adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a26b513-1ffc-497b-8cac-c53a950d210f.json

905 lines
No EOL
39 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5a26b513-1ffc-497b-8cac-c53a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:07:39.000Z",
"modified": "2018-10-26T09:07:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a26b513-1ffc-497b-8cac-c53a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:07:39.000Z",
"modified": "2018-10-26T09:07:39.000Z",
"name": "OSINT - Multi-stage malware sneaks into Google Play",
"published": "2018-10-26T09:07:52Z",
"object_refs": [
"observed-data--5a26b520-8974-4557-9ecb-4260950d210f",
"url--5a26b520-8974-4557-9ecb-4260950d210f",
"indicator--5a2e4c0c-e20c-4386-bdc9-c566950d210f",
"indicator--5a2e4c0c-5e7c-446d-979f-c566950d210f",
"indicator--5a2e4c0d-6ec0-4617-b698-c566950d210f",
"indicator--5a2e4c0d-0d90-4608-b0e4-c566950d210f",
"indicator--5a2e4c0e-ae14-4d56-81da-c566950d210f",
"x-misp-attribute--5a2e4c7f-9ce8-418d-ae08-b401950d210f",
"indicator--5a2e4046-8b60-456b-8b75-5467950d210f",
"indicator--5a2e4265-81d0-44f3-ba7c-5daf950d210f",
"indicator--5a2e42c6-1420-41e4-8580-60de950d210f",
"indicator--5a2e4302-df2c-4db4-8bba-71d3950d210f",
"indicator--5a2e46e8-f488-40cd-a9ec-878d950d210f",
"indicator--5a2e499b-4ccc-4e5c-ae67-bb07950d210f",
"indicator--5a2e4a5b-b27c-4c2f-9112-ba38950d210f",
"indicator--5a2e4a97-e268-44ea-ada6-bbe1950d210f",
"indicator--11c074b2-9ef5-468f-9a71-70ea7abb9d67",
"x-misp-object--df8032d7-cbe9-49fd-9747-63d74730df9f",
"indicator--475d3bb8-eb86-4c51-a3a3-15ab39d91ddf",
"x-misp-object--94031eb7-4ff3-486e-b44f-eb4fa2ab0c1c",
"indicator--90b018c5-f3af-4ebf-9bb9-452b205d3038",
"x-misp-object--caa22be8-c2c9-465f-8aaa-c20e3eafec9f",
"indicator--a62c5ce0-9e21-466e-b317-a0a00fef80ef",
"x-misp-object--1263f071-0c4b-4d90-b6ef-81682679e425",
"indicator--959b41df-ba0f-4520-a633-f28b0d7e5b21",
"x-misp-object--9c3a68e0-2e10-46ad-adda-0237549ebcd1",
"indicator--973efe60-da30-4d60-aa15-6a1ee7f82e22",
"x-misp-object--6b985af4-f961-4f8d-b2f7-513b6ed1c140",
"indicator--ae8d1770-da33-4160-92e5-bc56fe5781d5",
"x-misp-object--095999e8-cf65-4068-9aa8-111b4596ae64",
"indicator--01689a22-9fef-4b84-bc15-84a951d19e66",
"x-misp-object--2f933552-e105-4559-9ba2-4adb53dde71b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b520-8974-4557-9ecb-4260950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-05T15:03:03.000Z",
"modified": "2017-12-05T15:03:03.000Z",
"first_observed": "2017-12-05T15:03:03Z",
"last_observed": "2017-12-05T15:03:03Z",
"number_observed": 1,
"object_refs": [
"url--5a26b520-8974-4557-9ecb-4260950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a26b520-8974-4557-9ecb-4260950d210f",
"value": "https://www.welivesecurity.com/2017/11/15/multi-stage-malware-sneaks-google-play/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4c0c-e20c-4386-bdc9-c566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:12:44.000Z",
"modified": "2017-12-11T09:12:44.000Z",
"description": "Hardcoded domains hosting links to the third-stage payloads",
"pattern": "[domain-name:value = 'loaderclientarea24.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:12:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4c0c-5e7c-446d-979f-c566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:12:44.000Z",
"modified": "2017-12-11T09:12:44.000Z",
"description": "Hardcoded domains hosting links to the third-stage payloads",
"pattern": "[domain-name:value = 'loaderclientarea22.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:12:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4c0d-6ec0-4617-b698-c566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:12:45.000Z",
"modified": "2017-12-11T09:12:45.000Z",
"description": "Hardcoded domains hosting links to the third-stage payloads",
"pattern": "[domain-name:value = 'loaderclientarea20.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:12:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4c0d-0d90-4608-b0e4-c566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:12:45.000Z",
"modified": "2017-12-11T09:12:45.000Z",
"description": "Hardcoded domains hosting links to the third-stage payloads",
"pattern": "[domain-name:value = 'loaderclientarea15.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:12:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4c0e-ae14-4d56-81da-c566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:12:46.000Z",
"modified": "2017-12-11T09:12:46.000Z",
"description": "Hardcoded domains hosting links to the third-stage payloads",
"pattern": "[domain-name:value = 'loaderclientarea13.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:12:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a2e4c7f-9ce8-418d-ae08-b401950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:14:49.000Z",
"modified": "2017-12-11T09:14:49.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Anti-detection features\r\n\r\nThese malware samples all employ a multi-stage architecture and encryption to stay under the radar.\r\n\r\nAfter being downloaded and installed, these apps do not request any suspicious permissions and even mimic the activity the user expects them to exhibit.\r\n\r\nAlong with this, the malicious app also decrypts and executes its payload \u00e2\u20ac\u201c that is, the first-stage payload. This payload decrypts and executes the second-stage payload, which is stored in the assets of the initial app downloaded from Google Play. These steps are invisible to the user and serve as obfuscatory measures."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4046-8b60-456b-8b75-5467950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T08:22:30.000Z",
"modified": "2017-12-11T08:22:30.000Z",
"pattern": "[file:hashes.SHA1 = '9ab5a05bc3c8f1931a3a49278e18d2116f529704' AND file:name = 'com.fleeeishei.erabladmounsem']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T08:22:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4265-81d0-44f3-ba7c-5daf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T08:31:33.000Z",
"modified": "2017-12-11T08:31:33.000Z",
"pattern": "[file:hashes.SHA1 = '2e47c816a517548a0fbf809324d63868708d00d0' AND file:name = 'com.softmuiiurket.cleanerforandroid']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T08:31:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e42c6-1420-41e4-8580-60de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T08:33:10.000Z",
"modified": "2017-12-11T08:33:10.000Z",
"pattern": "[file:hashes.SHA1 = 'de64139e6e91ac0dde755d2ef49d60251984652f' AND file:name = 'com.expjhvjhertsoft.bestrambooster']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T08:33:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4302-df2c-4db4-8bba-71d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T08:34:10.000Z",
"modified": "2017-12-11T08:34:10.000Z",
"pattern": "[file:hashes.SHA1 = '6ab844c8fd654aaec29dac095214f4430012ee0e' AND file:name = 'gotov.games.toppro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T08:34:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e46e8-f488-40cd-a9ec-878d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T08:50:48.000Z",
"modified": "2017-12-11T08:50:48.000Z",
"pattern": "[file:hashes.SHA1 = 'c8dd6815f30367695938a7613c11e029055279a2' AND file:name = 'slots.forgame.vul']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T08:50:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e499b-4ccc-4e5c-ae67-bb07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:02:19.000Z",
"modified": "2017-12-11T09:02:19.000Z",
"pattern": "[file:hashes.SHA1 = '47442bfdfbc0fb350b8b30271c310fe44ffb119a' AND file:name = 'com.bucholregaum.hampelpa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:02:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4a5b-b27c-4c2f-9112-ba38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:05:31.000Z",
"modified": "2017-12-11T09:05:31.000Z",
"pattern": "[file:hashes.SHA1 = '604e6dcdf1fa1f7b5a85892ac3761bed81405bf6' AND file:name = 'com.peridesuramant.worldnews']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:05:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2e4a97-e268-44ea-ada6-bbe1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:06:31.000Z",
"modified": "2017-12-11T09:06:31.000Z",
"pattern": "[file:hashes.SHA1 = '532079b31e3acef2d71c75b31d77480304b2f7b9' AND file:name = 'com.peridesurrramant.worldnews']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-11T09:06:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--11c074b2-9ef5-468f-9a71-70ea7abb9d67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:05:46.000Z",
"modified": "2018-10-26T09:05:46.000Z",
"pattern": "[file:hashes.MD5 = '4e6183687717cf7d7adc906cf5450729' AND file:hashes.SHA1 = 'c8dd6815f30367695938a7613c11e029055279a2' AND file:hashes.SHA256 = 'd6e48539252c4425bbb8f4b7e60f9ca6cbb703f324bbf1dde025a3d935b74cb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:05:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--df8032d7-cbe9-49fd-9747-63d74730df9f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:05:49.000Z",
"modified": "2018-10-26T09:05:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:24:43",
"category": "Other",
"uuid": "72b61313-867c-48fe-afae-33879fda2b33"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d6e48539252c4425bbb8f4b7e60f9ca6cbb703f324bbf1dde025a3d935b74cb9/analysis/1538688283/",
"category": "External analysis",
"uuid": "4f384fe0-2a17-4c90-81bd-1eea46dcb4dc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/61",
"category": "Other",
"uuid": "2fdf0dd7-f0e3-4a27-b288-fd731165a63b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--475d3bb8-eb86-4c51-a3a3-15ab39d91ddf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:05:50.000Z",
"modified": "2018-10-26T09:05:50.000Z",
"pattern": "[file:hashes.MD5 = '21af98ec1a99ae37367d2e71d16b85fa' AND file:hashes.SHA1 = 'de64139e6e91ac0dde755d2ef49d60251984652f' AND file:hashes.SHA256 = 'f0c97217377ab0b4dd71baf5529d79e6349e477e69d4043a82f9c768ef46a932']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:05:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--94031eb7-4ff3-486e-b44f-eb4fa2ab0c1c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:05:58.000Z",
"modified": "2018-10-26T09:05:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:32:29",
"category": "Other",
"uuid": "beace62d-a2d6-42ad-a1ff-0d85f7ccf447"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f0c97217377ab0b4dd71baf5529d79e6349e477e69d4043a82f9c768ef46a932/analysis/1538688749/",
"category": "External analysis",
"uuid": "f5e4dc71-0ada-47da-9c85-dd7999b9fdb4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/62",
"category": "Other",
"uuid": "69190414-96bf-48ed-8a7c-2e002e4ef9eb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90b018c5-f3af-4ebf-9bb9-452b205d3038",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:12.000Z",
"modified": "2018-10-26T09:06:12.000Z",
"pattern": "[file:hashes.MD5 = 'f9617beec1b56eace79e870cb0925ffd' AND file:hashes.SHA1 = '604e6dcdf1fa1f7b5a85892ac3761bed81405bf6' AND file:hashes.SHA256 = '3fc104c7fb8f6419aa5b45a3abfcc545ddb8e225f1b6dcaf5824075cbdf5dddd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:06:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--caa22be8-c2c9-465f-8aaa-c20e3eafec9f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:14.000Z",
"modified": "2018-10-26T09:06:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:32:21",
"category": "Other",
"uuid": "f3bd1117-6b76-40f4-b890-3ff8c3a11b3a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3fc104c7fb8f6419aa5b45a3abfcc545ddb8e225f1b6dcaf5824075cbdf5dddd/analysis/1538688741/",
"category": "External analysis",
"uuid": "081c6e6e-4bcc-4223-9840-923e63ed044c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/62",
"category": "Other",
"uuid": "70e00152-a2f1-46fd-b7c7-55f38c1255a4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a62c5ce0-9e21-466e-b317-a0a00fef80ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:16.000Z",
"modified": "2018-10-26T09:06:16.000Z",
"pattern": "[file:hashes.MD5 = 'c4acc83183ac0fabe92fc02ae5ef3ca4' AND file:hashes.SHA1 = '9ab5a05bc3c8f1931a3a49278e18d2116f529704' AND file:hashes.SHA256 = 'dd857e8505cedf84b316eb0f5cdcba1386fb8412bc630e671f474aeedfccb387']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:06:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1263f071-0c4b-4d90-b6ef-81682679e425",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:23.000Z",
"modified": "2018-10-26T09:06:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:32:25",
"category": "Other",
"uuid": "8aa24a31-7fdd-4ed4-a632-705aa09205d3"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/dd857e8505cedf84b316eb0f5cdcba1386fb8412bc630e671f474aeedfccb387/analysis/1538688745/",
"category": "External analysis",
"uuid": "0cc5c304-cd11-41a5-9583-7e971aad4310"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/62",
"category": "Other",
"uuid": "5263a8d1-50e1-4f76-8f4b-d73cef90d7ed"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--959b41df-ba0f-4520-a633-f28b0d7e5b21",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:25.000Z",
"modified": "2018-10-26T09:06:25.000Z",
"pattern": "[file:hashes.MD5 = 'a0dcd9907a3726edfb8e7de48b3aa8f6' AND file:hashes.SHA1 = '6ab844c8fd654aaec29dac095214f4430012ee0e' AND file:hashes.SHA256 = 'e980dc97b0b63158e251e6055d0f4362bf0a105bd999146de048f13a8f4aadb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:06:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9c3a68e0-2e10-46ad-adda-0237549ebcd1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:27.000Z",
"modified": "2018-10-26T09:06:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:24:52",
"category": "Other",
"uuid": "fac591a5-dfe8-45be-994b-d62da1b2a50d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e980dc97b0b63158e251e6055d0f4362bf0a105bd999146de048f13a8f4aadb7/analysis/1538688292/",
"category": "External analysis",
"uuid": "58702d62-de2f-4573-b03a-f18fd9513e2e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/62",
"category": "Other",
"uuid": "7a7627ca-a13a-48e8-8fad-142354ccfc99"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--973efe60-da30-4d60-aa15-6a1ee7f82e22",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:29.000Z",
"modified": "2018-10-26T09:06:29.000Z",
"pattern": "[file:hashes.MD5 = '327d37ad6391c674f2f5a96e08cbc95f' AND file:hashes.SHA1 = '47442bfdfbc0fb350b8b30271c310fe44ffb119a' AND file:hashes.SHA256 = 'ef3dfcd3e1351f46ee3cbfb3f71fe9d06a445d8affe2e679f34d8bf4bb618849']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:06:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6b985af4-f961-4f8d-b2f7-513b6ed1c140",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:43.000Z",
"modified": "2018-10-26T09:06:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:32:08",
"category": "Other",
"uuid": "1b0b2e29-f922-40e2-b9e7-e1138cc8cd16"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ef3dfcd3e1351f46ee3cbfb3f71fe9d06a445d8affe2e679f34d8bf4bb618849/analysis/1538688728/",
"category": "External analysis",
"uuid": "e48a740f-3a6a-4209-b09f-9ce33ca4d094"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/61",
"category": "Other",
"uuid": "6184c6e0-29e2-4165-8e42-ccf5bbb23b19"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae8d1770-da33-4160-92e5-bc56fe5781d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:06:57.000Z",
"modified": "2018-10-26T09:06:57.000Z",
"pattern": "[file:hashes.MD5 = '2d5b8b4a868cbb8947f869f789fef5ff' AND file:hashes.SHA1 = '532079b31e3acef2d71c75b31d77480304b2f7b9' AND file:hashes.SHA256 = 'd2a6cbe9acd4193188f7aa6d922c916999845da82171889526550790f5632b47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:06:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--095999e8-cf65-4068-9aa8-111b4596ae64",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:07:06.000Z",
"modified": "2018-10-26T09:07:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:32:13",
"category": "Other",
"uuid": "9f46d30d-be05-4c45-be71-9d342e9a2fa1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d2a6cbe9acd4193188f7aa6d922c916999845da82171889526550790f5632b47/analysis/1538688733/",
"category": "External analysis",
"uuid": "5d3c8f72-90a2-466d-82ae-de692d5e9523"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/60",
"category": "Other",
"uuid": "4d7c5d08-44bb-456b-8b95-19a3c5f79d4c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--01689a22-9fef-4b84-bc15-84a951d19e66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:07:15.000Z",
"modified": "2018-10-26T09:07:15.000Z",
"pattern": "[file:hashes.MD5 = '2ed45ea4f3b26adcc5eaa88b5234c997' AND file:hashes.SHA1 = '2e47c816a517548a0fbf809324d63868708d00d0' AND file:hashes.SHA256 = 'ab9f1a59fcae8374282a39f244f164b58dbed4d16c37366bf2272c9509a7502e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T09:07:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2f933552-e105-4559-9ba2-4adb53dde71b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T09:07:17.000Z",
"modified": "2018-10-26T09:07:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T21:31:07",
"category": "Other",
"uuid": "973e093c-1a25-4961-9a70-1047fb6be0e7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ab9f1a59fcae8374282a39f244f164b58dbed4d16c37366bf2272c9509a7502e/analysis/1538688667/",
"category": "External analysis",
"uuid": "8f0d0a5f-9323-4973-b32a-adaf4007fe08"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/60",
"category": "Other",
"uuid": "2367705e-c040-48af-8d75-755949bfadf7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink