724 lines
No EOL
32 KiB
JSON
724 lines
No EOL
32 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a38ca48-6680-437d-9e0f-483c950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T03:00:57.000Z",
|
|
"modified": "2017-12-20T03:00:57.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5a38ca48-6680-437d-9e0f-483c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T03:00:57.000Z",
|
|
"modified": "2017-12-20T03:00:57.000Z",
|
|
"name": "OSINT - Still stealing",
|
|
"published": "2017-12-28T13:32:38Z",
|
|
"object_refs": [
|
|
"observed-data--5a38cb63-68d8-4fd2-97c3-40f9950d210f",
|
|
"url--5a38cb63-68d8-4fd2-97c3-40f9950d210f",
|
|
"x-misp-attribute--5a38cc0e-52b4-4946-ba9c-486a950d210f",
|
|
"indicator--5a38cd0d-037c-4b00-9381-4e4d950d210f",
|
|
"indicator--5a38cfed-baac-45bb-81c8-4bd3950d210f",
|
|
"indicator--5a38d001-0a3c-4a8c-b855-4c46950d210f",
|
|
"indicator--5a38d018-4444-41b0-b9c1-40ea950d210f",
|
|
"indicator--5a38d02d-f844-4b81-8f7c-41e2950d210f",
|
|
"indicator--5a38d053-0424-4550-b8ed-453c950d210f",
|
|
"indicator--5a38d069-6740-4cdf-9c24-4f87950d210f",
|
|
"indicator--5a38d09a-ed18-4fac-83d1-46e9950d210f",
|
|
"indicator--5a38d0ad-7428-4f3f-ad5b-4c2a950d210f",
|
|
"indicator--5a38d0c5-3f94-40e2-b1f6-4349950d210f",
|
|
"indicator--5a38d0d8-5718-4156-bcd7-47d5950d210f",
|
|
"indicator--6fe67d92-616f-40d3-9109-b4f83e2a0741",
|
|
"x-misp-object--8f183339-e8ab-4853-be97-99f409fc08d2",
|
|
"indicator--e9e3b8bd-a618-4358-b8d3-1d5ce9c415db",
|
|
"x-misp-object--b5aa1a71-dd17-424e-bb32-0826f1ff7358",
|
|
"indicator--269f5f40-7ac3-45a1-b4a6-54fc9f1f2e4d",
|
|
"x-misp-object--da8a4ed3-8361-4adc-8860-8416174b521f",
|
|
"indicator--40d9fe4a-ccfe-41d8-8126-9db4703bb82b",
|
|
"x-misp-object--0822200d-0114-42d4-b6bf-1830450707cd",
|
|
"indicator--8a35b400-e6ca-4d87-8a83-af19c77757b4",
|
|
"x-misp-object--09d35a23-a69a-48df-b407-be295d123fbf",
|
|
"relationship--8c5023fa-4dda-425f-909e-31c4eaf4a162",
|
|
"relationship--5409d1b6-8754-4c3f-88dc-5cd9f7d03a9d",
|
|
"relationship--274307b7-8ced-4f1b-a295-f60405567719",
|
|
"relationship--a9a6f041-faf4-4578-aed6-e7b721f9f774",
|
|
"relationship--1e6f8758-763d-4b02-ac3c-df773984ac2d"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:source-type=\"blog-post\"",
|
|
"ms-caro-malware:malware-platform=\"AndroidOS\"",
|
|
"Android Malware",
|
|
"ms-caro-malware-full:malware-platform=\"AndroidOS\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a38cb63-68d8-4fd2-97c3-40f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:42.000Z",
|
|
"modified": "2017-12-19T09:36:42.000Z",
|
|
"first_observed": "2017-12-19T09:36:42Z",
|
|
"last_observed": "2017-12-19T09:36:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a38cb63-68d8-4fd2-97c3-40f9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a38cb63-68d8-4fd2-97c3-40f9950d210f",
|
|
"value": "https://securelist.com/still-stealing/83343/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5a38cc0e-52b4-4946-ba9c-486a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:42.000Z",
|
|
"modified": "2017-12-19T09:36:42.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Two years ago in October 2015 we published a blogpost about a popular malware that was being distributed from the Google Play Store. Over the next two years we detected several similar apps on Google Play, but in October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com. All of them have been detected by Kaspersky Lab products as Trojan-PSW.AndroidOS.MyVk.o. We reported 72 of them to Google and they deleted these malicious apps from Google Play Store, 13 other apps were already deleted. Furthermore, we reported these apps with technical details to VK.com. One of these apps was masquerading as a game and was installed more than a million times according to Google Play Store."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38cd0d-037c-4b00-9381-4e4d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:42.000Z",
|
|
"modified": "2017-12-19T09:36:42.000Z",
|
|
"description": "CNC",
|
|
"pattern": "[domain-name:value = 'guest-stat.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T09:36:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38cfed-baac-45bb-81c8-4bd3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:38:05.000Z",
|
|
"modified": "2017-12-19T08:38:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f5f8df1f35a942f9092bde9f277b7120' AND file:name = 'com.parmrp.rump' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:38:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d001-0a3c-4a8c-b855-4c46950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:38:25.000Z",
|
|
"modified": "2017-12-19T08:38:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6b55af8c4fb6968082ca2c88745043a1' AND file:name = 'com.weeclient.clientold' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:38:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d018-4444-41b0-b9c1-40ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:38:48.000Z",
|
|
"modified": "2017-12-19T08:38:48.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c70dcf9f0441e3230f2f338467cd9cb7' AND file:name = 'com.anocat.stelth' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:38:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d02d-f844-4b81-8f7c-41e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:39:09.000Z",
|
|
"modified": "2017-12-19T08:39:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6d6b0b97facaa2e6d4e985fa5e3332a1' AND file:name = 'com.xclient.old' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:39:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d053-0424-4550-b8ed-453c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:39:47.000Z",
|
|
"modified": "2017-12-19T08:39:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a623b3784256105333962ddca50785f' AND file:name = 'com.yourmusicoff.yourmusickoff' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d069-6740-4cdf-9c24-4f87950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:40:09.000Z",
|
|
"modified": "2017-12-19T08:40:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a7b22616c3b8223116b542d5afd5c05' AND file:name = 'com.sharp.playerru' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:40:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d09a-ed18-4fac-83d1-46e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:40:58.000Z",
|
|
"modified": "2017-12-19T08:40:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '053e2cf49a5d818663d9010344aa3329' AND file:name = 'com.musicould.close' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:40:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d0ad-7428-4f3f-ad5b-4c2a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:41:17.000Z",
|
|
"modified": "2017-12-19T08:41:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2b39b22ef2384f0aa529705af68b1192' AND file:name = 'com.prostie.dvijenija' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:41:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d0c5-3f94-40e2-b1f6-4349950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:41:41.000Z",
|
|
"modified": "2017-12-19T08:41:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6974770565c5f0ffdd52fc74f1bca732' AND file:name = 'com.appoffline.musicplayer' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:41:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a38d0d8-5718-4156-bcd7-47d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T08:42:00.000Z",
|
|
"modified": "2017-12-19T08:42:00.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6cbc63cbe753b2e4cb6b9a8505775389' AND file:name = 'com.planeplane.paperplane' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T08:42:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6fe67d92-616f-40d3-9109-b4f83e2a0741",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:45.000Z",
|
|
"modified": "2017-12-19T09:36:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2b39b22ef2384f0aa529705af68b1192' AND file:hashes.SHA1 = 'e6a359421d85dbe4a76d6f8ecbabd9342b32c3d7' AND file:hashes.SHA256 = '05d2ac540006db560136980bcf2a2e35e64b96fd5b05667e889d9d1bf9d40f3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T09:36:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8f183339-e8ab-4853-be97-99f409fc08d2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:42.000Z",
|
|
"modified": "2017-12-19T09:36:42.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/05d2ac540006db560136980bcf2a2e35e64b96fd5b05667e889d9d1bf9d40f3e/analysis/1513412569/",
|
|
"category": "External analysis",
|
|
"uuid": "5a38ddaa-2dd4-473c-8e43-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/62",
|
|
"category": "Other",
|
|
"uuid": "5a38ddaa-3f1c-4be6-90ef-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-16T08:22:49",
|
|
"category": "Other",
|
|
"uuid": "5a38ddaa-d4b4-4fe3-a251-bfc302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e9e3b8bd-a618-4358-b8d3-1d5ce9c415db",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:45.000Z",
|
|
"modified": "2017-12-19T09:36:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f5f8df1f35a942f9092bde9f277b7120' AND file:hashes.SHA1 = '57e780a86937f4da1f600c4f6aec143a84b15e73' AND file:hashes.SHA256 = '76fabb56d9d69031b7fefcdd365c4a4d866d3c417976121a63e8336d29b6128d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T09:36:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b5aa1a71-dd17-424e-bb32-0826f1ff7358",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:43.000Z",
|
|
"modified": "2017-12-19T09:36:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/76fabb56d9d69031b7fefcdd365c4a4d866d3c417976121a63e8336d29b6128d/analysis/1513234491/",
|
|
"category": "External analysis",
|
|
"uuid": "5a38ddab-6c08-46ea-b034-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "11/63",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-e6ec-48c8-95da-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-14T06:54:51",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-8b54-4e39-8197-bfc302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--269f5f40-7ac3-45a1-b4a6-54fc9f1f2e4d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:46.000Z",
|
|
"modified": "2017-12-19T09:36:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6974770565c5f0ffdd52fc74f1bca732' AND file:hashes.SHA1 = '9647ded84a636970cdfc5b309f7b1885e7c0f15b' AND file:hashes.SHA256 = '3834596ab1de92836c539a475b7035df8e038de9eede848bdfc266ebffae9a49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T09:36:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--da8a4ed3-8361-4adc-8860-8416174b521f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:43.000Z",
|
|
"modified": "2017-12-19T09:36:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/3834596ab1de92836c539a475b7035df8e038de9eede848bdfc266ebffae9a49/analysis/1513243224/",
|
|
"category": "External analysis",
|
|
"uuid": "5a38ddab-c1a8-4d8b-91c8-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "12/61",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-eb20-4c36-bd73-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-14T09:20:24",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-0fb0-408a-8be7-bfc302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--40d9fe4a-ccfe-41d8-8126-9db4703bb82b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:46.000Z",
|
|
"modified": "2017-12-19T09:36:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6cbc63cbe753b2e4cb6b9a8505775389' AND file:hashes.SHA1 = '107cd146af97cd0659eacaacb10cda054622a572' AND file:hashes.SHA256 = 'e82d7b592bc5b1c8f239dfa1c98af7669e80752f81440d78387ba1feba52cd9f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T09:36:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--0822200d-0114-42d4-b6bf-1830450707cd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:43.000Z",
|
|
"modified": "2017-12-19T09:36:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e82d7b592bc5b1c8f239dfa1c98af7669e80752f81440d78387ba1feba52cd9f/analysis/1513596988/",
|
|
"category": "External analysis",
|
|
"uuid": "5a38ddab-7ac0-4228-98ca-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "5/62",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-5eb8-42db-9fb2-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-18T11:36:28",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-245c-44f0-984a-bfc302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8a35b400-e6ca-4d87-8a83-af19c77757b4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:46.000Z",
|
|
"modified": "2017-12-19T09:36:46.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a7b22616c3b8223116b542d5afd5c05' AND file:hashes.SHA1 = '0dd50c4c97c3525be94cecb30cf4488760abbb25' AND file:hashes.SHA256 = 'd96840ea4eba1115b545324ac2df85078a9dced6d855fd94341a3aba97822d31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-19T09:36:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--09d35a23-a69a-48df-b407-be295d123fbf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-19T09:36:43.000Z",
|
|
"modified": "2017-12-19T09:36:43.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d96840ea4eba1115b545324ac2df85078a9dced6d855fd94341a3aba97822d31/analysis/1513240457/",
|
|
"category": "External analysis",
|
|
"uuid": "5a38ddab-e384-4904-95dd-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "3/61",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-0598-45f5-8112-bfc302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-14T08:34:17",
|
|
"category": "Other",
|
|
"uuid": "5a38ddab-5e80-4ab5-9939-bfc302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8c5023fa-4dda-425f-909e-31c4eaf4a162",
|
|
"created": "2017-12-28T13:32:38.000Z",
|
|
"modified": "2017-12-28T13:32:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6fe67d92-616f-40d3-9109-b4f83e2a0741",
|
|
"target_ref": "x-misp-object--8f183339-e8ab-4853-be97-99f409fc08d2"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5409d1b6-8754-4c3f-88dc-5cd9f7d03a9d",
|
|
"created": "2017-12-28T13:32:38.000Z",
|
|
"modified": "2017-12-28T13:32:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e9e3b8bd-a618-4358-b8d3-1d5ce9c415db",
|
|
"target_ref": "x-misp-object--b5aa1a71-dd17-424e-bb32-0826f1ff7358"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--274307b7-8ced-4f1b-a295-f60405567719",
|
|
"created": "2017-12-28T13:32:38.000Z",
|
|
"modified": "2017-12-28T13:32:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--269f5f40-7ac3-45a1-b4a6-54fc9f1f2e4d",
|
|
"target_ref": "x-misp-object--da8a4ed3-8361-4adc-8860-8416174b521f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a9a6f041-faf4-4578-aed6-e7b721f9f774",
|
|
"created": "2017-12-28T13:32:38.000Z",
|
|
"modified": "2017-12-28T13:32:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--40d9fe4a-ccfe-41d8-8126-9db4703bb82b",
|
|
"target_ref": "x-misp-object--0822200d-0114-42d4-b6bf-1830450707cd"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1e6f8758-763d-4b02-ac3c-df773984ac2d",
|
|
"created": "2017-12-28T13:32:38.000Z",
|
|
"modified": "2017-12-28T13:32:38.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8a35b400-e6ca-4d87-8a83-af19c77757b4",
|
|
"target_ref": "x-misp-object--09d35a23-a69a-48df-b407-be295d123fbf"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |