1911 lines
No EOL
86 KiB
JSON
1911 lines
No EOL
86 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5ad8687b-0e10-4a8b-a157-46a5950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:24:28.000Z",
|
|
"modified": "2018-04-20T09:24:28.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5ad8687b-0e10-4a8b-a157-46a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T09:24:28.000Z",
|
|
"modified": "2018-04-20T09:24:28.000Z",
|
|
"name": "OSINT - Minecraft & CS:GO Ransomware Strive For Media Attention",
|
|
"published": "2018-04-20T09:24:57Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--5ad868b9-05a0-409f-aaf2-4110950d210f",
|
|
"observed-data--5ad868ce-8c0c-4b3d-916f-4b3a950d210f",
|
|
"url--5ad868ce-8c0c-4b3d-916f-4b3a950d210f",
|
|
"indicator--5ad86f63-f1fc-4a32-83a0-4dca950d210f",
|
|
"indicator--5ad86f63-2108-48fe-b9e7-43f9950d210f",
|
|
"indicator--5ad86f64-b564-4c00-85cc-4dfd950d210f",
|
|
"indicator--5ad86f64-fc44-4b3b-a336-4cbe950d210f",
|
|
"indicator--5ad86f64-23f0-4c89-968d-4a5d950d210f",
|
|
"indicator--5ad86f65-6368-4e41-b1fc-48fe950d210f",
|
|
"indicator--5ad86f65-1b08-43a9-9ca7-4f38950d210f",
|
|
"indicator--5ad86f66-3284-4cc5-80b6-4439950d210f",
|
|
"indicator--5ad86f66-91dc-4309-9120-4b38950d210f",
|
|
"indicator--5ad86f66-3e08-4f0f-936e-4a5a950d210f",
|
|
"indicator--5ad86f67-396c-4119-bcb2-410e950d210f",
|
|
"indicator--5ad88e9f-33b0-4b74-aac2-43f5950d210f",
|
|
"indicator--5ad88ea0-3314-4010-9ec5-4d11950d210f",
|
|
"indicator--5ad88ea0-9b64-4f3e-a6fa-45f1950d210f",
|
|
"indicator--5ad88ea1-54b4-4f10-b8d6-40ff950d210f",
|
|
"indicator--5ad88ea1-eabc-4645-b601-4004950d210f",
|
|
"indicator--5ad88ea1-e2e0-469f-97c0-459c950d210f",
|
|
"indicator--5ad88ea2-ccf4-408d-9165-4764950d210f",
|
|
"indicator--5c068f51-98b0-41b5-9283-405ee2b3b925",
|
|
"x-misp-object--c6a6aeb5-b99d-45f8-8fb0-d976fbb1f042",
|
|
"indicator--10c705b3-d4f3-452c-93dc-5bc59442a998",
|
|
"x-misp-object--aac961aa-0223-4b62-b4c8-73897daae8ca",
|
|
"indicator--60f76829-9936-4142-a59e-7b34e7a9b589",
|
|
"x-misp-object--3bcf1646-118a-4a10-887e-8f67b74b13a9",
|
|
"indicator--d8193b44-4c37-42dc-a781-38911be1f9b4",
|
|
"x-misp-object--eae89772-f98c-4e8e-9553-2810722a1a8a",
|
|
"indicator--b3620101-dede-4da2-b764-631cba764181",
|
|
"x-misp-object--4d6c4637-3d9c-405b-beb1-224b76f66a2b",
|
|
"indicator--dfffc826-de9b-49f9-9226-6713fc609e9c",
|
|
"x-misp-object--1c78eb45-dc62-4133-b6f6-48ce4d413310",
|
|
"indicator--a1304fbf-effe-4dba-8079-d36e83309bbe",
|
|
"x-misp-object--2282c2a4-c392-4bb5-812b-37f190a31d74",
|
|
"indicator--567b469c-842b-40fb-920c-7b00907d152c",
|
|
"x-misp-object--d2f06703-93c5-403b-9ed3-343697e0afce",
|
|
"indicator--621aa925-21c5-4af2-9662-34e39af166e1",
|
|
"x-misp-object--d2dd4055-f2d0-41d0-8fc2-5908a2c57440",
|
|
"indicator--ab8e7b4d-6a43-4541-9137-1047487442c4",
|
|
"x-misp-object--eddeea42-18be-42e6-af0c-56e837e340d6",
|
|
"indicator--d0f56c1f-46a2-4785-a6b9-036af2137965",
|
|
"x-misp-object--65dfb489-e7b8-46ec-bdfc-bc81ae647ecf",
|
|
"indicator--125e1526-6c4a-4132-89fc-43f804dc2b3c",
|
|
"x-misp-object--92328dc6-bc9c-448d-9e18-360245039d36",
|
|
"indicator--f06d18a5-283a-4569-b155-745555ccf928",
|
|
"x-misp-object--c97f4a7d-0f77-4bea-b158-7c109a9393e2",
|
|
"indicator--1a00f5cc-f1a5-454c-8516-a3766b937b2b",
|
|
"x-misp-object--da95275d-d7d1-462d-8980-33f697b19bbe",
|
|
"indicator--0aface86-1943-4c64-a734-a952a0d6036c",
|
|
"x-misp-object--104199ea-ec1a-4326-b864-aff6b87aa26e",
|
|
"indicator--a6cd51d1-09ed-4782-b4db-45f24256138e",
|
|
"x-misp-object--69ca0eea-cc1c-4a23-8300-480a977aed37",
|
|
"indicator--c4e43c42-c47a-48c2-b8f4-a0157937d9e9",
|
|
"x-misp-object--c453e757-2896-4eab-9833-df10e4e7ac2c",
|
|
"indicator--350c1ce9-8596-4b4c-a799-a4472dbf9bcf",
|
|
"x-misp-object--5c00102e-ec27-48d2-ba97-afaa284cac9a",
|
|
"relationship--18695069-e8f1-4b01-a7e6-bc1a2de8c879",
|
|
"relationship--b4bc7157-6dbc-4dec-87a4-8d40a8f86bc9",
|
|
"relationship--08ca7ab5-7b7a-479f-bc70-6b720e8271be",
|
|
"relationship--c6d26987-bb85-47a6-ae3c-dd91780f4324",
|
|
"relationship--30baabf5-3c3b-40e5-a819-53a1abbe880f",
|
|
"relationship--c1f86fab-dae2-483e-8e6d-b2436b3144a3",
|
|
"relationship--ce2e1ace-fd7d-4727-a58f-e7789021727e",
|
|
"relationship--7b563947-414b-41ed-994c-3b9c5907c678",
|
|
"relationship--cfaa91f1-4394-49ce-80ac-5c818b32dd47",
|
|
"relationship--f1aa70aa-ab7c-4cac-b9e3-01fadee14bc6",
|
|
"relationship--c9fdccf8-9f66-44c2-8dd0-ef7cc824fa3a",
|
|
"relationship--efb8989f-5b4e-46c0-b39c-fa9647c339df",
|
|
"relationship--51ba7fb1-e242-48f3-8b9d-26e51a8f7ab1",
|
|
"relationship--27073c91-14ac-4a2f-a7ba-396c3d9972f9",
|
|
"relationship--444b251c-01e8-486f-a6ff-72a3d2b626cd",
|
|
"relationship--12bed8e3-d2e7-48b3-b888-6cc44522714b",
|
|
"relationship--b0dacb8d-55ab-473c-bbdc-77d7cee8deb6",
|
|
"relationship--24d9f475-fddc-4aa3-b662-c34951fff057"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"malware_classification:malware-category=\"Ransomware\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:ransomware=\"CSGO Ransomware\"",
|
|
"misp-galaxy:ransomware=\"MC Ransomware\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ad868b9-05a0-409f-aaf2-4110950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:26.000Z",
|
|
"modified": "2018-04-20T08:46:26.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "When ransomware developers achieve huge media buzz like we saw with the PUBG Ransomware, it is not surprising to see other developers creating copycats. This is the case with two new in-development ransomware programs, if we can even call them that, for both Minecraft and Counter-Strike: Global Offensive (CS: GO)."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5ad868ce-8c0c-4b3d-916f-4b3a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:26.000Z",
|
|
"modified": "2018-04-20T08:46:26.000Z",
|
|
"first_observed": "2018-04-20T08:46:26Z",
|
|
"last_observed": "2018-04-20T08:46:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5ad868ce-8c0c-4b3d-916f-4b3a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5ad868ce-8c0c-4b3d-916f-4b3a950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/minecraft-and-cs-go-ransomware-strive-for-media-attention/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f63-f1fc-4a32-83a0-4dca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:51.000Z",
|
|
"modified": "2018-04-19T10:28:51.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '2d1eb5797b8fbcbea8462b470da343ba95d545808d83f71b8763e1daf7648b14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f63-2108-48fe-b9e7-43f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:51.000Z",
|
|
"modified": "2018-04-19T10:28:51.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '92311f839fbc21568323a3ec53c9c16d6febcf593c301c3263e453c62c1a4913']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f64-b564-4c00-85cc-4dfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:52.000Z",
|
|
"modified": "2018-04-19T10:28:52.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '6cdacbc0c3a6c2aca98210bd16b76d2bf2740c8c67606f62203592f290fac76e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f64-fc44-4b3b-a336-4cbe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:52.000Z",
|
|
"modified": "2018-04-19T10:28:52.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '1c565d978f3fe2b259af7d06cdb3651afee200a580a04b2b6fb856a4d986306b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f64-23f0-4c89-968d-4a5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:52.000Z",
|
|
"modified": "2018-04-19T10:28:52.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '2b9a684946c626f525f96b45c00514d6523821fa5031fc2042ef21d0069ebdbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f65-6368-4e41-b1fc-48fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:53.000Z",
|
|
"modified": "2018-04-19T10:28:53.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '066231686b4634081736ef2f51e83cc69cc01db203967a88f7ff7d9fa84984f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f65-1b08-43a9-9ca7-4f38950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:53.000Z",
|
|
"modified": "2018-04-19T10:28:53.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '68eadde62a0c5baa44484194f62fc80ec5e27b8581f3219fecc0ccb92c4c4d75']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f66-3284-4cc5-80b6-4439950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:54.000Z",
|
|
"modified": "2018-04-19T10:28:54.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '3b02d16e71307f5b80d45ba04610be6c12e7a523ccb704f8a2478a213a15e86b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f66-91dc-4309-9120-4b38950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:54.000Z",
|
|
"modified": "2018-04-19T10:28:54.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC",
|
|
"pattern": "[file:hashes.SHA256 = 'e5d8e5e967ca27c012e15f8a675feddeaa189176cb0e237f99fdbbb9a4bad6c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f66-3e08-4f0f-936e-4a5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:54.000Z",
|
|
"modified": "2018-04-19T10:28:54.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '72d103eb07d8d8b9fb4a1cbb12b20716936b97574d688631956dc7becabbd784']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad86f67-396c-4119-bcb2-410e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T10:28:55.000Z",
|
|
"modified": "2018-04-19T10:28:55.000Z",
|
|
"description": "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '1ec96281a57a01a6415662f44a9b96a2f00488beae12c5c730cfa96b63abd42c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T10:28:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad88e9f-33b0-4b74-aac2-43f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T12:42:07.000Z",
|
|
"modified": "2018-04-19T12:42:07.000Z",
|
|
"description": "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '8bc877003404b1bd51bc1d614c5c3f27151633b06c43c5fba73f61ef7fc88dfa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T12:42:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad88ea0-3314-4010-9ec5-4d11950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T12:42:08.000Z",
|
|
"modified": "2018-04-19T12:42:08.000Z",
|
|
"description": "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '8522f0a546fe566529f48b67c8d92d5cab82fe67471249097b3b0b095fe1a154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T12:42:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad88ea0-9b64-4f3e-a6fa-45f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T12:42:08.000Z",
|
|
"modified": "2018-04-19T12:42:08.000Z",
|
|
"description": "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '7d8929ef41ecfa871779c8a41028d3339023472b6845263d1324703551675668']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T12:42:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad88ea1-54b4-4f10-b8d6-40ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T12:42:09.000Z",
|
|
"modified": "2018-04-19T12:42:09.000Z",
|
|
"description": "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC",
|
|
"pattern": "[file:hashes.SHA256 = 'e8b3dc551d14fc9ed2da1405b34cec5ba17abf7b1bd60266501cd6c903163050']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T12:42:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad88ea1-eabc-4645-b601-4004950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T12:42:09.000Z",
|
|
"modified": "2018-04-19T12:42:09.000Z",
|
|
"description": "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '40b851137f18e50c182c3a303ac97005a75edc6e470434e14535255c7a34aec6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T12:42:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad88ea1-e2e0-469f-97c0-459c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T12:42:09.000Z",
|
|
"modified": "2018-04-19T12:42:09.000Z",
|
|
"description": "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '658708957da960774321d1272443f78992de56ce66a739a990944267200465e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T12:42:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ad88ea2-ccf4-408d-9165-4764950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-19T12:42:10.000Z",
|
|
"modified": "2018-04-19T12:42:10.000Z",
|
|
"description": "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC",
|
|
"pattern": "[file:hashes.SHA256 = '7119237f48aadb9a87389b2252fbd28fa69384a91a49c8d14f3900311ce84d1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-19T12:42:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c068f51-98b0-41b5-9283-405ee2b3b925",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:30.000Z",
|
|
"modified": "2018-04-20T08:46:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8c8f54175f37f008d0aa8e7a8b8003b4' AND file:hashes.SHA1 = '6bde9f61d89a15336d26adb29208ba3b550c7377' AND file:hashes.SHA256 = '3b02d16e71307f5b80d45ba04610be6c12e7a523ccb704f8a2478a213a15e86b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c6a6aeb5-b99d-45f8-8fb0-d976fbb1f042",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:28.000Z",
|
|
"modified": "2018-04-20T08:46:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:18:27",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC",
|
|
"uuid": "5ad9a8e4-bcd0-4509-9bd1-4fe402de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3b02d16e71307f5b80d45ba04610be6c12e7a523ccb704f8a2478a213a15e86b/analysis/1524197907/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC",
|
|
"uuid": "5ad9a8e5-3eb8-4899-a7fb-4da302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC",
|
|
"uuid": "5ad9a8e5-2164-418c-8f7b-481e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--10c705b3-d4f3-452c-93dc-5bc59442a998",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:32.000Z",
|
|
"modified": "2018-04-20T08:46:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9689a763ceee30174d657a51584c469f' AND file:hashes.SHA1 = 'f127f9a99015bec0a369f31fe18e7e1f0d17c18d' AND file:hashes.SHA256 = '92311f839fbc21568323a3ec53c9c16d6febcf593c301c3263e453c62c1a4913']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--aac961aa-0223-4b62-b4c8-73897daae8ca",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:30.000Z",
|
|
"modified": "2018-04-20T08:46:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:11:30",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"uuid": "5ad9a8e7-6678-459a-8c91-4a1602de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/92311f839fbc21568323a3ec53c9c16d6febcf593c301c3263e453c62c1a4913/analysis/1524197490/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"uuid": "5ad9a8e7-53e4-40d6-a90e-4bd702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"uuid": "5ad9a8e8-24e4-45b6-adaf-4bec02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--60f76829-9936-4142-a59e-7b34e7a9b589",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:35.000Z",
|
|
"modified": "2018-04-20T08:46:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '66abec932921f330810c38a5e4cf744d' AND file:hashes.SHA1 = 'd5a8eee6e7cac0ba883bbd0bccb2addc7c3a74dc' AND file:hashes.SHA256 = '8bc877003404b1bd51bc1d614c5c3f27151633b06c43c5fba73f61ef7fc88dfa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3bcf1646-118a-4a10-887e-8f67b74b13a9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:33.000Z",
|
|
"modified": "2018-04-20T08:46:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-19T14:56:36",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC",
|
|
"uuid": "5ad9a8e9-3b48-416b-8d62-409002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8bc877003404b1bd51bc1d614c5c3f27151633b06c43c5fba73f61ef7fc88dfa/analysis/1524149796/",
|
|
"category": "External analysis",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC",
|
|
"uuid": "5ad9a8ea-8ac8-4499-be0a-45dc02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/67",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC",
|
|
"uuid": "5ad9a8ea-b7c0-404e-ac05-42e502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d8193b44-4c37-42dc-a781-38911be1f9b4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:37.000Z",
|
|
"modified": "2018-04-20T08:46:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd7d4f252aee7133627a5520371eaf24f' AND file:hashes.SHA1 = 'a87a6abef722681462a583b80a9d623720ed1ede' AND file:hashes.SHA256 = '066231686b4634081736ef2f51e83cc69cc01db203967a88f7ff7d9fa84984f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--eae89772-f98c-4e8e-9553-2810722a1a8a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:36.000Z",
|
|
"modified": "2018-04-20T08:46:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:15:33",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC",
|
|
"uuid": "5ad9a8ec-7d58-4ae4-8164-4ac702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/066231686b4634081736ef2f51e83cc69cc01db203967a88f7ff7d9fa84984f8/analysis/1524197733/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC",
|
|
"uuid": "5ad9a8ec-f830-498b-81b7-47cb02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC",
|
|
"uuid": "5ad9a8ed-63ec-4ae5-affc-4c1d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b3620101-dede-4da2-b764-631cba764181",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:40.000Z",
|
|
"modified": "2018-04-20T08:46:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '31bc3110a85a06cd3ec5cc752a3226d8' AND file:hashes.SHA1 = '0bbd726919081b5ba30e64735545148c4f07244c' AND file:hashes.SHA256 = 'e8b3dc551d14fc9ed2da1405b34cec5ba17abf7b1bd60266501cd6c903163050']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4d6c4637-3d9c-405b-beb1-224b76f66a2b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:38.000Z",
|
|
"modified": "2018-04-20T08:46:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-19T14:43:52",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC",
|
|
"uuid": "5ad9a8ee-daec-4190-9c10-43f202de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e8b3dc551d14fc9ed2da1405b34cec5ba17abf7b1bd60266501cd6c903163050/analysis/1524149032/",
|
|
"category": "External analysis",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC",
|
|
"uuid": "5ad9a8ef-f724-4707-af84-482102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/67",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC",
|
|
"uuid": "5ad9a8ef-e044-4363-acf4-4b2d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dfffc826-de9b-49f9-9226-6713fc609e9c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:42.000Z",
|
|
"modified": "2018-04-20T08:46:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7e40e941425e40ae464d6b7cc7f0d88b' AND file:hashes.SHA1 = '0f6ed7985d84f0dd7f1b1ed911a52e9867544394' AND file:hashes.SHA256 = '7d8929ef41ecfa871779c8a41028d3339023472b6845263d1324703551675668']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1c78eb45-dc62-4133-b6f6-48ce4d413310",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:40.000Z",
|
|
"modified": "2018-04-20T08:46:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-19T14:37:29",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC",
|
|
"uuid": "5ad9a8f0-998c-49cb-ac8d-41ed02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7d8929ef41ecfa871779c8a41028d3339023472b6845263d1324703551675668/analysis/1524148649/",
|
|
"category": "External analysis",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC",
|
|
"uuid": "5ad9a8f1-67a0-42b2-a814-4dc402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/67",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC",
|
|
"uuid": "5ad9a8f1-8b74-4cca-9a34-48d702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a1304fbf-effe-4dba-8079-d36e83309bbe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:44.000Z",
|
|
"modified": "2018-04-20T08:46:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = '19504eb1c5d21d896d7e217f66031b7b' AND file:hashes.SHA1 = '90cb4ef44cfd9b381e4260724d8ec5129ea5d603' AND file:hashes.SHA256 = '8522f0a546fe566529f48b67c8d92d5cab82fe67471249097b3b0b095fe1a154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2282c2a4-c392-4bb5-812b-37f190a31d74",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:43.000Z",
|
|
"modified": "2018-04-20T08:46:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-19T15:37:10",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC",
|
|
"uuid": "5ad9a8f3-1f68-4b59-bf46-499c02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8522f0a546fe566529f48b67c8d92d5cab82fe67471249097b3b0b095fe1a154/analysis/1524152230/",
|
|
"category": "External analysis",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC",
|
|
"uuid": "5ad9a8f3-700c-4cf0-b692-497302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/67",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC",
|
|
"uuid": "5ad9a8f4-6a88-4db2-899c-4beb02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567b469c-842b-40fb-920c-7b00907d152c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:47.000Z",
|
|
"modified": "2018-04-20T08:46:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c6450b034f94c70126bf5d135133234f' AND file:hashes.SHA1 = 'a82f870563600f1e62cb793a9189318d5edd6c15' AND file:hashes.SHA256 = '7119237f48aadb9a87389b2252fbd28fa69384a91a49c8d14f3900311ce84d1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d2f06703-93c5-403b-9ed3-343697e0afce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:45.000Z",
|
|
"modified": "2018-04-20T08:46:45.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T06:01:59",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC",
|
|
"uuid": "5ad9a8f5-25c0-45b4-aa44-455702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7119237f48aadb9a87389b2252fbd28fa69384a91a49c8d14f3900311ce84d1b/analysis/1524204119/",
|
|
"category": "External analysis",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC",
|
|
"uuid": "5ad9a8f5-c280-4878-8ea4-4afe02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/68",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC",
|
|
"uuid": "5ad9a8f6-5c8c-4c49-8fa3-4da502de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--621aa925-21c5-4af2-9662-34e39af166e1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:49.000Z",
|
|
"modified": "2018-04-20T08:46:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f72d5d5106d60376963dc7fcbb29e1e8' AND file:hashes.SHA1 = '8adb72ed65ffdb6994a08d52802be84e8362aa6a' AND file:hashes.SHA256 = '68eadde62a0c5baa44484194f62fc80ec5e27b8581f3219fecc0ccb92c4c4d75']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d2dd4055-f2d0-41d0-8fc2-5908a2c57440",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:48.000Z",
|
|
"modified": "2018-04-20T08:46:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:18:15",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC",
|
|
"uuid": "5ad9a8f8-3ee8-4450-9e33-4a8502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/68eadde62a0c5baa44484194f62fc80ec5e27b8581f3219fecc0ccb92c4c4d75/analysis/1524197895/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC",
|
|
"uuid": "5ad9a8f8-0644-49f0-bf1c-425f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC",
|
|
"uuid": "5ad9a8f8-354c-4681-8fd8-4fea02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ab8e7b4d-6a43-4541-9137-1047487442c4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:51.000Z",
|
|
"modified": "2018-04-20T08:46:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '36a341d6a7b9be36066762f3532df573' AND file:hashes.SHA1 = '88e266b976c0212dae3c2c577f14df1b883f53c4' AND file:hashes.SHA256 = '6cdacbc0c3a6c2aca98210bd16b76d2bf2740c8c67606f62203592f290fac76e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--eddeea42-18be-42e6-af0c-56e837e340d6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:50.000Z",
|
|
"modified": "2018-04-20T08:46:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:12:50",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"uuid": "5ad9a8fa-7b14-48c6-acdd-4bb502de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6cdacbc0c3a6c2aca98210bd16b76d2bf2740c8c67606f62203592f290fac76e/analysis/1524197570/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"uuid": "5ad9a8fa-de50-4181-8f24-425c02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC",
|
|
"uuid": "5ad9a8fb-2254-4291-9e9e-442b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d0f56c1f-46a2-4785-a6b9-036af2137965",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:54.000Z",
|
|
"modified": "2018-04-20T08:46:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '79a4eb4f496a236aae76d711b73ab2d8' AND file:hashes.SHA1 = '6afbe3826c9721a4a352cfd980d2942731d41787' AND file:hashes.SHA256 = '1ec96281a57a01a6415662f44a9b96a2f00488beae12c5c730cfa96b63abd42c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--65dfb489-e7b8-46ec-bdfc-bc81ae647ecf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:52.000Z",
|
|
"modified": "2018-04-20T08:46:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T06:01:55",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC",
|
|
"uuid": "5ad9a8fc-c7d4-4430-94c8-4b4202de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1ec96281a57a01a6415662f44a9b96a2f00488beae12c5c730cfa96b63abd42c/analysis/1524204115/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC",
|
|
"uuid": "5ad9a8fc-1074-4724-a060-422602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC",
|
|
"uuid": "5ad9a8fd-17a0-4e66-bc2f-4f5302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--125e1526-6c4a-4132-89fc-43f804dc2b3c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:56.000Z",
|
|
"modified": "2018-04-20T08:46:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c83bebaf7f005a84a05d4a9be7baecf9' AND file:hashes.SHA1 = '170197b724a867f51ad9138cdbfea9728e916d7d' AND file:hashes.SHA256 = '658708957da960774321d1272443f78992de56ce66a739a990944267200465e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--92328dc6-bc9c-448d-9e18-360245039d36",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:54.000Z",
|
|
"modified": "2018-04-20T08:46:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-19T14:32:16",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC",
|
|
"uuid": "5ad9a8fe-21a4-4412-9c69-44f202de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/658708957da960774321d1272443f78992de56ce66a739a990944267200465e9/analysis/1524148336/",
|
|
"category": "External analysis",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC",
|
|
"uuid": "5ad9a8ff-c534-4cba-961f-4db502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/67",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC",
|
|
"uuid": "5ad9a8ff-ad30-448f-a04c-4f7702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f06d18a5-283a-4569-b155-745555ccf928",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:58.000Z",
|
|
"modified": "2018-04-20T08:46:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4753075e5c1f696327c9bc357827613f' AND file:hashes.SHA1 = 'db9984145d65cf30cd105897bced5e444995da7d' AND file:hashes.SHA256 = '2b9a684946c626f525f96b45c00514d6523821fa5031fc2042ef21d0069ebdbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:46:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c97f4a7d-0f77-4bea-b158-7c109a9393e2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:56.000Z",
|
|
"modified": "2018-04-20T08:46:56.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:14:41",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC",
|
|
"uuid": "5ad9a901-afc4-4461-8c60-47f302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2b9a684946c626f525f96b45c00514d6523821fa5031fc2042ef21d0069ebdbb/analysis/1524197681/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC",
|
|
"uuid": "5ad9a901-fcac-48af-9490-452902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC",
|
|
"uuid": "5ad9a902-2e68-4253-8229-475e02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1a00f5cc-f1a5-454c-8516-a3766b937b2b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:01.000Z",
|
|
"modified": "2018-04-20T08:47:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '11ad8a33f89c0f6488a26ae8f01a31d7' AND file:hashes.SHA1 = 'b931e3a4f21d8d96fba1e73fa148f062457e30c7' AND file:hashes.SHA256 = '40b851137f18e50c182c3a303ac97005a75edc6e470434e14535255c7a34aec6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:47:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--da95275d-d7d1-462d-8980-33f697b19bbe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:46:59.000Z",
|
|
"modified": "2018-04-20T08:46:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-19T15:38:40",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC",
|
|
"uuid": "5ad9a903-e380-413a-8969-4d9702de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/40b851137f18e50c182c3a303ac97005a75edc6e470434e14535255c7a34aec6/analysis/1524152320/",
|
|
"category": "External analysis",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC",
|
|
"uuid": "5ad9a903-c12c-4e9b-8def-4f1e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/67",
|
|
"category": "Other",
|
|
"comment": "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC",
|
|
"uuid": "5ad9a904-c0ec-4303-8d68-4f9a02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0aface86-1943-4c64-a734-a952a0d6036c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:03.000Z",
|
|
"modified": "2018-04-20T08:47:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4297dec3ddaa8fdbf0f2351bc8b445bd' AND file:hashes.SHA1 = 'ec48566ffe54edda57ca7b32a065855bc2f87471' AND file:hashes.SHA256 = 'e5d8e5e967ca27c012e15f8a675feddeaa189176cb0e237f99fdbbb9a4bad6c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:47:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--104199ea-ec1a-4326-b864-aff6b87aa26e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:01.000Z",
|
|
"modified": "2018-04-20T08:47:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:21:02",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC",
|
|
"uuid": "5ad9a905-8ef0-4da6-a289-4ce802de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e5d8e5e967ca27c012e15f8a675feddeaa189176cb0e237f99fdbbb9a4bad6c3/analysis/1524198062/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC",
|
|
"uuid": "5ad9a906-6a70-4c58-9fee-4f8e02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC",
|
|
"uuid": "5ad9a906-fb84-4cc8-a79e-446202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a6cd51d1-09ed-4782-b4db-45f24256138e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:05.000Z",
|
|
"modified": "2018-04-20T08:47:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f964893e51c95cb83ac2ff8287dd84e' AND file:hashes.SHA1 = '2befbde3349898e346aeab38b2c49f09b4a7ae59' AND file:hashes.SHA256 = '1c565d978f3fe2b259af7d06cdb3651afee200a580a04b2b6fb856a4d986306b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:47:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--69ca0eea-cc1c-4a23-8300-480a977aed37",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:03.000Z",
|
|
"modified": "2018-04-20T08:47:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:13:02",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC",
|
|
"uuid": "5ad9a908-b6d4-4c8d-ad1c-488e02de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1c565d978f3fe2b259af7d06cdb3651afee200a580a04b2b6fb856a4d986306b/analysis/1524197582/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC",
|
|
"uuid": "5ad9a908-0244-4da1-a6d4-436602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC",
|
|
"uuid": "5ad9a908-ae74-4199-9790-46d902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c4e43c42-c47a-48c2-b8f4-a0157937d9e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:07.000Z",
|
|
"modified": "2018-04-20T08:47:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cd2c72de1f36265124292031b20859df' AND file:hashes.SHA1 = '8f3a472cc818a054d71c7a4e2d40bbe0c112286d' AND file:hashes.SHA256 = '2d1eb5797b8fbcbea8462b470da343ba95d545808d83f71b8763e1daf7648b14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:47:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c453e757-2896-4eab-9833-df10e4e7ac2c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:06.000Z",
|
|
"modified": "2018-04-20T08:47:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:11:13",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC",
|
|
"uuid": "5ad9a90a-9024-49ce-b31c-46c002de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2d1eb5797b8fbcbea8462b470da343ba95d545808d83f71b8763e1daf7648b14/analysis/1524197473/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC",
|
|
"uuid": "5ad9a90a-b280-44a4-8be3-49a802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/68",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC",
|
|
"uuid": "5ad9a90b-dae0-4d09-bfc4-486902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--350c1ce9-8596-4b4c-a799-a4472dbf9bcf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dac78ca4ceb78391d08578c3d166da48' AND file:hashes.SHA1 = 'db81a47d3fa39a92987ef65c3510788b3ed140cb' AND file:hashes.SHA256 = '72d103eb07d8d8b9fb4a1cbb12b20716936b97574d688631956dc7becabbd784']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-04-20T08:47:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c00102e-ec27-48d2-ba97-afaa284cac9a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-04-20T08:47:08.000Z",
|
|
"modified": "2018-04-20T08:47:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-04-20T04:21:19",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC",
|
|
"uuid": "5ad9a90d-c554-4cbb-a1b7-44d302de0b81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/72d103eb07d8d8b9fb4a1cbb12b20716936b97574d688631956dc7becabbd784/analysis/1524198079/",
|
|
"category": "External analysis",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC",
|
|
"uuid": "5ad9a90d-21cc-4ace-8a87-405502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/67",
|
|
"category": "Other",
|
|
"comment": "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC",
|
|
"uuid": "5ad9a90d-a100-4a29-bcb4-484802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--18695069-e8f1-4b01-a7e6-bc1a2de8c879",
|
|
"created": "2018-04-20T08:47:09.000Z",
|
|
"modified": "2018-04-20T08:47:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5c068f51-98b0-41b5-9283-405ee2b3b925",
|
|
"target_ref": "x-misp-object--c6a6aeb5-b99d-45f8-8fb0-d976fbb1f042"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b4bc7157-6dbc-4dec-87a4-8d40a8f86bc9",
|
|
"created": "2018-04-20T08:47:09.000Z",
|
|
"modified": "2018-04-20T08:47:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--10c705b3-d4f3-452c-93dc-5bc59442a998",
|
|
"target_ref": "x-misp-object--aac961aa-0223-4b62-b4c8-73897daae8ca"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--08ca7ab5-7b7a-479f-bc70-6b720e8271be",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--60f76829-9936-4142-a59e-7b34e7a9b589",
|
|
"target_ref": "x-misp-object--3bcf1646-118a-4a10-887e-8f67b74b13a9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c6d26987-bb85-47a6-ae3c-dd91780f4324",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d8193b44-4c37-42dc-a781-38911be1f9b4",
|
|
"target_ref": "x-misp-object--eae89772-f98c-4e8e-9553-2810722a1a8a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--30baabf5-3c3b-40e5-a819-53a1abbe880f",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b3620101-dede-4da2-b764-631cba764181",
|
|
"target_ref": "x-misp-object--4d6c4637-3d9c-405b-beb1-224b76f66a2b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c1f86fab-dae2-483e-8e6d-b2436b3144a3",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dfffc826-de9b-49f9-9226-6713fc609e9c",
|
|
"target_ref": "x-misp-object--1c78eb45-dc62-4133-b6f6-48ce4d413310"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ce2e1ace-fd7d-4727-a58f-e7789021727e",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a1304fbf-effe-4dba-8079-d36e83309bbe",
|
|
"target_ref": "x-misp-object--2282c2a4-c392-4bb5-812b-37f190a31d74"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7b563947-414b-41ed-994c-3b9c5907c678",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--567b469c-842b-40fb-920c-7b00907d152c",
|
|
"target_ref": "x-misp-object--d2f06703-93c5-403b-9ed3-343697e0afce"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cfaa91f1-4394-49ce-80ac-5c818b32dd47",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--621aa925-21c5-4af2-9662-34e39af166e1",
|
|
"target_ref": "x-misp-object--d2dd4055-f2d0-41d0-8fc2-5908a2c57440"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f1aa70aa-ab7c-4cac-b9e3-01fadee14bc6",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ab8e7b4d-6a43-4541-9137-1047487442c4",
|
|
"target_ref": "x-misp-object--eddeea42-18be-42e6-af0c-56e837e340d6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c9fdccf8-9f66-44c2-8dd0-ef7cc824fa3a",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d0f56c1f-46a2-4785-a6b9-036af2137965",
|
|
"target_ref": "x-misp-object--65dfb489-e7b8-46ec-bdfc-bc81ae647ecf"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--efb8989f-5b4e-46c0-b39c-fa9647c339df",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--125e1526-6c4a-4132-89fc-43f804dc2b3c",
|
|
"target_ref": "x-misp-object--92328dc6-bc9c-448d-9e18-360245039d36"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--51ba7fb1-e242-48f3-8b9d-26e51a8f7ab1",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f06d18a5-283a-4569-b155-745555ccf928",
|
|
"target_ref": "x-misp-object--c97f4a7d-0f77-4bea-b158-7c109a9393e2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--27073c91-14ac-4a2f-a7ba-396c3d9972f9",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1a00f5cc-f1a5-454c-8516-a3766b937b2b",
|
|
"target_ref": "x-misp-object--da95275d-d7d1-462d-8980-33f697b19bbe"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--444b251c-01e8-486f-a6ff-72a3d2b626cd",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0aface86-1943-4c64-a734-a952a0d6036c",
|
|
"target_ref": "x-misp-object--104199ea-ec1a-4326-b864-aff6b87aa26e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--12bed8e3-d2e7-48b3-b888-6cc44522714b",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a6cd51d1-09ed-4782-b4db-45f24256138e",
|
|
"target_ref": "x-misp-object--69ca0eea-cc1c-4a23-8300-480a977aed37"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b0dacb8d-55ab-473c-bbdc-77d7cee8deb6",
|
|
"created": "2018-04-20T08:47:10.000Z",
|
|
"modified": "2018-04-20T08:47:10.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c4e43c42-c47a-48c2-b8f4-a0157937d9e9",
|
|
"target_ref": "x-misp-object--c453e757-2896-4eab-9833-df10e4e7ac2c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--24d9f475-fddc-4aa3-b662-c34951fff057",
|
|
"created": "2018-04-20T08:47:11.000Z",
|
|
"modified": "2018-04-20T08:47:11.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--350c1ce9-8596-4b4c-a799-a4472dbf9bcf",
|
|
"target_ref": "x-misp-object--5c00102e-ec27-48d2-ba97-afaa284cac9a"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |