adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5c9b46dc-f354-4e45-b44a-4966950d210f.json

2783 lines
No EOL
121 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5c9b46dc-f354-4e45-b44a-4966950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:49.000Z",
"modified": "2019-04-04T10:59:49.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c9b46dc-f354-4e45-b44a-4966950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:49.000Z",
"modified": "2019-04-04T10:59:49.000Z",
"name": "OSINT- WinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns",
"published": "2019-04-04T11:00:18Z",
"object_refs": [
"x-misp-attribute--5ca334cd-3c38-4206-b4bd-44f8950d210f",
"indicator--5ca34188-a4c0-4be1-a512-4809950d210f",
"indicator--5ca34486-c174-4835-a726-43cf950d210f",
"indicator--5ca35e81-e368-425f-9334-4c26950d210f",
"indicator--5ca36ae4-99c8-4929-8075-472a950d210f",
"indicator--5ca47533-79f4-4c4a-b7a3-4c9e950d210f",
"indicator--5ca47536-ecbc-43b5-9e7c-474a950d210f",
"indicator--5ca47536-1d78-46c4-bcea-491c950d210f",
"indicator--5ca47536-e118-4430-a1bc-4eba950d210f",
"indicator--5ca486cf-f20c-40e1-acd4-4be7950d210f",
"indicator--5ca486cf-e3c4-4378-a2bf-4429950d210f",
"indicator--5ca5ba6d-a63c-4e1b-8207-4c96950d210f",
"indicator--5ca5ba6e-c3d4-4e66-bc47-4b73950d210f",
"indicator--5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f",
"indicator--5ca5ba6e-35a8-484e-b044-4986950d210f",
"indicator--5ca5ba6e-01fc-4117-8ff6-4d6f950d210f",
"indicator--5ca5ba6e-be44-4314-b8e5-4c12950d210f",
"x-misp-object--5c9b8bf4-11d4-4450-882b-4d83950d210f",
"indicator--5ca3352d-5220-47a1-acbf-4da1950d210f",
"indicator--5ca33543-c790-4983-b1bb-4663950d210f",
"indicator--5ca3355c-383c-4caa-be6c-4c46950d210f",
"indicator--5ca35df4-911c-46d0-a997-43f9950d210f",
"indicator--5ca36c3a-433c-4a6f-a46e-4084950d210f",
"indicator--5ca36f41-1ccc-4fd2-82b8-4062950d210f",
"indicator--5ca46a07-81c0-4819-91b2-d709950d210f",
"indicator--5ca46dd0-955c-47b9-9511-ced9950d210f",
"indicator--5ca474c5-95f8-435f-aff2-8a88950d210f",
"indicator--5ca484d5-7b60-46fe-851d-41f7950d210f",
"indicator--5ca4866f-f878-4e2d-84dc-4095950d210f",
"indicator--5ca490a8-46c0-4464-8d48-456d950d210f",
"indicator--5ca4a4b1-b8cc-40d3-95a9-4090950d210f",
"indicator--5ca4a60b-9d04-4f5c-93f2-4d91950d210f",
"indicator--5ca4a7ec-7f2c-437a-a124-4b84950d210f",
"indicator--5ca4a80c-2170-4c49-b18e-4018950d210f",
"indicator--5ca4a82d-0f6c-4877-b8a4-4073950d210f",
"indicator--5ca4aef5-a100-4a27-bc1d-43b1950d210f",
"indicator--5ca4bd25-7734-4740-bac3-4cab950d210f",
"indicator--5ca4bd3d-3320-411a-86ce-48fc950d210f",
"indicator--5ca4bd58-9274-4fc3-9eae-424e950d210f",
"indicator--5ca4bd74-949c-45b2-9290-4e09950d210f",
"indicator--5ca4bd8f-6bac-4726-87b5-49ef950d210f",
"indicator--5ca4c5dc-542c-48e1-91be-4b39950d210f",
"indicator--5ca5c948-d538-4f46-850c-4867950d210f",
"indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf",
"x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace",
"indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be",
"x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674",
"indicator--f6d2b694-c79b-465e-979a-cb05135b5a97",
"x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422",
"indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
"x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda",
"indicator--c945a6c0-c445-4c44-be12-83436bcfd415",
"x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c",
"indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b",
"x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc",
"indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3",
"x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a",
"indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb",
"x-misp-object--947c136b-e247-4529-849b-09ddeea124f0",
"indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9",
"x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a",
"indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
"x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb",
"indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559",
"x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743",
"indicator--996e8502-42f2-46ce-a819-264bd1c0374e",
"x-misp-object--5508860a-3775-4c49-a97c-234666b38510",
"indicator--ffebb241-ef81-48b2-91e3-fe715182f904",
"x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753",
"indicator--5565b852-a761-4c28-b520-91f0eac10203",
"x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722",
"indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed",
"x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d",
"indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
"x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8",
"indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
"x-misp-object--67497812-2875-4d21-b39b-84c4814b8589",
"indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9",
"x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c",
"indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f",
"x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc",
"indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
"x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803",
"indicator--adc64a31-03f0-414f-9a20-51da35e8f47d",
"x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409",
"indicator--631d6673-b540-4d35-891c-0583af76d3cc",
"x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44",
"relationship--57e2c10f-6501-4a4e-9ba9-f828576dfc33",
"relationship--832387c0-241d-4266-b58d-337992c6f284",
"relationship--a878928c-347e-41fb-9434-00720d413ea6",
"relationship--b49e99d9-b692-4b06-9db7-b9dd61c03642",
"relationship--e9618ce1-64f9-4d93-84c5-66eb02af9838",
"relationship--043de55a-1ecb-4017-b938-1d67ca182375",
"relationship--42d0d8a5-f7fd-46e5-884d-78658a23f643",
"relationship--7d375b45-c673-43a0-881d-2a64b0fc9bec",
"relationship--82f13e23-7838-4460-83e3-9ca9fcf60f2b",
"relationship--b27f5f12-d4e1-4a36-b67a-770d686e47ad",
"relationship--40d8406b-1fe4-48f9-bf3d-93f7bda7c543",
"relationship--ff1fdf76-73cc-4d23-ba1d-347fefe2f03a",
"relationship--0cc29856-228a-419b-b8c4-d3dd83a5cc48",
"relationship--72edd82f-bf8e-4f27-adb4-456ae2fd4811",
"relationship--05ad90bf-0fe9-41db-9083-64a32feb7d3c",
"relationship--0d360a33-5a40-4625-b8cb-1447e779d484",
"relationship--4f7f9465-04be-4962-9e5a-99a171030587",
"relationship--2024dc63-cf14-424d-b35c-6ff22091a356",
"relationship--e019ce68-457a-44be-87d7-40e017b1d788",
"relationship--0238a367-40d8-4e7a-9e79-a9ca344a8d36",
"relationship--4c8a30e2-3203-476a-bb58-3c9d51043331",
"relationship--fc7a080f-747f-4290-9642-f8f483e40f9b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"Azorult\"",
"misp-galaxy:malpedia=\"Quasar RAT\"",
"misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"",
"misp-galaxy:mitre-malware=\"NETWIRE - S0198\"",
"misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
"misp-galaxy:ransomware=\"Razy\"",
"misp-galaxy:rat=\"Netwire\"",
"misp-galaxy:rat=\"Quasar RAT\"",
"misp-galaxy:stealer=\"AZORult\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ca334cd-3c38-4206-b4bd-44f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T10:09:36.000Z",
"modified": "2019-04-02T10:09:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "WinRAR, an over 20-year-old file archival utility used by over 500 million users worldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability, disclosed in CVE-2018-20250 by Check Point Research, enables attackers to specify arbitrary destinations during file extraction of \u00e2\u20ac\u02dcACE\u00e2\u20ac\u2122 formatted files, regardless of user input. Attackers can easily achieve persistence and code execution by creating malicious archives that extract files to sensitive locations, like the Windows \u00e2\u20ac\u0153Startup\u00e2\u20ac\u009d Start Menu folder. While this vulnerability has been fixed in the latest version of WinRAR (5.70), WinRAR itself does not contain auto-update features, increasing the likelihood that many existing users remain running out-of-date versions."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca34188-a4c0-4be1-a512-4809950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T13:06:43.000Z",
"modified": "2019-04-02T13:06:43.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.162.131.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca34486-c174-4835-a726-43cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T11:16:22.000Z",
"modified": "2019-04-02T11:16:22.000Z",
"description": "Payload download",
"pattern": "[url:value = 'http://185.49.71.101/i/pwi_crs.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T11:16:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca35e81-e368-425f-9334-4c26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T13:07:13.000Z",
"modified": "2019-04-02T13:07:13.000Z",
"description": "Netwire C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.111.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T13:07:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca36ae4-99c8-4929-8075-472a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T14:00:04.000Z",
"modified": "2019-04-02T14:00:04.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\Desktop\\\\100m.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T14:00:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca47533-79f4-4c4a-b7a3-4c9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T08:56:19.000Z",
"modified": "2019-04-03T08:56:19.000Z",
"pattern": "[url:value = 'www.alahbabgroup.com/bakala/verify.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T08:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca47536-ecbc-43b5-9e7c-474a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T08:56:22.000Z",
"modified": "2019-04-03T08:56:22.000Z",
"pattern": "[url:value = '103.225.168.159/admin/verify.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T08:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca47536-1d78-46c4-bcea-491c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T08:56:22.000Z",
"modified": "2019-04-03T08:56:22.000Z",
"pattern": "[url:value = 'www.khuyay.org/odin_backup/public/loggoff.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T08:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca47536-e118-4430-a1bc-4eba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T08:56:22.000Z",
"modified": "2019-04-03T08:56:22.000Z",
"pattern": "[url:value = '47.91.56.21/verify.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T08:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca486cf-f20c-40e1-acd4-4be7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T10:11:27.000Z",
"modified": "2019-04-03T10:11:27.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.148.220.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T10:11:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca486cf-e3c4-4378-a2bf-4429950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T10:11:27.000Z",
"modified": "2019-04-03T10:11:27.000Z",
"pattern": "[url:value = 'http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T10:11:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5ba6d-a63c-4e1b-8207-4c96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T08:03:57.000Z",
"modified": "2019-04-04T08:03:57.000Z",
"pattern": "[url:value = 'http://103.225.168.159/admin/verify.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T08:03:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5ba6e-c3d4-4e66-bc47-4b73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T08:03:58.000Z",
"modified": "2019-04-04T08:03:58.000Z",
"pattern": "[url:value = 'http://185.162.131.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T08:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5ba6e-0b24-4a20-a5d8-4cb3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T08:03:58.000Z",
"modified": "2019-04-04T08:03:58.000Z",
"pattern": "[url:value = 'http://47.91.56.21/verify.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T08:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5ba6e-35a8-484e-b044-4986950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T08:03:58.000Z",
"modified": "2019-04-04T08:03:58.000Z",
"pattern": "[url:value = 'http://tiny-share.com/direct/7dae2d144dae4447a152bef586520ef8/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T08:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5ba6e-01fc-4117-8ff6-4d6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T08:03:58.000Z",
"modified": "2019-04-04T08:03:58.000Z",
"pattern": "[url:value = 'http://www.alahbabgroup.com/bakala/verify.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T08:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5ba6e-be44-4314-b8e5-4c12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T08:03:58.000Z",
"modified": "2019-04-04T08:03:58.000Z",
"pattern": "[url:value = 'http://www.khuyay.org/odin_backup/public/loggoff.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T08:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c9b8bf4-11d4-4450-882b-4d83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-27T14:43:00.000Z",
"modified": "2019-03-27T14:43:00.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\"",
"osint:certainty=\"50\"",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "\u00e2\u0161\u00a0\r\n WARNING \r\n\u00e2\u0161\u00a0\r\n\r\nWinRAR Zero-day (CVE-2018-20250) Abused in Multiple Campaigns\r\n(link: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html) fireeye.com/blog/threat-re\u00e2\u20ac\u00a6\r\nAll IOCs:\r\n(link: https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a) otx.alienvault.com/pulse/5c9a4ff3\u00e2\u20ac\u00a6\r\nExploit Details:\r\n(link: https://research.checkpoint.com/extracting-code-execution-from-winrar/) research.checkpoint.com/extracting-cod\u00e2\u20ac\u00a6",
"category": "Other",
"uuid": "5c9b8bf4-81a0-484a-94aa-4524950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5c9b8bf4-b480-4cf3-80c3-4e97950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://mobile.twitter.com/Bank_Security/status/1110795166762307585",
"category": "Network activity",
"to_ids": true,
"uuid": "5c9b8bf4-0bfc-4d15-9eca-4640950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://t.co/WXbZ8UEIUY?amp=1",
"category": "External analysis",
"to_ids": true,
"uuid": "5c9b8bf4-b578-4b65-ab12-4f46950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://t.co/4QpF7PmDLH?amp=1",
"category": "External analysis",
"to_ids": true,
"uuid": "5c9b8bf4-daa4-45d3-949e-4814950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://t.co/arJH9cqHID?amp=1",
"category": "External analysis",
"to_ids": true,
"uuid": "5c9b8bf4-da6c-4fd2-a520-4e67950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html",
"category": "External analysis",
"to_ids": true,
"uuid": "5c9b8bf4-f79c-4eab-8203-4699950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://otx.alienvault.com/pulse/5c9a4ff3504d5b0affbd3d3a",
"category": "External analysis",
"to_ids": true,
"uuid": "5c9b8bf4-a76c-4085-914a-4fa0950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
"category": "External analysis",
"to_ids": true,
"uuid": "5c9b8bf4-7c20-48fc-9447-4dd3950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2019-03-27T07:46:00",
"category": "Other",
"uuid": "5c9b8bf4-aa90-4700-8335-43c2950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "Bank_Security",
"category": "Other",
"uuid": "5c9b8bf4-f9d0-4d81-8a45-4059950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca3352d-5220-47a1-acbf-4da1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T11:27:09.000Z",
"modified": "2019-04-02T11:27:09.000Z",
"pattern": "[file:hashes.MD5 = '8e067e4cda99299b0bf2481cc1fd8e12' AND file:name = 'Scan_Letter_of_Approval.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T11:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca33543-c790-4983-b1bb-4663950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T12:16:03.000Z",
"modified": "2019-04-02T12:16:03.000Z",
"pattern": "[file:hashes.MD5 = '3aabc9767d02c75ef44df6305bc6a41f' AND file:name = 'winSrvHost.vbs' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T12:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca3355c-383c-4caa-be6c-4c46950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T12:39:50.000Z",
"modified": "2019-04-02T12:39:50.000Z",
"description": "decoy document",
"pattern": "[file:hashes.MD5 = 'dc63d5affde0db95128dac52f9d19578' AND file:name = 'Letter of Approval.pdf' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T12:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca35df4-911c-46d0-a997-43f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T13:04:52.000Z",
"modified": "2019-04-02T13:04:52.000Z",
"pattern": "[file:hashes.MD5 = '12def981952667740eb06ee91168e643' AND file:name = 'pwi_crs.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T13:04:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca36c3a-433c-4a6f-a46e-4084950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T14:05:46.000Z",
"modified": "2019-04-02T14:05:46.000Z",
"pattern": "[file:hashes.MD5 = '062801f6fdbda4dd67b77834c62e82a4' AND file:name = 'SysAid-Documentation.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T14:05:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca36f41-1ccc-4fd2-82b8-4062950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-02T14:18:41.000Z",
"modified": "2019-04-02T14:18:41.000Z",
"pattern": "[file:hashes.MD5 = '49419d84076b13e96540fdd911f1c2f0' AND file:name = 'SysAid-Documentation.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-02T14:18:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca46a07-81c0-4819-91b2-d709950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T08:08:39.000Z",
"modified": "2019-04-03T08:08:39.000Z",
"pattern": "[file:hashes.MD5 = '96986b18a8470f4020ea78df0b3db7d4' AND file:name = 'ekrnview.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T08:08:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca46dd0-955c-47b9-9511-ced9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T08:24:48.000Z",
"modified": "2019-04-03T08:24:48.000Z",
"pattern": "[file:hashes.MD5 = '31718d7b9b3261688688bdc4e026db99' AND file:name = 'Thumbs.db.lnk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T08:24:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca474c5-95f8-435f-aff2-8a88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T08:54:29.000Z",
"modified": "2019-04-03T08:54:29.000Z",
"description": "Email",
"pattern": "[file:hashes.MD5 = '8c93e024fc194f520e4e72e761c0942d' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T08:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca484d5-7b60-46fe-851d-41f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T10:03:01.000Z",
"modified": "2019-04-03T10:03:01.000Z",
"pattern": "[file:hashes.MD5 = '9b19753369b6ed1187159b95fc8a81cd' AND file:name = 'zakon.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T10:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4866f-f878-4e2d-84dc-4095950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T10:09:51.000Z",
"modified": "2019-04-03T10:09:51.000Z",
"pattern": "[file:hashes.MD5 = '79b53b4555c1fb39ba3c7b8ce9a4287e' AND file:name = 'mssconf.bat' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T10:09:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca490a8-46c0-4464-8d48-456d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T10:53:28.000Z",
"modified": "2019-04-03T10:53:28.000Z",
"pattern": "[file:hashes.MD5 = 'e9815dfb90776ab449539a2be7c16de5' AND file:name = 'leaks copy.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T10:53:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4a4b1-b8cc-40d3-95a9-4090950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T12:18:57.000Z",
"modified": "2019-04-03T12:18:57.000Z",
"pattern": "[file:hashes.MD5 = '9b81b3174c9b699f594d725cf89ffaa4' AND file:name = 'cc.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T12:18:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4a60b-9d04-4f5c-93f2-4d91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T12:24:43.000Z",
"modified": "2019-04-03T12:24:43.000Z",
"pattern": "[file:hashes.MD5 = '914ac7ecf2557d5836f26a151c1b9b62' AND file:name = 'zabugor.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T12:24:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4a7ec-7f2c-437a-a124-4b84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T12:32:44.000Z",
"modified": "2019-04-03T12:32:44.000Z",
"pattern": "[file:hashes.MD5 = 'eca09fe8dcbc9d1c097277f2b3ef1081' AND file:name = 'zabugorV.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T12:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4a80c-2170-4c49-b18e-4018950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T12:33:16.000Z",
"modified": "2019-04-03T12:33:16.000Z",
"pattern": "[file:hashes.MD5 = '1f5fa51ac9517d70f136e187d45f69de' AND file:name = 'Combolist.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T12:33:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4a82d-0f6c-4877-b8a4-4073950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T12:33:49.000Z",
"modified": "2019-04-03T12:33:49.000Z",
"pattern": "[file:hashes.MD5 = 'f36404fb24a640b40e2d43c72c18e66b' AND file:name = 'Nulled2019.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T12:33:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4aef5-a100-4a27-bc1d-43b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T13:02:45.000Z",
"modified": "2019-04-03T13:02:45.000Z",
"pattern": "[file:hashes.MD5 = '0f56b04a4e9a0df94c7f89c1bccf830c' AND file:name = 'IT.rar' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T13:02:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4bd25-7734-4740-bac3-4cab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T14:03:17.000Z",
"modified": "2019-04-03T14:03:17.000Z",
"description": "QuasarRAT",
"pattern": "[file:hashes.MD5 = '1ba398b0a14328b9604eeb5ebf139b40' AND file:name = 'explorer.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T14:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4bd3d-3320-411a-86ce-48fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T14:03:41.000Z",
"modified": "2019-04-03T14:03:41.000Z",
"description": "Azorult",
"pattern": "[file:hashes.MD5 = 'aac00312a961e81c4af4664c49b4a2b2' AND file:name = 'explorer.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T14:03:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4bd58-9274-4fc3-9eae-424e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T14:04:08.000Z",
"modified": "2019-04-03T14:04:08.000Z",
"description": "Netwire",
"pattern": "[file:hashes.MD5 = '2961c52f04b7fdf7ccf6c01ac259d767' AND file:name = 'IntelAudio.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T14:04:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4bd74-949c-45b2-9290-4e09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T14:04:36.000Z",
"modified": "2019-04-03T14:04:36.000Z",
"description": "Razy",
"pattern": "[file:hashes.MD5 = '97d74671d0489071baa21f38f456eb74' AND file:name = 'Discord.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T14:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4bd8f-6bac-4726-87b5-49ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T14:05:03.000Z",
"modified": "2019-04-03T14:05:03.000Z",
"description": "Buzy",
"pattern": "[file:hashes.MD5 = 'bcc49643833a4d8545ed4145fb6fdfd2' AND file:name = 'Discord.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T14:05:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca4c5dc-542c-48e1-91be-4b39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-03T14:40:28.000Z",
"modified": "2019-04-03T14:40:28.000Z",
"description": "Azorult",
"pattern": "[file:hashes.MD5 = '119a0fd733bc1a013b0d4399112b8626' AND file:name = 'old.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-03T14:40:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca5c948-d538-4f46-850c-4867950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T09:07:20.000Z",
"modified": "2019-04-04T09:07:20.000Z",
"pattern": "[file:hashes.MD5 = '7dae2d144dae4447a152bef586520ef8' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T09:07:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:18.000Z",
"modified": "2019-04-04T10:59:18.000Z",
"pattern": "[file:hashes.MD5 = '119a0fd733bc1a013b0d4399112b8626' AND file:hashes.SHA1 = '092e7d2aa0c518a499e8cc5aaf3e827ad3b66512' AND file:hashes.SHA256 = '87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:18.000Z",
"modified": "2019-04-04T10:59:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T21:41:06",
"category": "Other",
"uuid": "9beab9c9-b030-42d5-963a-07948cc15406"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/87ee131d51929d19afba3bb8d2b2019a7be8782b1db0728f648902e8c8e6b2d0/analysis/1553722866/",
"category": "Payload delivery",
"uuid": "96552c73-8407-4a1b-b581-1d8a1f67e8bc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/69",
"category": "Payload delivery",
"uuid": "6229267a-31f2-4c37-a98f-fcad7f56d641"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"pattern": "[file:hashes.MD5 = '1f5fa51ac9517d70f136e187d45f69de' AND file:hashes.SHA1 = 'fddc26459a6c6055a320f282a5ac51d1b74f2fd3' AND file:hashes.SHA256 = '6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T21:40:58",
"category": "Other",
"uuid": "fcc179d9-1bd5-410d-99fa-718daee19a8d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6f81d88ea10e423034e2c25001640e7b54dc3984c1a8aef1b60c721f331d805f/analysis/1553722858/",
"category": "Payload delivery",
"uuid": "f29a7f37-dd60-4a5d-8591-8b002722574c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/56",
"category": "Payload delivery",
"uuid": "c6e43a6d-edf5-48a5-b634-1c79b8ff11b1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f6d2b694-c79b-465e-979a-cb05135b5a97",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"pattern": "[file:hashes.MD5 = '12def981952667740eb06ee91168e643' AND file:hashes.SHA1 = '1df08806e39ed6f9f3a5cb228f3be744936e201e' AND file:hashes.SHA256 = 'c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04T06:32:35",
"category": "Other",
"uuid": "565b6568-d456-4e2e-acf6-5d67b8b522f5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c7c3d70337336fc183135038ce5d0a4bb83ab6d9f4cc1ad5cf600295e6a41e1b/analysis/1554359555/",
"category": "Payload delivery",
"uuid": "c4b3f8ec-089e-4ea0-8c3f-c9da23acd89e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/67",
"category": "Payload delivery",
"uuid": "76664654-df97-4498-997b-dd21a0e35b7e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"pattern": "[file:hashes.MD5 = 'eca09fe8dcbc9d1c097277f2b3ef1081' AND file:hashes.SHA1 = 'a4185a50ccac29056e2e56ad85b8d74adc8ec7ac' AND file:hashes.SHA256 = '83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T21:41:05",
"category": "Other",
"uuid": "ca8a2227-5e14-449f-992f-103c90818e66"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/83ca0fc98f247b674e7fd535a8483538ed73710d5ce24f5bf1ee483610e418ce/analysis/1553722865/",
"category": "Payload delivery",
"uuid": "4bde1856-53a3-4a92-a62a-e087a5257d82"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/55",
"category": "Payload delivery",
"uuid": "cc548348-c570-441e-aacb-63ce091ad1a8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c945a6c0-c445-4c44-be12-83436bcfd415",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"pattern": "[file:hashes.MD5 = '97d74671d0489071baa21f38f456eb74' AND file:hashes.SHA1 = '3bb63aa0b92cc1bde8d027112e5b037cc65ca9cb' AND file:hashes.SHA256 = '73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:19.000Z",
"modified": "2019-04-04T10:59:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-02T04:08:58",
"category": "Other",
"uuid": "bb8a1c29-37ad-4712-8597-af71d8026d8f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/73b43e4aa99f795c29285cab5f7e2e54ce64c22e57b1301cea0125b7797e96c9/analysis/1554178138/",
"category": "Payload delivery",
"uuid": "f77ff9ca-1dbc-4c38-be3b-8825ba4b08e9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/70",
"category": "Payload delivery",
"uuid": "dbe53327-a8b6-4672-b914-156659f88f9e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"pattern": "[file:hashes.MD5 = '8e067e4cda99299b0bf2481cc1fd8e12' AND file:hashes.SHA1 = '3a92a121201c209d3e091b795274c22a4ea71963' AND file:hashes.SHA256 = 'e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-29T05:20:01",
"category": "Other",
"uuid": "cda7e557-6ee3-4683-81fe-b8720b5b641b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e1fe401b73fc449470290c34a26cbd6e6190fd7879fd414bea460fedd2168649/analysis/1553836801/",
"category": "Payload delivery",
"uuid": "e24d4bfd-ae1d-4397-a389-8645acbf8d90"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/56",
"category": "Payload delivery",
"uuid": "942e32c4-826a-4e1c-b527-aed28d14a14f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"pattern": "[file:hashes.MD5 = 'e9815dfb90776ab449539a2be7c16de5' AND file:hashes.SHA1 = '178b02f21efd10a7c98f654fc68c88468738042e' AND file:hashes.SHA256 = 'c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T21:41:31",
"category": "Other",
"uuid": "e7dec0a9-afee-44ae-823c-12179dc2ad7e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c53bfd9dd25919643baccfcfe1e5f9101830e25b378eeb91f0f3f3573d013a6c/analysis/1553722891/",
"category": "Payload delivery",
"uuid": "3e484ad3-5997-4ccf-b1a6-3a5d891365be"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/55",
"category": "Payload delivery",
"uuid": "e82b82e1-cc43-4eb8-bf51-b1158a1cc0ec"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"pattern": "[file:hashes.MD5 = 'dc63d5affde0db95128dac52f9d19578' AND file:hashes.SHA1 = '539efdad458cf6563d1735632df1fb2c39acfedd' AND file:hashes.SHA256 = '17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--947c136b-e247-4529-849b-09ddeea124f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-29T12:43:20",
"category": "Other",
"uuid": "d4e3ba49-f61e-4e67-8187-7474cc86df81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/17b872ba9b1a438e2acf8bdfad21e9c18febcdbd0e14c05bc7482277c98866c6/analysis/1553863400/",
"category": "Payload delivery",
"uuid": "0e086d43-d432-448f-b93f-a3b9837cba45"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/61",
"category": "Payload delivery",
"uuid": "712ff8c6-b9e0-4729-91fc-ff6ccab2a2a0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"pattern": "[file:hashes.MD5 = '8c93e024fc194f520e4e72e761c0942d' AND file:hashes.SHA1 = 'b7dd83d96a480e2f8c653f5339764dd3fe38ce81' AND file:hashes.SHA256 = '5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-29T05:29:07",
"category": "Other",
"uuid": "350bd5bd-90e5-4b64-b8f3-7c854166a4a2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5b5d7d74db59c520b72be1e328563a1ee864e8931a0ae7487d753ee3e166de1c/analysis/1553837347/",
"category": "Payload delivery",
"uuid": "05677bc0-97e1-4004-8169-6db4587a5b4e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/59",
"category": "Payload delivery",
"uuid": "e6f88c2a-7758-4953-a88b-1ee84a1e99d4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"pattern": "[file:hashes.MD5 = '3aabc9767d02c75ef44df6305bc6a41f' AND file:hashes.SHA1 = '1210766d7137be26f84d1882357559841b698cef' AND file:hashes.SHA256 = 'e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:20.000Z",
"modified": "2019-04-04T10:59:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-01T20:02:27",
"category": "Other",
"uuid": "109fdc32-8735-4b87-a3d2-503b63da577b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e0f49bf08b44fb77bc4d305abb698ce8767904a7da7fabb8e3d127eca270b967/analysis/1554148947/",
"category": "Payload delivery",
"uuid": "36eb457b-417a-44cd-a001-d228d29c6b6f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/58",
"category": "Payload delivery",
"uuid": "2829ad9f-6b97-4d49-92e0-68243c3d4bd0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"pattern": "[file:hashes.MD5 = '79b53b4555c1fb39ba3c7b8ce9a4287e' AND file:hashes.SHA1 = '90764c28ce62b6ea005dd7e616f7ada4fcd170ad' AND file:hashes.SHA256 = '08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-29T05:35:29",
"category": "Other",
"uuid": "14e0668a-3a17-4bf4-b32d-3ba02a2049ac"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/08df98a999d6f03b46ffe9e030e1cd57469230647222451e438d5918fcda3ddf/analysis/1553837729/",
"category": "Payload delivery",
"uuid": "20e3fd93-1dd9-4456-9948-f99675ea9dd3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/59",
"category": "Payload delivery",
"uuid": "dcd9fa6f-0f51-4a76-835c-be1653c74242"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--996e8502-42f2-46ce-a819-264bd1c0374e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"pattern": "[file:hashes.MD5 = 'f36404fb24a640b40e2d43c72c18e66b' AND file:hashes.SHA1 = 'ed6b9c876a8a4fe01623972e8733ec2a90177ad1' AND file:hashes.SHA256 = '6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5508860a-3775-4c49-a97c-234666b38510",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T21:40:57",
"category": "Other",
"uuid": "192f5431-d8c0-430a-a04b-bb1afbb10f4d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6b8e114a7636d87b3de01c4303dfccd54a65f32bae7c964ba496257ec468cfc2/analysis/1553722857/",
"category": "Payload delivery",
"uuid": "494ad934-586f-49c7-9fe4-1cb4b357a506"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/57",
"category": "Payload delivery",
"uuid": "e0cce08c-a0d6-4eaf-aad6-7c377cc0e74f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ffebb241-ef81-48b2-91e3-fe715182f904",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"pattern": "[file:hashes.MD5 = '96986b18a8470f4020ea78df0b3db7d4' AND file:hashes.SHA1 = '431c792fcc8ba9b58f0ffde5c8fe6fd93066ec45' AND file:hashes.SHA256 = '2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-02T15:27:29",
"category": "Other",
"uuid": "cf481ea6-dd65-435c-8e37-e4554834e0e1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e/analysis/1554218849/",
"category": "Payload delivery",
"uuid": "1c745f93-920c-44e0-9d4e-f226b5351a46"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/69",
"category": "Payload delivery",
"uuid": "026dd833-b81e-4428-8adc-145c79c1a7d2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5565b852-a761-4c28-b520-91f0eac10203",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"pattern": "[file:hashes.MD5 = '2961c52f04b7fdf7ccf6c01ac259d767' AND file:hashes.SHA1 = '2c1ff2f2d463fd66bb630e02a4596e42f73f3ea9' AND file:hashes.SHA256 = 'bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-01T15:09:35",
"category": "Other",
"uuid": "ae154983-4c39-4a58-aa86-95e0573452df"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bd89c287b180e04d315b19dc56509e06aca44a7f234c308510376a39f45fb283/analysis/1554131375/",
"category": "Payload delivery",
"uuid": "9731d4df-bede-4c7b-a84f-e3409931ef31"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/67",
"category": "Payload delivery",
"uuid": "13d3e396-14a1-4642-9dea-e61e30a2c7bf"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"pattern": "[file:hashes.MD5 = '0f56b04a4e9a0df94c7f89c1bccf830c' AND file:hashes.SHA1 = '73895da7b3f1780eeca9750172e1a9545fa63782' AND file:hashes.SHA256 = 'd5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:21.000Z",
"modified": "2019-04-04T10:59:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T21:41:37",
"category": "Other",
"uuid": "9c7704c6-2d0d-44e5-9a55-f7a5459016dc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c/analysis/1553722897/",
"category": "Payload delivery",
"uuid": "6a2896ea-9cdf-4461-b8cc-b02fa1353e37"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/54",
"category": "Payload delivery",
"uuid": "f45ebe03-d435-4aef-a6ae-8b4a83142f23"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"pattern": "[file:hashes.MD5 = '914ac7ecf2557d5836f26a151c1b9b62' AND file:hashes.SHA1 = '49b7c035cead28573b793b3947621a330b216b2b' AND file:hashes.SHA256 = '245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-26T01:43:50",
"category": "Other",
"uuid": "f04f4c69-06c2-4ae6-b54c-103f2ea7b273"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/245d0d8b02875720d39c24fe0278fc24bb87ffd97a7c62a1d1723dbfe5b72cdc/analysis/1553564630/",
"category": "Payload delivery",
"uuid": "74ab99c3-0e96-43f9-b286-6058716bd1e5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/59",
"category": "Payload delivery",
"uuid": "75cff71b-ee95-4f7a-aae1-06e70db035f8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"pattern": "[file:hashes.MD5 = 'aac00312a961e81c4af4664c49b4a2b2' AND file:hashes.SHA1 = 'ab4fb9d8f917d2c45f3792c05c29799bf27cdd9f' AND file:hashes.SHA256 = 'a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--67497812-2875-4d21-b39b-84c4814b8589",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-27T21:41:15",
"category": "Other",
"uuid": "f5b5ee0e-d5ea-48b9-bbd6-b7ca034d1926"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a205c5cdc00e83ddb12470793b3eb2310425a06072d67f6f9617650fb55d6b14/analysis/1553722875/",
"category": "Payload delivery",
"uuid": "02fc2be9-9f6a-4e0f-bfde-4d104ce30909"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/68",
"category": "Payload delivery",
"uuid": "e13fd81b-0e00-4ede-83e3-d81894abf9e5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"pattern": "[file:hashes.MD5 = 'bcc49643833a4d8545ed4145fb6fdfd2' AND file:hashes.SHA1 = 'a88113c715c8ee254057bc7926d3535ab841e122' AND file:hashes.SHA256 = '98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-02T03:51:02",
"category": "Other",
"uuid": "c84221c1-2109-44be-80bb-c2ba345a8982"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/98db913f5793f8c2df6bff01dc9fe7d37279116093e17c2d669ad359466766ad/analysis/1554177062/",
"category": "Payload delivery",
"uuid": "1bf2ee69-ee15-46ba-bdd4-50bd88c487c5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/68",
"category": "Payload delivery",
"uuid": "96e1c7d8-951a-4d53-9c3d-3a63867a2545"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"pattern": "[file:hashes.MD5 = '9b19753369b6ed1187159b95fc8a81cd' AND file:hashes.SHA1 = 'cafb67eeb2de076e7e6b0143dac87bb11f7134ac' AND file:hashes.SHA256 = '6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:22.000Z",
"modified": "2019-04-04T10:59:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-03T06:46:43",
"category": "Other",
"uuid": "3ece6471-807f-4c4d-b89c-79398038f291"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c/analysis/1554274003/",
"category": "Payload delivery",
"uuid": "d09276c9-1ad3-45d7-8c11-ce53d55b1260"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/51",
"category": "Payload delivery",
"uuid": "85c82a65-c099-4c8b-925c-86dccbcb56c4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:23.000Z",
"modified": "2019-04-04T10:59:23.000Z",
"pattern": "[file:hashes.MD5 = '062801f6fdbda4dd67b77834c62e82a4' AND file:hashes.SHA1 = 'c02e298f63acb20246683c302f0a71bfd7081f88' AND file:hashes.SHA256 = 'eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:23.000Z",
"modified": "2019-04-04T10:59:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04T01:15:33",
"category": "Other",
"uuid": "27d9d610-e0f2-4341-b907-c0c9f30cba10"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/eacc0ee88a0b0db7d89fdf5b76406fe1c4ea409f23a95e7230789b475cf4b0f0/analysis/1554340533/",
"category": "Payload delivery",
"uuid": "4720cca9-9ec5-4768-b5ae-212af40fe5e0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/61",
"category": "Payload delivery",
"uuid": "4e900f7c-0a63-48f0-8b15-ad1f62b94084"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--adc64a31-03f0-414f-9a20-51da35e8f47d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:23.000Z",
"modified": "2019-04-04T10:59:23.000Z",
"pattern": "[file:hashes.MD5 = '9b81b3174c9b699f594d725cf89ffaa4' AND file:hashes.SHA1 = 'c9967af445a3416d0ff3701555e83529ff482ff9' AND file:hashes.SHA256 = '4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:23.000Z",
"modified": "2019-04-04T10:59:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-29T05:33:11",
"category": "Other",
"uuid": "2ed2edb7-aaa6-4812-9244-fd3fc3919580"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22/analysis/1553837591/",
"category": "Payload delivery",
"uuid": "a77aacfd-49a3-4eaf-8962-ff0fae0b7eea"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/59",
"category": "Payload delivery",
"uuid": "488706c1-fcfa-4db9-af64-9e79cc1748e8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--631d6673-b540-4d35-891c-0583af76d3cc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:23.000Z",
"modified": "2019-04-04T10:59:23.000Z",
"pattern": "[file:hashes.MD5 = '49419d84076b13e96540fdd911f1c2f0' AND file:hashes.SHA1 = '35749e82cd605e07b4145b48ef677721a113ae20' AND file:hashes.SHA256 = 'e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-04T10:59:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-29T03:27:04",
"category": "Other",
"uuid": "e7fd965e-5fbe-4d19-8861-6bb7aecad60e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e88fb2337594adbf00f0bc30af3f315056a892f2bad832247b383fe12797fb4b/analysis/1553830024/",
"category": "Payload delivery",
"uuid": "b65b97c1-4007-41e6-a420-eb82e6db6754"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/58",
"category": "Payload delivery",
"uuid": "9eb24880-f920-444d-963e-624562a666d9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--57e2c10f-6501-4a4e-9ba9-f828576dfc33",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--93cde704-eb81-46a1-bf16-412a7c6abbdf",
"target_ref": "x-misp-object--bb78d9ea-99dd-4557-8135-d577734bdace"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--832387c0-241d-4266-b58d-337992c6f284",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e6a06d80-1a38-4b89-8be3-0242f4f284be",
"target_ref": "x-misp-object--382da157-8d8e-479d-8449-2a7a7c54b674"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a878928c-347e-41fb-9434-00720d413ea6",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f6d2b694-c79b-465e-979a-cb05135b5a97",
"target_ref": "x-misp-object--ecd4d490-5fe8-46c8-8434-ecdaf383d422"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b49e99d9-b692-4b06-9db7-b9dd61c03642",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b6cdc62f-aae9-4a50-a4cc-4ce3a17cd2f7",
"target_ref": "x-misp-object--54777b78-ec4c-4356-8e7e-47c9bf4cdcda"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e9618ce1-64f9-4d93-84c5-66eb02af9838",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c945a6c0-c445-4c44-be12-83436bcfd415",
"target_ref": "x-misp-object--94d10499-0534-45c0-8ecf-770f73b5db6c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--043de55a-1ecb-4017-b938-1d67ca182375",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9328597f-c9b9-417d-8c35-0a3a6c45d73b",
"target_ref": "x-misp-object--36ac2225-5a1d-4974-b50b-0867497073fc"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--42d0d8a5-f7fd-46e5-884d-78658a23f643",
"created": "2019-04-04T10:59:24.000Z",
"modified": "2019-04-04T10:59:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--550a0ca7-ccf5-4143-96dd-b372c9d532f3",
"target_ref": "x-misp-object--99a75d1e-e23b-4c36-a2e8-9ff4fcf7ec5a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7d375b45-c673-43a0-881d-2a64b0fc9bec",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ff40c2e7-d34c-4542-a26c-17e782a6fafb",
"target_ref": "x-misp-object--947c136b-e247-4529-849b-09ddeea124f0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--82f13e23-7838-4460-83e3-9ca9fcf60f2b",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6d055204-92e1-440c-9a0b-6e0fd09d72e9",
"target_ref": "x-misp-object--f517121e-0639-45a7-a0ce-7d7e1826730a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b27f5f12-d4e1-4a36-b67a-770d686e47ad",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--eb0a6c2c-53fb-4aef-a7fd-da6c154281e9",
"target_ref": "x-misp-object--ef1af813-b308-4fb3-89ad-b57491d76acb"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--40d8406b-1fe4-48f9-bf3d-93f7bda7c543",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--dd29a4a3-c07e-4a56-9f27-410b1e070559",
"target_ref": "x-misp-object--2681a029-e095-4a15-a60e-5b39bb9cf743"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ff1fdf76-73cc-4d23-ba1d-347fefe2f03a",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--996e8502-42f2-46ce-a819-264bd1c0374e",
"target_ref": "x-misp-object--5508860a-3775-4c49-a97c-234666b38510"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0cc29856-228a-419b-b8c4-d3dd83a5cc48",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ffebb241-ef81-48b2-91e3-fe715182f904",
"target_ref": "x-misp-object--ace2107f-3ab5-4b01-a221-521235ac2753"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--72edd82f-bf8e-4f27-adb4-456ae2fd4811",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5565b852-a761-4c28-b520-91f0eac10203",
"target_ref": "x-misp-object--0c6ca9fc-6775-4329-819b-0af00f86b722"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--05ad90bf-0fe9-41db-9083-64a32feb7d3c",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4226488e-3eca-40fe-b7cd-7cd72eac36ed",
"target_ref": "x-misp-object--f42cd377-f5d2-4495-a22b-e072af84b53d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0d360a33-5a40-4625-b8cb-1447e779d484",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b218ae1a-0d6c-4a65-8fca-502b578fe1b7",
"target_ref": "x-misp-object--e846f5c4-79f6-4e64-b744-222508aad1f8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4f7f9465-04be-4962-9e5a-99a171030587",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1d235ad4-9ff2-465f-b0c3-59401db6a1ba",
"target_ref": "x-misp-object--67497812-2875-4d21-b39b-84c4814b8589"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2024dc63-cf14-424d-b35c-6ff22091a356",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e540d071-510e-4aa4-a9b2-9bc49249b5d9",
"target_ref": "x-misp-object--99640379-c5b4-4f87-9607-87df8a39953c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e019ce68-457a-44be-87d7-40e017b1d788",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2f03f8ef-703c-4570-9f50-3a5819b28a8f",
"target_ref": "x-misp-object--41e4fe85-b192-4277-b98a-00b4a08132bc"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0238a367-40d8-4e7a-9e79-a9ca344a8d36",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a5e8c39c-fb23-4ef1-9eb8-437d87e73067",
"target_ref": "x-misp-object--2af039b9-991a-4586-8fda-41e7098a1803"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4c8a30e2-3203-476a-bb58-3c9d51043331",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--adc64a31-03f0-414f-9a20-51da35e8f47d",
"target_ref": "x-misp-object--23fa7a2f-f0b6-4dd1-91d5-64fd38f60409"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fc7a080f-747f-4290-9642-f8f483e40f9b",
"created": "2019-04-04T10:59:25.000Z",
"modified": "2019-04-04T10:59:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--631d6673-b540-4d35-891c-0583af76d3cc",
"target_ref": "x-misp-object--86d59c0c-a662-4aa5-8dcb-34823bc70f44"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink