2783 lines
No EOL
121 KiB
JSON
2783 lines
No EOL
121 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5c9b46dc-f354-4e45-b44a-4966950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:49.000Z",
|
|
"modified": "2019-04-04T10:59:49.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5c9b46dc-f354-4e45-b44a-4966950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:49.000Z",
|
|
"modified": "2019-04-04T10:59:49.000Z",
|
|
"name": "OSINT- WinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns",
|
|
"published": "2019-04-04T11:00:18Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--5ca334cd-3c38-4206-b4bd-44f8950d210f",
|
|
"indicator--5ca34188-a4c0-4be1-a512-4809950d210f",
|
|
"indicator--5ca34486-c174-4835-a726-43cf950d210f",
|
|
"indicator--5ca35e81-e368-425f-9334-4c26950d210f",
|
|
"indicator--5ca36ae4-99c8-4929-8075-472a950d210f",
|
|
"indicator--5ca47533-79f4-4c4a-b7a3-4c9e950d210f",
|
|
"indicator--5ca47536-ecbc-43b5-9e7c-474a950d210f",
|
|
"indicator--5ca47536-1d78-46c4-bcea-491c950d210f",
|
|
"indicator--5ca47536-e118-4430-a1bc-4eba950d210f",
|
|
"indicator--5ca486cf-f20c-40e1-acd4-4be7950d210f",
|
|
"indicator--5ca486cf-e3c4-4378-a2bf-4429950d210f",
|
|
"indicator--5ca5ba6d-a63c-4e1b-8207-4c96950d210f",
|
|
"indicator--5ca5ba6e-c3d4-4e66-bc47-4b73950d210f",
|
|
"indicator--5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f",
|
|
"indicator--5ca5ba6e-35a8-484e-b044-4986950d210f",
|
|
"indicator--5ca5ba6e-01fc-4117-8ff6-4d6f950d210f",
|
|
"indicator--5ca5ba6e-be44-4314-b8e5-4c12950d210f",
|
|
"x-misp-object--5c9b8bf4-11d4-4450-882b-4d83950d210f",
|
|
"indicator--5ca3352d-5220-47a1-acbf-4da1950d210f",
|
|
"indicator--5ca33543-c790-4983-b1bb-4663950d210f",
|
|
"indicator--5ca3355c-383c-4caa-be6c-4c46950d210f",
|
|
"indicator--5ca35df4-911c-46d0-a997-43f9950d210f",
|
|
"indicator--5ca36c3a-433c-4a6f-a46e-4084950d210f",
|
|
"indicator--5ca36f41-1ccc-4fd2-82b8-4062950d210f",
|
|
"indicator--5ca46a07-81c0-4819-91b2-d709950d210f",
|
|
"indicator--5ca46dd0-955c-47b9-9511-ced9950d210f",
|
|
"indicator--5ca474c5-95f8-435f-aff2-8a88950d210f",
|
|
"indicator--5ca484d5-7b60-46fe-851d-41f7950d210f",
|
|
"indicator--5ca4866f-f878-4e2d-84dc-4095950d210f",
|
|
"indicator--5ca490a8-46c0-4464-8d48-456d950d210f",
|
|
"indicator--5ca4a4b1-b8cc-40d3-95a9-4090950d210f",
|
|
"indicator--5ca4a60b-9d04-4f5c-93f2-4d91950d210f",
|
|
"indicator--5ca4a7ec-7f2c-437a-a124-4b84950d210f",
|
|
"indicator--5ca4a80c-2170-4c49-b18e-4018950d210f",
|
|
"indicator--5ca4a82d-0f6c-4877-b8a4-4073950d210f",
|
|
"indicator--5ca4aef5-a100-4a27-bc1d-43b1950d210f",
|
|
"indicator--5ca4bd25-7734-4740-bac3-4cab950d210f",
|
|
"indicator--5ca4bd3d-3320-411a-86ce-48fc950d210f",
|
|
"indicator--5ca4bd58-9274-4fc3-9eae-424e950d210f",
|
|
"indicator--5ca4bd74-949c-45b2-9290-4e09950d210f",
|
|
"indicator--5ca4bd8f-6bac-4726-87b5-49ef950d210f",
|
|
"indicator--5ca4c5dc-542c-48e1-91be-4b39950d210f",
|
|
"indicator--5ca5c948-d538-4f46-850c-4867950d210f",
|
|
"indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf",
|
|
"x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace",
|
|
"indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be",
|
|
"x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674",
|
|
"indicator--f6d2b694-c79b-465e-979a-cb05135b5a97",
|
|
"x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422",
|
|
"indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
|
|
"x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda",
|
|
"indicator--c945a6c0-c445-4c44-be12-83436bcfd415",
|
|
"x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c",
|
|
"indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b",
|
|
"x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc",
|
|
"indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3",
|
|
"x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a",
|
|
"indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb",
|
|
"x-misp-object--947c136b-e247-4529-849b-09ddeea124f0",
|
|
"indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9",
|
|
"x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a",
|
|
"indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
|
|
"x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb",
|
|
"indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559",
|
|
"x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743",
|
|
"indicator--996e8502-42f2-46ce-a819-264bd1c0374e",
|
|
"x-misp-object--5508860a-3775-4c49-a97c-234666b38510",
|
|
"indicator--ffebb241-ef81-48b2-91e3-fe715182f904",
|
|
"x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753",
|
|
"indicator--5565b852-a761-4c28-b520-91f0eac10203",
|
|
"x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722",
|
|
"indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed",
|
|
"x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d",
|
|
"indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
|
|
"x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8",
|
|
"indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
|
|
"x-misp-object--67497812-2875-4d21-b39b-84c4814b8589",
|
|
"indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9",
|
|
"x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c",
|
|
"indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f",
|
|
"x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc",
|
|
"indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
|
|
"x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803",
|
|
"indicator--adc64a31-03f0-414f-9a20-51da35e8f47d",
|
|
"x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409",
|
|
"indicator--631d6673-b540-4d35-891c-0583af76d3cc",
|
|
"x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44",
|
|
"relationship--4b3fd657-8441-457c-8246-a1892a6cf0a7",
|
|
"relationship--1c7b8b6e-38b0-48e8-85e6-473f6c3a70e8",
|
|
"relationship--497172b4-634b-4ff7-b073-94ed6914dc4d",
|
|
"relationship--a46420b1-a196-4087-a138-e6c2c07683e0",
|
|
"relationship--a260cc08-adce-4025-8680-8427d7638dec",
|
|
"relationship--eba5d502-4ec9-4663-8b24-144a4cadee56",
|
|
"relationship--3ded10cc-2371-4b69-bb03-2e9ed05e15b7",
|
|
"relationship--161b6d4a-3651-4c09-a65b-a6b7dee191b1",
|
|
"relationship--7dfab32d-b503-4e04-8366-cc3fb6c02135",
|
|
"relationship--6604f08a-e7af-46c3-bfbe-8d84becd7271",
|
|
"relationship--b86131d2-f8ff-43ce-a487-89cdd9853d61",
|
|
"relationship--bff200d7-10f6-4af5-97ff-82f8fd61e9b6",
|
|
"relationship--aa6b8840-fd8d-4c29-a506-17a31fb9d680",
|
|
"relationship--4436dbf0-763a-40f2-848c-ca5d969cb495",
|
|
"relationship--95015247-3426-41fa-9792-65a98e719954",
|
|
"relationship--ac8066c2-d529-44a7-92cb-54c8db553f72",
|
|
"relationship--e481c239-91b1-4fd3-8b61-01c16141c606",
|
|
"relationship--8c905cc3-e461-4ac6-a733-c5828bf9c022",
|
|
"relationship--c5afddbb-a81d-441a-ae6a-ed747f21b185",
|
|
"relationship--252de54e-bc2f-4cc9-8821-78cd6bc7e31a",
|
|
"relationship--16cfc364-2da5-4d19-846d-41d4c66b58ef",
|
|
"relationship--2b3666f3-2b61-40ba-b2f0-e0b9d1bc151c"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:malpedia=\"Azorult\"",
|
|
"misp-galaxy:malpedia=\"Quasar RAT\"",
|
|
"misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"",
|
|
"misp-galaxy:mitre-malware=\"NETWIRE - S0198\"",
|
|
"misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
|
|
"misp-galaxy:ransomware=\"Razy\"",
|
|
"misp-galaxy:rat=\"Netwire\"",
|
|
"misp-galaxy:rat=\"Quasar RAT\"",
|
|
"misp-galaxy:stealer=\"AZORult\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5ca334cd-3c38-4206-b4bd-44f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T10:09:36.000Z",
|
|
"modified": "2019-04-02T10:09:36.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "WinRAR, an over 20-year-old file archival utility used by over 500 million users worldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability, disclosed in CVE-2018-20250 by Check Point Research, enables attackers to specify arbitrary destinations during file extraction of \u00e2\u20ac\u02dcACE\u00e2\u20ac\u2122 formatted files, regardless of user input. Attackers can easily achieve persistence and code execution by creating malicious archives that extract files to sensitive locations, like the Windows \u00e2\u20ac\u0153Startup\u00e2\u20ac\u009d Start Menu folder. While this vulnerability has been fixed in the latest version of WinRAR (5.70), WinRAR itself does not contain auto-update features, increasing the likelihood that many existing users remain running out-of-date versions."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca34188-a4c0-4be1-a512-4809950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T13:06:43.000Z",
|
|
"modified": "2019-04-02T13:06:43.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.162.131.92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T13:06:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca34486-c174-4835-a726-43cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T11:16:22.000Z",
|
|
"modified": "2019-04-02T11:16:22.000Z",
|
|
"description": "Payload download",
|
|
"pattern": "[url:value = 'http://185.49.71.101/i/pwi_crs.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T11:16:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca35e81-e368-425f-9334-4c26950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T13:07:13.000Z",
|
|
"modified": "2019-04-02T13:07:13.000Z",
|
|
"description": "Netwire C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.111.113']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T13:07:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca36ae4-99c8-4929-8075-472a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T14:00:04.000Z",
|
|
"modified": "2019-04-02T14:00:04.000Z",
|
|
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Desktop\\\\100m.bat']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T14:00:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca47533-79f4-4c4a-b7a3-4c9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T08:56:19.000Z",
|
|
"modified": "2019-04-03T08:56:19.000Z",
|
|
"pattern": "[url:value = 'www.alahbabgroup.com/bakala/verify.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T08:56:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca47536-ecbc-43b5-9e7c-474a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T08:56:22.000Z",
|
|
"modified": "2019-04-03T08:56:22.000Z",
|
|
"pattern": "[url:value = '103.225.168.159/admin/verify.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T08:56:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca47536-1d78-46c4-bcea-491c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T08:56:22.000Z",
|
|
"modified": "2019-04-03T08:56:22.000Z",
|
|
"pattern": "[url:value = 'www.khuyay.org/odin_backup/public/loggoff.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T08:56:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca47536-e118-4430-a1bc-4eba950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T08:56:22.000Z",
|
|
"modified": "2019-04-03T08:56:22.000Z",
|
|
"pattern": "[url:value = '47.91.56.21/verify.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T08:56:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca486cf-f20c-40e1-acd4-4be7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T10:11:27.000Z",
|
|
"modified": "2019-04-03T10:11:27.000Z",
|
|
"description": "C2",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.148.220.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T10:11:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca486cf-e3c4-4378-a2bf-4429950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T10:11:27.000Z",
|
|
"modified": "2019-04-03T10:11:27.000Z",
|
|
"pattern": "[url:value = 'http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T10:11:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca5ba6d-a63c-4e1b-8207-4c96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T08:03:57.000Z",
|
|
"modified": "2019-04-04T08:03:57.000Z",
|
|
"pattern": "[url:value = 'http://103.225.168.159/admin/verify.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T08:03:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca5ba6e-c3d4-4e66-bc47-4b73950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T08:03:58.000Z",
|
|
"modified": "2019-04-04T08:03:58.000Z",
|
|
"pattern": "[url:value = 'http://185.162.131.92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T08:03:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T08:03:58.000Z",
|
|
"modified": "2019-04-04T08:03:58.000Z",
|
|
"pattern": "[url:value = 'http://47.91.56.21/verify.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T08:03:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca5ba6e-35a8-484e-b044-4986950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T08:03:58.000Z",
|
|
"modified": "2019-04-04T08:03:58.000Z",
|
|
"pattern": "[url:value = 'http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T08:03:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca5ba6e-01fc-4117-8ff6-4d6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T08:03:58.000Z",
|
|
"modified": "2019-04-04T08:03:58.000Z",
|
|
"pattern": "[url:value = 'http://www.alahbabgroup.com/bakala/verify.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T08:03:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca5ba6e-be44-4314-b8e5-4c12950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T08:03:58.000Z",
|
|
"modified": "2019-04-04T08:03:58.000Z",
|
|
"pattern": "[url:value = 'http://www.khuyay.org/odin_backup/public/loggoff.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T08:03:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c9b8bf4-11d4-4450-882b-4d83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-03-27T14:43:00.000Z",
|
|
"modified": "2019-03-27T14:43:00.000Z",
|
|
"labels": [
|
|
"misp:name=\"microblog\"",
|
|
"misp:meta-category=\"misc\"",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"type:OSINT",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "post",
|
|
"value": "\u00e2\u0161\u00a0\r\n WARNING \r\n\u00e2\u0161\u00a0\r\n\r\nWinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns\r\n(link: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html) fireeye.com/blog/threat-re\u00e2\u20ac\u00a6\r\nAll IOCs:\r\n(link: https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a) otx.alienvault.com/pulse/5c9a4ff3\u00e2\u20ac\u00a6\r\nExploit Details:\r\n(link: https://research.checkpoint.com/extracting-code-execution-from-winrar/) research.checkpoint.com/extracting-cod\u00e2\u20ac\u00a6",
|
|
"category": "Other",
|
|
"uuid": "5c9b8bf4-81a0-484a-94aa-4524950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "type",
|
|
"value": "Twitter",
|
|
"category": "Other",
|
|
"uuid": "5c9b8bf4-b480-4cf3-80c3-4e97950d210f"
|
|
},
|
|
{
|
|
"type": "url",
|
|
"object_relation": "url",
|
|
"value": "https://mobile.twitter.com/Bank_Security/status/1110795166762307585",
|
|
"category": "Network activity",
|
|
"to_ids": true,
|
|
"uuid": "5c9b8bf4-0bfc-4d15-9eca-4640950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://t.co/WXbZ8UEIUY?amp=1",
|
|
"category": "External analysis",
|
|
"to_ids": true,
|
|
"uuid": "5c9b8bf4-b578-4b65-ab12-4f46950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://t.co/4QpF7PmDLH?amp=1",
|
|
"category": "External analysis",
|
|
"to_ids": true,
|
|
"uuid": "5c9b8bf4-daa4-45d3-949e-4814950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://t.co/arJH9cqHID?amp=1",
|
|
"category": "External analysis",
|
|
"to_ids": true,
|
|
"uuid": "5c9b8bf4-da6c-4fd2-a520-4e67950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html",
|
|
"category": "External analysis",
|
|
"to_ids": true,
|
|
"uuid": "5c9b8bf4-f79c-4eab-8203-4699950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a",
|
|
"category": "External analysis",
|
|
"to_ids": true,
|
|
"uuid": "5c9b8bf4-a76c-4085-914a-4fa0950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
|
|
"category": "External analysis",
|
|
"to_ids": true,
|
|
"uuid": "5c9b8bf4-7c20-48fc-9447-4dd3950d210f"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "creation-date",
|
|
"value": "2019-03-27T07:46:00",
|
|
"category": "Other",
|
|
"uuid": "5c9b8bf4-aa90-4700-8335-43c2950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "Bank_Security",
|
|
"category": "Other",
|
|
"uuid": "5c9b8bf4-f9d0-4d81-8a45-4059950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "microblog"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca3352d-5220-47a1-acbf-4da1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T11:27:09.000Z",
|
|
"modified": "2019-04-02T11:27:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8e067e4cda99299b0bf2481cc1fd8e12' AND file:name = 'Scan_Letter_of_Approval.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T11:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca33543-c790-4983-b1bb-4663950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T12:16:03.000Z",
|
|
"modified": "2019-04-02T12:16:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3aabc9767d02c75ef44df6305bc6a41f' AND file:name = 'winSrvHost.vbs' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T12:16:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca3355c-383c-4caa-be6c-4c46950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T12:39:50.000Z",
|
|
"modified": "2019-04-02T12:39:50.000Z",
|
|
"description": "decoy document",
|
|
"pattern": "[file:hashes.MD5 = 'dc63d5affde0db95128dac52f9d19578' AND file:name = 'Letter of Approval.pdf' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T12:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca35df4-911c-46d0-a997-43f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T13:04:52.000Z",
|
|
"modified": "2019-04-02T13:04:52.000Z",
|
|
"pattern": "[file:hashes.MD5 = '12def981952667740eb06ee91168e643' AND file:name = 'pwi_crs.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T13:04:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca36c3a-433c-4a6f-a46e-4084950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T14:05:46.000Z",
|
|
"modified": "2019-04-02T14:05:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = '062801f6fdbda4dd67b77834c62e82a4' AND file:name = 'SysAid-Documentation.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T14:05:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca36f41-1ccc-4fd2-82b8-4062950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-02T14:18:41.000Z",
|
|
"modified": "2019-04-02T14:18:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '49419d84076b13e96540fdd911f1c2f0' AND file:name = 'SysAid-Documentation.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-02T14:18:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca46a07-81c0-4819-91b2-d709950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T08:08:39.000Z",
|
|
"modified": "2019-04-03T08:08:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '96986b18a8470f4020ea78df0b3db7d4' AND file:name = 'ekrnview.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T08:08:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca46dd0-955c-47b9-9511-ced9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T08:24:48.000Z",
|
|
"modified": "2019-04-03T08:24:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = '31718d7b9b3261688688bdc4e026db99' AND file:name = 'Thumbs.db.lnk' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T08:24:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca474c5-95f8-435f-aff2-8a88950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T08:54:29.000Z",
|
|
"modified": "2019-04-03T08:54:29.000Z",
|
|
"description": "Email",
|
|
"pattern": "[file:hashes.MD5 = '8c93e024fc194f520e4e72e761c0942d' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T08:54:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca484d5-7b60-46fe-851d-41f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T10:03:01.000Z",
|
|
"modified": "2019-04-03T10:03:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b19753369b6ed1187159b95fc8a81cd' AND file:name = 'zakon.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T10:03:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4866f-f878-4e2d-84dc-4095950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T10:09:51.000Z",
|
|
"modified": "2019-04-03T10:09:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '79b53b4555c1fb39ba3c7b8ce9a4287e' AND file:name = 'mssconf.bat' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T10:09:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca490a8-46c0-4464-8d48-456d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T10:53:28.000Z",
|
|
"modified": "2019-04-03T10:53:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e9815dfb90776ab449539a2be7c16de5' AND file:name = 'leaks copy.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T10:53:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4a4b1-b8cc-40d3-95a9-4090950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T12:18:57.000Z",
|
|
"modified": "2019-04-03T12:18:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b81b3174c9b699f594d725cf89ffaa4' AND file:name = 'cc.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T12:18:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4a60b-9d04-4f5c-93f2-4d91950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T12:24:43.000Z",
|
|
"modified": "2019-04-03T12:24:43.000Z",
|
|
"pattern": "[file:hashes.MD5 = '914ac7ecf2557d5836f26a151c1b9b62' AND file:name = 'zabugor.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T12:24:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4a7ec-7f2c-437a-a124-4b84950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T12:32:44.000Z",
|
|
"modified": "2019-04-03T12:32:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'eca09fe8dcbc9d1c097277f2b3ef1081' AND file:name = 'zabugorV.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T12:32:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4a80c-2170-4c49-b18e-4018950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T12:33:16.000Z",
|
|
"modified": "2019-04-03T12:33:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1f5fa51ac9517d70f136e187d45f69de' AND file:name = 'Combolist.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T12:33:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4a82d-0f6c-4877-b8a4-4073950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T12:33:49.000Z",
|
|
"modified": "2019-04-03T12:33:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f36404fb24a640b40e2d43c72c18e66b' AND file:name = 'Nulled2019.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T12:33:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4aef5-a100-4a27-bc1d-43b1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T13:02:45.000Z",
|
|
"modified": "2019-04-03T13:02:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0f56b04a4e9a0df94c7f89c1bccf830c' AND file:name = 'IT.rar' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T13:02:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4bd25-7734-4740-bac3-4cab950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T14:03:17.000Z",
|
|
"modified": "2019-04-03T14:03:17.000Z",
|
|
"description": "QuasarRAT",
|
|
"pattern": "[file:hashes.MD5 = '1ba398b0a14328b9604eeb5ebf139b40' AND file:name = 'explorer.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T14:03:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4bd3d-3320-411a-86ce-48fc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T14:03:41.000Z",
|
|
"modified": "2019-04-03T14:03:41.000Z",
|
|
"description": "Azorult",
|
|
"pattern": "[file:hashes.MD5 = 'aac00312a961e81c4af4664c49b4a2b2' AND file:name = 'explorer.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T14:03:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4bd58-9274-4fc3-9eae-424e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T14:04:08.000Z",
|
|
"modified": "2019-04-03T14:04:08.000Z",
|
|
"description": "Netwire",
|
|
"pattern": "[file:hashes.MD5 = '2961c52f04b7fdf7ccf6c01ac259d767' AND file:name = 'IntelAudio.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T14:04:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4bd74-949c-45b2-9290-4e09950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T14:04:36.000Z",
|
|
"modified": "2019-04-03T14:04:36.000Z",
|
|
"description": "Razy",
|
|
"pattern": "[file:hashes.MD5 = '97d74671d0489071baa21f38f456eb74' AND file:name = 'Discord.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T14:04:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4bd8f-6bac-4726-87b5-49ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T14:05:03.000Z",
|
|
"modified": "2019-04-03T14:05:03.000Z",
|
|
"description": "Buzy",
|
|
"pattern": "[file:hashes.MD5 = 'bcc49643833a4d8545ed4145fb6fdfd2' AND file:name = 'Discord.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T14:05:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca4c5dc-542c-48e1-91be-4b39950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-03T14:40:28.000Z",
|
|
"modified": "2019-04-03T14:40:28.000Z",
|
|
"description": "Azorult",
|
|
"pattern": "[file:hashes.MD5 = '119a0fd733bc1a013b0d4399112b8626' AND file:name = 'old.exe' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-03T14:40:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5ca5c948-d538-4f46-850c-4867950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T09:07:20.000Z",
|
|
"modified": "2019-04-04T09:07:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7dae2d144dae4447a152bef586520ef8' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T09:07:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:18.000Z",
|
|
"modified": "2019-04-04T10:59:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = '119a0fd733bc1a013b0d4399112b8626' AND file:hashes.SHA1 = '092e7d2aa0c518a499e8cc5aaf3e827ad3b66512' AND file:hashes.SHA256 = '87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:18.000Z",
|
|
"modified": "2019-04-04T10:59:18.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-27T21:41:06",
|
|
"category": "Other",
|
|
"uuid": "9beab9c9-b030-42d5-963a-07948cc15406"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0/analysis/1553722866/",
|
|
"category": "Payload delivery",
|
|
"uuid": "96552c73-8407-4a1b-b581-1d8a1f67e8bc"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/69",
|
|
"category": "Payload delivery",
|
|
"uuid": "6229267a-31f2-4c37-a98f-fcad7f56d641"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1f5fa51ac9517d70f136e187d45f69de' AND file:hashes.SHA1 = 'fddc26459a6c6055a320f282a5ac51d1b74f2fd3' AND file:hashes.SHA256 = '6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-27T21:40:58",
|
|
"category": "Other",
|
|
"uuid": "fcc179d9-1bd5-410d-99fa-718daee19a8d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f/analysis/1553722858/",
|
|
"category": "Payload delivery",
|
|
"uuid": "f29a7f37-dd60-4a5d-8591-8b002722574c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/56",
|
|
"category": "Payload delivery",
|
|
"uuid": "c6e43a6d-edf5-48a5-b634-1c79b8ff11b1"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f6d2b694-c79b-465e-979a-cb05135b5a97",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '12def981952667740eb06ee91168e643' AND file:hashes.SHA1 = '1df08806e39ed6f9f3a5cb228f3be744936e201e' AND file:hashes.SHA256 = 'c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-04T06:32:35",
|
|
"category": "Other",
|
|
"uuid": "565b6568-d456-4e2e-acf6-5d67b8b522f5"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b/analysis/1554359555/",
|
|
"category": "Payload delivery",
|
|
"uuid": "c4b3f8ec-089e-4ea0-8c3f-c9da23acd89e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/67",
|
|
"category": "Payload delivery",
|
|
"uuid": "76664654-df97-4498-997b-dd21a0e35b7e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'eca09fe8dcbc9d1c097277f2b3ef1081' AND file:hashes.SHA1 = 'a4185a50ccac29056e2e56ad85b8d74adc8ec7ac' AND file:hashes.SHA256 = '83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-27T21:41:05",
|
|
"category": "Other",
|
|
"uuid": "ca8a2227-5e14-449f-992f-103c90818e66"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce/analysis/1553722865/",
|
|
"category": "Payload delivery",
|
|
"uuid": "4bde1856-53a3-4a92-a62a-e087a5257d82"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/55",
|
|
"category": "Payload delivery",
|
|
"uuid": "cc548348-c570-441e-aacb-63ce091ad1a8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c945a6c0-c445-4c44-be12-83436bcfd415",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '97d74671d0489071baa21f38f456eb74' AND file:hashes.SHA1 = '3bb63aa0b92cc1bde8d027112e5b037cc65ca9cb' AND file:hashes.SHA256 = '73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:19.000Z",
|
|
"modified": "2019-04-04T10:59:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-02T04:08:58",
|
|
"category": "Other",
|
|
"uuid": "bb8a1c29-37ad-4712-8597-af71d8026d8f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9/analysis/1554178138/",
|
|
"category": "Payload delivery",
|
|
"uuid": "f77ff9ca-1dbc-4c38-be3b-8825ba4b08e9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "51/70",
|
|
"category": "Payload delivery",
|
|
"uuid": "dbe53327-a8b6-4672-b914-156659f88f9e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8e067e4cda99299b0bf2481cc1fd8e12' AND file:hashes.SHA1 = '3a92a121201c209d3e091b795274c22a4ea71963' AND file:hashes.SHA256 = 'e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-29T05:20:01",
|
|
"category": "Other",
|
|
"uuid": "cda7e557-6ee3-4683-81fe-b8720b5b641b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649/analysis/1553836801/",
|
|
"category": "Payload delivery",
|
|
"uuid": "e24d4bfd-ae1d-4397-a389-8645acbf8d90"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/56",
|
|
"category": "Payload delivery",
|
|
"uuid": "942e32c4-826a-4e1c-b527-aed28d14a14f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e9815dfb90776ab449539a2be7c16de5' AND file:hashes.SHA1 = '178b02f21efd10a7c98f654fc68c88468738042e' AND file:hashes.SHA256 = 'c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-27T21:41:31",
|
|
"category": "Other",
|
|
"uuid": "e7dec0a9-afee-44ae-823c-12179dc2ad7e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c/analysis/1553722891/",
|
|
"category": "Payload delivery",
|
|
"uuid": "3e484ad3-5997-4ccf-b1a6-3a5d891365be"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/55",
|
|
"category": "Payload delivery",
|
|
"uuid": "e82b82e1-cc43-4eb8-bf51-b1158a1cc0ec"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dc63d5affde0db95128dac52f9d19578' AND file:hashes.SHA1 = '539efdad458cf6563d1735632df1fb2c39acfedd' AND file:hashes.SHA256 = '17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--947c136b-e247-4529-849b-09ddeea124f0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-29T12:43:20",
|
|
"category": "Other",
|
|
"uuid": "d4e3ba49-f61e-4e67-8187-7474cc86df81"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6/analysis/1553863400/",
|
|
"category": "Payload delivery",
|
|
"uuid": "0e086d43-d432-448f-b93f-a3b9837cba45"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/61",
|
|
"category": "Payload delivery",
|
|
"uuid": "712ff8c6-b9e0-4729-91fc-ff6ccab2a2a0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8c93e024fc194f520e4e72e761c0942d' AND file:hashes.SHA1 = 'b7dd83d96a480e2f8c653f5339764dd3fe38ce81' AND file:hashes.SHA256 = '5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-29T05:29:07",
|
|
"category": "Other",
|
|
"uuid": "350bd5bd-90e5-4b64-b8f3-7c854166a4a2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c/analysis/1553837347/",
|
|
"category": "Payload delivery",
|
|
"uuid": "05677bc0-97e1-4004-8169-6db4587a5b4e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/59",
|
|
"category": "Payload delivery",
|
|
"uuid": "e6f88c2a-7758-4953-a88b-1ee84a1e99d4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3aabc9767d02c75ef44df6305bc6a41f' AND file:hashes.SHA1 = '1210766d7137be26f84d1882357559841b698cef' AND file:hashes.SHA256 = 'e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:20.000Z",
|
|
"modified": "2019-04-04T10:59:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-01T20:02:27",
|
|
"category": "Other",
|
|
"uuid": "109fdc32-8735-4b87-a3d2-503b63da577b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967/analysis/1554148947/",
|
|
"category": "Payload delivery",
|
|
"uuid": "36eb457b-417a-44cd-a001-d228d29c6b6f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/58",
|
|
"category": "Payload delivery",
|
|
"uuid": "2829ad9f-6b97-4d49-92e0-68243c3d4bd0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '79b53b4555c1fb39ba3c7b8ce9a4287e' AND file:hashes.SHA1 = '90764c28ce62b6ea005dd7e616f7ada4fcd170ad' AND file:hashes.SHA256 = '08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-29T05:35:29",
|
|
"category": "Other",
|
|
"uuid": "14e0668a-3a17-4bf4-b32d-3ba02a2049ac"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf/analysis/1553837729/",
|
|
"category": "Payload delivery",
|
|
"uuid": "20e3fd93-1dd9-4456-9948-f99675ea9dd3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/59",
|
|
"category": "Payload delivery",
|
|
"uuid": "dcd9fa6f-0f51-4a76-835c-be1653c74242"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--996e8502-42f2-46ce-a819-264bd1c0374e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f36404fb24a640b40e2d43c72c18e66b' AND file:hashes.SHA1 = 'ed6b9c876a8a4fe01623972e8733ec2a90177ad1' AND file:hashes.SHA256 = '6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5508860a-3775-4c49-a97c-234666b38510",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-27T21:40:57",
|
|
"category": "Other",
|
|
"uuid": "192f5431-d8c0-430a-a04b-bb1afbb10f4d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2/analysis/1553722857/",
|
|
"category": "Payload delivery",
|
|
"uuid": "494ad934-586f-49c7-9fe4-1cb4b357a506"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/57",
|
|
"category": "Payload delivery",
|
|
"uuid": "e0cce08c-a0d6-4eaf-aad6-7c377cc0e74f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ffebb241-ef81-48b2-91e3-fe715182f904",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '96986b18a8470f4020ea78df0b3db7d4' AND file:hashes.SHA1 = '431c792fcc8ba9b58f0ffde5c8fe6fd93066ec45' AND file:hashes.SHA256 = '2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-02T15:27:29",
|
|
"category": "Other",
|
|
"uuid": "cf481ea6-dd65-435c-8e37-e4554834e0e1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e/analysis/1554218849/",
|
|
"category": "Payload delivery",
|
|
"uuid": "1c745f93-920c-44e0-9d4e-f226b5351a46"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "50/69",
|
|
"category": "Payload delivery",
|
|
"uuid": "026dd833-b81e-4428-8adc-145c79c1a7d2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5565b852-a761-4c28-b520-91f0eac10203",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2961c52f04b7fdf7ccf6c01ac259d767' AND file:hashes.SHA1 = '2c1ff2f2d463fd66bb630e02a4596e42f73f3ea9' AND file:hashes.SHA256 = 'bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-01T15:09:35",
|
|
"category": "Other",
|
|
"uuid": "ae154983-4c39-4a58-aa86-95e0573452df"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283/analysis/1554131375/",
|
|
"category": "Payload delivery",
|
|
"uuid": "9731d4df-bede-4c7b-a84f-e3409931ef31"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/67",
|
|
"category": "Payload delivery",
|
|
"uuid": "13d3e396-14a1-4642-9dea-e61e30a2c7bf"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0f56b04a4e9a0df94c7f89c1bccf830c' AND file:hashes.SHA1 = '73895da7b3f1780eeca9750172e1a9545fa63782' AND file:hashes.SHA256 = 'd5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:21.000Z",
|
|
"modified": "2019-04-04T10:59:21.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-27T21:41:37",
|
|
"category": "Other",
|
|
"uuid": "9c7704c6-2d0d-44e5-9a55-f7a5459016dc"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c/analysis/1553722897/",
|
|
"category": "Payload delivery",
|
|
"uuid": "6a2896ea-9cdf-4461-b8cc-b02fa1353e37"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/54",
|
|
"category": "Payload delivery",
|
|
"uuid": "f45ebe03-d435-4aef-a6ae-8b4a83142f23"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '914ac7ecf2557d5836f26a151c1b9b62' AND file:hashes.SHA1 = '49b7c035cead28573b793b3947621a330b216b2b' AND file:hashes.SHA256 = '245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-26T01:43:50",
|
|
"category": "Other",
|
|
"uuid": "f04f4c69-06c2-4ae6-b54c-103f2ea7b273"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc/analysis/1553564630/",
|
|
"category": "Payload delivery",
|
|
"uuid": "74ab99c3-0e96-43f9-b286-6058716bd1e5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/59",
|
|
"category": "Payload delivery",
|
|
"uuid": "75cff71b-ee95-4f7a-aae1-06e70db035f8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aac00312a961e81c4af4664c49b4a2b2' AND file:hashes.SHA1 = 'ab4fb9d8f917d2c45f3792c05c29799bf27cdd9f' AND file:hashes.SHA256 = 'a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--67497812-2875-4d21-b39b-84c4814b8589",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-27T21:41:15",
|
|
"category": "Other",
|
|
"uuid": "f5b5ee0e-d5ea-48b9-bbd6-b7ca034d1926"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14/analysis/1553722875/",
|
|
"category": "Payload delivery",
|
|
"uuid": "02fc2be9-9f6a-4e0f-bfde-4d104ce30909"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "e13fd81b-0e00-4ede-83e3-d81894abf9e5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bcc49643833a4d8545ed4145fb6fdfd2' AND file:hashes.SHA1 = 'a88113c715c8ee254057bc7926d3535ab841e122' AND file:hashes.SHA256 = '98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-02T03:51:02",
|
|
"category": "Other",
|
|
"uuid": "c84221c1-2109-44be-80bb-c2ba345a8982"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad/analysis/1554177062/",
|
|
"category": "Payload delivery",
|
|
"uuid": "1bf2ee69-ee15-46ba-bdd4-50bd88c487c5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "96e1c7d8-951a-4d53-9c3d-3a63867a2545"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b19753369b6ed1187159b95fc8a81cd' AND file:hashes.SHA1 = 'cafb67eeb2de076e7e6b0143dac87bb11f7134ac' AND file:hashes.SHA256 = '6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:22.000Z",
|
|
"modified": "2019-04-04T10:59:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-03T06:46:43",
|
|
"category": "Other",
|
|
"uuid": "3ece6471-807f-4c4d-b89c-79398038f291"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c/analysis/1554274003/",
|
|
"category": "Payload delivery",
|
|
"uuid": "d09276c9-1ad3-45d7-8c11-ce53d55b1260"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/51",
|
|
"category": "Payload delivery",
|
|
"uuid": "85c82a65-c099-4c8b-925c-86dccbcb56c4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:23.000Z",
|
|
"modified": "2019-04-04T10:59:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '062801f6fdbda4dd67b77834c62e82a4' AND file:hashes.SHA1 = 'c02e298f63acb20246683c302f0a71bfd7081f88' AND file:hashes.SHA256 = 'eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:23.000Z",
|
|
"modified": "2019-04-04T10:59:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-04T01:15:33",
|
|
"category": "Other",
|
|
"uuid": "27d9d610-e0f2-4341-b907-c0c9f30cba10"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0/analysis/1554340533/",
|
|
"category": "Payload delivery",
|
|
"uuid": "4720cca9-9ec5-4768-b5ae-212af40fe5e0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/61",
|
|
"category": "Payload delivery",
|
|
"uuid": "4e900f7c-0a63-48f0-8b15-ad1f62b94084"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--adc64a31-03f0-414f-9a20-51da35e8f47d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:23.000Z",
|
|
"modified": "2019-04-04T10:59:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b81b3174c9b699f594d725cf89ffaa4' AND file:hashes.SHA1 = 'c9967af445a3416d0ff3701555e83529ff482ff9' AND file:hashes.SHA256 = '4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:23.000Z",
|
|
"modified": "2019-04-04T10:59:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-29T05:33:11",
|
|
"category": "Other",
|
|
"uuid": "2ed2edb7-aaa6-4812-9244-fd3fc3919580"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22/analysis/1553837591/",
|
|
"category": "Payload delivery",
|
|
"uuid": "a77aacfd-49a3-4eaf-8962-ff0fae0b7eea"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/59",
|
|
"category": "Payload delivery",
|
|
"uuid": "488706c1-fcfa-4db9-af64-9e79cc1748e8"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--631d6673-b540-4d35-891c-0583af76d3cc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:23.000Z",
|
|
"modified": "2019-04-04T10:59:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = '49419d84076b13e96540fdd911f1c2f0' AND file:hashes.SHA1 = '35749e82cd605e07b4145b48ef677721a113ae20' AND file:hashes.SHA256 = 'e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-04T10:59:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-03-29T03:27:04",
|
|
"category": "Other",
|
|
"uuid": "e7fd965e-5fbe-4d19-8861-6bb7aecad60e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b/analysis/1553830024/",
|
|
"category": "Payload delivery",
|
|
"uuid": "b65b97c1-4007-41e6-a420-eb82e6db6754"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/58",
|
|
"category": "Payload delivery",
|
|
"uuid": "9eb24880-f920-444d-963e-624562a666d9"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4b3fd657-8441-457c-8246-a1892a6cf0a7",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf",
|
|
"target_ref": "x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1c7b8b6e-38b0-48e8-85e6-473f6c3a70e8",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be",
|
|
"target_ref": "x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--497172b4-634b-4ff7-b073-94ed6914dc4d",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f6d2b694-c79b-465e-979a-cb05135b5a97",
|
|
"target_ref": "x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a46420b1-a196-4087-a138-e6c2c07683e0",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
|
|
"target_ref": "x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a260cc08-adce-4025-8680-8427d7638dec",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c945a6c0-c445-4c44-be12-83436bcfd415",
|
|
"target_ref": "x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--eba5d502-4ec9-4663-8b24-144a4cadee56",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b",
|
|
"target_ref": "x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3ded10cc-2371-4b69-bb03-2e9ed05e15b7",
|
|
"created": "2019-04-04T10:59:24.000Z",
|
|
"modified": "2019-04-04T10:59:24.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3",
|
|
"target_ref": "x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--161b6d4a-3651-4c09-a65b-a6b7dee191b1",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb",
|
|
"target_ref": "x-misp-object--947c136b-e247-4529-849b-09ddeea124f0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7dfab32d-b503-4e04-8366-cc3fb6c02135",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9",
|
|
"target_ref": "x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6604f08a-e7af-46c3-bfbe-8d84becd7271",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
|
|
"target_ref": "x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b86131d2-f8ff-43ce-a487-89cdd9853d61",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559",
|
|
"target_ref": "x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bff200d7-10f6-4af5-97ff-82f8fd61e9b6",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--996e8502-42f2-46ce-a819-264bd1c0374e",
|
|
"target_ref": "x-misp-object--5508860a-3775-4c49-a97c-234666b38510"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--aa6b8840-fd8d-4c29-a506-17a31fb9d680",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ffebb241-ef81-48b2-91e3-fe715182f904",
|
|
"target_ref": "x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4436dbf0-763a-40f2-848c-ca5d969cb495",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5565b852-a761-4c28-b520-91f0eac10203",
|
|
"target_ref": "x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--95015247-3426-41fa-9792-65a98e719954",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed",
|
|
"target_ref": "x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ac8066c2-d529-44a7-92cb-54c8db553f72",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
|
|
"target_ref": "x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e481c239-91b1-4fd3-8b61-01c16141c606",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
|
|
"target_ref": "x-misp-object--67497812-2875-4d21-b39b-84c4814b8589"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8c905cc3-e461-4ac6-a733-c5828bf9c022",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9",
|
|
"target_ref": "x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c5afddbb-a81d-441a-ae6a-ed747f21b185",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f",
|
|
"target_ref": "x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--252de54e-bc2f-4cc9-8821-78cd6bc7e31a",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
|
|
"target_ref": "x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--16cfc364-2da5-4d19-846d-41d4c66b58ef",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--adc64a31-03f0-414f-9a20-51da35e8f47d",
|
|
"target_ref": "x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2b3666f3-2b61-40ba-b2f0-e0b9d1bc151c",
|
|
"created": "2019-04-04T10:59:25.000Z",
|
|
"modified": "2019-04-04T10:59:25.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--631d6673-b540-4d35-891c-0583af76d3cc",
|
|
"target_ref": "x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |