2252 lines
No EOL
100 KiB
JSON
2252 lines
No EOL
100 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5b991442-a9f0-4b5b-bc56-445f950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:48:18.000Z",
|
|
"modified": "2018-09-13T13:48:18.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5b991442-a9f0-4b5b-bc56-445f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:48:18.000Z",
|
|
"modified": "2018-09-13T13:48:18.000Z",
|
|
"name": "OSINT - Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall",
|
|
"published": "2018-09-13T13:48:39Z",
|
|
"object_refs": [
|
|
"observed-data--5b991454-051c-4bd8-a0bd-4e4a950d210f",
|
|
"url--5b991454-051c-4bd8-a0bd-4e4a950d210f",
|
|
"x-misp-attribute--5b991479-1434-4a91-9224-493c950d210f",
|
|
"indicator--5b9a17a9-46f4-4829-a645-41bb950d210f",
|
|
"indicator--5b9a17aa-17d8-479d-a049-4e2d950d210f",
|
|
"indicator--5b9a17aa-4d98-4ac5-8764-42f4950d210f",
|
|
"indicator--5b9a0d50-ad90-4793-b2d8-41d2950d210f",
|
|
"indicator--5b9a11b0-9f94-4354-a268-43aa950d210f",
|
|
"indicator--5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f",
|
|
"indicator--5b9a11e6-9cdc-41f5-98f9-4912950d210f",
|
|
"indicator--5b9a11f0-9c10-492e-9b51-4257950d210f",
|
|
"indicator--5b9a1248-1f28-48ac-be89-45c3950d210f",
|
|
"indicator--5b9a125e-9f20-423b-b45f-4054950d210f",
|
|
"indicator--5b9a1279-20f4-4f5e-b2dc-48ca950d210f",
|
|
"indicator--5b9a1288-1af0-4da4-8f3a-447b950d210f",
|
|
"indicator--5b9a1312-b374-493c-986d-49bd950d210f",
|
|
"indicator--5b9a131f-bec4-4d20-baea-4929950d210f",
|
|
"indicator--5b9a1333-b508-45d9-9896-4e23950d210f",
|
|
"indicator--5b9a1346-5384-4908-a5a8-4df7950d210f",
|
|
"indicator--5b9a14da-00bc-4f8c-92b4-4c86950d210f",
|
|
"indicator--5b9a14e9-221c-4e02-b682-4575950d210f",
|
|
"indicator--5b9a1501-cc14-4764-bf87-46cc950d210f",
|
|
"indicator--5b9a1512-a77c-4500-a8c9-4481950d210f",
|
|
"indicator--5b9a1527-6be8-4405-8242-44f9950d210f",
|
|
"indicator--5b9a1534-31f8-4c5b-9d0b-4dc8950d210f",
|
|
"indicator--5b9a1541-1924-4272-80b3-4240950d210f",
|
|
"vulnerability--5b9a386e-b6e4-47be-8342-4230950d210f",
|
|
"vulnerability--5b9a3982-b92c-4520-9b89-4a5c950d210f",
|
|
"vulnerability--5b9a3a3a-ed68-4f01-9808-438e950d210f",
|
|
"vulnerability--5b9a3b33-9c4c-4549-b0e2-4c6e950d210f",
|
|
"indicator--c9655c57-1760-44de-8ccc-7029b572eae9",
|
|
"x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10",
|
|
"indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce",
|
|
"x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a",
|
|
"indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa",
|
|
"x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0",
|
|
"indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd",
|
|
"x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72",
|
|
"indicator--3bd19fac-4ad2-4d33-b023-7359e714c116",
|
|
"x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a",
|
|
"indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0",
|
|
"x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085",
|
|
"indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250",
|
|
"x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4",
|
|
"indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5",
|
|
"x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d",
|
|
"indicator--b93e361e-6457-475a-8466-3229a898dd5d",
|
|
"x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146",
|
|
"indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252",
|
|
"x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89",
|
|
"indicator--1409de38-3c59-48e4-bc96-95e5d351ba78",
|
|
"x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418",
|
|
"indicator--a85d42ef-debd-451d-815b-ff5467bd75b2",
|
|
"x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510",
|
|
"indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d",
|
|
"x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779",
|
|
"indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d",
|
|
"x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f",
|
|
"indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8",
|
|
"x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080",
|
|
"indicator--25927348-f7e5-4c73-bb65-1a697c164887",
|
|
"x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007",
|
|
"indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4",
|
|
"x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0",
|
|
"indicator--41a04017-73fb-4631-887a-0671543e7f41",
|
|
"x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7",
|
|
"indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d",
|
|
"x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3",
|
|
"indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9",
|
|
"x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf",
|
|
"relationship--d687c492-c08c-460b-85ab-1837a0330b35",
|
|
"relationship--5b640cef-6493-49ac-80e2-4c3c716349d9",
|
|
"relationship--82446756-7152-46c5-b433-b8c61d69ddfe",
|
|
"relationship--f1561136-5f05-474c-bd41-356af10a949b",
|
|
"relationship--ecd2c3e3-cb9d-487a-b2f2-4b4f6d01cf7d",
|
|
"relationship--73692aec-97ad-46f6-b423-0ca6bd82ad41",
|
|
"relationship--58c54bba-c07e-488c-bfe8-45a53fdc73e0",
|
|
"relationship--f7b80abb-74a6-4b5d-898f-39ab6192f306",
|
|
"relationship--23eb3d90-4fce-4250-8144-af0113c9328e",
|
|
"relationship--151ba28a-ea83-4f22-8059-4b613127e6b2",
|
|
"relationship--5ebe7495-bef0-4978-87a3-d1418197a881",
|
|
"relationship--da994413-cffc-4832-9cc1-f93e78c1314f",
|
|
"relationship--34fe4577-2498-47cc-85a2-fcdf4fc42c28",
|
|
"relationship--4ed3a7d2-39e7-489e-8912-0acf335e50a6",
|
|
"relationship--bd440033-729d-4499-b811-2fdeeeb7c791",
|
|
"relationship--27e1c62f-f01b-44e5-aac5-4737af4de7cb",
|
|
"relationship--f7db49f5-90ad-47d3-b95d-e668650e4803",
|
|
"relationship--8b22465d-f37d-4916-8f7a-d3789c3491fd",
|
|
"relationship--1587210c-5126-4582-b2a4-737dd0a865d9",
|
|
"relationship--e656a10a-4c59-4f1b-928a-1edb2f1dac9f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
|
|
"malware_classification:malware-category=\"Botnet\"",
|
|
"misp-galaxy:botnet=\"Mirai\"",
|
|
"misp-galaxy:tool=\"Mirai\"",
|
|
"misp-galaxy:tool=\"Gafgyt\"",
|
|
"misp-galaxy:botnet=\"Gafgyt\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b991454-051c-4bd8-a0bd-4e4a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-12T13:27:58.000Z",
|
|
"modified": "2018-09-12T13:27:58.000Z",
|
|
"first_observed": "2018-09-12T13:27:58Z",
|
|
"last_observed": "2018-09-12T13:27:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5b991454-051c-4bd8-a0bd-4e4a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5b991454-051c-4bd8-a0bd-4e4a950d210f",
|
|
"value": "https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5b991479-1434-4a91-9224-493c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-12T13:28:25.000Z",
|
|
"modified": "2018-09-12T13:28:25.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since.\r\n\r\nThese variants are notable for two reasons:\r\n\r\n The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017.\r\n The new Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall\u00e2\u20ac\u2122s Global Management System (GMS).\r\n\r\nThese developments suggest these IOT botnets are increasingly targeting enterprise devices with outdated versions.\r\n\r\nAll organizations should ensure they keep not only their systems up-to-date and patched, but also their IoT devices. For Palo Alto Networks customers, WidlFire detects all related samples with malicious verdicts. Additional protections are noted in the conclusion below."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a17a9-46f4-4829-a645-41bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:54:17.000Z",
|
|
"modified": "2018-09-13T07:54:17.000Z",
|
|
"pattern": "[domain-name:value = 'l.ocalhost.host']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a17aa-17d8-479d-a049-4e2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:54:18.000Z",
|
|
"modified": "2018-09-13T07:54:18.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.213']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a17aa-4d98-4ac5-8764-42f4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:54:18.000Z",
|
|
"modified": "2018-09-13T07:54:18.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.127']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a0d50-ad90-4793-b2d8-41d2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:10:08.000Z",
|
|
"modified": "2018-09-13T07:10:08.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = 'd6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:10:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a11b0-9f94-4354-a268-43aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:28:48.000Z",
|
|
"modified": "2018-09-13T07:28:48.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = '710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:28:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:29:01.000Z",
|
|
"modified": "2018-09-13T07:29:01.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = '52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:29:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a11e6-9cdc-41f5-98f9-4912950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:29:42.000Z",
|
|
"modified": "2018-09-13T07:29:42.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = '078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:29:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a11f0-9c10-492e-9b51-4257950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:29:52.000Z",
|
|
"modified": "2018-09-13T07:29:52.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = 'ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1248-1f28-48ac-be89-45c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:31:20.000Z",
|
|
"modified": "2018-09-13T07:31:20.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = '49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:31:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a125e-9f20-423b-b45f-4054950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:31:42.000Z",
|
|
"modified": "2018-09-13T07:31:42.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = '99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:31:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1279-20f4-4f5e-b2dc-48ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:32:09.000Z",
|
|
"modified": "2018-09-13T07:32:09.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = 'ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:32:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1288-1af0-4da4-8f3a-447b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:32:24.000Z",
|
|
"modified": "2018-09-13T07:32:24.000Z",
|
|
"description": "Sample with Apache Struts exploit CVE-2017-5638",
|
|
"pattern": "[file:hashes.SHA256 = '1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:32:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1312-b374-493c-986d-49bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:34:42.000Z",
|
|
"modified": "2018-09-13T07:34:42.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = '1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:34:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a131f-bec4-4d20-baea-4929950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:34:55.000Z",
|
|
"modified": "2018-09-13T07:34:55.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = '29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:34:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1333-b508-45d9-9896-4e23950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:35:15.000Z",
|
|
"modified": "2018-09-13T07:35:15.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = '39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:35:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1346-5384-4908-a5a8-4df7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:35:34.000Z",
|
|
"modified": "2018-09-13T07:35:34.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = '596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:35:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a14da-00bc-4f8c-92b4-4c86950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:42:18.000Z",
|
|
"modified": "2018-09-13T07:42:18.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = '68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:42:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a14e9-221c-4e02-b682-4575950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:42:33.000Z",
|
|
"modified": "2018-09-13T07:42:33.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = '92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:42:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1501-cc14-4764-bf87-46cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:42:57.000Z",
|
|
"modified": "2018-09-13T07:42:57.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = 'aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:42:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1512-a77c-4500-a8c9-4481950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:43:14.000Z",
|
|
"modified": "2018-09-13T07:43:14.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = 'd8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:43:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1527-6be8-4405-8242-44f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:43:35.000Z",
|
|
"modified": "2018-09-13T07:43:35.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = 'dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:43:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1534-31f8-4c5b-9d0b-4dc8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:43:48.000Z",
|
|
"modified": "2018-09-13T07:43:48.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = 'f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:43:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9a1541-1924-4272-80b3-4240950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T07:44:01.000Z",
|
|
"modified": "2018-09-13T07:44:01.000Z",
|
|
"description": "Sample with Sonicwall GMS exploit CVE-2018-9866",
|
|
"pattern": "[file:hashes.SHA256 = 'fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T07:44:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b9a386e-b6e4-47be-8342-4230950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T10:14:06.000Z",
|
|
"modified": "2018-09-13T10:14:06.000Z",
|
|
"name": "CVE-2017-5638",
|
|
"description": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2017-5638"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "https://cve.circl.lu/cve/CVE-2017-5638"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html"
|
|
},
|
|
{
|
|
"source_name": "url",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "10",
|
|
"x_misp_modified": "2018-03-03T21:29:00",
|
|
"x_misp_published": "2017-10-03T21:59:00",
|
|
"x_misp_state": "Published"
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b9a3982-b92c-4520-9b89-4a5c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T10:18:42.000Z",
|
|
"modified": "2018-09-13T10:18:42.000Z",
|
|
"name": "CVE-2018-9866",
|
|
"description": "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance\\'s, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2018-9866"
|
|
}
|
|
],
|
|
"x_misp_modified": "2018-03-08T16:29:00",
|
|
"x_misp_published": "2018-03-08T16:29:00",
|
|
"x_misp_state": "Published"
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b9a3a3a-ed68-4f01-9808-438e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T10:21:46.000Z",
|
|
"modified": "2018-09-13T10:21:46.000Z",
|
|
"name": "CVE-2017-6884",
|
|
"description": "A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2017-6884"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "9",
|
|
"x_misp_published": "2017-06-04T13:59:00",
|
|
"x_misp_state": "Published"
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--5b9a3b33-9c4c-4549-b0e2-4c6e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T10:25:55.000Z",
|
|
"modified": "2018-09-13T10:25:55.000Z",
|
|
"name": "CVE-2017-17215",
|
|
"description": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.",
|
|
"labels": [
|
|
"misp:name=\"vulnerability\"",
|
|
"misp:meta-category=\"vulnerability\"",
|
|
"misp:to_ids=\"False\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2017-17215"
|
|
}
|
|
],
|
|
"x_misp_cvss_score": "6.5",
|
|
"x_misp_modified": "2018-04-19T11:04:00",
|
|
"x_misp_published": "2018-03-20T11:29:00",
|
|
"x_misp_state": "Published"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c9655c57-1760-44de-8ccc-7029b572eae9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:47.000Z",
|
|
"modified": "2018-09-13T13:36:47.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e0b32c133cedca69b05dd3a9dd6e1910' AND file:hashes.SHA1 = 'ff7c182fb460d62195d1bae8c394b2e81182defe' AND file:hashes.SHA256 = '710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:36:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:45.000Z",
|
|
"modified": "2018-09-13T13:36:45.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-13T01:25:45",
|
|
"category": "Other",
|
|
"uuid": "cbaa39a5-ae89-497b-ba65-0901ebe6762b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255/analysis/1536801945/",
|
|
"category": "External analysis",
|
|
"uuid": "279a4f6c-0ce4-4d69-9af0-dc6b013928db"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/58",
|
|
"category": "Other",
|
|
"uuid": "75778552-b07e-4f8b-85bf-eaaeee5be422"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:49.000Z",
|
|
"modified": "2018-09-13T13:36:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6a77f21e15a0a4763e86d166763dbd05' AND file:hashes.SHA1 = 'a4a4d892d04f516261c2fa4c56de3ff21afd2812' AND file:hashes.SHA256 = '29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:36:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:47.000Z",
|
|
"modified": "2018-09-13T13:36:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-13T01:25:59",
|
|
"category": "Other",
|
|
"uuid": "ea58763f-c5f9-4765-a316-a8ee71d3fccd"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb/analysis/1536801959/",
|
|
"category": "External analysis",
|
|
"uuid": "c949938e-0e64-43e0-944a-40a3b391d0aa"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/58",
|
|
"category": "Other",
|
|
"uuid": "70c9ab68-2528-495d-a5a8-78d179b63a00"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:51.000Z",
|
|
"modified": "2018-09-13T13:36:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1998b2f489c4da5ecafe7fb5cc790575' AND file:hashes.SHA1 = '13c72eb4c783b74046aeb53f50173eccfb64c7ca' AND file:hashes.SHA256 = 'ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:36:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:50.000Z",
|
|
"modified": "2018-09-13T13:36:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T06:12:03",
|
|
"category": "Other",
|
|
"uuid": "1144ae7f-5675-47d6-97f0-df298c23cbb1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79/analysis/1536646323/",
|
|
"category": "External analysis",
|
|
"uuid": "c4d12609-ad7a-4cff-8bb6-259c956faaf7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/59",
|
|
"category": "Other",
|
|
"uuid": "bb80ca2b-f4ce-47e0-949f-c3b0b611c005"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:54.000Z",
|
|
"modified": "2018-09-13T13:36:54.000Z",
|
|
"pattern": "[file:hashes.MD5 = '218821892d5d5e460101d6914cfe2a3d' AND file:hashes.SHA1 = '1da48a03224df6397f2215cd6b79308dbda7cf86' AND file:hashes.SHA256 = 'dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:36:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:52.000Z",
|
|
"modified": "2018-09-13T13:36:52.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-10T14:18:14",
|
|
"category": "Other",
|
|
"uuid": "db64872a-34a9-4bf5-adf4-a6aaa45cf956"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18/analysis/1536589094/",
|
|
"category": "External analysis",
|
|
"uuid": "0a9bcc4e-e99a-4e38-9585-e27415770029"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "16/59",
|
|
"category": "Other",
|
|
"uuid": "84e65e5c-1e5f-41ac-93c2-97f15f9a571d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3bd19fac-4ad2-4d33-b023-7359e714c116",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:56.000Z",
|
|
"modified": "2018-09-13T13:36:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3df581337af37f4e66be5026062dcfb2' AND file:hashes.SHA1 = '61116e2b1614cebeed29b489d699f4bbcf217fa3' AND file:hashes.SHA256 = '52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:36:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:54.000Z",
|
|
"modified": "2018-09-13T13:36:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-13T07:59:15",
|
|
"category": "Other",
|
|
"uuid": "43e8d1b7-22fd-4ab9-899c-4473ad895757"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2/analysis/1536825555/",
|
|
"category": "External analysis",
|
|
"uuid": "01ffe445-591f-4e55-bcb0-8bfbaebf687f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "20/57",
|
|
"category": "Other",
|
|
"uuid": "5c91c16b-b4f8-4c3a-b62b-236a1c911f46"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:58.000Z",
|
|
"modified": "2018-09-13T13:36:58.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9387e4ce5b53ee19af2dafcf8c5aedd1' AND file:hashes.SHA1 = '8588546bc5ca10137fc6d2268085a2173a7638c8' AND file:hashes.SHA256 = 'ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:36:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:57.000Z",
|
|
"modified": "2018-09-13T13:36:57.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-10T14:15:40",
|
|
"category": "Other",
|
|
"uuid": "ceb2089f-f043-4d4b-84b0-744285914f35"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e/analysis/1536588940/",
|
|
"category": "External analysis",
|
|
"uuid": "54a8e308-a2f0-4e97-9ecf-ca11a4f431a0"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/57",
|
|
"category": "Other",
|
|
"uuid": "8387e690-d923-4f33-8cde-768ab505083f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:01.000Z",
|
|
"modified": "2018-09-13T13:37:01.000Z",
|
|
"pattern": "[file:hashes.MD5 = '75cbd3709696219b94d1355349348e84' AND file:hashes.SHA1 = '3a9a06a2f2efdf1fed10793fa7220730bc315af1' AND file:hashes.SHA256 = '49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:36:59.000Z",
|
|
"modified": "2018-09-13T13:36:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-13T01:26:10",
|
|
"category": "Other",
|
|
"uuid": "69f9765e-d423-4a90-b910-952b150e503e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f/analysis/1536801970/",
|
|
"category": "External analysis",
|
|
"uuid": "740f1058-5283-4224-8dc0-44d8a81a9214"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/57",
|
|
"category": "Other",
|
|
"uuid": "1c63801e-198c-46e3-9eb9-df05d0b1e755"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:05.000Z",
|
|
"modified": "2018-09-13T13:37:05.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'af525f736a3d31837e16575136752d2b' AND file:hashes.SHA1 = 'adde5df82821d40c8821452f38704dc70f378eb9' AND file:hashes.SHA256 = '68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:03.000Z",
|
|
"modified": "2018-09-13T13:37:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T06:00:17",
|
|
"category": "Other",
|
|
"uuid": "b91a61f5-ebae-4f5e-9556-0f4f47bebc45"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35/analysis/1536645617/",
|
|
"category": "External analysis",
|
|
"uuid": "b64fd84b-850e-4cf1-8608-0e345e8ebaec"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "25/59",
|
|
"category": "Other",
|
|
"uuid": "e1074a2c-3c90-45e1-aaed-fb41141987b3"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b93e361e-6457-475a-8466-3229a898dd5d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:07.000Z",
|
|
"modified": "2018-09-13T13:37:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6a6307b57a6baf33f9bf148b3fecd9a4' AND file:hashes.SHA1 = 'a6a3190afc1c87c98c3ba6b8c82c230b11a02565' AND file:hashes.SHA256 = 'f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:07.000Z",
|
|
"modified": "2018-09-13T13:37:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-10T14:19:02",
|
|
"category": "Other",
|
|
"uuid": "7431f176-47a0-4aeb-a93a-b5b8aaa3155d"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136/analysis/1536589142/",
|
|
"category": "External analysis",
|
|
"uuid": "b9f2a194-9392-41fd-9849-9953d0b6a129"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "16/59",
|
|
"category": "Other",
|
|
"uuid": "767f6eaf-08b2-4b5e-929c-9cd867b9bebe"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:11.000Z",
|
|
"modified": "2018-09-13T13:37:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9bcf535899fe77d4f3c78f3bd9810e10' AND file:hashes.SHA1 = '0baafb0dc6ecefdda5c131e8128aa6ac698b7c1f' AND file:hashes.SHA256 = 'd8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:10.000Z",
|
|
"modified": "2018-09-13T13:37:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T06:10:07",
|
|
"category": "Other",
|
|
"uuid": "39767421-d6e6-4589-aedd-6988492548f7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb/analysis/1536646207/",
|
|
"category": "External analysis",
|
|
"uuid": "ecc5384b-1a99-472c-a1fa-79c3d4bdb50e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/59",
|
|
"category": "Other",
|
|
"uuid": "2f4bbc93-4fc7-4d0e-9471-159600402a6b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1409de38-3c59-48e4-bc96-95e5d351ba78",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:14.000Z",
|
|
"modified": "2018-09-13T13:37:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e407843bffcf913dfd4fa816b067c33c' AND file:hashes.SHA1 = 'b73865efa77e07a75eb3bdd24d95a92b301a0a74' AND file:hashes.SHA256 = '078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:12.000Z",
|
|
"modified": "2018-09-13T13:37:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-12T10:59:31",
|
|
"category": "Other",
|
|
"uuid": "197fd2f8-187a-4dd4-827c-333abecba11e"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb/analysis/1536749971/",
|
|
"category": "External analysis",
|
|
"uuid": "acd59703-f3e3-4fea-b989-174c2f4e44b4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/57",
|
|
"category": "Other",
|
|
"uuid": "cb23a3ca-b153-4074-bb77-1007af2b3d1b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a85d42ef-debd-451d-815b-ff5467bd75b2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:16.000Z",
|
|
"modified": "2018-09-13T13:37:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b324726c2a526fd98b06145b557408f0' AND file:hashes.SHA1 = '95e7b1213aa808678cd04cd1befdebba8b37ebf7' AND file:hashes.SHA256 = '99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:15.000Z",
|
|
"modified": "2018-09-13T13:37:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T07:55:29",
|
|
"category": "Other",
|
|
"uuid": "c43399fa-212e-4d49-b8e4-16b9c17a87ee"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348/analysis/1536652529/",
|
|
"category": "External analysis",
|
|
"uuid": "3b6822a4-4f37-4f1e-91be-01b076bbbbff"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/59",
|
|
"category": "Other",
|
|
"uuid": "ba72f04f-02a5-49e6-aa16-29dd0e33b163"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:19.000Z",
|
|
"modified": "2018-09-13T13:37:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6b33b5c8d7e57e3c1c674eb1ffaf2cb2' AND file:hashes.SHA1 = '8606fd59486682c5fe32e3b1d1df622922e734e8' AND file:hashes.SHA256 = 'aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:17.000Z",
|
|
"modified": "2018-09-13T13:37:17.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-10T09:43:09",
|
|
"category": "Other",
|
|
"uuid": "9aae846b-805c-430a-9fc3-855881423ded"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6/analysis/1536572589/",
|
|
"category": "External analysis",
|
|
"uuid": "207f6dfe-b3ac-41ec-8363-228ac90d09c7"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/58",
|
|
"category": "Other",
|
|
"uuid": "0677f378-8f0c-4473-a74b-505cc2a6cad0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:21.000Z",
|
|
"modified": "2018-09-13T13:37:21.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd26bf0c4bef27196aae4b0b533877f16' AND file:hashes.SHA1 = '96575a020408a67d03d0058735090d601df2e1a8' AND file:hashes.SHA256 = 'd6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:20.000Z",
|
|
"modified": "2018-09-13T13:37:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-10T13:23:05",
|
|
"category": "Other",
|
|
"uuid": "c75451f3-6f0d-436d-a3cf-f526d6f2b115"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397/analysis/1536585785/",
|
|
"category": "External analysis",
|
|
"uuid": "9147ab65-176e-4e95-a4ae-1a21d12d51a9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/60",
|
|
"category": "Other",
|
|
"uuid": "034e3e61-12fc-4acf-8974-1301ef7d8113"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:23.000Z",
|
|
"modified": "2018-09-13T13:37:23.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f8e0ec8a7c6629c2f206c2b8860ded3f' AND file:hashes.SHA1 = '9d00562ca754411b4158d4e0e953e486cc4b3886' AND file:hashes.SHA256 = '596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:22.000Z",
|
|
"modified": "2018-09-13T13:37:22.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T05:10:56",
|
|
"category": "Other",
|
|
"uuid": "f757360f-d424-412b-9e62-c6c4ef056a61"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99/analysis/1536642656/",
|
|
"category": "External analysis",
|
|
"uuid": "164f4b29-d0f9-4c29-adde-2b124d558914"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "22/58",
|
|
"category": "Other",
|
|
"uuid": "fca216f8-84e9-4497-9ad3-090cb3a399ed"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--25927348-f7e5-4c73-bb65-1a697c164887",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:26.000Z",
|
|
"modified": "2018-09-13T13:37:26.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd1dffadb8f075c8d4fe822fa81a3ddb1' AND file:hashes.SHA1 = 'c90535a54d0494b981c6a4f09b331762cebbfcc9' AND file:hashes.SHA256 = 'fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:24.000Z",
|
|
"modified": "2018-09-13T13:37:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T05:09:31",
|
|
"category": "Other",
|
|
"uuid": "4dcd8a36-6411-416b-aba9-64c1818398cb"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3/analysis/1536642571/",
|
|
"category": "External analysis",
|
|
"uuid": "aac80e1e-6cdc-467f-8771-7e72effbc129"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "24/60",
|
|
"category": "Other",
|
|
"uuid": "08caff6d-2bd9-48af-8850-d27b75126967"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:28.000Z",
|
|
"modified": "2018-09-13T13:37:28.000Z",
|
|
"pattern": "[file:hashes.MD5 = '943aa993dd600b3c8080e7a064cf5568' AND file:hashes.SHA1 = '9828898850d3e69d16b8ff312635e95ecf4478e9' AND file:hashes.SHA256 = '39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:26.000Z",
|
|
"modified": "2018-09-13T13:37:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T05:54:54",
|
|
"category": "Other",
|
|
"uuid": "771d6784-63d7-403d-aeb5-a20134c399f2"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6/analysis/1536645294/",
|
|
"category": "External analysis",
|
|
"uuid": "b3fa45af-080f-4132-a8de-4c8f487f2a2c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/59",
|
|
"category": "Other",
|
|
"uuid": "edc16cb6-6700-4b30-99be-5f415c0f498c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--41a04017-73fb-4631-887a-0671543e7f41",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:31.000Z",
|
|
"modified": "2018-09-13T13:37:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dd0d4d4196735db691a77ad2201fcb2a' AND file:hashes.SHA1 = '2e9676699462fbb3b36ad205a8189e93fd68599e' AND file:hashes.SHA256 = '1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:29.000Z",
|
|
"modified": "2018-09-13T13:37:29.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T05:50:49",
|
|
"category": "Other",
|
|
"uuid": "5d064180-dde6-47df-9e92-52108e0b2c1b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208/analysis/1536645049/",
|
|
"category": "External analysis",
|
|
"uuid": "0a7cb0a0-13d8-40d4-9e47-8f273ce41258"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/59",
|
|
"category": "Other",
|
|
"uuid": "d0ec1e2b-44aa-4792-9faf-1a294393e2a5"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:33.000Z",
|
|
"modified": "2018-09-13T13:37:33.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f6388e1650573bac1f933011acda71f2' AND file:hashes.SHA1 = '86e7114c21dfdbcefd90f61426b9ce88d2698b12' AND file:hashes.SHA256 = '1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:31.000Z",
|
|
"modified": "2018-09-13T13:37:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-11T05:50:55",
|
|
"category": "Other",
|
|
"uuid": "127ea910-669d-448c-962d-5688970e3f1c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669/analysis/1536645055/",
|
|
"category": "External analysis",
|
|
"uuid": "9e604b76-733e-41a3-a577-cebe99f787b6"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/59",
|
|
"category": "Other",
|
|
"uuid": "5052f9c6-992e-4ea7-a3c0-8c9e1b4c3e16"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2b0919caab591515af6ff99fb76896e8' AND file:hashes.SHA1 = '99ff9c25bc2e0a874ca4090abb6c612ea984c30c' AND file:hashes.SHA256 = '92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-13T13:37:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-13T13:37:34.000Z",
|
|
"modified": "2018-09-13T13:37:34.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-12T01:40:46",
|
|
"category": "Other",
|
|
"uuid": "4f66e666-cc07-49b1-95d4-649d6b094a43"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1/analysis/1536716446/",
|
|
"category": "External analysis",
|
|
"uuid": "8ec552cc-d839-4117-a6e0-824ba5d25e68"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "23/59",
|
|
"category": "Other",
|
|
"uuid": "26b9502d-8ad2-45bf-b828-6b68cba58d6b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d687c492-c08c-460b-85ab-1837a0330b35",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c9655c57-1760-44de-8ccc-7029b572eae9",
|
|
"target_ref": "x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5b640cef-6493-49ac-80e2-4c3c716349d9",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce",
|
|
"target_ref": "x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--82446756-7152-46c5-b433-b8c61d69ddfe",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa",
|
|
"target_ref": "x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f1561136-5f05-474c-bd41-356af10a949b",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd",
|
|
"target_ref": "x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ecd2c3e3-cb9d-487a-b2f2-4b4f6d01cf7d",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3bd19fac-4ad2-4d33-b023-7359e714c116",
|
|
"target_ref": "x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--73692aec-97ad-46f6-b423-0ca6bd82ad41",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0",
|
|
"target_ref": "x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--58c54bba-c07e-488c-bfe8-45a53fdc73e0",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250",
|
|
"target_ref": "x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f7b80abb-74a6-4b5d-898f-39ab6192f306",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5",
|
|
"target_ref": "x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--23eb3d90-4fce-4250-8144-af0113c9328e",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b93e361e-6457-475a-8466-3229a898dd5d",
|
|
"target_ref": "x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--151ba28a-ea83-4f22-8059-4b613127e6b2",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252",
|
|
"target_ref": "x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--5ebe7495-bef0-4978-87a3-d1418197a881",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--1409de38-3c59-48e4-bc96-95e5d351ba78",
|
|
"target_ref": "x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--da994413-cffc-4832-9cc1-f93e78c1314f",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a85d42ef-debd-451d-815b-ff5467bd75b2",
|
|
"target_ref": "x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--34fe4577-2498-47cc-85a2-fcdf4fc42c28",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d",
|
|
"target_ref": "x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4ed3a7d2-39e7-489e-8912-0acf335e50a6",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d",
|
|
"target_ref": "x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bd440033-729d-4499-b811-2fdeeeb7c791",
|
|
"created": "2018-09-13T13:37:35.000Z",
|
|
"modified": "2018-09-13T13:37:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8",
|
|
"target_ref": "x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--27e1c62f-f01b-44e5-aac5-4737af4de7cb",
|
|
"created": "2018-09-13T13:37:36.000Z",
|
|
"modified": "2018-09-13T13:37:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--25927348-f7e5-4c73-bb65-1a697c164887",
|
|
"target_ref": "x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f7db49f5-90ad-47d3-b95d-e668650e4803",
|
|
"created": "2018-09-13T13:37:36.000Z",
|
|
"modified": "2018-09-13T13:37:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4",
|
|
"target_ref": "x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8b22465d-f37d-4916-8f7a-d3789c3491fd",
|
|
"created": "2018-09-13T13:37:36.000Z",
|
|
"modified": "2018-09-13T13:37:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--41a04017-73fb-4631-887a-0671543e7f41",
|
|
"target_ref": "x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1587210c-5126-4582-b2a4-737dd0a865d9",
|
|
"created": "2018-09-13T13:37:36.000Z",
|
|
"modified": "2018-09-13T13:37:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d",
|
|
"target_ref": "x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e656a10a-4c59-4f1b-928a-1edb2f1dac9f",
|
|
"created": "2018-09-13T13:37:36.000Z",
|
|
"modified": "2018-09-13T13:37:36.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9",
|
|
"target_ref": "x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |