6232 lines
No EOL
269 KiB
JSON
6232 lines
No EOL
269 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a5724c6-5e20-4d61-9ccb-4191950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-10T03:01:48.000Z",
|
|
"modified": "2018-02-10T03:01:48.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5a5724c6-5e20-4d61-9ccb-4191950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-10T03:01:48.000Z",
|
|
"modified": "2018-02-10T03:01:48.000Z",
|
|
"name": "OSINT - Mac Malware of 2017",
|
|
"published": "2018-02-16T09:00:10Z",
|
|
"object_refs": [
|
|
"observed-data--5a5725af-c85c-4245-9e36-442b950d210f",
|
|
"url--5a5725af-c85c-4245-9e36-442b950d210f",
|
|
"x-misp-attribute--5a5726ab-e594-48e0-9f19-099b950d210f",
|
|
"observed-data--5a58693b-6748-42fb-8b4e-4507950d210f",
|
|
"url--5a58693b-6748-42fb-8b4e-4507950d210f",
|
|
"observed-data--5a58693c-6350-40a4-9cf2-4b13950d210f",
|
|
"url--5a58693c-6350-40a4-9cf2-4b13950d210f",
|
|
"observed-data--5a586a6e-9420-44eb-9341-420d950d210f",
|
|
"url--5a586a6e-9420-44eb-9341-420d950d210f",
|
|
"observed-data--5a586a6f-c7e0-4330-a459-4a3f950d210f",
|
|
"url--5a586a6f-c7e0-4330-a459-4a3f950d210f",
|
|
"observed-data--5a586a6f-7aa0-4a57-bad2-4a74950d210f",
|
|
"url--5a586a6f-7aa0-4a57-bad2-4a74950d210f",
|
|
"observed-data--5a586a6f-b1f0-4118-a840-4916950d210f",
|
|
"url--5a586a6f-b1f0-4118-a840-4916950d210f",
|
|
"observed-data--5a586a6f-bdc0-4812-a215-4367950d210f",
|
|
"url--5a586a6f-bdc0-4812-a215-4367950d210f",
|
|
"observed-data--5a586a6f-5334-4881-9275-4493950d210f",
|
|
"url--5a586a6f-5334-4881-9275-4493950d210f",
|
|
"observed-data--5a586a6f-8e08-456a-95b3-44ca950d210f",
|
|
"url--5a586a6f-8e08-456a-95b3-44ca950d210f",
|
|
"observed-data--5a586a6f-387c-4485-90b5-420b950d210f",
|
|
"url--5a586a6f-387c-4485-90b5-420b950d210f",
|
|
"observed-data--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f",
|
|
"url--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f",
|
|
"observed-data--5a586a6f-1b60-43b2-88a3-4966950d210f",
|
|
"url--5a586a6f-1b60-43b2-88a3-4966950d210f",
|
|
"observed-data--5a586a6f-8dac-4932-9d31-40e3950d210f",
|
|
"url--5a586a6f-8dac-4932-9d31-40e3950d210f",
|
|
"observed-data--5a586a6f-3130-4211-9d3e-47e1950d210f",
|
|
"url--5a586a6f-3130-4211-9d3e-47e1950d210f",
|
|
"observed-data--5a586a6f-d9c8-45d5-9a8d-4246950d210f",
|
|
"url--5a586a6f-d9c8-45d5-9a8d-4246950d210f",
|
|
"indicator--5a586d3d-d860-4ac4-83d1-4457950d210f",
|
|
"indicator--5a586d3d-d274-479d-83c9-4b8f950d210f",
|
|
"indicator--5a5870d4-b0a0-42b8-85d7-45c3950d210f",
|
|
"indicator--5a5870d4-673c-4b17-a384-46df950d210f",
|
|
"indicator--5a5871a8-b690-4501-9bb8-43cf950d210f",
|
|
"indicator--5a5874a6-93e4-40c1-bcad-405b950d210f",
|
|
"indicator--5a5874a6-5d4c-46e9-a090-4ec9950d210f",
|
|
"indicator--5a5874a6-0fbc-4bcd-b43b-4a09950d210f",
|
|
"indicator--5a5874a6-8290-4544-9472-4222950d210f",
|
|
"indicator--5a587b98-1324-48ec-bc3e-4949950d210f",
|
|
"indicator--5a587b98-616c-412d-9933-4c69950d210f",
|
|
"indicator--5a587b98-265c-4f10-91f4-4f9e950d210f",
|
|
"indicator--5a587b98-3eec-4e65-b45e-4364950d210f",
|
|
"indicator--5a587b98-8cdc-4b4c-9072-4f66950d210f",
|
|
"indicator--5a587d0d-e7cc-4f45-8596-4575950d210f",
|
|
"indicator--5a587d0d-7858-424b-aa19-4dc1950d210f",
|
|
"indicator--5a587d0d-abc0-4374-9497-4376950d210f",
|
|
"indicator--5a587f73-26fc-49f3-bb30-4c1a950d210f",
|
|
"indicator--5a588997-15ac-4228-967b-4a1c950d210f",
|
|
"indicator--5a588b7d-77b4-43bb-a98f-4df2950d210f",
|
|
"indicator--5a588b7d-78e4-451b-997f-45ee950d210f",
|
|
"indicator--5a588b7d-1500-4e04-b20a-41e7950d210f",
|
|
"indicator--5a588c8c-c138-4cc7-84b9-421a950d210f",
|
|
"indicator--5a588c8d-f950-4fc4-aa8a-4942950d210f",
|
|
"indicator--5a588c8d-2f50-4f57-bdeb-48bf950d210f",
|
|
"indicator--5a588c8d-0c00-4303-b758-4d53950d210f",
|
|
"indicator--5a588c8d-4ba8-4400-84dd-47e9950d210f",
|
|
"indicator--5a588cd4-2674-48e6-ba6d-4936950d210f",
|
|
"indicator--5a588cd4-296c-4c6b-b525-447d950d210f",
|
|
"indicator--5a588cd4-0e2c-4f16-9612-4c46950d210f",
|
|
"indicator--5a588cd4-1bd4-4974-80cc-46b5950d210f",
|
|
"indicator--5a588cd4-83a8-4070-85fe-4751950d210f",
|
|
"indicator--5a588cd4-dcc0-4d12-b524-4832950d210f",
|
|
"indicator--5a588ce9-3f18-41de-a8f3-6247950d210f",
|
|
"indicator--5a588edc-55c8-4142-9d86-40aa950d210f",
|
|
"indicator--5a588efe-f068-422e-8209-4f30950d210f",
|
|
"indicator--5a588efe-b770-4240-918f-40d0950d210f",
|
|
"indicator--5a588efe-6e7c-49fa-88b0-4926950d210f",
|
|
"indicator--5a588fc0-2f8c-44e1-8bc0-4901950d210f",
|
|
"indicator--5a58923e-99bc-4f6e-871e-4f47950d210f",
|
|
"indicator--5a58927b-3168-4cc8-8adb-45d5950d210f",
|
|
"indicator--5a5892db-aadc-434f-b8d2-4545950d210f",
|
|
"indicator--5a58b14a-6e58-4ce3-8c6d-408b950d210f",
|
|
"indicator--5a58b167-75d4-4ae8-b97e-49b6950d210f",
|
|
"indicator--5a58b167-8a0c-444d-b52f-4b59950d210f",
|
|
"indicator--5a58b167-c74c-41ef-9ae2-4f42950d210f",
|
|
"indicator--5a58b167-1de8-4feb-a032-477d950d210f",
|
|
"indicator--5a58bd65-4eb8-43e1-9555-4f95950d210f",
|
|
"indicator--5a58bd65-ec78-4531-82ff-439a950d210f",
|
|
"indicator--5a58bd65-b0bc-4851-8266-4e43950d210f",
|
|
"indicator--5a58bece-2560-4d95-bfdc-4996950d210f",
|
|
"indicator--5a58becf-33ac-4d37-bbee-4aaf950d210f",
|
|
"indicator--5a58bfe5-fcf4-4b2f-a229-4f94950d210f",
|
|
"indicator--5a58bfe6-3008-4b03-90dc-41e0950d210f",
|
|
"indicator--5a58c0fb-5c08-4a71-94fc-4dcd950d210f",
|
|
"indicator--5a58c0fb-3e30-4946-b9e9-449c950d210f",
|
|
"indicator--5a586fc6-e0fc-4f06-b55a-46a7950d210f",
|
|
"indicator--5a5870b4-5c68-4077-8cce-4138950d210f",
|
|
"indicator--5a587b0f-b46c-4403-be5e-423d950d210f",
|
|
"indicator--5a587cfc-3568-4d8d-bcc1-4920950d210f",
|
|
"indicator--5a587e34-dc78-4406-897c-4cff950d210f",
|
|
"indicator--5a588039-c95c-4895-ad28-43ff950d210f",
|
|
"indicator--5a588e6f-c80c-4f1e-ab63-5fa4950d210f",
|
|
"indicator--5a588e83-b4f8-44e1-8e4c-5f67950d210f",
|
|
"indicator--5a588e93-5dfc-45e3-b6a4-4456950d210f",
|
|
"indicator--5a588ea4-afa0-4611-bfb8-5f67950d210f",
|
|
"indicator--5a588f59-6d78-49a5-994d-47b5950d210f",
|
|
"indicator--5a589228-91e8-4b7e-a099-4ccd950d210f",
|
|
"indicator--5a589262-4dd4-4e98-8159-6247950d210f",
|
|
"indicator--5a58bada-0930-472d-8af6-4307950d210f",
|
|
"indicator--5a58bcda-a8f8-43a6-acb8-4fbc950d210f",
|
|
"indicator--5a58bcf9-4efc-4891-99c0-4a32950d210f",
|
|
"indicator--5a58bd15-e480-4b26-b998-45da950d210f",
|
|
"indicator--5a58c01c-b8f4-40e3-98cd-4936950d210f",
|
|
"indicator--5a58c036-a548-4862-a538-446a950d210f",
|
|
"indicator--5a58c050-7084-4c75-9670-400a950d210f",
|
|
"indicator--5a58c075-f7d4-4c8b-8e4b-4bb9950d210f",
|
|
"indicator--5a58c093-809c-40dc-b89c-4465950d210f",
|
|
"indicator--5a58c0ae-c4dc-4e61-adac-4746950d210f",
|
|
"indicator--5a58c0c3-26d0-4a90-8753-4cf7950d210f",
|
|
"indicator--5a58c0d9-822c-4fc7-96ad-4dbc950d210f",
|
|
"indicator--1a0ee044-7122-498a-9723-2e6a34cfe282",
|
|
"x-misp-object--2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb",
|
|
"indicator--dd355e08-3cf3-4834-aff2-942c4d631ef8",
|
|
"x-misp-object--d553ed19-0a19-4bff-a1cb-29a2174a1504",
|
|
"indicator--607b7d37-5391-4828-9785-747ca987e6d0",
|
|
"x-misp-object--c962297e-54fe-479d-bc30-24c2e4425ad9",
|
|
"indicator--845b2d47-0368-4a40-91d0-479d97eacda4",
|
|
"x-misp-object--22650c01-93d0-43cb-9b39-9e6b3db474eb",
|
|
"indicator--8cb5ebee-fcb0-4f05-a707-708b1eaddd59",
|
|
"x-misp-object--9f51aaa1-7f34-4b9a-b4a4-34413e3295e3",
|
|
"indicator--193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b",
|
|
"x-misp-object--21ee3580-cfc9-41d7-99c2-00615d045962",
|
|
"indicator--f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea",
|
|
"x-misp-object--eb9962e1-8c34-45bf-b7be-9ce7bc3fec07",
|
|
"indicator--a10445d8-f9e8-485b-8d4a-167ce8bea45d",
|
|
"x-misp-object--cb259893-8a4b-4847-b19a-50a9bb705885",
|
|
"indicator--f41bbf4c-5ca3-4e62-af09-e1a9145ee05e",
|
|
"x-misp-object--bf3e1c52-bd79-4344-beed-865e505b5210",
|
|
"indicator--44885bf0-1f38-4d25-b9d9-80c3b47bed40",
|
|
"x-misp-object--e4dd2223-b1b9-40d2-b87b-9e819a6a68fb",
|
|
"indicator--bf5df298-de3c-4398-9e6d-833e38d5c81f",
|
|
"x-misp-object--ddd10108-2f29-4846-bea0-1e80d1c62981",
|
|
"indicator--4451bac1-bdc3-4bbd-a01d-ec5902aea71d",
|
|
"x-misp-object--3efc2992-b363-4793-87b3-5ec2032cdd31",
|
|
"indicator--f9086285-81ea-4ede-b4d3-0c086cd67629",
|
|
"x-misp-object--bb34db62-0780-4909-ad47-8d825362d6cf",
|
|
"indicator--49b4e424-a863-47c4-907c-e282e6e65df3",
|
|
"x-misp-object--b5786be9-5a78-4df3-b021-1dec3dec8d55",
|
|
"indicator--5c4fe5fd-d899-4e20-b4b5-e39398733757",
|
|
"x-misp-object--4f4b9b57-b256-4d40-ae26-c8602137bfb6",
|
|
"indicator--a49ac8ee-df74-445f-9d00-eff900554eb8",
|
|
"x-misp-object--d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd",
|
|
"indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2",
|
|
"x-misp-object--84bccfef-2072-49f1-b605-8bca7e67be2f",
|
|
"indicator--25d83980-fd95-481d-a330-6e969b0253eb",
|
|
"x-misp-object--0f57df59-7f2e-4538-ad44-9198ae1eb7e7",
|
|
"indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf",
|
|
"x-misp-object--5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2",
|
|
"indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3",
|
|
"x-misp-object--1de4ff44-ee71-4017-a208-7510bc2224ab",
|
|
"indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58",
|
|
"x-misp-object--76a37ccf-a61f-4466-b91b-dfb81cd4087d",
|
|
"indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed",
|
|
"x-misp-object--98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb",
|
|
"indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8",
|
|
"x-misp-object--d7545769-a98f-47ac-89e1-9074f18b2266",
|
|
"indicator--2c1cfefa-96a0-4099-a720-69b64d16fe5f",
|
|
"x-misp-object--2beed4ba-5af8-427c-8270-b6a6456df65c",
|
|
"indicator--9cb63957-a223-4016-bf62-7eac015b02a4",
|
|
"x-misp-object--83cea96d-ea16-4220-b8d5-88ca68baf4d5",
|
|
"indicator--90395b9d-bff0-4af6-adaf-a864379542da",
|
|
"x-misp-object--494c3c26-d774-4f6a-aa08-5eba8f2211db",
|
|
"indicator--41a354b8-fbc4-48fc-8976-bd9a3593a07c",
|
|
"x-misp-object--77040fb6-0d6c-459f-986f-92b37cffe118",
|
|
"indicator--480e2ec8-94b2-4682-a591-c2e86c390ead",
|
|
"x-misp-object--e6e5e5d4-0dc1-4dca-a921-aa923f455fcf",
|
|
"indicator--74bef4c3-487c-4941-b138-c8c0e3413b50",
|
|
"x-misp-object--78a04ae2-f33b-4b5a-b0ad-64f842d70385",
|
|
"indicator--1f840571-741e-4096-92d6-78e58c49109c",
|
|
"x-misp-object--268e55cb-3597-4e16-8007-a8b36cf61376",
|
|
"x-misp-object--10efb953-d0cc-4219-8b64-fd1aea48048d",
|
|
"x-misp-object--e72fba22-ef47-4486-b345-e02af2e3f2ba",
|
|
"x-misp-object--c484d968-23eb-42f0-95b4-c646ff1c4a46",
|
|
"x-misp-object--672456f3-351d-4587-8114-0c562fcb6082",
|
|
"x-misp-object--a643b2e6-13d0-4844-bb44-3708ee4f1430",
|
|
"x-misp-object--cde25116-2c43-45fe-90a9-9d17cf9e4e7c",
|
|
"x-misp-object--a41b07c7-d703-4a24-95e3-7d4c50770c9b",
|
|
"x-misp-object--e71d92c3-fb0b-4408-95c7-c3afe71baae7",
|
|
"x-misp-object--5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0",
|
|
"x-misp-object--77a6bb0a-b55e-4b33-ae86-c7ae2004d914",
|
|
"x-misp-object--c54a631e-db6e-4cc7-856d-07a974bfc25a",
|
|
"x-misp-object--0840973f-94a7-411c-9c35-bebd86da7b47",
|
|
"x-misp-object--7e1bd57e-b8fe-46ce-acd5-c763793f28c5",
|
|
"x-misp-object--01b8d2c8-326f-4555-a514-65bbf934d953",
|
|
"indicator--2835626e-b913-4889-a9d9-fdbe227feadb",
|
|
"x-misp-object--a28ef769-5398-4eb7-9b00-fab900d14c43",
|
|
"x-misp-object--5c2bd08b-1259-4095-9c9e-3b74506b1585",
|
|
"x-misp-object--85b2b880-d3e8-4dea-bea6-10c2a491856b",
|
|
"indicator--fb3000f4-1ebc-42d4-8e4a-2275d659efe6",
|
|
"x-misp-object--5cbeb48f-30a6-478a-bea9-9928524630c6",
|
|
"indicator--f53a44f1-158b-4212-bc9e-8e257362a32c",
|
|
"x-misp-object--3bd1c560-3b57-4248-b95c-72723eebd90c",
|
|
"indicator--edc8ba48-d186-4b7f-a8e4-54fdfee91503",
|
|
"x-misp-object--cf7832e0-5495-4a89-95df-cb4dd915842e",
|
|
"indicator--f8e43169-3421-43af-8b25-be605a3ea859",
|
|
"x-misp-object--2e77adf4-a30d-4dcf-9fcd-9a263b1971c7",
|
|
"indicator--770417f7-66d8-4c14-a590-25829420ef72",
|
|
"x-misp-object--d250cbbd-0387-4477-9487-647ba7f369ed",
|
|
"indicator--18939e64-0afb-4ae4-8995-189b92423b98",
|
|
"x-misp-object--55b685d6-7fdc-4538-b113-d253384b213a",
|
|
"x-misp-object--e5e57871-79b1-4440-95b3-49bc62c724e5",
|
|
"indicator--8d7a2d17-30f8-46c6-aa2c-c99caf8b8208",
|
|
"x-misp-object--ece0181f-f705-463f-bea6-08263cc535ba",
|
|
"indicator--87463bc1-9173-4071-827c-db9c3d3396bc",
|
|
"x-misp-object--f31cc4ab-1875-4f2d-87c9-04b8673ddbe8",
|
|
"x-misp-object--f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365",
|
|
"relationship--1881897f-68a4-4917-b6d9-ce7612e85564",
|
|
"relationship--4f45e8b5-30c1-4321-9b46-c3f0d49778d9",
|
|
"relationship--c2c6eaed-cf46-4ab7-93ad-28193d3da9ae",
|
|
"relationship--93e91134-95f0-44db-86ce-cd6767cfc371",
|
|
"relationship--c31f88a2-c222-4408-a03a-2e52da7a3c9c",
|
|
"relationship--387f02c3-c267-4881-aeed-6b181cc1c78d",
|
|
"relationship--460e78aa-782c-42a9-b2b1-6121f6f848e7",
|
|
"relationship--f5a58f6a-b7a3-4b9f-a7f7-9d8586b8195f",
|
|
"relationship--8f93ad4f-9114-4466-9d76-9267fb269b8b",
|
|
"relationship--229fab38-2f58-4b70-a059-c645573b27f3",
|
|
"relationship--5cfce2a1-7e3d-4de5-a4da-ebf4b627edae",
|
|
"relationship--853c6b4d-228f-4a12-983b-63544d6b21db",
|
|
"relationship--a5e172d3-26e9-43e0-9539-201959dfed9b",
|
|
"relationship--a5fb5474-2110-4b27-b6ef-09852e4c1e3f",
|
|
"relationship--e29659f9-8003-47a5-8a51-6125c09f4322",
|
|
"relationship--83010b63-935e-4d18-a95e-a225b900fe30",
|
|
"relationship--235f5b65-9ce5-4996-ba58-1cf1c6eaf365",
|
|
"relationship--0ab16142-6303-47b8-b17d-c7d120aa0147",
|
|
"relationship--5e0ba812-085e-4f5c-a20e-767ddc46bb89",
|
|
"relationship--c5f447bd-c899-43e6-ac7f-0a6ec0928934",
|
|
"relationship--01a64712-9124-4721-89ee-b5cc26ff1bc9",
|
|
"relationship--94550ad0-41da-4f96-802d-b60888c3cd95",
|
|
"relationship--8216517d-f754-4c0f-acf5-c654da61f1f2",
|
|
"relationship--6c6ac5ff-3b96-4e6b-83b3-eeea7002bac9",
|
|
"relationship--a687be29-37a0-4191-8ea5-50aa22f645c9",
|
|
"relationship--c203400c-3309-4afe-a4b4-ca5a90af6756",
|
|
"relationship--7cb390f2-e851-4b49-a0fc-4b96f6635b19",
|
|
"relationship--cfdfdf29-1a1e-4836-a55f-a6f66937f2ad",
|
|
"relationship--4b172129-2e31-4091-bb3e-6d4f491c45e8",
|
|
"relationship--7eaff686-1675-49fc-a031-d493bfb16b5c",
|
|
"relationship--93ec27a6-c00a-4e5c-adfe-bd677c3c5b08",
|
|
"relationship--48d579b9-54d2-451d-944a-1358f174113f",
|
|
"relationship--c4cebe4d-0824-4fd2-9383-cc77256c3ca0",
|
|
"relationship--2556814d-2445-4679-813c-d19569ddd154",
|
|
"relationship--73be2d23-c327-440e-8b50-81fa6de27b41",
|
|
"relationship--a2289a4f-5f98-4af0-a74f-bad98f5a2a4e",
|
|
"relationship--5e0e0174-c72d-43d0-9b6c-e9265d54e74e",
|
|
"relationship--38358887-9461-4400-ae3c-ef0dcf230b34",
|
|
"relationship--07eb6418-3bbd-48cd-ad45-76e01753b543",
|
|
"relationship--a7fb11b6-1bab-4df3-9be4-153d704e88f2",
|
|
"relationship--bd4a79ec-3cd8-4649-9ff5-0594b74f4970",
|
|
"relationship--f8ea32b7-85ff-441a-8243-ca78efc982d7",
|
|
"relationship--0255e12b-6394-43de-8ec8-cbeea823e505",
|
|
"relationship--d64fe1c1-d4fd-4a35-994e-d2285d69ca97",
|
|
"relationship--70a782f7-c72b-4f28-8bba-608af516a65c",
|
|
"relationship--6c4689cf-6d35-4f88-b238-dcfa3194ed04",
|
|
"relationship--950ca2a0-dc69-4b85-af65-a171c8a161d2",
|
|
"relationship--12e4af4a-90a3-4d79-93f6-eed9596243ce",
|
|
"relationship--04929850-798c-4d35-b057-fd3635617b0c",
|
|
"relationship--00f202d0-4ee0-4daa-8266-5de1a04755d8",
|
|
"relationship--d463991e-961d-4a69-b1d2-921f76eb1d29",
|
|
"relationship--da5ca684-f526-4f2c-b47d-3da3c19c684b",
|
|
"relationship--8f329145-5910-4344-952c-168c71fdc1af",
|
|
"relationship--3e867103-efb0-41b0-ac8f-f62f3026f10d",
|
|
"relationship--58ec0444-a3bd-4370-a643-8b2a7a4fb63f",
|
|
"relationship--ddda621f-62a9-4a91-b838-84d96dec50a9",
|
|
"relationship--a3f0e510-4826-4b1f-a925-42f16bae6cd3"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:tool=\"FruitFly\"",
|
|
"misp-galaxy:tool=\"MacDownloader\"",
|
|
"misp-galaxy:ransomware=\"MacRansom\"",
|
|
"misp-galaxy:rat=\"MacSpy\"",
|
|
"misp-galaxy:tool=\"Empyre\"",
|
|
"misp-galaxy:tool=\"Proton\"",
|
|
"misp-galaxy:tool=\"Mughthesec\"",
|
|
"misp-galaxy:tool=\"Pwnet\"",
|
|
"misp-galaxy:tool=\"CpuMeaner\"",
|
|
"misp-galaxy:ransomware=\"FileCoder\"",
|
|
"misp-galaxy:banker=\"Dok\"",
|
|
"misp-galaxy:mitre-malware=\"XAgentOSX\"",
|
|
"misp-galaxy:tool=\"X-Agent\"",
|
|
"misp-galaxy:tool=\"Turla\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:source-type=\"technical-report\"",
|
|
"malware_classification:malware-category=\"Ransomware\"",
|
|
"ms-caro-malware-full:malware-family=\"Banker\"",
|
|
"circl:incident-classification=\"malware\"",
|
|
"malware_classification:malware-category=\"Trojan\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a5725af-c85c-4245-9e36-442b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:02.000Z",
|
|
"modified": "2018-02-09T14:13:02.000Z",
|
|
"first_observed": "2018-02-09T14:13:02Z",
|
|
"last_observed": "2018-02-09T14:13:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a5725af-c85c-4245-9e36-442b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a5725af-c85c-4245-9e36-442b950d210f",
|
|
"value": "https://objective-see.com/blog/blog_0x25.html"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5a5726ab-e594-48e0-9f19-099b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:02.000Z",
|
|
"modified": "2018-02-09T14:13:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "For the second year in a row, I've decided to post a blog that comprehensively covers all the new Mac malware that appeared during the course of the year. While the specimens may have been briefly reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively cover all new Mac malware of 2017 - in one place. For each, we'll dive into various technical details such as identifying the malware's infection vector, persistence mechanism, features & goals, and describe how to clean an infected system."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a58693b-6748-42fb-8b4e-4507950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:02.000Z",
|
|
"modified": "2018-02-09T14:13:02.000Z",
|
|
"first_observed": "2018-02-09T14:13:02Z",
|
|
"last_observed": "2018-02-09T14:13:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a58693b-6748-42fb-8b4e-4507950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"technical-report\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a58693b-6748-42fb-8b4e-4507950d210f",
|
|
"value": "https://www.virusbulletin.com/uploads/pdf/magazine/2017/VB2017-Wardle.pdf"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a58693c-6350-40a4-9cf2-4b13950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:02.000Z",
|
|
"modified": "2018-02-09T14:13:02.000Z",
|
|
"first_observed": "2018-02-09T14:13:02Z",
|
|
"last_observed": "2018-02-09T14:13:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a58693c-6350-40a4-9cf2-4b13950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"technical-report\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a58693c-6350-40a4-9cf2-4b13950d210f",
|
|
"value": "https://www.cybersixgill.com/wp-content/uploads/2017/02/02072017%20-%20Proton%20-%20A%20New%20MAC%20OS%20RAT%20-%20Sixgill%20Threat%20Report.pdf"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6e-9420-44eb-9341-420d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:03.000Z",
|
|
"modified": "2018-02-09T14:13:03.000Z",
|
|
"first_observed": "2018-02-09T14:13:03Z",
|
|
"last_observed": "2018-02-09T14:13:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6e-9420-44eb-9341-420d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6e-9420-44eb-9341-420d950d210f",
|
|
"value": "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-c7e0-4330-a459-4a3f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:03.000Z",
|
|
"modified": "2018-02-09T14:13:03.000Z",
|
|
"first_observed": "2018-02-09T14:13:03Z",
|
|
"last_observed": "2018-02-09T14:13:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-c7e0-4330-a459-4a3f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-c7e0-4330-a459-4a3f950d210f",
|
|
"value": "https://objective-see.com/blog/blog_0x17.html"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-7aa0-4a57-bad2-4a74950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:04.000Z",
|
|
"modified": "2018-02-09T14:13:04.000Z",
|
|
"first_observed": "2018-02-09T14:13:04Z",
|
|
"last_observed": "2018-02-09T14:13:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-7aa0-4a57-bad2-4a74950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-7aa0-4a57-bad2-4a74950d210f",
|
|
"value": "https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/osx-proton-spreading-through-fake-symantec-blog/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-b1f0-4118-a840-4916950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:04.000Z",
|
|
"modified": "2018-02-09T14:13:04.000Z",
|
|
"first_observed": "2018-02-09T14:13:04Z",
|
|
"last_observed": "2018-02-09T14:13:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-b1f0-4118-a840-4916950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-b1f0-4118-a840-4916950d210f",
|
|
"value": "https://iranthreats.github.io/resources/macdownloader-macos-malware/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-bdc0-4812-a215-4367950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:04.000Z",
|
|
"modified": "2018-02-09T14:13:04.000Z",
|
|
"first_observed": "2018-02-09T14:13:04Z",
|
|
"last_observed": "2018-02-09T14:13:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-bdc0-4812-a215-4367950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-bdc0-4812-a215-4367950d210f",
|
|
"value": "https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-5334-4881-9275-4493950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:05.000Z",
|
|
"modified": "2018-02-09T14:13:05.000Z",
|
|
"first_observed": "2018-02-09T14:13:05Z",
|
|
"last_observed": "2018-02-09T14:13:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-5334-4881-9275-4493950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-5334-4881-9275-4493950d210f",
|
|
"value": "https://objective-see.com/blog/blog_0x1F.html"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-8e08-456a-95b3-44ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:05.000Z",
|
|
"modified": "2018-02-09T14:13:05.000Z",
|
|
"first_observed": "2018-02-09T14:13:05Z",
|
|
"last_observed": "2018-02-09T14:13:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-8e08-456a-95b3-44ca950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-8e08-456a-95b3-44ca950d210f",
|
|
"value": "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-387c-4485-90b5-420b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:06.000Z",
|
|
"modified": "2018-02-09T14:13:06.000Z",
|
|
"first_observed": "2018-02-09T14:13:06Z",
|
|
"last_observed": "2018-02-09T14:13:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-387c-4485-90b5-420b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-387c-4485-90b5-420b950d210f",
|
|
"value": "https://www.welivesecurity.com/2017/02/22/new-crypto-ransomware-hits-macos/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:06.000Z",
|
|
"modified": "2018-02-09T14:13:06.000Z",
|
|
"first_observed": "2018-02-09T14:13:06Z",
|
|
"last_observed": "2018-02-09T14:13:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-6ee0-4bb2-9ea3-41e5950d210f",
|
|
"value": "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-1b60-43b2-88a3-4966950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:06.000Z",
|
|
"modified": "2018-02-09T14:13:06.000Z",
|
|
"first_observed": "2018-02-09T14:13:06Z",
|
|
"last_observed": "2018-02-09T14:13:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-1b60-43b2-88a3-4966950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-1b60-43b2-88a3-4966950d210f",
|
|
"value": "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-8dac-4932-9d31-40e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:07.000Z",
|
|
"modified": "2018-02-09T14:13:07.000Z",
|
|
"first_observed": "2018-02-09T14:13:07Z",
|
|
"last_observed": "2018-02-09T14:13:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-8dac-4932-9d31-40e3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-8dac-4932-9d31-40e3950d210f",
|
|
"value": "https://objective-see.com/blog/blog_0x18.html"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-3130-4211-9d3e-47e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:07.000Z",
|
|
"modified": "2018-02-09T14:13:07.000Z",
|
|
"first_observed": "2018-02-09T14:13:07Z",
|
|
"last_observed": "2018-02-09T14:13:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-3130-4211-9d3e-47e1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-3130-4211-9d3e-47e1950d210f",
|
|
"value": "https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-windows-mac/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a586a6f-d9c8-45d5-9a8d-4246950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:08.000Z",
|
|
"modified": "2018-02-09T14:13:08.000Z",
|
|
"first_observed": "2018-02-09T14:13:08Z",
|
|
"last_observed": "2018-02-09T14:13:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a586a6f-d9c8-45d5-9a8d-4246950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a586a6f-d9c8-45d5-9a8d-4246950d210f",
|
|
"value": "https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a586d3d-d860-4ac4-83d1-4457950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:08.000Z",
|
|
"modified": "2018-02-09T14:13:08.000Z",
|
|
"description": "command and control (C&C) servers",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '99.153.29.240']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a586d3d-d274-479d-83c9-4b8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:08.000Z",
|
|
"modified": "2018-02-09T14:13:08.000Z",
|
|
"description": "command and control (C&C) servers",
|
|
"pattern": "[domain-name:value = 'eidk.hopto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5870d4-b0a0-42b8-85d7-45c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T08:24:52.000Z",
|
|
"modified": "2018-01-12T08:24:52.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T08:24:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5870d4-673c-4b17-a384-46df950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T08:24:52.000Z",
|
|
"modified": "2018-01-12T08:24:52.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T08:24:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5871a8-b690-4501-9bb8-43cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T08:28:24.000Z",
|
|
"modified": "2018-01-12T08:28:24.000Z",
|
|
"description": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
|
"pattern": "[file:hashes.SHA256 = 'befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T08:28:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5874a6-93e4-40c1-bcad-405b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:09.000Z",
|
|
"modified": "2018-02-09T14:13:09.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.188.230.50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5874a6-5d4c-46e9-a090-4ec9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:09.000Z",
|
|
"modified": "2018-02-09T14:13:09.000Z",
|
|
"pattern": "[file:name = 'gro.otpoh.kdie']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5874a6-0fbc-4bcd-b43b-4a09950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:10.000Z",
|
|
"modified": "2018-02-09T14:13:10.000Z",
|
|
"pattern": "[file:name = 'gro.sndkcud.kdie']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5874a6-8290-4544-9472-4222950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:10.000Z",
|
|
"modified": "2018-02-09T14:13:10.000Z",
|
|
"pattern": "[domain-name:value = 'eidk.duckdns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587b98-1324-48ec-bc3e-4949950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:11.000Z",
|
|
"modified": "2018-02-09T14:13:11.000Z",
|
|
"pattern": "[file:name = 'checkadr.txt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587b98-616c-412d-9933-4c69950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:11.000Z",
|
|
"modified": "2018-02-09T14:13:11.000Z",
|
|
"pattern": "[url:value = 'http://46.17.97.37/Servermac.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587b98-265c-4f10-91f4-4f9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:11.000Z",
|
|
"modified": "2018-02-09T14:13:11.000Z",
|
|
"pattern": "[file:name = 'eula-help.txt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587b98-3eec-4e65-b45e-4364950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:12.000Z",
|
|
"modified": "2018-02-09T14:13:12.000Z",
|
|
"pattern": "[url:value = 'http://192.168.3.217/DroperTest']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587b98-8cdc-4b4c-9072-4f66950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:12.000Z",
|
|
"modified": "2018-02-09T14:13:12.000Z",
|
|
"pattern": "[file:name = 'appId.txt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587d0d-e7cc-4f45-8596-4575950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:12.000Z",
|
|
"modified": "2018-02-09T14:13:12.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.17.97.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587d0d-7858-424b-aa19-4dc1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:13.000Z",
|
|
"modified": "2018-02-09T14:13:13.000Z",
|
|
"pattern": "[domain-name:value = 'officialswebsites.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587d0d-abc0-4374-9497-4376950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:13.000Z",
|
|
"modified": "2018-02-09T14:13:13.000Z",
|
|
"pattern": "[domain-name:value = 'utc.officialswebsites.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587f73-26fc-49f3-bb30-4c1a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:14.000Z",
|
|
"modified": "2018-02-09T14:13:14.000Z",
|
|
"pattern": "[url:value = 'https://www.securitychecking.org:443/index.asp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588997-15ac-4228-967b-4a1c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:10:31.000Z",
|
|
"modified": "2018-01-12T10:10:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:10:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588b7d-77b4-43bb-a98f-4df2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:14.000Z",
|
|
"modified": "2018-02-09T14:13:14.000Z",
|
|
"description": "command and control server",
|
|
"pattern": "[domain-name:value = 'handbrake.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588b7d-78e4-451b-997f-45ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:14.000Z",
|
|
"modified": "2018-02-09T14:13:14.000Z",
|
|
"description": "command and control server",
|
|
"pattern": "[domain-name:value = 'handbrakestore.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588b7d-1500-4e04-b20a-41e7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:15.000Z",
|
|
"modified": "2018-02-09T14:13:15.000Z",
|
|
"description": "command and control server",
|
|
"pattern": "[domain-name:value = 'handbrake.cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588c8c-c138-4cc7-84b9-421a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:15.000Z",
|
|
"modified": "2018-02-09T14:13:15.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'http://23.227.196.215/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588c8d-f950-4fc4-aa8a-4942950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:16.000Z",
|
|
"modified": "2018-02-09T14:13:16.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'http://apple-iclods.org/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588c8d-2f50-4f57-bdeb-48bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:16.000Z",
|
|
"modified": "2018-02-09T14:13:16.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'http://apple-checker.org/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588c8d-0c00-4303-b758-4d53950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:16.000Z",
|
|
"modified": "2018-02-09T14:13:16.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'http://apple-uptoday.org/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588c8d-4ba8-4400-84dd-47e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:17.000Z",
|
|
"modified": "2018-02-09T14:13:17.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'http://apple-search.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588cd4-2674-48e6-ba6d-4936950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:17.000Z",
|
|
"modified": "2018-02-09T14:13:17.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.227.196.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588cd4-296c-4c6b-b525-447d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:17.000Z",
|
|
"modified": "2018-02-09T14:13:17.000Z",
|
|
"pattern": "[domain-name:value = 'apple-iclods.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588cd4-0e2c-4f16-9612-4c46950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:18.000Z",
|
|
"modified": "2018-02-09T14:13:18.000Z",
|
|
"pattern": "[domain-name:value = 'apple-checker.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588cd4-1bd4-4974-80cc-46b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:18.000Z",
|
|
"modified": "2018-02-09T14:13:18.000Z",
|
|
"pattern": "[domain-name:value = 'apple-uptoday.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588cd4-83a8-4070-85fe-4751950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:19.000Z",
|
|
"modified": "2018-02-09T14:13:19.000Z",
|
|
"pattern": "[domain-name:value = 'apple-search.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588cd4-dcc0-4d12-b524-4832950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:19.000Z",
|
|
"modified": "2018-02-09T14:13:19.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.227.196.217']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588ce9-3f18-41de-a8f3-6247950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:24:41.000Z",
|
|
"modified": "2018-01-12T10:24:41.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:24:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588edc-55c8-4142-9d86-40aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:20.000Z",
|
|
"modified": "2018-02-09T14:13:20.000Z",
|
|
"description": "Proton C2 domain",
|
|
"pattern": "[domain-name:value = 'eltima.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588efe-f068-422e-8209-4f30950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:20.000Z",
|
|
"modified": "2018-02-09T14:13:20.000Z",
|
|
"description": "URL distributing the trojanized application at the time of discovery.",
|
|
"pattern": "[url:value = 'https://mac.eltima.com/download/elmediaplayer.dmg']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588efe-b770-4240-918f-40d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:20.000Z",
|
|
"modified": "2018-02-09T14:13:20.000Z",
|
|
"description": "URL distributing the trojanized application at the time of discovery.",
|
|
"pattern": "[url:value = 'http://www.elmedia-video-player.com/download/elmediaplayer.dmg']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588efe-6e7c-49fa-88b0-4926950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:21.000Z",
|
|
"modified": "2018-02-09T14:13:21.000Z",
|
|
"description": "URL distributing the trojanized application at the time of discovery.",
|
|
"pattern": "[url:value = 'https://mac.eltima.com/download/downloader_mac.dmg']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588fc0-2f8c-44e1-8bc0-4901950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:36:48.000Z",
|
|
"modified": "2018-01-12T10:36:48.000Z",
|
|
"description": "ZIP archive with the Proton malware and Python scripts",
|
|
"pattern": "[file:hashes.SHA1 = '10a09c09fd5dd76202e308718a357abc7de291b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:36:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58923e-99bc-4f6e-871e-4f47950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:47:26.000Z",
|
|
"modified": "2018-01-12T10:47:26.000Z",
|
|
"description": "Launcher (or wrapper)",
|
|
"pattern": "[file:hashes.SHA1 = '30d77908ac9d37c4c14d32ea3e0b8df4c7e75464']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:47:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58927b-3168-4cc8-8adb-45d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:48:27.000Z",
|
|
"modified": "2018-01-12T10:48:27.000Z",
|
|
"description": "Proton malware, not signed",
|
|
"pattern": "[file:hashes.SHA1 = 'ef5a11a1bb5b2423554309688aa7947f4afa5388']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:48:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5892db-aadc-434f-b8d2-4545950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:21.000Z",
|
|
"modified": "2018-02-09T14:13:21.000Z",
|
|
"pattern": "[domain-name:value = 'symantecblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58b14a-6e58-4ce3-8c6d-408b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:22.000Z",
|
|
"modified": "2018-02-09T14:13:22.000Z",
|
|
"pattern": "[domain-name:value = 'apple-iclods.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58b167-75d4-4ae8-b97e-49b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:22.000Z",
|
|
"modified": "2018-02-09T14:13:22.000Z",
|
|
"pattern": "[url:value = 'http://23.227.196.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58b167-8a0c-444d-b52f-4b59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:22.000Z",
|
|
"modified": "2018-02-09T14:13:22.000Z",
|
|
"pattern": "[url:value = 'http://apple-iclods.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58b167-c74c-41ef-9ae2-4f42950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:23.000Z",
|
|
"modified": "2018-02-09T14:13:23.000Z",
|
|
"pattern": "[url:value = 'http://apple-checker.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58b167-1de8-4feb-a032-477d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:23.000Z",
|
|
"modified": "2018-02-09T14:13:23.000Z",
|
|
"pattern": "[url:value = 'http://apple-uptoday.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bd65-4eb8-43e1-9555-4f95950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:51:33.000Z",
|
|
"modified": "2018-01-12T13:51:33.000Z",
|
|
"description": "Dok",
|
|
"pattern": "[file:hashes.SHA256 = '3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:51:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bd65-ec78-4531-82ff-439a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:51:33.000Z",
|
|
"modified": "2018-01-12T13:51:33.000Z",
|
|
"description": "Dok",
|
|
"pattern": "[file:hashes.SHA256 = 'cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:51:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bd65-b0bc-4851-8266-4e43950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:51:33.000Z",
|
|
"modified": "2018-01-12T13:51:33.000Z",
|
|
"description": "Dok",
|
|
"pattern": "[file:hashes.SHA256 = '4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:51:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bece-2560-4d95-bfdc-4996950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:57:34.000Z",
|
|
"modified": "2018-01-12T13:57:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:57:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58becf-33ac-4d37-bbee-4aaf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:57:35.000Z",
|
|
"modified": "2018-01-12T13:57:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:57:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bfe5-fcf4-4b2f-a229-4f94950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:24.000Z",
|
|
"modified": "2018-02-09T14:13:24.000Z",
|
|
"pattern": "[file:name = '/Library/LaunchDaemons/com.adobe.update.plist']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bfe6-3008-4b03-90dc-41e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:24.000Z",
|
|
"modified": "2018-02-09T14:13:24.000Z",
|
|
"pattern": "[file:name = '/Library/Scripts/installd.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c0fb-5c08-4a71-94fc-4dcd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:24.000Z",
|
|
"modified": "2018-02-09T14:13:24.000Z",
|
|
"pattern": "[domain-name:value = 'car-service.effers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c0fb-3e30-4946-b9e9-449c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:25.000Z",
|
|
"modified": "2018-02-09T14:13:25.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.87.11']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a586fc6-e0fc-4f06-b55a-46a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T08:20:22.000Z",
|
|
"modified": "2018-01-12T08:20:22.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0' AND file:name = 'macsvc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T08:20:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a5870b4-5c68-4077-8cce-4138950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T08:24:20.000Z",
|
|
"modified": "2018-01-12T08:24:20.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55' AND file:name = 'afpscan' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T08:24:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587b0f-b46c-4403-be5e-423d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:08:31.000Z",
|
|
"modified": "2018-01-12T09:08:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c' AND file:name = 'addone flashplayer.app.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:08:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587cfc-3568-4d8d-bcc1-4920950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:16:44.000Z",
|
|
"modified": "2018-01-12T09:16:44.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7' AND file:name = 'Bitdefender Adware Removal Tool' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:16:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a587e34-dc78-4406-897c-4cff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:21:56.000Z",
|
|
"modified": "2018-01-12T09:21:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d' AND file:name = 'U.S. Allies and Rivals Digest Trump\\'s Victory - Carnegie Endowment for International Peace.docm' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:21:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588039-c95c-4895-ad28-43ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T09:30:33.000Z",
|
|
"modified": "2018-01-12T09:30:33.000Z",
|
|
"pattern": "[domain-name:value = 'www.securitychecking.org' AND domain-name:resolves_to_refs[*].value = '185.22.174.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T09:30:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588e6f-c80c-4f1e-ab63-5fa4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:31:14.000Z",
|
|
"modified": "2018-01-12T10:31:14.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '0603353852e174fc0337642e3957c7423f182a8c' AND file:x_misp_state = 'Harmless']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:31:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588e83-b4f8-44e1-8e4c-5f67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:31:34.000Z",
|
|
"modified": "2018-01-12T10:31:34.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'e9dcdae1406ab1132dc9d507fd63503e5c4d41d9' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:31:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588e93-5dfc-45e3-b6a4-4456950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:31:50.000Z",
|
|
"modified": "2018-01-12T10:31:50.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '8cfa551d15320f0157ece3bdf30b1c62765a93a5' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:31:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588ea4-afa0-4611-bfb8-5f67950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:32:07.000Z",
|
|
"modified": "2018-01-12T10:32:07.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '0400b35d703d872adc64aa7ef914a260903998ca' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:32:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a588f59-6d78-49a5-994d-47b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:35:08.000Z",
|
|
"modified": "2018-01-12T10:35:08.000Z",
|
|
"description": "ZIP archive with the Proton malware and Python scripts",
|
|
"pattern": "[file:hashes.SHA1 = '9e5378165bb20e9a7f74a7fcc73b528f7b231a75' AND file:name = 'Elmedia Player.app/Contents/Resources/.pl.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:35:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a589228-91e8-4b7e-a099-4ccd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:47:07.000Z",
|
|
"modified": "2018-01-12T10:47:07.000Z",
|
|
"description": "Launcher (or wrapper)",
|
|
"pattern": "[file:hashes.SHA1 = 'c9472d791c076a10dce5ff0d3ab6e7706524b741' AND file:name = 'Elmedia Player.app/Contents/MacOS/Elmedia Player' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:47:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a589262-4dd4-4e98-8159-6247950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T10:48:05.000Z",
|
|
"modified": "2018-01-12T10:48:05.000Z",
|
|
"description": "Proton malware, not signed",
|
|
"pattern": "[file:hashes.SHA1 = '3ef34e2581937babd2b7ce63ab1d92cd9440181a' AND file:name = 'Updater.app/Contents/MacOS/Updater' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T10:48:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bada-0930-472d-8af6-4307950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:40:45.000Z",
|
|
"modified": "2018-01-12T13:40:45.000Z",
|
|
"description": "ZIP of App bundle",
|
|
"pattern": "[file:hashes.SHA1 = '1b7380d283ceebcabb683464ba0bb6dd73d6e886' AND file:name = 'Office 2016 Patcher.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:40:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bcda-a8f8-43a6-acb8-4fbc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:49:17.000Z",
|
|
"modified": "2018-01-12T13:49:17.000Z",
|
|
"description": "ZIP of App bundle",
|
|
"pattern": "[file:hashes.SHA1 = 'a91a529f89b1ab8792c345f823e101b55d656a08' AND file:name = 'Adobe Premiere Pro CC 2017 Patcher.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:49:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bcf9-4efc-4891-99c0-4a32950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:49:48.000Z",
|
|
"modified": "2018-01-12T13:49:48.000Z",
|
|
"description": "Mach-O",
|
|
"pattern": "[file:hashes.SHA1 = 'e55fe159e6e3a8459e9363401fcc864335fee321' AND file:name = 'Office 2016 Patcher' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:49:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58bd15-e480-4b26-b998-45da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T13:50:16.000Z",
|
|
"modified": "2018-01-12T13:50:16.000Z",
|
|
"description": "Mach-O",
|
|
"pattern": "[file:hashes.SHA1 = '3820b23c1057f8c3522c47737f25183a3c15e4db' AND file:name = 'Adobe Premiere Pro CC 2017 Patcher' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T13:50:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c01c-b8f4-40e3-98cd-4936950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:03:08.000Z",
|
|
"modified": "2018-01-12T14:03:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea' AND file:name = 'Install Adobe Flash Player.app.zip' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:03:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c036-a548-4862-a538-446a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:03:34.000Z",
|
|
"modified": "2018-01-12T14:03:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060' AND file:name = 'Install' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:03:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c050-7084-4c75-9670-400a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:04:00.000Z",
|
|
"modified": "2018-01-12T14:04:00.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9' AND file:name = 'install.sh' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:04:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c075-f7d4-4c8b-8e4b-4bb9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:04:37.000Z",
|
|
"modified": "2018-01-12T14:04:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30' AND file:name = 'Install Adobe Flash Player' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:04:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c093-809c-40dc-b89c-4465950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:05:07.000Z",
|
|
"modified": "2018-01-12T14:05:07.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2' AND file:name = 'Installdp' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:05:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c0ae-c4dc-4e61-adac-4746950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:05:34.000Z",
|
|
"modified": "2018-01-12T14:05:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0' AND file:name = 'com.adobe.update' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:05:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c0c3-26d0-4a90-8753-4cf7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:05:55.000Z",
|
|
"modified": "2018-01-12T14:05:55.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506' AND file:name = 'installd.sh' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:05:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a58c0d9-822c-4fc7-96ad-4dbc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:06:17.000Z",
|
|
"modified": "2018-01-12T14:06:17.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387' AND file:name = 'queue' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:06:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1a0ee044-7122-498a-9723-2e6a34cfe282",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:35.000Z",
|
|
"modified": "2018-01-12T14:07:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '766f058837b08f890bb97198c21b6cc1' AND file:hashes.SHA1 = 'a91a529f89b1ab8792c345f823e101b55d656a08' AND file:hashes.SHA256 = 'c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:32.000Z",
|
|
"modified": "2018-01-12T14:07:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c124-f528-425a-945d-401002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c124-1cd0-4c4d-8d7c-4db102de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-08-02T19:52:45",
|
|
"category": "Other",
|
|
"uuid": "5a58c124-83a4-409a-93a3-474702de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dd355e08-3cf3-4834-aff2-942c4d631ef8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:35.000Z",
|
|
"modified": "2018-01-12T14:07:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '29fb77664fc4f13ea5f65cfe01b292af' AND file:hashes.SHA1 = '8cfa551d15320f0157ece3bdf30b1c62765a93a5' AND file:hashes.SHA256 = 'c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d553ed19-0a19-4bff-a1cb-29a2174a1504",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:32.000Z",
|
|
"modified": "2018-01-12T14:07:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1508668992/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c124-4378-4212-99ee-435c02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "16/58",
|
|
"category": "Other",
|
|
"uuid": "5a58c124-bc04-4d71-89f6-4c7c02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-22T10:43:12",
|
|
"category": "Other",
|
|
"uuid": "5a58c125-baf8-4e35-93df-4ada02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--607b7d37-5391-4828-9785-747ca987e6d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ff44372fce42ffe13222e7237d4cdef1' AND file:hashes.SHA1 = 'ef5a11a1bb5b2423554309688aa7947f4afa5388' AND file:hashes.SHA256 = '061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c962297e-54fe-479d-bc30-24c2e4425ad9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:33.000Z",
|
|
"modified": "2018-01-12T14:07:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7/analysis/1511177323/",
|
|
"category": "External analysis",
|
|
"comment": "Proton malware, not signed",
|
|
"uuid": "5a58c125-5db4-4da5-9a07-4a9902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/58",
|
|
"category": "Other",
|
|
"comment": "Proton malware, not signed",
|
|
"uuid": "5a58c125-b6dc-4beb-bc75-4e4002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T11:28:43",
|
|
"category": "Other",
|
|
"comment": "Proton malware, not signed",
|
|
"uuid": "5a58c125-9158-43b5-9839-45a602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--845b2d47-0368-4a40-91d0-479d97eacda4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c7a2a5c0fbe4df3afd9dbedecf8321da' AND file:hashes.SHA1 = 'e9dcdae1406ab1132dc9d507fd63503e5c4d41d9' AND file:hashes.SHA256 = 'b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--22650c01-93d0-43cb-9b39-9e6b3db474eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:33.000Z",
|
|
"modified": "2018-01-12T14:07:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c125-7bfc-4172-995d-492d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c125-bbcc-43e0-b20b-485102de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-25T09:02:17",
|
|
"category": "Other",
|
|
"uuid": "5a58c125-579c-4620-a593-4efc02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8cb5ebee-fcb0-4f05-a707-708b1eaddd59",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0ca749b61c7e76e6ec07c33aab01aab3' AND file:hashes.SHA1 = '9e5378165bb20e9a7f74a7fcc73b528f7b231a75' AND file:hashes.SHA256 = '553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9f51aaa1-7f34-4b9a-b4a4-34413e3295e3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:33.000Z",
|
|
"modified": "2018-01-12T14:07:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c125-2dd4-4e08-a8eb-40ac02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/60",
|
|
"category": "Other",
|
|
"uuid": "5a58c125-e1e0-4a1d-a360-460d02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T19:44:34",
|
|
"category": "Other",
|
|
"uuid": "5a58c125-06bc-43be-aab6-4d6d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f5013e080d628a35ba190621e0998c2' AND file:hashes.SHA1 = '3ef34e2581937babd2b7ce63ab1d92cd9440181a' AND file:hashes.SHA256 = 'cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--21ee3580-cfc9-41d7-99c2-00615d045962",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:33.000Z",
|
|
"modified": "2018-01-12T14:07:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c125-56c4-4949-b3c5-416f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c125-c294-4611-8b13-42e002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T11:45:55",
|
|
"category": "Other",
|
|
"uuid": "5a58c125-8914-456b-b452-404802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5f145ed27ec88add379676729cbad15f' AND file:hashes.SHA1 = '10a09c09fd5dd76202e308718a357abc7de291b5' AND file:hashes.SHA256 = '2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--eb9962e1-8c34-45bf-b7be-9ce7bc3fec07",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:34.000Z",
|
|
"modified": "2018-01-12T14:07:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7/analysis/1511434500/",
|
|
"category": "External analysis",
|
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
|
"uuid": "5a58c126-08b0-47d4-b924-4cf202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/60",
|
|
"category": "Other",
|
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
|
"uuid": "5a58c126-dac8-4d6e-9d75-48a902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-23T10:55:00",
|
|
"category": "Other",
|
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
|
"uuid": "5a58c126-4d14-42b2-9895-4fb802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a10445d8-f9e8-485b-8d4a-167ce8bea45d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '20f20918149fa3a972a87b3364248772' AND file:hashes.SHA1 = '3820b23c1057f8c3522c47737f25183a3c15e4db' AND file:hashes.SHA256 = 'c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cb259893-8a4b-4847-b19a-50a9bb705885",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:34.000Z",
|
|
"modified": "2018-01-12T14:07:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c126-08ac-404d-a0ae-4ea102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c126-aa14-43ec-87e2-482702de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-03T00:09:00",
|
|
"category": "Other",
|
|
"uuid": "5a58c126-0764-4002-afca-4c5c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f41bbf4c-5ca3-4e62-af09-e1a9145ee05e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1b8be665af7729618d70bad773aac423' AND file:hashes.SHA1 = '1b7380d283ceebcabb683464ba0bb6dd73d6e886' AND file:hashes.SHA256 = 'd19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bf3e1c52-bd79-4344-beed-865e505b5210",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:34.000Z",
|
|
"modified": "2018-01-12T14:07:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c126-33a8-4741-976e-440402de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/60",
|
|
"category": "Other",
|
|
"uuid": "5a58c126-c5f0-4350-a0c0-47d602de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-23T22:37:07",
|
|
"category": "Other",
|
|
"uuid": "5a58c126-9664-463a-bb7a-46e102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--44885bf0-1f38-4d25-b9d9-80c3b47bed40",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cc3297083ad89cabfd58d251cbbe3ca9' AND file:hashes.SHA1 = 'c9472d791c076a10dce5ff0d3ab6e7706524b741' AND file:hashes.SHA256 = '2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e4dd2223-b1b9-40d2-b87b-9e819a6a68fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:34.000Z",
|
|
"modified": "2018-01-12T14:07:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c126-b024-4447-a928-4c8c02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/60",
|
|
"category": "Other",
|
|
"uuid": "5a58c126-5fec-48c6-b0af-4df102de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T11:30:10",
|
|
"category": "Other",
|
|
"uuid": "5a58c126-7388-4421-a4e6-4b7a02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bf5df298-de3c-4398-9e6d-833e38d5c81f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a6f74f29c985259fe1f6c4821c51373' AND file:hashes.SHA1 = '0400b35d703d872adc64aa7ef914a260903998ca' AND file:hashes.SHA256 = '247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ddd10108-2f29-4846-bea0-1e80d1c62981",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:34.000Z",
|
|
"modified": "2018-01-12T14:07:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c126-a598-4cee-b6d2-4cca02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c126-5fc4-4512-ac9a-47c602de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-10T19:20:36",
|
|
"category": "Other",
|
|
"uuid": "5a58c127-03d4-4cdd-afd4-466302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4451bac1-bdc3-4bbd-a01d-ec5902aea71d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ff80d97674e148687affd6a4e3ccf00a' AND file:hashes.SHA1 = '30d77908ac9d37c4c14d32ea3e0b8df4c7e75464' AND file:hashes.SHA256 = '4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3efc2992-b363-4793-87b3-5ec2032cdd31",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:35.000Z",
|
|
"modified": "2018-01-12T14:07:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d/analysis/1511434515/",
|
|
"category": "External analysis",
|
|
"comment": "Launcher (or wrapper)",
|
|
"uuid": "5a58c127-e140-45dd-9460-462d02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/56",
|
|
"category": "Other",
|
|
"comment": "Launcher (or wrapper)",
|
|
"uuid": "5a58c127-9e20-4ff5-860f-428b02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-23T10:55:15",
|
|
"category": "Other",
|
|
"comment": "Launcher (or wrapper)",
|
|
"uuid": "5a58c127-f8f4-467f-9072-4c6602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9086285-81ea-4ede-b4d3-0c086cd67629",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fc22fbe8dda4258a9f0ceb7e15a04fc2' AND file:hashes.SHA1 = 'e55fe159e6e3a8459e9363401fcc864335fee321' AND file:hashes.SHA256 = '91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bb34db62-0780-4909-ad47-8d825362d6cf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:35.000Z",
|
|
"modified": "2018-01-12T14:07:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c127-bffc-4d77-a7b4-4ac202de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/60",
|
|
"category": "Other",
|
|
"uuid": "5a58c127-35d0-41dd-9c8a-406402de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-03T00:09:01",
|
|
"category": "Other",
|
|
"uuid": "5a58c127-9b88-42e8-be0e-4a4602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--49b4e424-a863-47c4-907c-e282e6e65df3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c411c46b480e84aae81abbe47c628dae' AND file:hashes.SHA1 = '0603353852e174fc0337642e3957c7423f182a8c' AND file:hashes.SHA256 = 'c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b5786be9-5a78-4df3-b021-1dec3dec8d55",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:35.000Z",
|
|
"modified": "2018-01-12T14:07:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c127-cf20-45a3-8d13-409f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "4/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c127-e0e8-456a-814b-41b902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-10T19:20:33",
|
|
"category": "Other",
|
|
"uuid": "5a58c127-a940-41c2-9e04-4bde02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4fe5fd-d899-4e20-b4b5-e39398733757",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2ee232b1a56f21bdd0b46ba0acd12a22' AND file:hashes.SHA1 = 'db3f0426f6e434555e6b6bb4053e508f74580387' AND file:hashes.SHA256 = 'cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4f4b9b57-b256-4d40-ae26-c8602137bfb6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:35.000Z",
|
|
"modified": "2018-01-12T14:07:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7/analysis/1495101805/",
|
|
"category": "External analysis",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c127-a370-4e4c-ae0b-466b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/57",
|
|
"category": "Other",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c127-2fe0-4b75-9436-471902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-05-18T10:03:25",
|
|
"category": "Other",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c127-6b98-4802-9762-400802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a49ac8ee-df74-445f-9d00-eff900554eb8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e8bdde90574d5bf285d9abb0c8a113a8' AND file:hashes.SHA1 = 'f5d3425482dc4f4f738277ff3ba315b496894899' AND file:hashes.SHA256 = '7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:35.000Z",
|
|
"modified": "2018-01-12T14:07:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145/analysis/1494408249/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c128-10a0-4988-b743-418602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "28/57",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-c720-4ebb-8203-472b02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-05-10T09:24:09",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-a12c-4f6c-b6dc-469202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:39.000Z",
|
|
"modified": "2018-01-12T14:07:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7bb4f5d962a5b3bb18db9ce08c0b6cbf' AND file:hashes.SHA1 = '66e520e18accd92abb4722a6cd6a285981ac5bd1' AND file:hashes.SHA256 = 'bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--84bccfef-2072-49f1-b605-8bca7e67be2f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c128-1c0c-453e-afe1-432602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-2de0-4e78-9e87-4fb602de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-30T15:05:19",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-f8f4-45ca-b414-404c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--25d83980-fd95-481d-a330-6e969b0253eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:39.000Z",
|
|
"modified": "2018-01-12T14:07:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '473c6a0b2af67c241a29d87e7fd33634' AND file:hashes.SHA1 = 'fb4a50ae8a4a5e76a3f88935e4374d4287a53b7d' AND file:hashes.SHA256 = '4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0f57df59-7f2e-4538-ad44-9198ae1eb7e7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7/analysis/1506371408/",
|
|
"category": "External analysis",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c128-5100-44bd-81b1-420602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/59",
|
|
"category": "Other",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c128-ad88-447c-b50d-441802de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-09-25T20:30:08",
|
|
"category": "Other",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c128-3fb8-4d31-a6d9-432302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:39.000Z",
|
|
"modified": "2018-01-12T14:07:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1de4838f13c49d9f959d04b363326ac1' AND file:hashes.SHA1 = '598ebb19bf9fbc17c0bf85ce4ece91fa061f74a6' AND file:hashes.SHA256 = '07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c128-94c8-4d37-8f35-48d702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/61",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-8470-4abc-9828-48aa02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-14T08:08:18",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-6f04-4358-81ca-4fe902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:39.000Z",
|
|
"modified": "2018-01-12T14:07:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '787d664e842961f2a335139407f91a70' AND file:hashes.SHA1 = 'a323168f95d1a1c65186888c6dd16cd2f9f8539a' AND file:hashes.SHA256 = '52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--1de4ff44-ee71-4017-a208-7510bc2224ab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c128-1f14-43ba-9f74-48d802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-ded4-439e-a6d2-48f302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T09:51:58",
|
|
"category": "Other",
|
|
"uuid": "5a58c128-e378-46d6-915f-417602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:39.000Z",
|
|
"modified": "2018-01-12T14:07:39.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9d9cca200dd0e5f9d59225131d5269b0' AND file:hashes.SHA1 = 'cd42b88569faa946a4b9d6f7408b958dcbcf7554' AND file:hashes.SHA256 = '83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--76a37ccf-a61f-4466-b91b-dfb81cd4087d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:36.000Z",
|
|
"modified": "2018-01-12T14:07:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c129-dd54-4313-8925-4f4f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c129-b444-48e8-a098-4cba02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-30T15:04:09",
|
|
"category": "Other",
|
|
"uuid": "5a58c129-b744-45c2-a5c1-47b202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:40.000Z",
|
|
"modified": "2018-01-12T14:07:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e4744b9f927dc8048a19dca15590660c' AND file:hashes.SHA1 = '18957d7549b4e296fcaeb122ff241d9799804fa3' AND file:hashes.SHA256 = 'ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1514646222/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c129-53f8-4fe7-80be-4cf002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c129-237c-400c-930b-465f02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-30T15:03:42",
|
|
"category": "Other",
|
|
"uuid": "5a58c129-ab20-4015-aa35-474802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:40.000Z",
|
|
"modified": "2018-01-12T14:07:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f8e3c8e43593ecbd9b62f6e18c8d6474' AND file:hashes.SHA1 = '3c4904832392e70e415b0520d45ff7a1c93c2c4e' AND file:hashes.SHA256 = 'b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d7545769-a98f-47ac-89e1-9074f18b2266",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c129-c95c-4d21-b95c-428a02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c129-fd44-44ab-91ab-43bb02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-30T15:05:06",
|
|
"category": "Other",
|
|
"uuid": "5a58c129-2424-40da-9197-49e602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2c1cfefa-96a0-4099-a720-69b64d16fe5f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:40.000Z",
|
|
"modified": "2018-01-12T14:07:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '87a4bff26626ccf022bda7373241275c' AND file:hashes.SHA1 = '7cf55e0de9f191dc16a10de1e47fb25aa0a79856' AND file:hashes.SHA256 = '3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2beed4ba-5af8-427c-8270-b6a6456df65c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94/analysis/1501706972/",
|
|
"category": "External analysis",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c129-ae58-4973-8304-472102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/59",
|
|
"category": "Other",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c129-8524-49dd-a159-44ac02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-08-02T20:49:32",
|
|
"category": "Other",
|
|
"comment": "Dok",
|
|
"uuid": "5a58c129-2d98-493d-a833-463902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9cb63957-a223-4016-bf62-7eac015b02a4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:40.000Z",
|
|
"modified": "2018-01-12T14:07:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '72d4d364ed91dd9418d144a2db837a6d' AND file:hashes.SHA1 = '794bcba867307bdbd5f947f6c939eb4df1d2c9b8' AND file:hashes.SHA256 = 'befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--83cea96d-ea16-4220-b8d5-88ca68baf4d5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271/analysis/1514807982/",
|
|
"category": "External analysis",
|
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
|
"uuid": "5a58c129-08e8-4d94-b754-49a702de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/58",
|
|
"category": "Other",
|
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
|
"uuid": "5a58c129-957c-4b15-a39b-487e02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-01T11:59:42",
|
|
"category": "Other",
|
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
|
"uuid": "5a58c129-f0d8-4d88-a99c-437c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--90395b9d-bff0-4af6-adaf-a864379542da",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:40.000Z",
|
|
"modified": "2018-01-12T14:07:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f8e4cab429263406fbf11b41fd539839' AND file:hashes.SHA1 = '5b5a34dfc102f0c18b0b0e83c6fda431969e7957' AND file:hashes.SHA256 = '7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--494c3c26-d774-4f6a-aa08-5eba8f2211db",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:37.000Z",
|
|
"modified": "2018-01-12T14:07:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c129-9c80-42c7-9549-46a102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/56",
|
|
"category": "Other",
|
|
"uuid": "5a58c129-9440-40d5-b718-4ec402de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-07-11T10:45:12",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-cb2c-48d7-9fbb-4fa102de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--41a354b8-fbc4-48fc-8976-bd9a3593a07c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:41.000Z",
|
|
"modified": "2018-01-12T14:07:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '14c1cd9c5f263d5ba988838e0c3e3cf6' AND file:hashes.SHA1 = 'd9685bea995e57ae89d10122cb76022554179ff7' AND file:hashes.SHA256 = '4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--77040fb6-0d6c-459f-986f-92b37cffe118",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5/analysis/1512340695/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c12a-f260-4da2-ac1a-4cc602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-3350-4b41-a95a-431c02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-03T22:38:15",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-2a2c-4aeb-b525-4b6b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--480e2ec8-94b2-4682-a591-c2e86c390ead",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:41.000Z",
|
|
"modified": "2018-01-12T14:07:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3adf6025eb710f2bf1918ee2f116153d' AND file:hashes.SHA1 = '03ab5fdb40db260dbc35aadba202e920e57eb348' AND file:hashes.SHA256 = '94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e6e5e5d4-0dc1-4dca-a921-aa923f455fcf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647/analysis/1507843547/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c12a-1c30-410f-85d5-417502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/64",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-59d4-44b7-bc9d-484b02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-12T21:25:47",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-ec04-4bff-b537-48b002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--74bef4c3-487c-4941-b138-c8c0e3413b50",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:41.000Z",
|
|
"modified": "2018-01-12T14:07:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4fe4b9560e99e33dabca553e2eeee510' AND file:hashes.SHA1 = '70a1c4ed3a09a44a41d54c4fd4b409a5fc3159f6' AND file:hashes.SHA256 = '2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--78a04ae2-f33b-4b5a-b0ad-64f842d70385",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea/analysis/1513289308/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c12a-58c8-4f7f-98bf-402b02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "35/59",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-9834-4b50-8cae-4e8902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-14T22:08:28",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-1c8c-4b5e-bde2-4e1d02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1f840571-741e-4096-92d6-78e58c49109c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:41.000Z",
|
|
"modified": "2018-01-12T14:07:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd4a14a1516d5ec9452a29de24ba85d0e' AND file:hashes.SHA1 = '1e493ebde7fa77d5ae503aa7758fac87d11da116' AND file:hashes.SHA256 = '694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-01-12T14:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--268e55cb-3597-4e16-8007-a8b36cf61376",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-01-12T14:07:38.000Z",
|
|
"modified": "2018-01-12T14:07:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26/analysis/1490814542/",
|
|
"category": "External analysis",
|
|
"uuid": "5a58c12a-c3cc-4fbb-a5e8-471102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/61",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-004c-4834-bc4d-4d1f02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-03-29T19:09:02",
|
|
"category": "Other",
|
|
"uuid": "5a58c12a-eb88-4d06-b8f2-418c02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--10efb953-d0cc-4219-8b64-fd1aea48048d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:25.000Z",
|
|
"modified": "2018-02-09T14:13:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac85-b2ac-41f6-b740-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/60",
|
|
"category": "Other",
|
|
"uuid": "5a7dac86-9a60-4639-8728-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-03T00:09:01",
|
|
"category": "Other",
|
|
"uuid": "5a7dac86-78c8-4dde-995a-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e72fba22-ef47-4486-b345-e02af2e3f2ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:27.000Z",
|
|
"modified": "2018-02-09T14:13:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac87-ab30-4a0f-a272-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac87-37d0-4aea-8fc1-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-08-02T19:52:45",
|
|
"category": "Other",
|
|
"uuid": "5a7dac88-374c-486c-b8e4-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c484d968-23eb-42f0-95b4-c646ff1c4a46",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:28.000Z",
|
|
"modified": "2018-02-09T14:13:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac88-529c-43c9-b17f-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "4/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac89-ebc8-432d-b5c8-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-10T19:20:33",
|
|
"category": "Other",
|
|
"uuid": "5a7dac89-c4f4-428d-8287-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--672456f3-351d-4587-8114-0c562fcb6082",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:29.000Z",
|
|
"modified": "2018-02-09T14:13:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1517291247/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac89-a63c-4489-a367-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/57",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8a-7ff8-48e9-a679-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-30T05:47:27",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8a-4064-4004-8980-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a643b2e6-13d0-4844-bb44-3708ee4f1430",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:31.000Z",
|
|
"modified": "2018-02-09T14:13:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac8b-8cf8-4255-86ff-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8b-c124-442a-a439-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-03T00:09:00",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8c-5b90-4234-b8fd-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cde25116-2c43-45fe-90a9-9d17cf9e4e7c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:32.000Z",
|
|
"modified": "2018-02-09T14:13:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac8c-323c-403a-9a56-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/60",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8d-d7f8-4a96-95f5-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T11:30:10",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8d-725c-499e-b7f4-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a41b07c7-d703-4a24-95e3-7d4c50770c9b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:33.000Z",
|
|
"modified": "2018-02-09T14:13:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac8e-07e0-4c33-9b6a-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8e-a368-417b-b760-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-10T19:20:36",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8e-33c8-46cf-a13e-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e71d92c3-fb0b-4408-95c7-c3afe71baae7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:35.000Z",
|
|
"modified": "2018-02-09T14:13:35.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac8f-7b34-4b78-8bd4-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac8f-f828-45bf-b4df-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T11:45:55",
|
|
"category": "Other",
|
|
"uuid": "5a7dac90-3068-4807-84b7-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:36.000Z",
|
|
"modified": "2018-02-09T14:13:36.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac90-6f48-4a9e-8db0-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/60",
|
|
"category": "Other",
|
|
"uuid": "5a7dac91-22a8-49a5-b55b-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-23T22:37:07",
|
|
"category": "Other",
|
|
"uuid": "5a7dac91-2880-45a8-aa36-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--77a6bb0a-b55e-4b33-ae86-c7ae2004d914",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:37.000Z",
|
|
"modified": "2018-02-09T14:13:37.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac91-e6a4-4c17-a91f-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/60",
|
|
"category": "Other",
|
|
"uuid": "5a7dac92-6310-4a33-b91a-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-20T19:44:34",
|
|
"category": "Other",
|
|
"uuid": "5a7dac92-e444-4b6d-9955-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c54a631e-db6e-4cc7-856d-07a974bfc25a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:39.000Z",
|
|
"modified": "2018-02-09T14:13:39.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac93-7824-4f8e-bd52-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac93-360c-40e2-84e1-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-10-25T09:02:17",
|
|
"category": "Other",
|
|
"uuid": "5a7dac94-b604-42a2-b52f-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0840973f-94a7-411c-9c35-bebd86da7b47",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:40.000Z",
|
|
"modified": "2018-02-09T14:13:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac94-0788-4ac3-b2cd-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/61",
|
|
"category": "Other",
|
|
"uuid": "5a7dac95-d758-489d-8de5-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-14T08:08:18",
|
|
"category": "Other",
|
|
"uuid": "5a7dac95-1268-470f-b2e9-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7e1bd57e-b8fe-46ce-acd5-c763793f28c5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:42.000Z",
|
|
"modified": "2018-02-09T14:13:42.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac96-fa78-4f88-9729-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/56",
|
|
"category": "Other",
|
|
"uuid": "5a7dac96-a828-424a-9fa2-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-07-11T10:45:12",
|
|
"category": "Other",
|
|
"uuid": "5a7dac96-5e3c-4566-9d7f-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--01b8d2c8-326f-4555-a514-65bbf934d953",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:43.000Z",
|
|
"modified": "2018-02-09T14:13:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac97-3a78-48c9-8423-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac98-7c80-4d0c-8310-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-10T09:51:58",
|
|
"category": "Other",
|
|
"uuid": "5a7dac98-e9a4-4565-a4ea-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2835626e-b913-4889-a9d9-fdbe227feadb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:47.000Z",
|
|
"modified": "2018-02-09T14:13:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = '77b4ffe73491d534946d010bfca138f7' AND file:hashes.SHA1 = 'd20482372f9e63a54854d639cc79d0b65bc8382b' AND file:hashes.SHA256 = 'b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a28ef769-5398-4eb7-9b00-fab900d14c43",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:46.000Z",
|
|
"modified": "2018-02-09T14:13:46.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea/analysis/1511755782/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac9a-7b60-4984-bad7-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/57",
|
|
"category": "Other",
|
|
"uuid": "5a7dac9a-0944-420b-9074-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-27T04:09:42",
|
|
"category": "Other",
|
|
"uuid": "5a7dac9b-1724-4270-8e32-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5c2bd08b-1259-4095-9c9e-3b74506b1585",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:47.000Z",
|
|
"modified": "2018-02-09T14:13:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac9b-b914-4fe7-b2a2-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac9c-3468-45b3-94be-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-30T15:04:09",
|
|
"category": "Other",
|
|
"uuid": "5a7dac9c-a888-46c1-9692-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--85b2b880-d3e8-4dea-bea6-10c2a491856b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:48.000Z",
|
|
"modified": "2018-02-09T14:13:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac9d-c880-4055-b1d5-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "30/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dac9d-8c18-4c2f-9d02-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-30T15:05:19",
|
|
"category": "Other",
|
|
"uuid": "5a7dac9d-11f0-4b60-9bfe-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fb3000f4-1ebc-42d4-8e4a-2275d659efe6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:53.000Z",
|
|
"modified": "2018-02-09T14:13:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f48ee47a79d5da606e9eff0401971075' AND file:hashes.SHA1 = '087aa8d2fcfffa85707214928d9f4ca16e8af5ac' AND file:hashes.SHA256 = '6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5cbeb48f-30a6-478a-bea9-9928524630c6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:51.000Z",
|
|
"modified": "2018-02-09T14:13:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506/analysis/1494501354/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dac9f-46b8-4185-b9a5-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/56",
|
|
"category": "Other",
|
|
"uuid": "5a7daca0-fca0-44dc-8b88-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-05-11T11:15:54",
|
|
"category": "Other",
|
|
"uuid": "5a7daca0-6900-4a96-b16b-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f53a44f1-158b-4212-bc9e-8e257362a32c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:56.000Z",
|
|
"modified": "2018-02-09T14:13:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5e996bcbb6f15d345a4a59758dc4d75f' AND file:hashes.SHA1 = '73994f62dfac62e32968abeb5206043464eb4792' AND file:hashes.SHA256 = '92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3bd1c560-3b57-4248-b95c-72723eebd90c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:54.000Z",
|
|
"modified": "2018-02-09T14:13:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387/analysis/1517417420/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7daca2-3940-4dc5-992d-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "13/57",
|
|
"category": "Other",
|
|
"uuid": "5a7daca3-b854-4cf7-92a4-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-31T16:50:20",
|
|
"category": "Other",
|
|
"uuid": "5a7daca3-0674-4c54-904f-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--edc8ba48-d186-4b7f-a8e4-54fdfee91503",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:58.000Z",
|
|
"modified": "2018-02-09T14:13:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3a5fc199189cf39ec58ec6fb2c3c7d93' AND file:hashes.SHA1 = 'd972e12685591b71432faaf70c71ced4b6e522a0' AND file:hashes.SHA256 = '7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:13:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--cf7832e0-5495-4a89-95df-cb4dd915842e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:57.000Z",
|
|
"modified": "2018-02-09T14:13:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30/analysis/1518176286/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7daca5-a77c-46db-a274-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "0/59",
|
|
"category": "Other",
|
|
"uuid": "5a7daca5-aafc-4d39-ba71-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-09T11:38:06",
|
|
"category": "Other",
|
|
"uuid": "5a7daca6-e190-46bd-88c9-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f8e43169-3421-43af-8b25-be605a3ea859",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:01.000Z",
|
|
"modified": "2018-02-09T14:14:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6c74ff2cc39b5362ee5dec576ece211b' AND file:hashes.SHA1 = 'a201f1760ca4f99dff682a4e5c656f149f5d8e7c' AND file:hashes.SHA256 = '5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:14:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2e77adf4-a30d-4dcf-9fcd-9a263b1971c7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:13:59.000Z",
|
|
"modified": "2018-02-09T14:13:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060/analysis/1511748584/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7daca7-2690-4c19-9ad1-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/57",
|
|
"category": "Other",
|
|
"uuid": "5a7daca8-efc0-48bf-82c4-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-11-27T02:09:44",
|
|
"category": "Other",
|
|
"uuid": "5a7daca8-f524-4e70-83ce-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--770417f7-66d8-4c14-a590-25829420ef72",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:04.000Z",
|
|
"modified": "2018-02-09T14:14:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a90379e02cf9b66c3863131730a4b099' AND file:hashes.SHA1 = '26f1dc4618b87b52ff1c5e27a5ba260d5f034a0f' AND file:hashes.SHA256 = '0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:14:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d250cbbd-0387-4477-9487-647ba7f369ed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:02.000Z",
|
|
"modified": "2018-02-09T14:14:02.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9/analysis/1493992385/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dacaa-53c0-407f-a48e-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/56",
|
|
"category": "Other",
|
|
"uuid": "5a7dacab-a424-4aaf-8a77-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-05-05T13:53:05",
|
|
"category": "Other",
|
|
"uuid": "5a7dacab-3264-4ca4-aaa3-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--18939e64-0afb-4ae4-8995-189b92423b98",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:06.000Z",
|
|
"modified": "2018-02-09T14:14:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '000e4225f382f9eee675dcaf3cbf9c7e' AND file:hashes.SHA1 = '0a0ae94f92a50937d920bf02dd26b477c840a915' AND file:hashes.SHA256 = 'd5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:14:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--55b685d6-7fdc-4538-b113-d253384b213a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:05.000Z",
|
|
"modified": "2018-02-09T14:14:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2/analysis/1503971137/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dacad-3ff4-46ee-b49a-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dacad-5b28-4055-9bec-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-08-29T01:45:37",
|
|
"category": "Other",
|
|
"uuid": "5a7dacae-2d68-4151-bd0e-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e5e57871-79b1-4440-95b3-49bc62c724e5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:06.000Z",
|
|
"modified": "2018-02-09T14:14:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1515766221/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dacae-4ec8-4dc8-aec5-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dacaf-824c-45b4-8c23-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-12T14:10:21",
|
|
"category": "Other",
|
|
"uuid": "5a7dacaf-84f0-4857-9453-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8d7a2d17-30f8-46c6-aa2c-c99caf8b8208",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:10.000Z",
|
|
"modified": "2018-02-09T14:14:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a79ac543b0836b53a3623e0b4cb6a6f7' AND file:hashes.SHA1 = 'd6a09a1c2964b228143092e200d17531a8aefc9d' AND file:hashes.SHA256 = 'b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ece0181f-f705-463f-bea6-08263cc535ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:09.000Z",
|
|
"modified": "2018-02-09T14:14:09.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0/analysis/1494500661/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dacb1-a620-4047-a010-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "16/56",
|
|
"category": "Other",
|
|
"uuid": "5a7dacb1-d0d4-4978-a631-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-05-11T11:04:21",
|
|
"category": "Other",
|
|
"uuid": "5a7dacb2-ccc8-449d-9e9c-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--87463bc1-9173-4071-827c-db9c3d3396bc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:13.000Z",
|
|
"modified": "2018-02-09T14:14:13.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5b3e0b74cdb0622074fd997af51161dd' AND file:hashes.SHA1 = 'af9b9164d6f3616bf31fb98acf8a0cb72c312774' AND file:hashes.SHA256 = '128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-09T14:14:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f31cc4ab-1875-4f2d-87c9-04b8673ddbe8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:11.000Z",
|
|
"modified": "2018-02-09T14:14:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe/analysis/1517416889/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dacb4-7fc8-40bd-929a-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "9/56",
|
|
"category": "Other",
|
|
"uuid": "5a7dacb4-0fc8-43af-a265-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-01-31T16:41:29",
|
|
"category": "Other",
|
|
"uuid": "5a7dacb4-9a34-49d6-992c-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-09T14:14:13.000Z",
|
|
"modified": "2018-02-09T14:14:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/",
|
|
"category": "External analysis",
|
|
"uuid": "5a7dacb5-5a14-45a2-8173-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/59",
|
|
"category": "Other",
|
|
"uuid": "5a7dacb5-5968-4307-821f-7f0002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-30T15:05:06",
|
|
"category": "Other",
|
|
"uuid": "5a7dacb6-050c-4529-bf24-7f0002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1881897f-68a4-4917-b6d9-ce7612e85564",
|
|
"created": "2018-02-16T09:00:03.000Z",
|
|
"modified": "2018-02-16T09:00:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a588e6f-c80c-4f1e-ab63-5fa4950d210f",
|
|
"target_ref": "x-misp-object--c484d968-23eb-42f0-95b4-c646ff1c4a46"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4f45e8b5-30c1-4321-9b46-c3f0d49778d9",
|
|
"created": "2018-02-16T09:00:03.000Z",
|
|
"modified": "2018-02-16T09:00:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a588e83-b4f8-44e1-8e4c-5f67950d210f",
|
|
"target_ref": "x-misp-object--c54a631e-db6e-4cc7-856d-07a974bfc25a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c2c6eaed-cf46-4ab7-93ad-28193d3da9ae",
|
|
"created": "2018-02-16T09:00:03.000Z",
|
|
"modified": "2018-02-16T09:00:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a588e93-5dfc-45e3-b6a4-4456950d210f",
|
|
"target_ref": "x-misp-object--672456f3-351d-4587-8114-0c562fcb6082"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--93e91134-95f0-44db-86ce-cd6767cfc371",
|
|
"created": "2018-02-16T09:00:03.000Z",
|
|
"modified": "2018-02-16T09:00:03.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a588ea4-afa0-4611-bfb8-5f67950d210f",
|
|
"target_ref": "x-misp-object--a41b07c7-d703-4a24-95e3-7d4c50770c9b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c31f88a2-c222-4408-a03a-2e52da7a3c9c",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a588f59-6d78-49a5-994d-47b5950d210f",
|
|
"target_ref": "x-misp-object--77a6bb0a-b55e-4b33-ae86-c7ae2004d914"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--387f02c3-c267-4881-aeed-6b181cc1c78d",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a589228-91e8-4b7e-a099-4ccd950d210f",
|
|
"target_ref": "x-misp-object--cde25116-2c43-45fe-90a9-9d17cf9e4e7c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--460e78aa-782c-42a9-b2b1-6121f6f848e7",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a589262-4dd4-4e98-8159-6247950d210f",
|
|
"target_ref": "x-misp-object--e71d92c3-fb0b-4408-95c7-c3afe71baae7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f5a58f6a-b7a3-4b9f-a7f7-9d8586b8195f",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a58bada-0930-472d-8af6-4307950d210f",
|
|
"target_ref": "x-misp-object--5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8f93ad4f-9114-4466-9d76-9267fb269b8b",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a58bcda-a8f8-43a6-acb8-4fbc950d210f",
|
|
"target_ref": "x-misp-object--e72fba22-ef47-4486-b345-e02af2e3f2ba"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--229fab38-2f58-4b70-a059-c645573b27f3",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a58bcf9-4efc-4891-99c0-4a32950d210f",
|
|
"target_ref": "x-misp-object--10efb953-d0cc-4219-8b64-fd1aea48048d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5cfce2a1-7e3d-4de5-a4da-ebf4b627edae",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5a58bd15-e480-4b26-b998-45da950d210f",
|
|
"target_ref": "x-misp-object--a643b2e6-13d0-4844-bb44-3708ee4f1430"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--853c6b4d-228f-4a12-983b-63544d6b21db",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1a0ee044-7122-498a-9723-2e6a34cfe282",
|
|
"target_ref": "x-misp-object--2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a5e172d3-26e9-43e0-9539-201959dfed9b",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dd355e08-3cf3-4834-aff2-942c4d631ef8",
|
|
"target_ref": "x-misp-object--d553ed19-0a19-4bff-a1cb-29a2174a1504"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a5fb5474-2110-4b27-b6ef-09852e4c1e3f",
|
|
"created": "2018-02-16T09:00:04.000Z",
|
|
"modified": "2018-02-16T09:00:04.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--607b7d37-5391-4828-9785-747ca987e6d0",
|
|
"target_ref": "x-misp-object--c962297e-54fe-479d-bc30-24c2e4425ad9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e29659f9-8003-47a5-8a51-6125c09f4322",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--845b2d47-0368-4a40-91d0-479d97eacda4",
|
|
"target_ref": "x-misp-object--22650c01-93d0-43cb-9b39-9e6b3db474eb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--83010b63-935e-4d18-a95e-a225b900fe30",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8cb5ebee-fcb0-4f05-a707-708b1eaddd59",
|
|
"target_ref": "x-misp-object--9f51aaa1-7f34-4b9a-b4a4-34413e3295e3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--235f5b65-9ce5-4996-ba58-1cf1c6eaf365",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b",
|
|
"target_ref": "x-misp-object--21ee3580-cfc9-41d7-99c2-00615d045962"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0ab16142-6303-47b8-b17d-c7d120aa0147",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea",
|
|
"target_ref": "x-misp-object--eb9962e1-8c34-45bf-b7be-9ce7bc3fec07"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5e0ba812-085e-4f5c-a20e-767ddc46bb89",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a10445d8-f9e8-485b-8d4a-167ce8bea45d",
|
|
"target_ref": "x-misp-object--cb259893-8a4b-4847-b19a-50a9bb705885"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c5f447bd-c899-43e6-ac7f-0a6ec0928934",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f41bbf4c-5ca3-4e62-af09-e1a9145ee05e",
|
|
"target_ref": "x-misp-object--bf3e1c52-bd79-4344-beed-865e505b5210"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--01a64712-9124-4721-89ee-b5cc26ff1bc9",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--44885bf0-1f38-4d25-b9d9-80c3b47bed40",
|
|
"target_ref": "x-misp-object--e4dd2223-b1b9-40d2-b87b-9e819a6a68fb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--94550ad0-41da-4f96-802d-b60888c3cd95",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--bf5df298-de3c-4398-9e6d-833e38d5c81f",
|
|
"target_ref": "x-misp-object--ddd10108-2f29-4846-bea0-1e80d1c62981"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8216517d-f754-4c0f-acf5-c654da61f1f2",
|
|
"created": "2018-02-16T09:00:05.000Z",
|
|
"modified": "2018-02-16T09:00:05.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4451bac1-bdc3-4bbd-a01d-ec5902aea71d",
|
|
"target_ref": "x-misp-object--3efc2992-b363-4793-87b3-5ec2032cdd31"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6c6ac5ff-3b96-4e6b-83b3-eeea7002bac9",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f9086285-81ea-4ede-b4d3-0c086cd67629",
|
|
"target_ref": "x-misp-object--bb34db62-0780-4909-ad47-8d825362d6cf"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a687be29-37a0-4191-8ea5-50aa22f645c9",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--49b4e424-a863-47c4-907c-e282e6e65df3",
|
|
"target_ref": "x-misp-object--b5786be9-5a78-4df3-b021-1dec3dec8d55"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c203400c-3309-4afe-a4b4-ca5a90af6756",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5c4fe5fd-d899-4e20-b4b5-e39398733757",
|
|
"target_ref": "x-misp-object--4f4b9b57-b256-4d40-ae26-c8602137bfb6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7cb390f2-e851-4b49-a0fc-4b96f6635b19",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a49ac8ee-df74-445f-9d00-eff900554eb8",
|
|
"target_ref": "x-misp-object--d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--cfdfdf29-1a1e-4836-a55f-a6f66937f2ad",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2",
|
|
"target_ref": "x-misp-object--84bccfef-2072-49f1-b605-8bca7e67be2f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4b172129-2e31-4091-bb3e-6d4f491c45e8",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--96fcaf45-1bba-4a72-be42-a90d1c2052e2",
|
|
"target_ref": "x-misp-object--85b2b880-d3e8-4dea-bea6-10c2a491856b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7eaff686-1675-49fc-a031-d493bfb16b5c",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--25d83980-fd95-481d-a330-6e969b0253eb",
|
|
"target_ref": "x-misp-object--0f57df59-7f2e-4538-ad44-9198ae1eb7e7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--93ec27a6-c00a-4e5c-adfe-bd677c3c5b08",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf",
|
|
"target_ref": "x-misp-object--5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--48d579b9-54d2-451d-944a-1358f174113f",
|
|
"created": "2018-02-16T09:00:06.000Z",
|
|
"modified": "2018-02-16T09:00:06.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf",
|
|
"target_ref": "x-misp-object--0840973f-94a7-411c-9c35-bebd86da7b47"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c4cebe4d-0824-4fd2-9383-cc77256c3ca0",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3",
|
|
"target_ref": "x-misp-object--1de4ff44-ee71-4017-a208-7510bc2224ab"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2556814d-2445-4679-813c-d19569ddd154",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2c61724f-2d3f-4083-854a-6c9cb42784f3",
|
|
"target_ref": "x-misp-object--01b8d2c8-326f-4555-a514-65bbf934d953"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--73be2d23-c327-440e-8b50-81fa6de27b41",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58",
|
|
"target_ref": "x-misp-object--76a37ccf-a61f-4466-b91b-dfb81cd4087d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a2289a4f-5f98-4af0-a74f-bad98f5a2a4e",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--7bcab0bd-20d4-4b42-b5f1-268637d54d58",
|
|
"target_ref": "x-misp-object--5c2bd08b-1259-4095-9c9e-3b74506b1585"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5e0e0174-c72d-43d0-9b6c-e9265d54e74e",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed",
|
|
"target_ref": "x-misp-object--98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--38358887-9461-4400-ae3c-ef0dcf230b34",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--edd54722-ac7d-4351-ad66-d4961e9e23ed",
|
|
"target_ref": "x-misp-object--e5e57871-79b1-4440-95b3-49bc62c724e5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--07eb6418-3bbd-48cd-ad45-76e01753b543",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8",
|
|
"target_ref": "x-misp-object--d7545769-a98f-47ac-89e1-9074f18b2266"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a7fb11b6-1bab-4df3-9be4-153d704e88f2",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dd110c76-6e54-48c4-badb-b901a57b7bc8",
|
|
"target_ref": "x-misp-object--f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bd4a79ec-3cd8-4649-9ff5-0594b74f4970",
|
|
"created": "2018-02-16T09:00:07.000Z",
|
|
"modified": "2018-02-16T09:00:07.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2c1cfefa-96a0-4099-a720-69b64d16fe5f",
|
|
"target_ref": "x-misp-object--2beed4ba-5af8-427c-8270-b6a6456df65c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f8ea32b7-85ff-441a-8243-ca78efc982d7",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9cb63957-a223-4016-bf62-7eac015b02a4",
|
|
"target_ref": "x-misp-object--83cea96d-ea16-4220-b8d5-88ca68baf4d5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0255e12b-6394-43de-8ec8-cbeea823e505",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--90395b9d-bff0-4af6-adaf-a864379542da",
|
|
"target_ref": "x-misp-object--494c3c26-d774-4f6a-aa08-5eba8f2211db"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d64fe1c1-d4fd-4a35-994e-d2285d69ca97",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--90395b9d-bff0-4af6-adaf-a864379542da",
|
|
"target_ref": "x-misp-object--7e1bd57e-b8fe-46ce-acd5-c763793f28c5"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--70a782f7-c72b-4f28-8bba-608af516a65c",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--41a354b8-fbc4-48fc-8976-bd9a3593a07c",
|
|
"target_ref": "x-misp-object--77040fb6-0d6c-459f-986f-92b37cffe118"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6c4689cf-6d35-4f88-b238-dcfa3194ed04",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--480e2ec8-94b2-4682-a591-c2e86c390ead",
|
|
"target_ref": "x-misp-object--e6e5e5d4-0dc1-4dca-a921-aa923f455fcf"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--950ca2a0-dc69-4b85-af65-a171c8a161d2",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--74bef4c3-487c-4941-b138-c8c0e3413b50",
|
|
"target_ref": "x-misp-object--78a04ae2-f33b-4b5a-b0ad-64f842d70385"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--12e4af4a-90a3-4d79-93f6-eed9596243ce",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1f840571-741e-4096-92d6-78e58c49109c",
|
|
"target_ref": "x-misp-object--268e55cb-3597-4e16-8007-a8b36cf61376"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--04929850-798c-4d35-b057-fd3635617b0c",
|
|
"created": "2018-02-16T09:00:08.000Z",
|
|
"modified": "2018-02-16T09:00:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2835626e-b913-4889-a9d9-fdbe227feadb",
|
|
"target_ref": "x-misp-object--a28ef769-5398-4eb7-9b00-fab900d14c43"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--00f202d0-4ee0-4daa-8266-5de1a04755d8",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--fb3000f4-1ebc-42d4-8e4a-2275d659efe6",
|
|
"target_ref": "x-misp-object--5cbeb48f-30a6-478a-bea9-9928524630c6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d463991e-961d-4a69-b1d2-921f76eb1d29",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f53a44f1-158b-4212-bc9e-8e257362a32c",
|
|
"target_ref": "x-misp-object--3bd1c560-3b57-4248-b95c-72723eebd90c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--da5ca684-f526-4f2c-b47d-3da3c19c684b",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--edc8ba48-d186-4b7f-a8e4-54fdfee91503",
|
|
"target_ref": "x-misp-object--cf7832e0-5495-4a89-95df-cb4dd915842e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8f329145-5910-4344-952c-168c71fdc1af",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f8e43169-3421-43af-8b25-be605a3ea859",
|
|
"target_ref": "x-misp-object--2e77adf4-a30d-4dcf-9fcd-9a263b1971c7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3e867103-efb0-41b0-ac8f-f62f3026f10d",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--770417f7-66d8-4c14-a590-25829420ef72",
|
|
"target_ref": "x-misp-object--d250cbbd-0387-4477-9487-647ba7f369ed"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--58ec0444-a3bd-4370-a643-8b2a7a4fb63f",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--18939e64-0afb-4ae4-8995-189b92423b98",
|
|
"target_ref": "x-misp-object--55b685d6-7fdc-4538-b113-d253384b213a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ddda621f-62a9-4a91-b838-84d96dec50a9",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8d7a2d17-30f8-46c6-aa2c-c99caf8b8208",
|
|
"target_ref": "x-misp-object--ece0181f-f705-463f-bea6-08263cc535ba"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a3f0e510-4826-4b1f-a925-42f16bae6cd3",
|
|
"created": "2018-02-16T09:00:09.000Z",
|
|
"modified": "2018-02-16T09:00:09.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--87463bc1-9173-4071-827c-db9c3d3396bc",
|
|
"target_ref": "x-misp-object--f31cc4ab-1875-4f2d-87c9-04b8673ddbe8"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |