
"url--5a390e33-a644-4e3a-957d-1606950d210f",
"x-misp-attribute--5a390e5c-090c-4b23-83f0-1714950d210f",
"indicator--5a390ecd-e0a8-4c1e-95bc-498c950d210f",
"indicator--5a390eec-3874-4509-a0dd-1708950d210f",
"indicator--5a390efa-6134-40fc-901a-1713950d210f",
"indicator--5a390f86-f3c8-4662-96dd-1690950d210f",
"indicator--5a390f86-06c8-4a7b-a2de-1690950d210f",
"indicator--5a390f87-2be4-4d90-b4b6-1690950d210f",
"indicator--5a390f87-208c-477f-a436-1690950d210f",
"indicator--5a390f87-7364-456f-9669-1690950d210f",
"indicator--5a390f87-7528-4d33-a029-1690950d210f",
"indicator--5a3910b0-33e0-4ba5-b4e3-18e3950d210f",
"indicator--5a3910b0-2350-40f6-bf70-18e3950d210f",
"observed-data--5a390eac-8b20-4401-83c1-169e950d210f",
"email-message--5a390eac-8b20-4401-83c1-169e950d210f",
"indicator--5a390f46-b670-4975-842a-473d950d210f",
"indicator--5a3910e8-d3fc-421d-a96b-1690950d210f",
"indicator--5a39110d-413c-4ff2-b531-bfd8950d210f",
"indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e",
"x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b",
"indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8",
"x-misp-object--8e8856ca-85ff-4643-9b60-708617003213",
"indicator--23b939ba-58a7-4265-acbb-12945bdaf96f",
"x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9",
"indicator--c299d343-7fb7-4bda-bc3c-578213b2333d",
"x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa",
"relationship--afbc24b1-b5a1-4557-b2ee-675b8de944cf",
"relationship--9d1e245e-1f1e-4d1b-b293-d1eb57be0d8b",
"relationship--919a88c0-cd9d-4236-9dc1-38372f1d5210",
"relationship--b6999479-d288-40ff-b155-e2050d13e8ed"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:banker=\"Panda Banker\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"ms-caro-malware-full:malware-family=\"Banker\"",
"malware_classification:malware-category=\"Trojan\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a390e33-a644-4e3a-957d-1606950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"first_observed": "2017-12-20T09:11:54Z",
"last_observed": "2017-12-20T09:11:54Z",
"number_observed": 1,
"object_refs": [
"url--5a390e33-a644-4e3a-957d-1606950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a390e33-a644-4e3a-957d-1606950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a390e5c-090c-4b23-83f0-1714950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Banking Trojans work by injecting code into web pages as they are viewed on infected machines, allowing the malware to harvest banking credentials and credit card information as victims interact with legitimate sites. Most often, the injects -- the code that actually performs the man-in-the-browser attacks -- are configured for region-specific banking sites. More recently, we have seen injects for online payment sites, casinos, retailers, and more appearing in banking Trojan campaigns.\r\n\r\nSince November -- a period of time that includes Thanksgiving, Black Friday, Cyber Monday and now leading up to Christmas -- we have observed Zeus Panda banking Trojan campaigns that have an increasing focus on non-banking targets with an extensive list of injects clearly designed to capitalize on holiday shopping and activities.\r\n\r\nMore specifically, these Zeus Panda (aka Panda Banker) campaigns expanded their injects to a variety of online shopping sites for brick and mortar retailers like Zara, specialty online retailers, travel sites, and video streaming sites, among others. The vast majority of these new targets will potentially see higher-than-normal numbers of credit card transactions for the holidays. While Zeus Panda can be configured to steal a variety of information, these injects collected the credit card number, address, phone number, DOB, SSN, and security question-related information such as mother\u00e2\u20ac\u2122s maiden name."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390ecd-e0a8-4c1e-95bc-498c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:06:21.000Z",
"modified": "2017-12-19T13:06:21.000Z",
"pattern": "[file:name = 'receipt-package-5a0a062cae04a.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:06:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390eec-3874-4509-a0dd-1708950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Landing page redirection",
"pattern": "[url:value = 'https://canadapost-packagecenter.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390efa-6134-40fc-901a-1713950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"pattern": "[file:name = 'resume.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f86-f3c8-4662-96dd-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Document payload",
"pattern": "[url:value = 'http://80.82.67.217/moo.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f86-06c8-4a7b-a2de-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:09:26.000Z",
"modified": "2017-12-19T13:09:26.000Z",
"description": "Panda",
"pattern": "[file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:09:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-2be4-4d90-b4b6-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Panda C&C",
"pattern": "[domain-name:value = 'gromnes.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-208c-477f-a436-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Panda C&C",
"pattern": "[domain-name:value = 'aklexim.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-7364-456f-9669-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Panda C&C",
"pattern": "[domain-name:value = 'kichamyn.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-7528-4d33-a029-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:09:27.000Z",
"modified": "2017-12-19T13:09:27.000Z",
"description": "Attachment",
"pattern": "[file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:09:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3910b0-33e0-4ba5-b4e3-18e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Malicious URL in email",
"pattern": "[url:value = 'http://www.nfk-trading.com/analyticsmmrxbctq/redirect/0849e22e843170e1600c1910df8cf9da-id-qblozsmn-to-package-awaiting']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3910b0-2350-40f6-bf70-18e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Document payload",
"pattern": "[url:value = 'http://89.248.169.136/bigmac.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a390eac-8b20-4401-83c1-169e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:05:48.000Z",
"modified": "2017-12-19T13:05:48.000Z",
"first_observed": "2017-12-19T13:05:48Z",
"last_observed": "2017-12-19T13:05:48Z",
"number_observed": 1,
"object_refs": [
"email-message--5a390eac-8b20-4401-83c1-169e950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5a390eac-8b20-4401-83c1-169e950d210f",
"is_multipart": false,
"date": "2017-11-13T00:00:00Z",
"subject": "Your package is ready to be picked up\u00e2\u20ac\u009d"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f46-b670-4975-842a-473d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:08:22.000Z",
"modified": "2017-12-19T13:08:22.000Z",
"pattern": "[email-message:date = '2017-12-11T00:00:00' AND email-message:subject = 'Application submitted from Gumtree Jobs by [First Last Names] for Field Sales Consultant - Status: Emailed' AND email-message:body_multipart[0].body_raw_ref.name = 'resume.doc' AND email-message:body_multipart[0].content_disposition = 'attachment']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:08:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3910e8-d3fc-421d-a96b-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:15:20.000Z",
"modified": "2017-12-19T13:15:20.000Z",
"pattern": "[file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b' AND file:name = 'receipt-package-5a0a062cae04a.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a39110d-413c-4ff2-b531-bfd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:15:57.000Z",
"modified": "2017-12-19T13:15:57.000Z",
"description": "Panda executable",
"pattern": "[file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d' AND file:name = 'Bigmac.jpg' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:57.000Z",
"modified": "2017-12-20T09:11:57.000Z",
"pattern": "[file:hashes.MD5 = 'a02d6ca05cbc89a317d82945bcb6b15b' AND file:hashes.SHA1 = '2cacb877c487b6dae47fb16fdd1dc7b05595125b' AND file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d/analysis/1513357351/",
"category": "External analysis",
"uuid": "5a3a295b-b3fc-4cce-92cd-431402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/67",
"category": "Other",
"uuid": "5a3a295b-18c0-4bed-af46-433102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-15T17:02:31",
"category": "Other",
"uuid": "5a3a295b-6208-4950-9d19-4b6a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:58.000Z",
"modified": "2017-12-20T09:11:58.000Z",
"pattern": "[file:hashes.MD5 = '52b053886cc0ca44df86cba91de968fa' AND file:hashes.SHA1 = 'ef22bcec61cb2aea85cd93cede6af5f4b27e011b' AND file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8e8856ca-85ff-4643-9b60-708617003213",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:55.000Z",
"modified": "2017-12-20T09:11:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3/analysis/1513686510/",
"category": "External analysis",
"comment": "Panda",
"uuid": "5a3a295b-c948-41f7-9f3c-4eb802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/66",
"category": "Other",
"comment": "Panda",
"uuid": "5a3a295b-1164-44e5-a7fb-4bc902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-19T12:28:30",
"category": "Other",
"comment": "Panda",
"uuid": "5a3a295b-f134-4097-aaad-481602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--23b939ba-58a7-4265-acbb-12945bdaf96f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:58.000Z",
"modified": "2017-12-20T09:11:58.000Z",
"pattern": "[file:hashes.MD5 = 'b2a6ec17f49740ddc699640fb19f951d' AND file:hashes.SHA1 = '00d8ef79f6fe532815c0325fb6d7165cdae98548' AND file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:55.000Z",
"modified": "2017-12-20T09:11:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc/analysis/1513686599/",
"category": "External analysis",
"comment": "Attachment",
"uuid": "5a3a295b-9dd4-4202-b6ac-44e102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/58",
"category": "Other",
"comment": "Attachment",
"uuid": "5a3a295b-bb18-4c9d-b107-418e02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-19T12:29:59",
"category": "Other",
"comment": "Attachment",
"uuid": "5a3a295b-30fc-4206-af56-438802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c299d343-7fb7-4bda-bc3c-578213b2333d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:58.000Z",
"modified": "2017-12-20T09:11:58.000Z",
"pattern": "[file:hashes.MD5 = 'bcac60105cb24fdbcc03c1d52d09bfd1' AND file:hashes.SHA1 = '8eab9d3dfe6ac35a3624e916bb3cdc6d390a83d2' AND file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:55.000Z",
"modified": "2017-12-20T09:11:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b/analysis/1513686655/",
"category": "External analysis",
"uuid": "5a3a295b-efcc-4b80-b82d-4cb402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/58",
"category": "Other",
"uuid": "5a3a295b-3e4c-474f-8b74-480c02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-19T12:30:55",
"category": "Other",
"uuid": "5a3a295b-f240-48da-adee-467702de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--afbc24b1-b5a1-4557-b2ee-675b8de944cf",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e",
"target_ref": "x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9d1e245e-1f1e-4d1b-b293-d1eb57be0d8b",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8",
"target_ref": "x-misp-object--8e8856ca-85ff-4643-9b60-708617003213"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--919a88c0-cd9d-4236-9dc1-38372f1d5210",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--23b939ba-58a7-4265-acbb-12945bdaf96f",
"target_ref": "x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b6999479-d288-40ff-b155-e2050d13e8ed",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c299d343-7fb7-4bda-bc3c-578213b2333d",
"target_ref": "x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink