adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5aaa3126-0b38-4bd7-960a-4e48950d210f.json

1110 lines
No EOL
49 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5aaa3126-0b38-4bd7-960a-4e48950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:53:46.000Z",
"modified": "2018-03-21T12:53:46.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5aaa3126-0b38-4bd7-960a-4e48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:53:46.000Z",
"modified": "2018-03-21T12:53:46.000Z",
"name": "OSINT - Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files",
"published": "2018-03-21T12:54:21Z",
"object_refs": [
"observed-data--5aaa3137-89bc-42da-9e86-4172950d210f",
"url--5aaa3137-89bc-42da-9e86-4172950d210f",
"x-misp-attribute--5aaa3155-399c-4d0f-85db-46f2950d210f",
"indicator--5aaa3d98-af7c-49a7-8df0-45ea950d210f",
"indicator--5aaa3d98-fec0-4726-9f67-4bb7950d210f",
"indicator--5aaa3390-0704-40c1-9483-4687950d210f",
"indicator--5aaa368c-17e8-49ff-a78c-4394950d210f",
"indicator--5aaa36a3-c764-402c-b4a6-469a950d210f",
"indicator--5aaa396c-0d6c-4756-b05e-488b950d210f",
"indicator--5aaa3ab4-4c68-4e45-818d-4c73950d210f",
"indicator--5aaa3aca-11a0-4b39-94fc-4c9f950d210f",
"indicator--5aaa3ae4-626c-4ad8-b368-48b9950d210f",
"indicator--5aaa3d3c-0a24-4e12-89c6-453f950d210f",
"indicator--5aaa3d71-6c0c-42e3-9791-4796950d210f",
"indicator--5aaa3d89-efb8-4ba1-a7de-406a950d210f",
"indicator--32397dbb-efad-4bbd-be4c-6e6c98255c5b",
"x-misp-object--7ccdac48-29d3-49fd-8444-ab84fcd42bb4",
"indicator--37251bc0-dcac-4e1a-b68a-b9474ceb7e76",
"x-misp-object--1ee7a1a7-b550-4087-99e1-6b87052d0ae5",
"indicator--b1b61f01-2e71-437c-8a56-4d664c33c465",
"x-misp-object--0d84a184-4374-4db4-b42c-4c7931fa35ae",
"indicator--a45c17e5-2a86-4d3c-83c3-6ef4fd6d03a8",
"x-misp-object--6d0b4379-c84a-4073-ae8e-c0a598e4c9c1",
"indicator--72be3c9d-cfdb-4351-b577-03d268083f72",
"x-misp-object--3ae99a59-3525-4078-97cd-d75ae0765be2",
"indicator--cf79dac3-a61b-4484-8ece-c3efc085b6f9",
"x-misp-object--7a2643e6-2e22-4c23-99a6-7224978fe8f1",
"indicator--f63eacf3-d5e2-458c-9e4a-d1065f61d7ba",
"x-misp-object--2db15510-29ac-490c-b548-aca2431baf82",
"indicator--a7c3c9e5-6a06-4e41-a68b-77b7f8bbb883",
"x-misp-object--bbfdb29a-6078-4d08-9d31-e8f556edc895",
"indicator--38b79d40-d1a1-47ad-bed1-6438e9805599",
"x-misp-object--829f8e34-d2de-4b3f-8914-db3da96f35d2",
"indicator--3b78e4ec-8f4b-4f4a-a627-d0c9a646a20a",
"x-misp-object--05b9ce25-2728-4c96-a9be-72b5220259a0",
"relationship--24096d9d-dfb6-433d-9201-f1d76fa554b5",
"relationship--8374e6dd-0f34-49cf-b5be-57618b2c253d",
"relationship--bca1ee69-c32d-4c46-afc4-0f7780d95d24",
"relationship--72973a4a-39c4-4119-bd34-5312e699408f",
"relationship--416f7800-4b54-4019-895f-58700c820131",
"relationship--cf3e03b8-33c1-4b97-8a81-92d2d28a73ce",
"relationship--ba211e6c-a8bc-47cf-9dea-98725d4b0155",
"relationship--0d3ae3ac-81de-469e-925f-c8b282d30819",
"relationship--8172e91b-a0c4-45b3-afae-28ec873ee9a9",
"relationship--b1768d22-e807-4154-86c3-63e5af64c0bd"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:ransomware=\"Qwerty Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaa3137-89bc-42da-9e86-4172950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:40:55.000Z",
"modified": "2018-03-21T12:40:55.000Z",
"first_observed": "2018-03-21T12:40:55Z",
"last_observed": "2018-03-21T12:40:55Z",
"number_observed": 1,
"object_refs": [
"url--5aaa3137-89bc-42da-9e86-4172950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaa3137-89bc-42da-9e86-4172950d210f",
"value": "https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5aaa3155-399c-4d0f-85db-46f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:40:56.000Z",
"modified": "2018-03-21T12:40:56.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victim's files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file's name."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3d98-af7c-49a7-8df0-45ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:40:56.000Z",
"modified": "2018-03-21T12:40:56.000Z",
"pattern": "[file:name = 'README_DECRYPT.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:40:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3d98-fec0-4726-9f67-4bb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:40:56.000Z",
"modified": "2018-03-21T12:40:56.000Z",
"pattern": "[email-message:from_ref.value = 'cryz1@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:40:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3390-0704-40c1-9483-4687950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T08:49:20.000Z",
"modified": "2018-03-15T08:49:20.000Z",
"pattern": "[file:hashes.SHA256 = '39c510bc504a647ef8fa1da8ad3a34755a762f1be48e200b9ae558a41841e502' AND file:name = 'find.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T08:49:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa368c-17e8-49ff-a78c-4394950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:02:04.000Z",
"modified": "2018-03-15T09:02:04.000Z",
"pattern": "[file:hashes.MD5 = '2b605abf796481bed850f35d007dad24' AND file:name = 'gpg.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa36a3-c764-402c-b4a6-469a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:02:27.000Z",
"modified": "2018-03-15T09:02:27.000Z",
"pattern": "[file:hashes.SHA256 = 'aa9ec502e20b927d236e19036b40a5da5ddd4ae030553a6608f821becd646efb' AND file:name = 'iconv.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa396c-0d6c-4756-b05e-488b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:14:20.000Z",
"modified": "2018-03-15T09:14:20.000Z",
"pattern": "[file:hashes.SHA256 = '554c6198a015dc87e394c4fc74bf5040c48829d793e302632f9eec663733a09e' AND file:name = 'key.bat' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:14:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3ab4-4c68-4e45-818d-4c73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:19:48.000Z",
"modified": "2018-03-15T09:19:48.000Z",
"pattern": "[file:hashes.SHA256 = '3ec2d1a924ef6f19f2db45e48b9cf4b74a904af5720100e3da02182eee3bcf02' AND file:name = 'libiconv2.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:19:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3aca-11a0-4b39-94fc-4c9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:20:10.000Z",
"modified": "2018-03-15T09:20:10.000Z",
"pattern": "[file:hashes.SHA256 = 'b92377f1ecb1288467e81abe286d1fd12946d017e74bd1ab5fb2f11e46955154' AND file:name = 'libintl3.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:20:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3ae4-626c-4ad8-b368-48b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:20:36.000Z",
"modified": "2018-03-15T09:20:36.000Z",
"pattern": "[file:hashes.SHA256 = 'd06ffa2b486cd0601409db821d38334d0958bf8978f677330908a4c3c87a2b48' AND file:name = 'ownertrust.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:20:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3d3c-0a24-4e12-89c6-453f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:30:36.000Z",
"modified": "2018-03-15T09:30:36.000Z",
"pattern": "[file:hashes.SHA256 = 'dc1f6d197904a59894a9b9e66f0f6674766c49151a8ced2344dfaadaf54330b8' AND file:name = 'qwerty-pub.key' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:30:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3d71-6c0c-42e3-9791-4796950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:31:29.000Z",
"modified": "2018-03-15T09:31:29.000Z",
"pattern": "[file:hashes.SHA256 = '6a6722b3b177426ec9ebb27898ef2340208c5644eb56eb5b064f2b2e34bf20bf' AND file:name = 'run.js' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:31:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaa3d89-efb8-4ba1-a7de-406a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-15T09:31:53.000Z",
"modified": "2018-03-15T09:31:53.000Z",
"pattern": "[file:hashes.SHA256 = '7eae0a885c7ef8a019b80d55a00e82af2e9a9465b052156490ff822ac68bc23a' AND file:name = 'shred.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-15T09:31:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--32397dbb-efad-4bbd-be4c-6e6c98255c5b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:00.000Z",
"modified": "2018-03-21T12:41:00.000Z",
"pattern": "[file:hashes.MD5 = '2b605abf796481bed850f35d007dad24' AND file:hashes.SHA1 = '25079e98ad1b522317666a14a79ccfd7aab2d3ed' AND file:hashes.SHA256 = '5b4c71b22e76e6837f9b089dd14d338ebaf2315e10cf012bc830d9b6b5878c4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7ccdac48-29d3-49fd-8444-ab84fcd42bb4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:40:59.000Z",
"modified": "2018-03-21T12:40:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5b4c71b22e76e6837f9b089dd14d338ebaf2315e10cf012bc830d9b6b5878c4a/analysis/1521507665/",
"category": "External analysis",
"uuid": "5ab252db-35a0-4186-8222-40c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/65",
"category": "Other",
"uuid": "5ab252db-a358-43d0-8017-4bed02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T01:01:05",
"category": "Other",
"uuid": "5ab252db-9e18-499b-957b-4bd802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--37251bc0-dcac-4e1a-b68a-b9474ceb7e76",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:03.000Z",
"modified": "2018-03-21T12:41:03.000Z",
"pattern": "[file:hashes.MD5 = 'db7aabf38d66b4f8152f12e0f313d00c' AND file:hashes.SHA1 = 'da234dd17ce248c70159cfa4e469ef9767a978d0' AND file:hashes.SHA256 = 'b92377f1ecb1288467e81abe286d1fd12946d017e74bd1ab5fb2f11e46955154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1ee7a1a7-b550-4087-99e1-6b87052d0ae5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:01.000Z",
"modified": "2018-03-21T12:41:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b92377f1ecb1288467e81abe286d1fd12946d017e74bd1ab5fb2f11e46955154/analysis/1521013816/",
"category": "External analysis",
"uuid": "5ab252de-2c14-48db-903a-4f8302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/67",
"category": "Other",
"uuid": "5ab252de-3174-434f-86f0-4a4802de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-14T07:50:16",
"category": "Other",
"uuid": "5ab252de-d514-47b6-8caf-4a5e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b1b61f01-2e71-437c-8a56-4d664c33c465",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:06.000Z",
"modified": "2018-03-21T12:41:06.000Z",
"pattern": "[file:hashes.MD5 = '907e90207d24165c18eeeabdc302b573' AND file:hashes.SHA1 = '0eecc45461479a9ad957e7f5f9eedd352e3eb4a2' AND file:hashes.SHA256 = '6a6722b3b177426ec9ebb27898ef2340208c5644eb56eb5b064f2b2e34bf20bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0d84a184-4374-4db4-b42c-4c7931fa35ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:04.000Z",
"modified": "2018-03-21T12:41:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6a6722b3b177426ec9ebb27898ef2340208c5644eb56eb5b064f2b2e34bf20bf/analysis/1521521359/",
"category": "External analysis",
"uuid": "5ab252e0-1e6c-4cf6-be60-4f5a02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/59",
"category": "Other",
"uuid": "5ab252e1-27dc-4224-85b2-4a3c02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T04:49:19",
"category": "Other",
"uuid": "5ab252e1-f358-435d-9db4-4c2d02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a45c17e5-2a86-4d3c-83c3-6ef4fd6d03a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:08.000Z",
"modified": "2018-03-21T12:41:08.000Z",
"pattern": "[file:hashes.MD5 = 'c133be470967f3101f3432b4a3bc96b0' AND file:hashes.SHA1 = '463a27d1aaa9466c1f7ffceccd44d69d8cb03b96' AND file:hashes.SHA256 = 'd06ffa2b486cd0601409db821d38334d0958bf8978f677330908a4c3c87a2b48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6d0b4379-c84a-4073-ae8e-c0a598e4c9c1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:07.000Z",
"modified": "2018-03-21T12:41:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d06ffa2b486cd0601409db821d38334d0958bf8978f677330908a4c3c87a2b48/analysis/1521536834/",
"category": "External analysis",
"uuid": "5ab252e3-f904-4513-bab6-4b1c02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/56",
"category": "Other",
"uuid": "5ab252e3-33c4-43ad-b4d7-43fa02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T09:07:14",
"category": "Other",
"uuid": "5ab252e3-0170-4673-9a9d-45ce02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--72be3c9d-cfdb-4351-b577-03d268083f72",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:11.000Z",
"modified": "2018-03-21T12:41:11.000Z",
"pattern": "[file:hashes.MD5 = '80fc4b8f0d1efd52410b3bc95a83d4c6' AND file:hashes.SHA1 = '02bf13e56f45ea3ef815e49b22fea59205751240' AND file:hashes.SHA256 = '554c6198a015dc87e394c4fc74bf5040c48829d793e302632f9eec663733a09e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3ae99a59-3525-4078-97cd-d75ae0765be2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:09.000Z",
"modified": "2018-03-21T12:41:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/554c6198a015dc87e394c4fc74bf5040c48829d793e302632f9eec663733a09e/analysis/1521536832/",
"category": "External analysis",
"uuid": "5ab252e5-ab84-456b-a23c-47ca02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/56",
"category": "Other",
"uuid": "5ab252e6-78c4-4618-b0f0-4fbb02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T09:07:12",
"category": "Other",
"uuid": "5ab252e6-cb34-4fb8-a6cb-487102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf79dac3-a61b-4484-8ece-c3efc085b6f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:13.000Z",
"modified": "2018-03-21T12:41:13.000Z",
"pattern": "[file:hashes.MD5 = 'd7cbbedfad7ad68e12bf6ffcc01c3080' AND file:hashes.SHA1 = 'a21c860b81ed158e91b2b921b752f48fda6d6f1e' AND file:hashes.SHA256 = 'aa9ec502e20b927d236e19036b40a5da5ddd4ae030553a6608f821becd646efb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7a2643e6-2e22-4c23-99a6-7224978fe8f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:11.000Z",
"modified": "2018-03-21T12:41:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/aa9ec502e20b927d236e19036b40a5da5ddd4ae030553a6608f821becd646efb/analysis/1520799405/",
"category": "External analysis",
"uuid": "5ab252e8-7c2c-40c3-9ff0-485602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/66",
"category": "Other",
"uuid": "5ab252e8-f884-454e-aad8-44cf02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-11T20:16:45",
"category": "Other",
"uuid": "5ab252e8-5848-4f97-9054-472202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f63eacf3-d5e2-458c-9e4a-d1065f61d7ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:15.000Z",
"modified": "2018-03-21T12:41:15.000Z",
"pattern": "[file:hashes.MD5 = '331f570aa7c20bc93deb7b237b21cc9c' AND file:hashes.SHA1 = '2d9ff158ffa0161aac3aa2197c361bc56369a308' AND file:hashes.SHA256 = '3ec2d1a924ef6f19f2db45e48b9cf4b74a904af5720100e3da02182eee3bcf02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2db15510-29ac-490c-b548-aca2431baf82",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:14.000Z",
"modified": "2018-03-21T12:41:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3ec2d1a924ef6f19f2db45e48b9cf4b74a904af5720100e3da02182eee3bcf02/analysis/1521194909/",
"category": "External analysis",
"uuid": "5ab252ea-6204-4819-bdbe-4ad902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/66",
"category": "Other",
"uuid": "5ab252ea-cf38-485c-a3b6-460602de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-16T10:08:29",
"category": "Other",
"uuid": "5ab252ea-73cc-4aa7-877f-4ae802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a7c3c9e5-6a06-4e41-a68b-77b7f8bbb883",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:18.000Z",
"modified": "2018-03-21T12:41:18.000Z",
"pattern": "[file:hashes.MD5 = '37303cc85bef139191e0271dd1fedc47' AND file:hashes.SHA1 = '0038f011d534d07bc8916c1e3b959247ed8c3ab0' AND file:hashes.SHA256 = '39c510bc504a647ef8fa1da8ad3a34755a762f1be48e200b9ae558a41841e502']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bbfdb29a-6078-4d08-9d31-e8f556edc895",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:16.000Z",
"modified": "2018-03-21T12:41:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/39c510bc504a647ef8fa1da8ad3a34755a762f1be48e200b9ae558a41841e502/analysis/1521543191/",
"category": "External analysis",
"uuid": "5ab252ec-95b8-4e2f-8067-4c0d02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/64",
"category": "Other",
"uuid": "5ab252ec-8fe8-4d80-a008-474802de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T10:53:11",
"category": "Other",
"uuid": "5ab252ec-0980-4dd0-9e0a-4ec302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--38b79d40-d1a1-47ad-bed1-6438e9805599",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:20.000Z",
"modified": "2018-03-21T12:41:20.000Z",
"pattern": "[file:hashes.MD5 = '858bdb5307c721172e707af361e2bb82' AND file:hashes.SHA1 = 'b40bba596c0d3360cc5bea81879da7e011036470' AND file:hashes.SHA256 = '7eae0a885c7ef8a019b80d55a00e82af2e9a9465b052156490ff822ac68bc23a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--829f8e34-d2de-4b3f-8914-db3da96f35d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:18.000Z",
"modified": "2018-03-21T12:41:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7eae0a885c7ef8a019b80d55a00e82af2e9a9465b052156490ff822ac68bc23a/analysis/1521536833/",
"category": "External analysis",
"uuid": "5ab252ee-d858-4ac2-91c0-4c8302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/63",
"category": "Other",
"uuid": "5ab252ef-3fc8-483b-91a6-46ea02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T09:07:13",
"category": "Other",
"uuid": "5ab252ef-a770-4b74-91d0-4cc902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b78e4ec-8f4b-4f4a-a627-d0c9a646a20a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"pattern": "[file:hashes.MD5 = '0176181331d6452cd721da29fc6f218e' AND file:hashes.SHA1 = '6041cba17ba9ebcb630b1b3b406e7dc37cd69564' AND file:hashes.SHA256 = 'dc1f6d197904a59894a9b9e66f0f6674766c49151a8ced2344dfaadaf54330b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-21T12:41:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--05b9ce25-2728-4c96-a9be-72b5220259a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-21T12:41:20.000Z",
"modified": "2018-03-21T12:41:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/dc1f6d197904a59894a9b9e66f0f6674766c49151a8ced2344dfaadaf54330b8/analysis/1521536271/",
"category": "External analysis",
"uuid": "5ab252f1-3b4c-4988-b03d-4f9502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/56",
"category": "Other",
"uuid": "5ab252f1-4954-4bc2-a34b-419602de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T08:57:51",
"category": "Other",
"uuid": "5ab252f1-66cc-45da-86fc-461602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--24096d9d-dfb6-433d-9201-f1d76fa554b5",
"created": "2018-03-21T12:41:21.000Z",
"modified": "2018-03-21T12:41:21.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--32397dbb-efad-4bbd-be4c-6e6c98255c5b",
"target_ref": "x-misp-object--7ccdac48-29d3-49fd-8444-ab84fcd42bb4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8374e6dd-0f34-49cf-b5be-57618b2c253d",
"created": "2018-03-21T12:41:21.000Z",
"modified": "2018-03-21T12:41:21.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--37251bc0-dcac-4e1a-b68a-b9474ceb7e76",
"target_ref": "x-misp-object--1ee7a1a7-b550-4087-99e1-6b87052d0ae5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bca1ee69-c32d-4c46-afc4-0f7780d95d24",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b1b61f01-2e71-437c-8a56-4d664c33c465",
"target_ref": "x-misp-object--0d84a184-4374-4db4-b42c-4c7931fa35ae"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--72973a4a-39c4-4119-bd34-5312e699408f",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a45c17e5-2a86-4d3c-83c3-6ef4fd6d03a8",
"target_ref": "x-misp-object--6d0b4379-c84a-4073-ae8e-c0a598e4c9c1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--416f7800-4b54-4019-895f-58700c820131",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--72be3c9d-cfdb-4351-b577-03d268083f72",
"target_ref": "x-misp-object--3ae99a59-3525-4078-97cd-d75ae0765be2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cf3e03b8-33c1-4b97-8a81-92d2d28a73ce",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cf79dac3-a61b-4484-8ece-c3efc085b6f9",
"target_ref": "x-misp-object--7a2643e6-2e22-4c23-99a6-7224978fe8f1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ba211e6c-a8bc-47cf-9dea-98725d4b0155",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f63eacf3-d5e2-458c-9e4a-d1065f61d7ba",
"target_ref": "x-misp-object--2db15510-29ac-490c-b548-aca2431baf82"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0d3ae3ac-81de-469e-925f-c8b282d30819",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a7c3c9e5-6a06-4e41-a68b-77b7f8bbb883",
"target_ref": "x-misp-object--bbfdb29a-6078-4d08-9d31-e8f556edc895"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8172e91b-a0c4-45b3-afae-28ec873ee9a9",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--38b79d40-d1a1-47ad-bed1-6438e9805599",
"target_ref": "x-misp-object--829f8e34-d2de-4b3f-8914-db3da96f35d2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b1768d22-e807-4154-86c3-63e5af64c0bd",
"created": "2018-03-21T12:41:22.000Z",
"modified": "2018-03-21T12:41:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3b78e4ec-8f4b-4f4a-a627-d0c9a646a20a",
"target_ref": "x-misp-object--05b9ce25-2728-4c96-a9be-72b5220259a0"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink