adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5845344a-80bc-4c94-9ea8-4f39950d210f.json

838 lines
No EOL
36 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5845344a-80bc-4c94-9ea8-4f39950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-13T03:00:43.000Z",
"modified": "2018-01-13T03:00:43.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5845344a-80bc-4c94-9ea8-4f39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-13T03:00:43.000Z",
"modified": "2018-01-13T03:00:43.000Z",
"name": "OSINT - MMD-0033-2015 - Linux/XorDDoS infection incident report (CNC: HOSTASA.ORG)",
"published": "2018-02-16T08:48:09Z",
"object_refs": [
"observed-data--58453471-130c-4e59-bd91-43e3950d210f",
"url--58453471-130c-4e59-bd91-43e3950d210f",
"x-misp-attribute--584534e9-6130-4419-8a7e-480e950d210f",
"indicator--584535cc-3170-42af-a962-46f0950d210f",
"indicator--584535cc-7c64-47d1-bece-41cd950d210f",
"indicator--584535cc-55c0-45a4-845f-444f950d210f",
"indicator--584535cc-09f8-4ff3-b148-4f0a950d210f",
"indicator--584535cd-8664-47ce-ac71-4edb950d210f",
"indicator--584535cd-feb0-4d4d-a5df-48df950d210f",
"indicator--584535cd-a058-4e65-950c-4b2d950d210f",
"indicator--584535cd-7c0c-447d-a65a-4a97950d210f",
"indicator--584535cd-df28-43d2-b262-480c950d210f",
"indicator--584535ce-b260-4fe1-a494-4ed3950d210f",
"indicator--584535ce-d284-492d-ad13-4854950d210f",
"indicator--584535ce-dc00-43a9-a9f0-47e0950d210f",
"indicator--584535ce-062c-4524-883e-4266950d210f",
"indicator--584535cf-641c-411a-b5e6-412f950d210f",
"indicator--584535cf-5070-4869-9b6e-43e4950d210f",
"indicator--584535d0-0390-464c-ac22-4afd950d210f",
"indicator--a2f1551a-ffc6-439a-8ed9-5eb83308cc80",
"x-misp-object--8c404d5c-48e0-4cb4-a64d-2b89af2399ee",
"indicator--075320ce-9dca-48cd-a4ca-085096e80a7a",
"x-misp-object--e865f3a2-beea-4193-a717-991bbb031ae0",
"indicator--dcb939f0-8874-48f7-bce3-b8bbad431c41",
"x-misp-object--63ddf759-d832-4a3d-a389-1462c56dc4cb",
"indicator--4af33ce3-3a10-4c2e-bcb2-67bd4626e18b",
"x-misp-object--c976c2d7-cfaf-48b4-bd93-827f80aa378b",
"indicator--f3c99c36-0463-4296-80ff-5c8407bd7d95",
"x-misp-object--176aed31-3194-43c2-90ce-8711f4450e5d",
"relationship--f7fca4e7-f357-41e9-a56d-dc443a7331be",
"relationship--f0c13afe-76c1-42e3-9e22-3b33cac47519",
"relationship--a6edc429-767f-465f-b665-d74138332ceb",
"relationship--3ef3fd67-f53a-480f-9636-01fd509a6753",
"relationship--73f6e9e0-6cc3-4cf2-8421-c4ff4d62032b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58453471-130c-4e59-bd91-43e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"first_observed": "2018-01-12T09:44:34Z",
"last_observed": "2018-01-12T09:44:34Z",
"number_observed": 1,
"object_refs": [
"url--58453471-130c-4e59-bd91-43e3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58453471-130c-4e59-bd91-43e3950d210f",
"value": "http://blog.malwaremustdie.org/2015/06/mmd-0033-2015-linuxxorddos-infection_23.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--584534e9-6130-4419-8a7e-480e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Background\r\nThis post is an actual malware infection incident of the\"Linux/XOR.DDoS\" malware (please see previous post as reference-->[LINK]) and malware was in attempt to infect a real Linux server.\r\n\r\nIncident details:\r\n\r\nSource of attack:\r\nAn attack was coming from 107.182.141.40 with the below GeoIP details:\r\nThe attacker was compromising a Linux host via ssh password bruting to then executing a one liner shell (sh) command line and then the malware initiation commands was executed on the compromised system:"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cc-3170-42af-a962-46f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"description": "On port 41625",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.182.141.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cc-7c64-47d1-bece-41cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[domain-name:value = '44ro4.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cc-55c0-45a4-845f-444f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.15.234.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cc-09f8-4ff3-b148-4f0a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.240.140.152']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cd-8664-47ce-ac71-4edb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.240.141.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cd-feb0-4d4d-a5df-48df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.126.126.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cd-a058-4e65-950c-4b2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.234.60.143']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cd-7c0c-447d-a65a-4a97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[domain-name:value = 'aa.hostasa.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cd-df28-43d2-b262-480c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[domain-name:value = 'ns4.hostasa.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535ce-b260-4fe1-a494-4ed3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[domain-name:value = 'ns3.hostasa.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535ce-d284-492d-ad13-4854950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"pattern": "[domain-name:value = 'ns2.hostasa.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535ce-dc00-43a9-a9f0-47e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-05T09:39:26.000Z",
"modified": "2016-12-05T09:39:26.000Z",
"pattern": "[file:name = 'a06.zip' AND file:hashes.MD5 = '3c49b5160b981f06bd5242662f8d0a54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-05T09:39:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535ce-062c-4524-883e-4266950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-05T09:39:26.000Z",
"modified": "2016-12-05T09:39:26.000Z",
"pattern": "[file:name = 'a07.zip' AND file:hashes.MD5 = 'bcb6b83a4e6e20ffe0ce3c750360ddf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-05T09:39:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cf-641c-411a-b5e6-412f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-05T09:39:27.000Z",
"modified": "2016-12-05T09:39:27.000Z",
"pattern": "[file:name = 'a08.zip' AND file:hashes.MD5 = 'a99c10cb9713770b9e7dda376cddee3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-05T09:39:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535cf-5070-4869-9b6e-43e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-05T09:39:27.000Z",
"modified": "2016-12-05T09:39:27.000Z",
"pattern": "[file:name = 'a09.zip' AND file:hashes.MD5 = 'd1b5b4b4b5a118e384c7ff487e14ac3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-05T09:39:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--584535d0-0390-464c-ac22-4afd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-05T09:39:28.000Z",
"modified": "2016-12-05T09:39:28.000Z",
"pattern": "[file:name = 'a10.zip' AND file:hashes.MD5 = '83eea5625ca2affd3e841d3b374e88eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-05T09:39:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2f1551a-ffc6-439a-8ed9-5eb83308cc80",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:37.000Z",
"modified": "2018-01-12T09:44:37.000Z",
"pattern": "[file:hashes.MD5 = '3c49b5160b981f06bd5242662f8d0a54' AND file:hashes.SHA1 = 'c50933e1f8a194e608049839707d8d698dd5caa5' AND file:hashes.SHA256 = 'c394440c56fdcda9739fbb966e9ac2eab9e11e2eeff0720eb4c850a05b33eefc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8c404d5c-48e0-4cb4-a64d-2b89af2399ee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:34.000Z",
"modified": "2018-01-12T09:44:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c394440c56fdcda9739fbb966e9ac2eab9e11e2eeff0720eb4c850a05b33eefc/analysis/1495044102/",
"category": "External analysis",
"uuid": "5a588382-5a9c-4f0e-8ee9-4a1e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/55",
"category": "Other",
"uuid": "5a588382-47d4-494f-a42c-484b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-05-17T18:01:42",
"category": "Other",
"uuid": "5a588382-2fe4-4634-a2d8-4fd302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--075320ce-9dca-48cd-a4ca-085096e80a7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:37.000Z",
"modified": "2018-01-12T09:44:37.000Z",
"pattern": "[file:hashes.MD5 = 'd1b5b4b4b5a118e384c7ff487e14ac3f' AND file:hashes.SHA1 = '038b7e9406fe5cb0a0be8f95ac935923c6d83c28' AND file:hashes.SHA256 = '0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e865f3a2-beea-4193-a717-991bbb031ae0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:35.000Z",
"modified": "2018-01-12T09:44:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b/analysis/1494973480/",
"category": "External analysis",
"uuid": "5a588383-6004-4f2d-928d-4ffd02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/56",
"category": "Other",
"uuid": "5a588383-cc48-4b4e-acfc-458302de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-05-16T22:24:40",
"category": "Other",
"uuid": "5a588383-f040-4fc0-8f07-47e202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dcb939f0-8874-48f7-bce3-b8bbad431c41",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:38.000Z",
"modified": "2018-01-12T09:44:38.000Z",
"pattern": "[file:hashes.MD5 = '83eea5625ca2affd3e841d3b374e88eb' AND file:hashes.SHA1 = 'dca946f677a1be95fb3ef6adc950730b4736a405' AND file:hashes.SHA256 = 'fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--63ddf759-d832-4a3d-a389-1462c56dc4cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:35.000Z",
"modified": "2018-01-12T09:44:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34/analysis/1495062664/",
"category": "External analysis",
"uuid": "5a588383-b518-43b4-a9c0-461202de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/57",
"category": "Other",
"uuid": "5a588383-8f60-4231-a75c-45bf02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-05-17T23:11:04",
"category": "Other",
"uuid": "5a588383-d874-40f3-aaeb-403602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4af33ce3-3a10-4c2e-bcb2-67bd4626e18b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:38.000Z",
"modified": "2018-01-12T09:44:38.000Z",
"pattern": "[file:hashes.MD5 = 'a99c10cb9713770b9e7dda376cddee3a' AND file:hashes.SHA1 = '1f1dd4d74eba8949fb1d2316c13f77b3ffa96f98' AND file:hashes.SHA256 = '92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c976c2d7-cfaf-48b4-bd93-827f80aa378b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:35.000Z",
"modified": "2018-01-12T09:44:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86/analysis/1495027397/",
"category": "External analysis",
"uuid": "5a588383-0dc8-446d-bf84-405502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/57",
"category": "Other",
"uuid": "5a588383-7a18-4f91-82a5-4c7202de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-05-17T13:23:17",
"category": "Other",
"uuid": "5a588383-bce4-46b2-a6eb-401f02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f3c99c36-0463-4296-80ff-5c8407bd7d95",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:38.000Z",
"modified": "2018-01-12T09:44:38.000Z",
"pattern": "[file:hashes.MD5 = 'bcb6b83a4e6e20ffe0ce3c750360ddf5' AND file:hashes.SHA1 = 'd88755b78834e87418aa3cb3bfee5de5c378bd2f' AND file:hashes.SHA256 = '61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-12T09:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--176aed31-3194-43c2-90ce-8711f4450e5d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T09:44:35.000Z",
"modified": "2018-01-12T09:44:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521/analysis/1495007597/",
"category": "External analysis",
"uuid": "5a588383-a874-4dbe-9820-466402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/57",
"category": "Other",
"uuid": "5a588383-e9b0-4feb-ab0c-40d802de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-05-17T07:53:17",
"category": "Other",
"uuid": "5a588383-8f98-40a9-a0a8-41e502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f7fca4e7-f357-41e9-a56d-dc443a7331be",
"created": "2018-02-16T08:48:09.000Z",
"modified": "2018-02-16T08:48:09.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a2f1551a-ffc6-439a-8ed9-5eb83308cc80",
"target_ref": "x-misp-object--8c404d5c-48e0-4cb4-a64d-2b89af2399ee"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f0c13afe-76c1-42e3-9e22-3b33cac47519",
"created": "2018-02-16T08:48:09.000Z",
"modified": "2018-02-16T08:48:09.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--075320ce-9dca-48cd-a4ca-085096e80a7a",
"target_ref": "x-misp-object--e865f3a2-beea-4193-a717-991bbb031ae0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a6edc429-767f-465f-b665-d74138332ceb",
"created": "2018-02-16T08:48:09.000Z",
"modified": "2018-02-16T08:48:09.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--dcb939f0-8874-48f7-bce3-b8bbad431c41",
"target_ref": "x-misp-object--63ddf759-d832-4a3d-a389-1462c56dc4cb"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3ef3fd67-f53a-480f-9636-01fd509a6753",
"created": "2018-02-16T08:48:09.000Z",
"modified": "2018-02-16T08:48:09.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4af33ce3-3a10-4c2e-bcb2-67bd4626e18b",
"target_ref": "x-misp-object--c976c2d7-cfaf-48b4-bd93-827f80aa378b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--73f6e9e0-6cc3-4cf2-8421-c4ff4d62032b",
"created": "2018-02-16T08:48:09.000Z",
"modified": "2018-02-16T08:48:09.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f3c99c36-0463-4296-80ff-5c8407bd7d95",
"target_ref": "x-misp-object--176aed31-3194-43c2-90ce-8711f4450e5d"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink