832 lines
No EOL
35 KiB
JSON
832 lines
No EOL
35 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5e27f3d8-e238-4290-8b2c-422e950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:41:10.000Z",
|
|
"modified": "2020-01-22T07:41:10.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5e27f3d8-e238-4290-8b2c-422e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:41:10.000Z",
|
|
"modified": "2020-01-22T07:41:10.000Z",
|
|
"name": "Muhstik Botnet Attacks Tomato Routers",
|
|
"published": "2020-01-22T09:14:28Z",
|
|
"object_refs": [
|
|
"indicator--5e27f431-6074-4393-8d36-4643950d210f",
|
|
"indicator--5e27f432-029c-415b-b8f7-4884950d210f",
|
|
"indicator--5e27f432-268c-444b-b628-4a10950d210f",
|
|
"indicator--5e27f432-0558-4d1c-a3aa-444a950d210f",
|
|
"indicator--5e27f432-b7b8-4264-af32-43e6950d210f",
|
|
"indicator--5e27f432-6fb4-4896-a5a4-4ec5950d210f",
|
|
"indicator--5e27f432-f41c-4b03-b2e8-4854950d210f",
|
|
"indicator--5e27f432-cd80-4a00-9121-4536950d210f",
|
|
"indicator--5e27f432-f3fc-4a5b-b104-40a3950d210f",
|
|
"indicator--5e27f454-9754-44e2-8360-49a1950d210f",
|
|
"indicator--5e27f454-f6b8-4a7f-aac6-4a66950d210f",
|
|
"indicator--5e27f454-b2dc-430c-a7e2-4e01950d210f",
|
|
"indicator--5e27f454-ded0-4a34-b6c6-47c9950d210f",
|
|
"indicator--5e27f454-4ab0-485f-930d-4fb5950d210f",
|
|
"indicator--5e27f454-ec38-4063-94da-4e10950d210f",
|
|
"indicator--5e27f454-b2e4-4773-a425-4766950d210f",
|
|
"observed-data--5e27f61d-4a0c-426c-b827-42f1950d210f",
|
|
"url--5e27f61d-4a0c-426c-b827-42f1950d210f",
|
|
"indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014",
|
|
"x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641",
|
|
"indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
|
|
"x-misp-object--59005259-d99c-4501-b679-27cc1352be06",
|
|
"indicator--d0e82d91-4339-424a-9b54-4b665bec0acd",
|
|
"x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b",
|
|
"indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
|
|
"x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe",
|
|
"indicator--bd930756-f6fa-414c-ab91-40111e80a4c7",
|
|
"x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a",
|
|
"relationship--46ad9fee-8caf-4d78-ab2c-03266952a8ed",
|
|
"relationship--8a22b1d6-1a50-4e32-bea5-5fa2d0d8c69a",
|
|
"relationship--48abd2af-7499-423f-8838-1acf47acf04b",
|
|
"relationship--138dd578-e6f0-4f88-9f13-4c1541ceb04f",
|
|
"relationship--6cff2705-2f31-442c-af5d-ac6c4cd9687c"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\"",
|
|
"misp-galaxy:botnet=\"Muhstik\"",
|
|
"misp-galaxy:malpedia=\"Tsunami (ELF)\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f431-6074-4393-8d36-4643950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:21.000Z",
|
|
"modified": "2020-01-22T07:05:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.149.233.35']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-029c-415b-b8f7-4884950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.66.253.100']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-268c-444b-b628-4a10950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.61.149.22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-0558-4d1c-a3aa-444a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[url:value = 'http://y.fd6fq54s6df541q23sdxfg.eu/nvr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-b7b8-4264-af32-43e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[url:value = 'http://159.89.156.190/.y/pty1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-6fb4-4896-a5a4-4ec5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[url:value = 'http://159.89.156.190/.y/pty3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-f41c-4b03-b2e8-4854950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[url:value = 'http://159.89.156.190/.y/pty5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-cd80-4a00-9121-4536950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[url:value = 'http://159.89.156.190/.y/pty6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f432-f3fc-4a5b-b104-40a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:22.000Z",
|
|
"modified": "2020-01-22T07:05:22.000Z",
|
|
"pattern": "[domain-name:value = 's.shadow.mods.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f454-9754-44e2-8360-49a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:56.000Z",
|
|
"modified": "2020-01-22T07:05:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f454-f6b8-4a7f-aac6-4a66950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:56.000Z",
|
|
"modified": "2020-01-22T07:05:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2548f5b1613f6ebba2ff589c7b3416ccdd066b73644d4d212232beb1cecd9c31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f454-b2dc-430c-a7e2-4e01950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:56.000Z",
|
|
"modified": "2020-01-22T07:05:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f454-ded0-4a34-b6c6-47c9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:56.000Z",
|
|
"modified": "2020-01-22T07:05:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f454-4ab0-485f-930d-4fb5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:56.000Z",
|
|
"modified": "2020-01-22T07:05:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f454-ec38-4063-94da-4e10950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:56.000Z",
|
|
"modified": "2020-01-22T07:05:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e27f454-b2e4-4773-a425-4766950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:05:56.000Z",
|
|
"modified": "2020-01-22T07:05:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dc52a1193ecf6096192f771ae663de6e0389840cb5ceb7b979091333ce6f7f02']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5e27f61d-4a0c-426c-b827-42f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:17:41.000Z",
|
|
"modified": "2020-01-22T07:17:41.000Z",
|
|
"first_observed": "2020-01-22T07:17:41Z",
|
|
"last_observed": "2020-01-22T07:17:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5e27f61d-4a0c-426c-b827-42f1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"type:OSINT",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5e27f61d-4a0c-426c-b827-42f1950d210f",
|
|
"value": "https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:13.000Z",
|
|
"modified": "2020-01-22T07:25:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d8a62b8a27e14f741098fe1ced8eae4' AND file:hashes.SHA1 = 'e9a8aebc6822f01199ff311b94641044c4a38dd3' AND file:hashes.SHA256 = '492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:25:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:26.000Z",
|
|
"modified": "2020-01-22T07:25:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-22T02:13:52",
|
|
"category": "Other",
|
|
"uuid": "08464849-dffa-4bfe-981b-c6ac353080c5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f/analysis/1579659232/",
|
|
"category": "Payload delivery",
|
|
"uuid": "62282ccb-bfe8-4f86-9345-c1ed07e2c6b3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/57",
|
|
"category": "Payload delivery",
|
|
"uuid": "b2164fbc-0292-4439-9a3f-556c2873ed7f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:26.000Z",
|
|
"modified": "2020-01-22T07:25:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8154ace62f0dcf7c47447153746c4be5' AND file:hashes.SHA1 = '6c9f004c977d3ce1ebda3b6e50313556f977d654' AND file:hashes.SHA256 = 'a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:25:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--59005259-d99c-4501-b679-27cc1352be06",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:26.000Z",
|
|
"modified": "2020-01-22T07:25:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-22T02:11:30",
|
|
"category": "Other",
|
|
"uuid": "62de76cd-7eeb-4c9b-bf8e-917137803cd6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687/analysis/1579659090/",
|
|
"category": "Payload delivery",
|
|
"uuid": "6858ce27-5914-41ea-a246-40cfdc33e04a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/57",
|
|
"category": "Payload delivery",
|
|
"uuid": "9089e013-f176-4f78-a05e-8624247c7115"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d0e82d91-4339-424a-9b54-4b665bec0acd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:27.000Z",
|
|
"modified": "2020-01-22T07:25:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = '167c2f5e0d6abe5b9b35348fd0269928' AND file:hashes.SHA1 = '7914fb8e72e6a7a57998f8b7817c2508ce9ec865' AND file:hashes.SHA256 = '7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:25:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:27.000Z",
|
|
"modified": "2020-01-22T07:25:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-22T02:14:04",
|
|
"category": "Other",
|
|
"uuid": "ee761208-581a-463f-bd07-a6a16db38a4f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435/analysis/1579659244/",
|
|
"category": "Payload delivery",
|
|
"uuid": "fa0222dd-230a-4c6d-9ac8-4f382cd21ef9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/57",
|
|
"category": "Payload delivery",
|
|
"uuid": "55ee0b95-4cb9-4805-8669-e8766e01ceb2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:27.000Z",
|
|
"modified": "2020-01-22T07:25:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a3e3809eb10bae7d19787f6c52d2b289' AND file:hashes.SHA1 = '00e4457de90df173b51757fcf120bc31ce16040e' AND file:hashes.SHA256 = '72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:25:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:27.000Z",
|
|
"modified": "2020-01-22T07:25:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-22T02:12:09",
|
|
"category": "Other",
|
|
"uuid": "5d6040e0-a8c8-44e4-ac5e-8f7ca6fd856a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0/analysis/1579659129/",
|
|
"category": "Payload delivery",
|
|
"uuid": "a1431de8-5639-40e8-b902-f7f51a47c035"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/57",
|
|
"category": "Payload delivery",
|
|
"uuid": "0abc5f32-ac9a-435d-9ae4-3f26fc75c0bf"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bd930756-f6fa-414c-ab91-40111e80a4c7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:27.000Z",
|
|
"modified": "2020-01-22T07:25:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b66fbdec14a7f7b0087aebb9c176ac12' AND file:hashes.SHA1 = '0c6484d5bc91a75cb0d94a55795d543c409b3fb8' AND file:hashes.SHA256 = 'cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-22T07:25:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-22T07:25:28.000Z",
|
|
"modified": "2020-01-22T07:25:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-22T02:12:56",
|
|
"category": "Other",
|
|
"uuid": "ce51439d-924b-4d65-b570-88a97c546fdc"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c/analysis/1579659176/",
|
|
"category": "Payload delivery",
|
|
"uuid": "d5f26a7b-7151-43d4-91d3-03f7456f886b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/57",
|
|
"category": "Payload delivery",
|
|
"uuid": "b2de9ec0-3be3-462b-9250-e457f57ba795"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--46ad9fee-8caf-4d78-ab2c-03266952a8ed",
|
|
"created": "2020-01-22T07:25:28.000Z",
|
|
"modified": "2020-01-22T07:25:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014",
|
|
"target_ref": "x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8a22b1d6-1a50-4e32-bea5-5fa2d0d8c69a",
|
|
"created": "2020-01-22T07:25:28.000Z",
|
|
"modified": "2020-01-22T07:25:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
|
|
"target_ref": "x-misp-object--59005259-d99c-4501-b679-27cc1352be06"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--48abd2af-7499-423f-8838-1acf47acf04b",
|
|
"created": "2020-01-22T07:25:28.000Z",
|
|
"modified": "2020-01-22T07:25:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d0e82d91-4339-424a-9b54-4b665bec0acd",
|
|
"target_ref": "x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--138dd578-e6f0-4f88-9f13-4c1541ceb04f",
|
|
"created": "2020-01-22T07:25:28.000Z",
|
|
"modified": "2020-01-22T07:25:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
|
|
"target_ref": "x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6cff2705-2f31-442c-af5d-ac6c4cd9687c",
|
|
"created": "2020-01-22T07:25:28.000Z",
|
|
"modified": "2020-01-22T07:25:28.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bd930756-f6fa-414c-ab91-40111e80a4c7",
|
|
"target_ref": "x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |