misp-circl-feed/feeds/circl/stix-2.1/5a390de6-4a58-4a19-89fb-4620950d210f.json

767 lines
No EOL
34 KiB
JSON

{
"type": "bundle",
"id": "bundle--5a390de6-4a58-4a19-89fb-4620950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T03:00:39.000Z",
"modified": "2017-12-21T03:00:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a390de6-4a58-4a19-89fb-4620950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T03:00:39.000Z",
"modified": "2017-12-21T03:00:39.000Z",
"name": "OSINT - Zeus Panda Banking Trojan Targets Online Holiday Shoppers",
"published": "2017-12-28T13:33:53Z",
"object_refs": [
"observed-data--5a390e33-a644-4e3a-957d-1606950d210f",
"url--5a390e33-a644-4e3a-957d-1606950d210f",
"x-misp-attribute--5a390e5c-090c-4b23-83f0-1714950d210f",
"indicator--5a390ecd-e0a8-4c1e-95bc-498c950d210f",
"indicator--5a390eec-3874-4509-a0dd-1708950d210f",
"indicator--5a390efa-6134-40fc-901a-1713950d210f",
"indicator--5a390f86-f3c8-4662-96dd-1690950d210f",
"indicator--5a390f86-06c8-4a7b-a2de-1690950d210f",
"indicator--5a390f87-2be4-4d90-b4b6-1690950d210f",
"indicator--5a390f87-208c-477f-a436-1690950d210f",
"indicator--5a390f87-7364-456f-9669-1690950d210f",
"indicator--5a390f87-7528-4d33-a029-1690950d210f",
"indicator--5a3910b0-33e0-4ba5-b4e3-18e3950d210f",
"indicator--5a3910b0-2350-40f6-bf70-18e3950d210f",
"observed-data--5a390eac-8b20-4401-83c1-169e950d210f",
"email-message--5a390eac-8b20-4401-83c1-169e950d210f",
"indicator--5a390f46-b670-4975-842a-473d950d210f",
"indicator--5a3910e8-d3fc-421d-a96b-1690950d210f",
"indicator--5a39110d-413c-4ff2-b531-bfd8950d210f",
"indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e",
"x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b",
"indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8",
"x-misp-object--8e8856ca-85ff-4643-9b60-708617003213",
"indicator--23b939ba-58a7-4265-acbb-12945bdaf96f",
"x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9",
"indicator--c299d343-7fb7-4bda-bc3c-578213b2333d",
"x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa",
"relationship--b54571ad-9c3b-465f-9b2f-6a9814d8a2f0",
"relationship--9638e9de-1d4a-4a75-b3c4-b92e4acd06fe",
"relationship--619231bd-5dad-4e6d-88cb-33ca7297e92b",
"relationship--bd16e14f-ceac-4e06-ada1-8fc8ed6753d8"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:banker=\"Panda Banker\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"ms-caro-malware-full:malware-family=\"Banker\"",
"malware_classification:malware-category=\"Trojan\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a390e33-a644-4e3a-957d-1606950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"first_observed": "2017-12-20T09:11:54Z",
"last_observed": "2017-12-20T09:11:54Z",
"number_observed": 1,
"object_refs": [
"url--5a390e33-a644-4e3a-957d-1606950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a390e33-a644-4e3a-957d-1606950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a390e5c-090c-4b23-83f0-1714950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Banking Trojans work by injecting code into web pages as they are viewed on infected machines, allowing the malware to harvest banking credentials and credit card information as victims interact with legitimate sites. Most often, the injects -- the code that actually performs the man-in-the-browser attacks -- are configured for region-specific banking sites. More recently, we have seen injects for online payment sites, casinos, retailers, and more appearing in banking Trojan campaigns.\r\n\r\nSince November -- a period of time that includes Thanksgiving, Black Friday, Cyber Monday and now leading up to Christmas -- we have observed Zeus Panda banking Trojan campaigns that have an increasing focus on non-banking targets with an extensive list of injects clearly designed to capitalize on holiday shopping and activities.\r\n\r\nMore specifically, these Zeus Panda (aka Panda Banker) campaigns expanded their injects to a variety of online shopping sites for brick and mortar retailers like Zara, specialty online retailers, travel sites, and video streaming sites, among others. The vast majority of these new targets will potentially see higher-than-normal numbers of credit card transactions for the holidays. While Zeus Panda can be configured to steal a variety of information, these injects collected the credit card number, address, phone number, DOB, SSN, and security question-related information such as mother\u00e2\u20ac\u2122s maiden name."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390ecd-e0a8-4c1e-95bc-498c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:06:21.000Z",
"modified": "2017-12-19T13:06:21.000Z",
"pattern": "[file:name = 'receipt-package-5a0a062cae04a.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:06:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390eec-3874-4509-a0dd-1708950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Landing page redirection",
"pattern": "[url:value = 'https://canadapost-packagecenter.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390efa-6134-40fc-901a-1713950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"pattern": "[file:name = 'resume.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f86-f3c8-4662-96dd-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Document payload",
"pattern": "[url:value = 'http://80.82.67.217/moo.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f86-06c8-4a7b-a2de-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:09:26.000Z",
"modified": "2017-12-19T13:09:26.000Z",
"description": "Panda",
"pattern": "[file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:09:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-2be4-4d90-b4b6-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Panda C&C",
"pattern": "[domain-name:value = 'gromnes.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-208c-477f-a436-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Panda C&C",
"pattern": "[domain-name:value = 'aklexim.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-7364-456f-9669-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Panda C&C",
"pattern": "[domain-name:value = 'kichamyn.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f87-7528-4d33-a029-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:09:27.000Z",
"modified": "2017-12-19T13:09:27.000Z",
"description": "Attachment",
"pattern": "[file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:09:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3910b0-33e0-4ba5-b4e3-18e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Malicious URL in email",
"pattern": "[url:value = 'http://www.nfk-trading.com/analyticsmmrxbctq/redirect/0849e22e843170e1600c1910df8cf9da-id-qblozsmn-to-package-awaiting']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3910b0-2350-40f6-bf70-18e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"description": "Document payload",
"pattern": "[url:value = 'http://89.248.169.136/bigmac.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a390eac-8b20-4401-83c1-169e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:05:48.000Z",
"modified": "2017-12-19T13:05:48.000Z",
"first_observed": "2017-12-19T13:05:48Z",
"last_observed": "2017-12-19T13:05:48Z",
"number_observed": 1,
"object_refs": [
"email-message--5a390eac-8b20-4401-83c1-169e950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5a390eac-8b20-4401-83c1-169e950d210f",
"is_multipart": false,
"date": "2017-11-13T00:00:00Z",
"subject": "Your package is ready to be picked up\u00e2\u20ac\u009d"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a390f46-b670-4975-842a-473d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:08:22.000Z",
"modified": "2017-12-19T13:08:22.000Z",
"pattern": "[email-message:date = '2017-12-11T00:00:00' AND email-message:subject = 'Application submitted from Gumtree Jobs by [First Last Names] for Field Sales Consultant - Status: Emailed' AND email-message:body_multipart[0].body_raw_ref.name = 'resume.doc' AND email-message:body_multipart[0].content_disposition = 'attachment']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:08:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3910e8-d3fc-421d-a96b-1690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:15:20.000Z",
"modified": "2017-12-19T13:15:20.000Z",
"pattern": "[file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b' AND file:name = 'receipt-package-5a0a062cae04a.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a39110d-413c-4ff2-b531-bfd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T13:15:57.000Z",
"modified": "2017-12-19T13:15:57.000Z",
"description": "Panda executable",
"pattern": "[file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d' AND file:name = 'Bigmac.jpg' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T13:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:57.000Z",
"modified": "2017-12-20T09:11:57.000Z",
"pattern": "[file:hashes.MD5 = 'a02d6ca05cbc89a317d82945bcb6b15b' AND file:hashes.SHA1 = '2cacb877c487b6dae47fb16fdd1dc7b05595125b' AND file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:54.000Z",
"modified": "2017-12-20T09:11:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d/analysis/1513357351/",
"category": "External analysis",
"uuid": "5a3a295b-b3fc-4cce-92cd-431402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/67",
"category": "Other",
"uuid": "5a3a295b-18c0-4bed-af46-433102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-15T17:02:31",
"category": "Other",
"uuid": "5a3a295b-6208-4950-9d19-4b6a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:58.000Z",
"modified": "2017-12-20T09:11:58.000Z",
"pattern": "[file:hashes.MD5 = '52b053886cc0ca44df86cba91de968fa' AND file:hashes.SHA1 = 'ef22bcec61cb2aea85cd93cede6af5f4b27e011b' AND file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8e8856ca-85ff-4643-9b60-708617003213",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:55.000Z",
"modified": "2017-12-20T09:11:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3/analysis/1513686510/",
"category": "External analysis",
"comment": "Panda",
"uuid": "5a3a295b-c948-41f7-9f3c-4eb802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/66",
"category": "Other",
"comment": "Panda",
"uuid": "5a3a295b-1164-44e5-a7fb-4bc902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-19T12:28:30",
"category": "Other",
"comment": "Panda",
"uuid": "5a3a295b-f134-4097-aaad-481602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--23b939ba-58a7-4265-acbb-12945bdaf96f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:58.000Z",
"modified": "2017-12-20T09:11:58.000Z",
"pattern": "[file:hashes.MD5 = 'b2a6ec17f49740ddc699640fb19f951d' AND file:hashes.SHA1 = '00d8ef79f6fe532815c0325fb6d7165cdae98548' AND file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:55.000Z",
"modified": "2017-12-20T09:11:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc/analysis/1513686599/",
"category": "External analysis",
"comment": "Attachment",
"uuid": "5a3a295b-9dd4-4202-b6ac-44e102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/58",
"category": "Other",
"comment": "Attachment",
"uuid": "5a3a295b-bb18-4c9d-b107-418e02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-19T12:29:59",
"category": "Other",
"comment": "Attachment",
"uuid": "5a3a295b-30fc-4206-af56-438802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c299d343-7fb7-4bda-bc3c-578213b2333d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:58.000Z",
"modified": "2017-12-20T09:11:58.000Z",
"pattern": "[file:hashes.MD5 = 'bcac60105cb24fdbcc03c1d52d09bfd1' AND file:hashes.SHA1 = '8eab9d3dfe6ac35a3624e916bb3cdc6d390a83d2' AND file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-20T09:11:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T09:11:55.000Z",
"modified": "2017-12-20T09:11:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b/analysis/1513686655/",
"category": "External analysis",
"uuid": "5a3a295b-efcc-4b80-b82d-4cb402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/58",
"category": "Other",
"uuid": "5a3a295b-3e4c-474f-8b74-480c02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-19T12:30:55",
"category": "Other",
"uuid": "5a3a295b-f240-48da-adee-467702de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b54571ad-9c3b-465f-9b2f-6a9814d8a2f0",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e",
"target_ref": "x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9638e9de-1d4a-4a75-b3c4-b92e4acd06fe",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8",
"target_ref": "x-misp-object--8e8856ca-85ff-4643-9b60-708617003213"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--619231bd-5dad-4e6d-88cb-33ca7297e92b",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--23b939ba-58a7-4265-acbb-12945bdaf96f",
"target_ref": "x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bd16e14f-ceac-4e06-ada1-8fc8ed6753d8",
"created": "2017-12-28T13:33:53.000Z",
"modified": "2017-12-28T13:33:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c299d343-7fb7-4bda-bc3c-578213b2333d",
"target_ref": "x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}