misp-circl-feed/feeds/circl/misp/5a4c9342-6d0c-43af-bd8d-45ae950d210f.json

740 lines
No EOL
30 KiB
JSON

{
"type": "bundle",
"id": "bundle--5a4c9342-6d0c-43af-bd8d-45ae950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:13.000Z",
"modified": "2018-01-03T21:00:13.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a4c9342-6d0c-43af-bd8d-45ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:13.000Z",
"modified": "2018-01-03T21:00:13.000Z",
"name": "M2M - GlobeImposter \"..doc\" 2017-12-26 :\n \"CCE26122017_001234\" - \"CCE26122017_001234.7z\"",
"context": "suspicious-activity",
"object_refs": [
"indicator--5a4c9343-40f0-4ce2-846b-4111950d210f",
"indicator--5a4c9345-3f4c-4a63-99b7-4cfa950d210f",
"observed-data--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"indicator--5a4c9349-a040-499f-a47c-4dbf950d210f",
"observed-data--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"indicator--5a4c934e-e494-4d21-b6e2-4781950d210f",
"observed-data--5a4c934f-4970-45ca-be63-4040950d210f",
"network-traffic--5a4c934f-4970-45ca-be63-4040950d210f",
"ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f",
"indicator--5a4c9351-b7c8-4acd-bd78-41d4950d210f",
"observed-data--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"indicator--5a4c9357-0ae8-48ca-ab7c-4711950d210f",
"observed-data--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"indicator--5a4c9360-daf8-4fda-b153-4cbf950d210f",
"observed-data--5a4c9361-0bf8-4741-966e-4f75950d210f",
"network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f",
"ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f",
"indicator--5a4c9363-b514-49be-ba68-4a1f950d210f",
"observed-data--5a4c9365-9ad4-4148-a48f-4263950d210f",
"network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f",
"ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f",
"indicator--5a4c9366-4e2c-49e4-8f54-4a64950d210f",
"indicator--5a4c9369-9360-4f29-b2be-46c9950d210f",
"observed-data--5a4c936b-a718-4cac-8d9b-4372950d210f",
"network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f",
"ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f",
"indicator--5a4c936d-a89c-4d5d-aeb8-409a950d210f",
"indicator--5a4c936f-56bc-426e-82b3-4424950d210f",
"observed-data--5a4c9371-7718-4100-a2fd-4691950d210f",
"network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f",
"ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f",
"indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341",
"x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2",
"relationship--46c9839a-0cbc-481b-aa91-03f2df25f2c4"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Fake Globe Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9343-40f0-4ce2-846b-4111950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T08:24:35.000Z",
"modified": "2018-01-03T08:24:35.000Z",
"pattern": "[file:hashes.MD5 = '2ca016fa98dd5227625befe9edfaba98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T08:24:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9345-3f4c-4a63-99b7-4cfa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'www.caynannews.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"dst_ref": "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
"value": "213.168.251.122"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9349-a040-499f-a47c-4dbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'www.pspmagic.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"dst_ref": "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f",
"value": "185.181.116.171"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c934e-e494-4d21-b6e2-4781950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'www.software24x7.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c934f-4970-45ca-be63-4040950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c934f-4970-45ca-be63-4040950d210f",
"ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c934f-4970-45ca-be63-4040950d210f",
"dst_ref": "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f",
"value": "67.59.136.100"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9351-b7c8-4acd-bd78-41d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'www.ta-pu.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"dst_ref": "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f",
"value": "164.215.130.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9357-0ae8-48ca-ab7c-4711950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'www.thedournalist.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"dst_ref": "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f",
"value": "86.106.30.37"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9360-daf8-4fda-b153-4cbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'www.trafik-site.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9361-0bf8-4741-966e-4f75950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f",
"ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f",
"dst_ref": "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f",
"value": "31.31.196.247"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9363-b514-49be-ba68-4a1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'www.zhaksylyk.kz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9365-9ad4-4148-a48f-4263950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f",
"ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f",
"dst_ref": "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f",
"value": "185.98.7.180"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9366-4e2c-49e4-8f54-4a64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c9369-9360-4f29-b2be-46c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c936b-a718-4cac-8d9b-4372950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f",
"ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f",
"dst_ref": "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f",
"value": "103.198.0.2"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c936d-a89c-4d5d-aeb8-409a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a4c936f-56bc-426e-82b3-4424950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"pattern": "[domain-name:value = 'psoeiras.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a4c9371-7718-4100-a2fd-4691950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:05.000Z",
"modified": "2018-01-03T21:00:05.000Z",
"first_observed": "2018-01-03T21:00:05Z",
"last_observed": "2018-01-03T21:00:05Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f",
"ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f",
"dst_ref": "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f",
"value": "74.220.219.67"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:08.000Z",
"modified": "2018-01-03T21:00:08.000Z",
"pattern": "[file:hashes.MD5 = '2ca016fa98dd5227625befe9edfaba98' AND file:hashes.SHA1 = 'd0e9dea7f6bf547d854573dd03b6fbeaa1965752' AND file:hashes.SHA256 = '3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-03T21:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-03T21:00:06.000Z",
"modified": "2018-01-03T21:00:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547/analysis/1514940489/",
"category": "External analysis",
"uuid": "5a4d4456-62d8-4896-b384-42ce02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/68",
"category": "Other",
"uuid": "5a4d4456-6f60-47f3-bf38-412d02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-03 00:48:09",
"category": "Other",
"uuid": "5a4d4456-7360-4315-8aa6-4f9c02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--46c9839a-0cbc-481b-aa91-03f2df25f2c4",
"created": "2018-01-03T21:00:06.000Z",
"modified": "2018-01-03T21:00:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341",
"target_ref": "x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}