574 lines
No EOL
25 KiB
JSON
574 lines
No EOL
25 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a96f935-0b24-47b8-b0a7-4fff02de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:53:36.000Z",
|
|
"modified": "2018-02-28T18:53:36.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5a96f935-0b24-47b8-b0a7-4fff02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:53:36.000Z",
|
|
"modified": "2018-02-28T18:53:36.000Z",
|
|
"name": "OSINT - Sofacy Attacks Multiple Government Entities",
|
|
"published": "2018-02-28T18:54:29Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--5a96f942-14cc-4704-b7bf-498502de0b81",
|
|
"observed-data--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81",
|
|
"url--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81",
|
|
"indicator--5a96f9a4-b05c-4b29-bb64-cc4302de0b81",
|
|
"indicator--5a96f9a4-f0fc-4ce7-b5ac-cc4302de0b81",
|
|
"indicator--5a96f9a5-19fc-4235-a3fd-cc4302de0b81",
|
|
"indicator--5a96f9a5-0f8c-4997-87e4-cc4302de0b81",
|
|
"indicator--5a96f9f3-548c-494e-82e6-451202de0b81",
|
|
"indicator--5a96fa18-6d2c-48e6-9d3d-4d5c02de0b81",
|
|
"indicator--5a96fa2c-f7ac-4d1c-9fe9-cc4302de0b81",
|
|
"indicator--5a96faac-c9cc-49d9-b08f-a2ac02de0b81",
|
|
"indicator--3a3a5634-7788-4951-adea-a060896c5315",
|
|
"x-misp-object--988368d2-22c9-4bde-a9f8-ad5500255513",
|
|
"indicator--f1420c02-11ef-4439-90cf-d43f40ae89dd",
|
|
"x-misp-object--e5d785de-6c7f-4956-a86d-5a7402d45de1",
|
|
"indicator--cc27a1e8-563a-4861-9364-893e483254d0",
|
|
"x-misp-object--6bcda4f7-7a38-490b-b7f6-adc285652eb9",
|
|
"indicator--30244c7f-5815-4434-9169-08ff43a5c2cd",
|
|
"x-misp-object--a0a39fa0-fab2-4a6c-9b5b-8eb73b363b3c",
|
|
"relationship--aaa4a18d-47f4-4813-8f6b-1db292dc89fe",
|
|
"relationship--05fc9df6-6507-4b40-a08e-b518a8a2703f",
|
|
"relationship--0c1e689c-e175-40cd-bca3-a3202f50a412",
|
|
"relationship--ebd5048c-fbab-4ea0-86e7-d7e802a4373f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:threat-actor=\"Sofacy\"",
|
|
"misp-galaxy:mitre-intrusion-set=\"APT28\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5a96f942-14cc-4704-b7bf-498502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:07.000Z",
|
|
"modified": "2018-02-28T18:50:07.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "The Sofacy group (AKA APT28, Fancy Bear, STRONTIUM, Sednit, Tsar Team, Pawn Storm) is a well-known adversary that remains highly active in the new calendar year of 2018. Unit 42 actively monitors this group due to their persistent nature globally across all industry verticals. Recently, we discovered a campaign launched at various Ministries of Foreign Affairs around the world. Interestingly, there appear to be two parallel efforts within the campaign, with each effort using a completely different toolset for the attacks. In this blog, we will discuss one of the efforts which leveraged tools that have been known to be associated with the Sofacy group."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:08.000Z",
|
|
"modified": "2018-02-28T18:50:08.000Z",
|
|
"first_observed": "2018-02-28T18:50:08Z",
|
|
"last_observed": "2018-02-28T18:50:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81",
|
|
"value": "https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96f9a4-b05c-4b29-bb64-cc4302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:49:08.000Z",
|
|
"modified": "2018-02-28T18:49:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ff808d0a12676bfac88fd26f955154f8884f2bb7c534b9936510fd6296c543e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:49:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96f9a4-f0fc-4ce7-b5ac-cc4302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:49:08.000Z",
|
|
"modified": "2018-02-28T18:49:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:49:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96f9a5-19fc-4235-a3fd-cc4302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:49:09.000Z",
|
|
"modified": "2018-02-28T18:49:09.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'cb85072e6ca66a29cb0b73659a0fe5ba2456d9ba0b52e3a4c89e86549bc6e2c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96f9a5-0f8c-4997-87e4-cc4302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:49:09.000Z",
|
|
"modified": "2018-02-28T18:49:09.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96f9f3-548c-494e-82e6-451202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:27.000Z",
|
|
"modified": "2018-02-28T18:50:27.000Z",
|
|
"pattern": "[domain-name:value = 'cdnverify.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:50:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96fa18-6d2c-48e6-9d3d-4d5c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:51:04.000Z",
|
|
"modified": "2018-02-28T18:51:04.000Z",
|
|
"pattern": "[email-message:subject = 'Upcoming Defense events February 2018']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:51:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-subject\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96fa2c-f7ac-4d1c-9fe9-cc4302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:51:24.000Z",
|
|
"modified": "2018-02-28T18:51:24.000Z",
|
|
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'Upcoming Events February 2018.xls']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:51:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-attachment\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a96faac-c9cc-49d9-b08f-a2ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:53:32.000Z",
|
|
"modified": "2018-02-28T18:53:32.000Z",
|
|
"pattern": "[domain-name:value = 'hotfixmsupload.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:53:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3a3a5634-7788-4951-adea-a060896c5315",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:12.000Z",
|
|
"modified": "2018-02-28T18:50:12.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aa2cd9d9fc5d196caa6f8fd5979e3f14' AND file:hashes.SHA1 = '5bb9f53636efafdd30023d44be1be55bf7c7b7d5' AND file:hashes.SHA256 = '12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:50:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--988368d2-22c9-4bde-a9f8-ad5500255513",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:13.000Z",
|
|
"modified": "2018-02-28T18:50:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8/analysis/1518023007/",
|
|
"category": "External analysis",
|
|
"uuid": "5a96f9e6-1bf0-46f3-957f-4a2802de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/66",
|
|
"category": "Other",
|
|
"uuid": "5a96f9e7-dd80-4575-bc61-4a5d02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-07T17:03:27",
|
|
"category": "Other",
|
|
"uuid": "5a96f9e7-ca8c-4adc-91a7-449302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f1420c02-11ef-4439-90cf-d43f40ae89dd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:20.000Z",
|
|
"modified": "2018-02-28T18:50:20.000Z",
|
|
"pattern": "[file:hashes.MD5 = '56f98e3ed00e48ff9cb89dea5f6e11c1' AND file:hashes.SHA1 = 'b06930c9809ab5e4cb6659089ac6fcec470c9c16' AND file:hashes.SHA256 = 'cb85072e6ca66a29cb0b73659a0fe5ba2456d9ba0b52e3a4c89e86549bc6e2c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:50:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e5d785de-6c7f-4956-a86d-5a7402d45de1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:20.000Z",
|
|
"modified": "2018-02-28T18:50:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/cb85072e6ca66a29cb0b73659a0fe5ba2456d9ba0b52e3a4c89e86549bc6e2c7/analysis/1518446184/",
|
|
"category": "External analysis",
|
|
"uuid": "5a96f9ec-049c-4d4a-9963-47e302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/59",
|
|
"category": "Other",
|
|
"uuid": "5a96f9ed-fb0c-48bb-9e60-4b3002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-12T14:36:24",
|
|
"category": "Other",
|
|
"uuid": "5a96f9ed-1a50-4b58-9bb5-417302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cc27a1e8-563a-4861-9364-893e483254d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:25.000Z",
|
|
"modified": "2018-02-28T18:50:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7c43b406119ade8f1f2a2a5a93c94248' AND file:hashes.SHA1 = 'd7ddb9a511a50edd6b1093a9477a6c7830fc84c3' AND file:hashes.SHA256 = '23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:50:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6bcda4f7-7a38-490b-b7f6-adc285652eb9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:24.000Z",
|
|
"modified": "2018-02-28T18:50:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701/analysis/1518309936/",
|
|
"category": "External analysis",
|
|
"uuid": "5a96f9f0-367c-420d-97d5-4cd002de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "36/66",
|
|
"category": "Other",
|
|
"uuid": "5a96f9f1-a2c4-4143-b8b4-441302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-11T00:45:36",
|
|
"category": "Other",
|
|
"uuid": "5a96f9f1-f488-4847-94ae-400802de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--30244c7f-5815-4434-9169-08ff43a5c2cd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:29.000Z",
|
|
"modified": "2018-02-28T18:50:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '36524c90ca1fac2102e7653dfadb31b2' AND file:hashes.SHA1 = '8d6db316ea4e348021cb59cf3c6ec65c390f0497' AND file:hashes.SHA256 = 'ff808d0a12676bfac88fd26f955154f8884f2bb7c534b9936510fd6296c543e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-02-28T18:50:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a0a39fa0-fab2-4a6c-9b5b-8eb73b363b3c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-02-28T18:50:30.000Z",
|
|
"modified": "2018-02-28T18:50:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ff808d0a12676bfac88fd26f955154f8884f2bb7c534b9936510fd6296c543e8/analysis/1518448247/",
|
|
"category": "External analysis",
|
|
"uuid": "5a96f9f6-c63c-41e5-9384-4f5c02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/67",
|
|
"category": "Other",
|
|
"uuid": "5a96f9f7-1b34-4913-ad01-401f02de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-02-12T15:10:47",
|
|
"category": "Other",
|
|
"uuid": "5a96f9f7-f5e8-4296-943b-4c3602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--aaa4a18d-47f4-4813-8f6b-1db292dc89fe",
|
|
"created": "2018-02-28T18:50:32.000Z",
|
|
"modified": "2018-02-28T18:50:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3a3a5634-7788-4951-adea-a060896c5315",
|
|
"target_ref": "x-misp-object--988368d2-22c9-4bde-a9f8-ad5500255513"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--05fc9df6-6507-4b40-a08e-b518a8a2703f",
|
|
"created": "2018-02-28T18:50:32.000Z",
|
|
"modified": "2018-02-28T18:50:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f1420c02-11ef-4439-90cf-d43f40ae89dd",
|
|
"target_ref": "x-misp-object--e5d785de-6c7f-4956-a86d-5a7402d45de1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0c1e689c-e175-40cd-bca3-a3202f50a412",
|
|
"created": "2018-02-28T18:50:32.000Z",
|
|
"modified": "2018-02-28T18:50:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--cc27a1e8-563a-4861-9364-893e483254d0",
|
|
"target_ref": "x-misp-object--6bcda4f7-7a38-490b-b7f6-adc285652eb9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ebd5048c-fbab-4ea0-86e7-d7e802a4373f",
|
|
"created": "2018-02-28T18:50:32.000Z",
|
|
"modified": "2018-02-28T18:50:32.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--30244c7f-5815-4434-9169-08ff43a5c2cd",
|
|
"target_ref": "x-misp-object--a0a39fa0-fab2-4a6c-9b5b-8eb73b363b3c"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |