adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/1edd5ee1-7c91-4233-840a-6c419d6afc62.json

1366 lines
No EOL
62 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--1edd5ee1-7c91-4233-840a-6c419d6afc62",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--1edd5ee1-7c91-4233-840a-6c419d6afc62",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"name": "OSINT - IronNetInjector: Turla\u2019s New Malware Loading Tool",
"published": "2021-02-20T16:53:20Z",
"object_refs": [
"x-misp-attribute--191d97b2-d7ea-49cb-a19a-2f560bc94b3b",
"indicator--d9c8070f-ea2b-47e8-ae78-30a1f85a788c",
"indicator--f4642726-7d3a-4f77-ac23-59c220678eb0",
"indicator--7218aec5-416f-438e-936a-1ba1f92ab346",
"indicator--25def1c1-4edf-46dd-b831-d21ae46b1a48",
"indicator--3e136590-6d34-418c-9896-78defc1c3f1c",
"indicator--8c99b060-e98f-4903-a660-9b179da4f06b",
"indicator--103f647f-76fc-4698-8193-2c29df55f26e",
"indicator--00f2f454-0978-43f9-9dd8-55d407f1c190",
"indicator--8389a593-98d2-4ae2-ae3a-3efbe519672a",
"indicator--c803c285-7b5e-41a2-8039-4cf867cc0cd3",
"indicator--eeeffb3a-b92e-43d8-a954-60e99fd478d4",
"indicator--490b1de9-53aa-4776-81fb-3ddd8f226dbf",
"indicator--61288f48-9193-4986-942d-8186dc5832c3",
"indicator--c01c2b14-2df0-48be-a8b9-151d1eb6cabb",
"indicator--ee49fa56-c0d1-4cf6-bd09-2a7c41e82812",
"x-misp-attribute--1af7dfc6-d905-4932-aa29-6e8b580c1419",
"x-misp-attribute--f77b67e3-040f-43c6-b27f-7b3adb17acbc",
"x-misp-object--b380f86c-fab0-4725-9f44-75c0066c3443",
"indicator--b98e2b87-92d7-423a-ab0c-c2b959ed1531",
"x-misp-object--c344702e-a806-4c8f-b775-73df55233630",
"indicator--bb6d2897-d966-484f-a16e-ef0d4883382c",
"x-misp-object--0999e1c5-edb5-4951-bb60-8439a93b7d1f",
"indicator--9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1",
"x-misp-object--b267c9dd-a93a-485d-8669-f183f000e830",
"indicator--fd84b821-3908-4308-82c5-3e80414485c0",
"x-misp-object--8952247a-923b-45d0-aeb2-e205c1471a97",
"indicator--ed5dc5f9-19a2-4c52-b860-6e397828864c",
"x-misp-object--0628a0ba-1c51-4611-973f-127abfcbd35d",
"indicator--f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e",
"x-misp-object--ad644c7f-4026-413d-b7fd-c7d9b092715c",
"indicator--9429ddde-5558-4980-b168-6adae4f881ee",
"x-misp-object--75ee7887-867a-44c9-99fa-c69874e6c3d2",
"indicator--f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75",
"x-misp-object--d6e00d51-3e6b-4568-9cec-dd77c1c0de47",
"indicator--cd640421-1b74-4819-80e6-1c92cf4344e4",
"x-misp-object--521e7905-f504-432c-ad34-54b87b7896b3",
"indicator--0c0447cb-deb3-4606-b74e-5d016a305472",
"x-misp-object--d03967cc-5531-4f85-9fd7-c89057ee0c22",
"indicator--0ad792f3-1b7b-4510-a584-a113276453bc",
"x-misp-object--98cec741-7605-4ec0-8d35-7a8fa6037977",
"indicator--76c0248c-4198-4bea-b5d0-d33e7d28a020",
"x-misp-object--ee307c62-c260-4da8-9d74-ceff7b11ea45",
"relationship--0d87868b-cdcc-4c69-baf6-8b2bdbf6d560",
"relationship--87acd184-a610-43dc-9873-8d58ae3d5327",
"relationship--0addde89-794a-4963-ac15-da594383c84c",
"relationship--419f8139-e669-48d5-b9d7-a99cb03b7402",
"relationship--e888aa6c-e26b-46bc-8edf-f2e5b18a3091",
"relationship--9a76f6bb-f81b-429b-a2ba-7c832aabe9ec",
"relationship--270743a6-b76b-4be6-a0ea-4162b78fb7db",
"relationship--c7ccc096-2225-47ce-8370-08f4b9a6604f",
"relationship--8d2fea37-f936-4801-8f58-131445bc8b93",
"relationship--fcaf39dc-f5ba-47f3-b4b5-b8b1cbf511e2",
"relationship--89d9c916-8ffb-4688-85ec-8b815d02e8d5",
"relationship--3275e726-6b6b-45e2-8da0-c9ad6e9ecd52"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--191d97b2-d7ea-49cb-a19a-2f560bc94b3b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:50:34.000Z",
"modified": "2021-02-20T08:50:34.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "%USERPROFILE%\\source\\repos\\c4\\agent\\build\\_tools\\agent\\_dll\\_to\\_Python\\_loader\\NetInjector\\NetInjector\\obj\\Release\\NetInjector.pdb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d9c8070f-ea2b-47e8-ae78-30a1f85a788c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f4642726-7d3a-4f77-ac23-59c220678eb0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = '63d7695dabefb97aa30cbe522647c95395b44321e1a3b08b8028e4000d1be15e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7218aec5-416f-438e-936a-1ba1f92ab346",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25def1c1-4edf-46dd-b831-d21ae46b1a48",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = '3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3e136590-6d34-418c-9896-78defc1c3f1c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8c99b060-e98f-4903-a660-9b179da4f06b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--103f647f-76fc-4698-8193-2c29df55f26e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--00f2f454-0978-43f9-9dd8-55d407f1c190",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8389a593-98d2-4ae2-ae3a-3efbe519672a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'ba17af72a9d90822eed447b8526fb68963f0cde78df07c16902dc5a0c44536c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c803c285-7b5e-41a2-8039-4cf867cc0cd3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = '8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eeeffb3a-b92e-43d8-a954-60e99fd478d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = '18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--490b1de9-53aa-4776-81fb-3ddd8f226dbf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--61288f48-9193-4986-942d-8186dc5832c3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'c430ebab4bf827303bc4ad95d40eecc7988bdc17cc139c8f88466bc536755d4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c01c2b14-2df0-48be-a8b9-151d1eb6cabb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ee49fa56-c0d1-4cf6-bd09-2a7c41e82812",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:48:30.000Z",
"modified": "2021-02-20T08:48:30.000Z",
"pattern": "[file:hashes.SHA256 = 'b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T08:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--1af7dfc6-d905-4932-aa29-6e8b580c1419",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:51:54.000Z",
"modified": "2021-02-20T08:51:54.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "F:\\Dev\\NetInjector\\bin\\Release\\NetBootstrapper\\_Win32.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--f77b67e3-040f-43c6-b27f-7b3adb17acbc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:50:20.000Z",
"modified": "2021-02-20T08:50:20.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "F:\\Dev\\NetInjector\\bin\\Release\\NetBootstrapper\\_x64.pdb"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b380f86c-fab0-4725-9f44-75c0066c3443",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T08:47:53.000Z",
"modified": "2021-02-20T08:47:53.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://unit42.paloaltonetworks.com/ironnetinjector/",
"category": "External analysis",
"uuid": "4f7c4a75-b3d0-4141-a0d5-1ab8216f1ff7"
},
{
"type": "text",
"object_relation": "summary",
"value": "In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use \u2013 including threat actors. This not only saves the bad guys development time, but also makes it much easier for them to find new ideas to prevent detection of their malware.\r\n\r\nUnit 42 researchers have found several malicious IronPython scripts whose purpose is to load and run Turla\u2019s malware tools on a victim\u2019s system. The use of IronPython for malicious purposes isn\u2019t new, but the way Turla uses it is new. The overall method is known as Bring Your Own Interpreter (BYOI). It describes the use of an interpreter, not present on a system by default, to run malicious code of an interpreted programming or scripting language.\r\n\r\nThe first malicious IronPython scripts of the tool we describe here were discovered last year by a security researcher from FireEye. At the beginning of this year, another security researcher from Dragos pointed out some new scripts of the same threat actor uploaded to VirusTotal from two different submitters. We found that one of the submitters also uploaded two other samples, which are most likely embedded payloads of one of the IronPython scripts. These samples helped us to understand how this tool works, what malware it loads and which threat actor uses it.\r\n\r\nWhile the IronPython scripts are only the first part of the tool, the main task of loading malware is done by an embedded process injector. We dubbed this toolchain IronNetInjector, the blend of IronPython and the injector\u2019s internal project name NetInjector. In this blog, we describe the IronPython scripts and how they\u2019re used to load one or more payloads with the help of an injector.\r\n\r\nPalo Alto Networks customers are protected from this threat through WildFire and Cortex XDR. AutoFocus customers can investigate this activity with the tag \u201cIronNetInjector\u201d.",
"category": "Other",
"uuid": "5e9d4958-9976-4f9d-a7e6-25b1268356d3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b98e2b87-92d7-423a-ab0c-c2b959ed1531",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:03.000Z",
"modified": "2021-02-20T09:06:03.000Z",
"pattern": "[file:hashes.MD5 = '0674e34d0b01e1c71e4666da1f3b589f' AND file:hashes.SHA1 = '0133512142805b89b5a86dfa67a82aaedbbab69c' AND file:hashes.SHA256 = 'b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c344702e-a806-4c8f-b775-73df55233630",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T19:36:11+00:00",
"category": "Other",
"uuid": "953df01c-4d2e-450a-afd9-d31ece971d4f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040/detection/f-b641687696b66e6e820618acc4765162298ba3e9106df4ef44b2218086ce8040-1613763371",
"category": "Payload delivery",
"uuid": "bbfdefe0-60e7-4bfc-a6fa-8491930fd0f8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "7/59",
"category": "Payload delivery",
"uuid": "c6daa0ea-94a8-4656-88a2-9385e163db80"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bb6d2897-d966-484f-a16e-ef0d4883382c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = '48f52e0c7aa72c2ccc5f5fcbd8e1290b' AND file:hashes.SHA1 = '347f31769431ad70147e68fbb6bfa1e17fe283e9' AND file:hashes.SHA256 = 'b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0999e1c5-edb5-4951-bb60-8439a93b7d1f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T18:04:13+00:00",
"category": "Other",
"uuid": "a72d5d15-a703-44ee-85a8-3944ca8c30ee"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d/detection/f-b095fd3bd3ed8be178dafe47fc00c5821ea31d3f67d658910610a06a1252f47d-1613757853",
"category": "Payload delivery",
"uuid": "d35f9f97-e4fd-47fb-bb91-0b848af5ed4c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/59",
"category": "Payload delivery",
"uuid": "2d866758-093e-4856-bf2a-e758ce033f7c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = 'f376bc51b1220e5fc520ce60762ac6ce' AND file:hashes.SHA1 = '3e65b2df40001253ad8d9a3430a597c7b028bae9' AND file:hashes.SHA256 = 'a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b267c9dd-a93a-485d-8669-f183f000e830",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-20T03:39:41+00:00",
"category": "Other",
"uuid": "27d7b061-8f1c-45c8-a1e3-0664f11916e7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061/detection/f-a64e79a81b5089084ff88e3f4130e9d5fa75e732a1d310a1ae8de767cbbab061-1613792381",
"category": "Payload delivery",
"uuid": "3370b374-bfa9-433e-b062-6c64666954d1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/70",
"category": "Payload delivery",
"uuid": "ac3a1514-866c-4895-8133-d003a148510f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd84b821-3908-4308-82c5-3e80414485c0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = '9446059710c1869fc8aa9f0ef75d82f4' AND file:hashes.SHA1 = 'a91612cadaccc19d101710b0ae77151a7a1b043b' AND file:hashes.SHA256 = '8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8952247a-923b-45d0-aeb2-e205c1471a97",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T18:04:19+00:00",
"category": "Other",
"uuid": "a81ae9f3-97d4-4ace-8e64-c8e7e7370af4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72/detection/f-8df0c705da0eab20ba977b608f5a19536e53e89b14e4a7863b7fd534bd75fd72-1613757859",
"category": "Payload delivery",
"uuid": "30a8de8e-8eb2-4ace-855d-e74fcb54608d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/59",
"category": "Payload delivery",
"uuid": "f099139a-13f7-46ba-918e-0492e4ca4340"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ed5dc5f9-19a2-4c52-b860-6e397828864c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = '7fcd8d3fde761de1d894dcf87827dde3' AND file:hashes.SHA1 = 'f2284d4777d2b5d2faf33844084b94c9552d5294' AND file:hashes.SHA256 = 'a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0628a0ba-1c51-4611-973f-127abfcbd35d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-20T03:38:42+00:00",
"category": "Other",
"uuid": "67b46cdc-27d2-4d07-9be9-e932cbbcde01"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56/detection/f-a62e1a866bc248398b6abe48fdb44f482f91d19ccd52d9447cda9bc074617d56-1613792322",
"category": "Payload delivery",
"uuid": "0091c69d-d04c-4879-aa0c-44616bf64e5a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/70",
"category": "Payload delivery",
"uuid": "803cccf0-f675-4664-80b4-f907076d9238"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = '1777b81f3f87648b2344ea480bbcba65' AND file:hashes.SHA1 = 'ae76df8def138b6d4c82984f7172ed5bba737e1b' AND file:hashes.SHA256 = 'c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ad644c7f-4026-413d-b7fd-c7d9b092715c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-20T09:03:32+00:00",
"category": "Other",
"uuid": "8b32b042-1ddb-443b-a4a7-0679753f79d1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9/detection/f-c59fadeb8f58bbdbd73d9a2ac0d889d1a0a06295f1b914c0bd5617cfb1a08ce9-1613811812",
"category": "Payload delivery",
"uuid": "ee58a958-335f-43e6-a69e-cd4a46551abc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "3/69",
"category": "Payload delivery",
"uuid": "1ca876a3-9ff0-4392-84df-11ee11f2c491"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9429ddde-5558-4980-b168-6adae4f881ee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = 'eff5881b4bf83386e26c451ff7c34a90' AND file:hashes.SHA1 = 'd7a18413d8c2b2525a0c90aaa392bdaef377e2ec' AND file:hashes.SHA256 = '18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--75ee7887-867a-44c9-99fa-c69874e6c3d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T18:13:50+00:00",
"category": "Other",
"uuid": "69cb8722-3339-4367-9f5f-19af913184b0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746/detection/f-18c173433daafcc3aea17fc4f7792d0ff235f4075a00feda88aa1c9f8f6e1746-1613758430",
"category": "Payload delivery",
"uuid": "b864d0d7-71ef-4c0c-97a2-96d45559960f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/70",
"category": "Payload delivery",
"uuid": "2e321a84-f066-4515-bc1e-ce0ddd84e98f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = '0ebe822e8c7ebb803ae5b6b74601c36f' AND file:hashes.SHA1 = '86681c0c9b171f1afef5b06104abe8abcf0c992e' AND file:hashes.SHA256 = '3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d6e00d51-3e6b-4568-9cec-dd77c1c0de47",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T18:02:33+00:00",
"category": "Other",
"uuid": "fb9530c3-4758-49cb-a9e9-55a039df9dd8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6/detection/f-3aa37559ef282ee3ee67c4a61ce4786e38d5bbe19bdcbeae0ef504d79be752b6-1613757753",
"category": "Payload delivery",
"uuid": "a5e137aa-eb61-4524-9b88-4113cbe136bb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/60",
"category": "Payload delivery",
"uuid": "324b299c-0c8c-4430-97b2-9fc02b095f97"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd640421-1b74-4819-80e6-1c92cf4344e4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = 'd672139849f9855bfb703fcaec020a2f' AND file:hashes.SHA1 = '7e138c1337a29868fddfa99f52dfe1de38e46c9e' AND file:hashes.SHA256 = 'c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--521e7905-f504-432c-ad34-54b87b7896b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T19:37:27+00:00",
"category": "Other",
"uuid": "78473fdb-7413-479d-89f9-eaf44270cad9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad/detection/f-c1b8ecce81cf4ff45d9032dc554efdc7a1ab776a2d24fdb34d1ffce15ef61aad-1613763447",
"category": "Payload delivery",
"uuid": "e92bfb2d-804e-46e9-a1db-bea4af8058b4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "4/59",
"category": "Payload delivery",
"uuid": "3809e013-1036-475c-b671-47e8a0b84008"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c0447cb-deb3-4606-b74e-5d016a305472",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = 'b11d85844af9fa84bf84ff746557f0b5' AND file:hashes.SHA1 = '44efacb89badadb486839165aba4d1ecdf3f047e' AND file:hashes.SHA256 = 'b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d03967cc-5531-4f85-9fd7-c89057ee0c22",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T18:04:36+00:00",
"category": "Other",
"uuid": "5d7a76b9-f6f8-4e46-95ed-0b198b71976f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3/detection/f-b5b4d06e1668d11114b99dbd267cde784d33a3f546993d09ede8b9394d90ebb3-1613757876",
"category": "Payload delivery",
"uuid": "c1e70c66-59bc-4f40-a8cf-4564237a915d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/58",
"category": "Payload delivery",
"uuid": "102ea680-2071-42f6-a95e-52d9a87163b0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0ad792f3-1b7b-4510-a584-a113276453bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"pattern": "[file:hashes.MD5 = 'e46da9ab2096ebb33279a808f5a7ee77' AND file:hashes.SHA1 = 'ad81f2f00f25cd0e45151d42d63c46db3ae39bed' AND file:hashes.SHA256 = 'a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--98cec741-7605-4ec0-8d35-7a8fa6037977",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:04.000Z",
"modified": "2021-02-20T09:06:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-20T09:04:22+00:00",
"category": "Other",
"uuid": "ca73ed83-05f6-4bad-be26-36e0433048df"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc/detection/f-a56f69726a237455bac4c9ac7a20398ba1f50d2895e5b0a8ac7f1cdb288c32cc-1613811862",
"category": "Payload delivery",
"uuid": "a4a46491-8771-4a52-8bd6-9bbc4477ae82"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/70",
"category": "Payload delivery",
"uuid": "9158f2ab-9d6c-48a9-b1d3-37e76f1d6c67"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--76c0248c-4198-4bea-b5d0-d33e7d28a020",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"pattern": "[file:hashes.MD5 = '98ce8c41188fcc1a92d0a23569c3765c' AND file:hashes.SHA1 = '2920d5e6c579fce772e5506caf03af65579088bd' AND file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-20T09:06:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ee307c62-c260-4da8-9d74-ceff7b11ea45",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-19T18:04:28+00:00",
"category": "Other",
"uuid": "85f958ed-446d-454f-8b88-4e47a82c063f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93/detection/f-82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93-1613757868",
"category": "Payload delivery",
"uuid": "f10b6f7e-a1ec-4fb5-8f03-16c6e00c9bf9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "18/59",
"category": "Payload delivery",
"uuid": "1c366e4f-fd00-453f-9f3b-c6cf51c09e3e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0d87868b-cdcc-4c69-baf6-8b2bdbf6d560",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b98e2b87-92d7-423a-ab0c-c2b959ed1531",
"target_ref": "x-misp-object--c344702e-a806-4c8f-b775-73df55233630"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--87acd184-a610-43dc-9873-8d58ae3d5327",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bb6d2897-d966-484f-a16e-ef0d4883382c",
"target_ref": "x-misp-object--0999e1c5-edb5-4951-bb60-8439a93b7d1f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0addde89-794a-4963-ac15-da594383c84c",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9f5dc2c2-3bfc-4447-b9d6-01d1ece470b1",
"target_ref": "x-misp-object--b267c9dd-a93a-485d-8669-f183f000e830"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--419f8139-e669-48d5-b9d7-a99cb03b7402",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fd84b821-3908-4308-82c5-3e80414485c0",
"target_ref": "x-misp-object--8952247a-923b-45d0-aeb2-e205c1471a97"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e888aa6c-e26b-46bc-8edf-f2e5b18a3091",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ed5dc5f9-19a2-4c52-b860-6e397828864c",
"target_ref": "x-misp-object--0628a0ba-1c51-4611-973f-127abfcbd35d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9a76f6bb-f81b-429b-a2ba-7c832aabe9ec",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f844e12e-96a5-4275-9a6a-4fb3f6ab5a1e",
"target_ref": "x-misp-object--ad644c7f-4026-413d-b7fd-c7d9b092715c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--270743a6-b76b-4be6-a0ea-4162b78fb7db",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9429ddde-5558-4980-b168-6adae4f881ee",
"target_ref": "x-misp-object--75ee7887-867a-44c9-99fa-c69874e6c3d2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c7ccc096-2225-47ce-8370-08f4b9a6604f",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f4dd150b-bc46-4ca3-bfd4-6e9bbdf57a75",
"target_ref": "x-misp-object--d6e00d51-3e6b-4568-9cec-dd77c1c0de47"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8d2fea37-f936-4801-8f58-131445bc8b93",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cd640421-1b74-4819-80e6-1c92cf4344e4",
"target_ref": "x-misp-object--521e7905-f504-432c-ad34-54b87b7896b3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fcaf39dc-f5ba-47f3-b4b5-b8b1cbf511e2",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0c0447cb-deb3-4606-b74e-5d016a305472",
"target_ref": "x-misp-object--d03967cc-5531-4f85-9fd7-c89057ee0c22"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--89d9c916-8ffb-4688-85ec-8b815d02e8d5",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0ad792f3-1b7b-4510-a584-a113276453bc",
"target_ref": "x-misp-object--98cec741-7605-4ec0-8d35-7a8fa6037977"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3275e726-6b6b-45e2-8da0-c9ad6e9ecd52",
"created": "2021-02-20T09:06:05.000Z",
"modified": "2021-02-20T09:06:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--76c0248c-4198-4bea-b5d0-d33e7d28a020",
"target_ref": "x-misp-object--ee307c62-c260-4da8-9d74-ceff7b11ea45"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink