misp-circl-feed/feeds/circl/misp/355c00b3-a85f-4a6c-850f-95bc7357abd1.json

780 lines
No EOL
33 KiB
JSON

{
"type": "bundle",
"id": "bundle--355c00b3-a85f-4a6c-850f-95bc7357abd1",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:21:42.000Z",
"modified": "2020-09-22T12:21:42.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--355c00b3-a85f-4a6c-850f-95bc7357abd1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:21:42.000Z",
"modified": "2020-09-22T12:21:42.000Z",
"name": "Linux/CDRThief\u2009\u2014\u2009Indicators of Compromise - Who is calling? CDRThief targets Linux VoIP softswitches",
"published": "2020-09-22T12:23:24Z",
"object_refs": [
"indicator--50cd9c70-16e3-4d80-a63f-6a8cccc82068",
"indicator--3e5b904b-5895-4b38-a3fe-3f1c45556e2d",
"indicator--0e0e63a2-2df9-48bf-a051-033dc07e1c28",
"indicator--4bc87d38-3261-47a3-8aed-2f4e6d6a90b9",
"observed-data--d0bc874d-f910-42af-8487-49d59744ac09",
"url--d0bc874d-f910-42af-8487-49d59744ac09",
"indicator--e709726a-d154-43ef-86c7-18eb24a81774",
"indicator--7bba10cd-0db9-4236-8351-3e592852b524",
"indicator--23f961d6-6059-47a4-854e-9122fe8ad07e",
"indicator--509ee329-28fd-433e-866e-8756879ee048",
"indicator--19c40342-9c51-4d22-863a-aa043f160819",
"indicator--3f66f469-98f7-40d5-b7a8-f8107c5f494a",
"indicator--bc967985-2f6a-4ddd-bdf2-65742ffc89c6",
"indicator--a753b1c5-18cd-4f49-903a-dbec8618f0c6",
"indicator--d4470b8f-b772-415b-a89a-b22c25431d9f",
"indicator--aeb2152e-d589-4dce-8691-2eb1b25b0430",
"observed-data--b520b0c5-ba26-4f60-8ad4-77a9dd37987e",
"url--b520b0c5-ba26-4f60-8ad4-77a9dd37987e",
"x-misp-object--88331ce0-09ff-4c8a-93c5-3e27fc8e287c",
"indicator--f782bda7-4bcb-4ad0-8c2f-2c5f18863652",
"x-misp-object--b53bd1ed-b1e6-46ac-b34d-3bbe67107eae",
"indicator--0bc9fcae-fc75-4910-a8c0-61949bd76bb9",
"x-misp-object--32b7a65f-d4d2-4920-a244-29c98222f6ff",
"indicator--10b7197c-b557-4d29-a593-8f81e682c400",
"x-misp-object--1752315a-8a3b-4114-badf-c204312c304b",
"indicator--4e2be21d-c114-470c-8845-572d708cdbec",
"x-misp-object--25558597-1dd5-4fb9-99b6-53db526d0e6e",
"relationship--921c4eba-1c6d-4d45-9e73-d8d1b9031088",
"relationship--86b08189-0989-4c69-ba1a-bfee4d8b3259",
"relationship--0285da80-1b44-444d-a1af-9ef6efe55192",
"relationship--6ee4c98d-d95f-429e-9397-91f8611c7c2a"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--50cd9c70-16e3-4d80-a63f-6a8cccc82068",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:15:24.000Z",
"modified": "2020-09-22T12:15:24.000Z",
"pattern": "[file:hashes.SHA1 = 'cc373d633a16817f7d21372c56955923c9dda825']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3e5b904b-5895-4b38-a3fe-3f1c45556e2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:15:24.000Z",
"modified": "2020-09-22T12:15:24.000Z",
"description": "(UPX packed)",
"pattern": "[file:hashes.SHA1 = '8e2624da4d209abd3364d90f7bc08230f84510db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0e0e63a2-2df9-48bf-a051-033dc07e1c28",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:15:24.000Z",
"modified": "2020-09-22T12:15:24.000Z",
"pattern": "[file:hashes.SHA1 = 'fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4bc87d38-3261-47a3-8aed-2f4e6d6a90b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:15:24.000Z",
"modified": "2020-09-22T12:15:24.000Z",
"description": "(Corrupted)",
"pattern": "[file:hashes.SHA1 = '8532e858eb24ae38632091d2d790a1299b7bbc87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--d0bc874d-f910-42af-8487-49d59744ac09",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:15:44.000Z",
"modified": "2020-09-22T12:15:44.000Z",
"first_observed": "2020-09-22T12:15:44Z",
"last_observed": "2020-09-22T12:15:44Z",
"number_observed": 1,
"object_refs": [
"url--d0bc874d-f910-42af-8487-49d59744ac09"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--d0bc874d-f910-42af-8487-49d59744ac09",
"value": "https://github.com/eset/malware-ioc/tree/master/cdrthief"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e709726a-d154-43ef-86c7-18eb24a81774",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:04.000Z",
"modified": "2020-09-22T12:16:04.000Z",
"description": "C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.29.173.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7bba10cd-0db9-4236-8351-3e592852b524",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:04.000Z",
"modified": "2020-09-22T12:16:04.000Z",
"description": "C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.211.157.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--23f961d6-6059-47a4-854e-9122fe8ad07e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:04.000Z",
"modified": "2020-09-22T12:16:04.000Z",
"description": "C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.226.134.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--509ee329-28fd-433e-866e-8756879ee048",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:04.000Z",
"modified": "2020-09-22T12:16:04.000Z",
"description": "C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.109.79.136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--19c40342-9c51-4d22-863a-aa043f160819",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:04.000Z",
"modified": "2020-09-22T12:16:04.000Z",
"description": "C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.94.199.142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f66f469-98f7-40d5-b7a8-f8107c5f494a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:04.000Z",
"modified": "2020-09-22T12:16:04.000Z",
"description": "C&C servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '35.236.173.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bc967985-2f6a-4ddd-bdf2-65742ffc89c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:57.000Z",
"modified": "2020-09-22T12:16:57.000Z",
"pattern": "[mutex:name = '/dev/shm/.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a753b1c5-18cd-4f49-903a-dbec8618f0c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:16:57.000Z",
"modified": "2020-09-22T12:16:57.000Z",
"pattern": "[mutex:name = '/dev/shm/.linux']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:16:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4470b8f-b772-415b-a89a-b22c25431d9f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:17:30.000Z",
"modified": "2020-09-22T12:17:30.000Z",
"pattern": "[file:name = '/dev/shm/callservice']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aeb2152e-d589-4dce-8691-2eb1b25b0430",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:17:30.000Z",
"modified": "2020-09-22T12:17:30.000Z",
"pattern": "[file:name = '/dev/shm/sys.png']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--b520b0c5-ba26-4f60-8ad4-77a9dd37987e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:21:25.000Z",
"modified": "2020-09-22T12:21:25.000Z",
"first_observed": "2020-09-22T12:21:25Z",
"last_observed": "2020-09-22T12:21:25Z",
"number_observed": 1,
"object_refs": [
"url--b520b0c5-ba26-4f60-8ad4-77a9dd37987e"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--b520b0c5-ba26-4f60-8ad4-77a9dd37987e",
"value": "https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--88331ce0-09ff-4c8a-93c5-3e27fc8e287c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:19:10.000Z",
"modified": "2020-09-22T12:19:10.000Z",
"labels": [
"misp:name=\"crypto-material\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "text",
"value": "-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQ3k3GgS3FX4pI7s9x0krBYqbMcSaw4BPY91Ln\r\ntt5/X8s9l0BC6PUTbQcUzs6PPXhKKTx8ph5CYQqdWynxOLJah0FMMRYxS8d0HX+Qx9eWUeKRHm2E\r\nAtZQjdHxqTJ9EBpHYWV4RrWmeoOsWAOisvedlb23O0E55e8rrGGrZLhPbwIDAQAB\r\n-----END PUBLIC KEY-----",
"category": "Other",
"uuid": "d54175fd-fa8c-4446-8b2c-548791780397"
},
{
"type": "text",
"object_relation": "type",
"value": "RSA",
"category": "Other",
"uuid": "a31298ce-323c-49c0-84d7-2662b873a082"
},
{
"type": "text",
"object_relation": "origin",
"value": "malware-extraction",
"category": "Other",
"uuid": "82b73e68-5afe-4e5c-9c52-38242f13c139"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "crypto-material"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f782bda7-4bcb-4ad0-8c2f-2c5f18863652",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"pattern": "[file:hashes.MD5 = '7124c56ab6d8133e2ed2042fb8c2248e' AND file:hashes.SHA1 = 'cc373d633a16817f7d21372c56955923c9dda825' AND file:hashes.SHA256 = '665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:20:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b53bd1ed-b1e6-46ac-b34d-3bbe67107eae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-09-22T10:56:34+00:00",
"category": "Other",
"uuid": "9a8f52cd-f16e-49e5-a1ed-d019bbbd082d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b/detection/f-665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b-1600772194",
"category": "Payload delivery",
"uuid": "1fa1ca4e-2145-4caf-8ab8-4ad2c1052100"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/62",
"category": "Payload delivery",
"uuid": "80c0cf1c-41e3-4ffa-9e48-374af830eaa4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0bc9fcae-fc75-4910-a8c0-61949bd76bb9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"pattern": "[file:hashes.MD5 = '926c77d3d9fdad7217a9b49bdf033336' AND file:hashes.SHA1 = '8e2624da4d209abd3364d90f7bc08230f84510db' AND file:hashes.SHA256 = 'ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:20:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--32b7a65f-d4d2-4920-a244-29c98222f6ff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-09-22T10:56:43+00:00",
"category": "Other",
"comment": "(UPX packed)",
"uuid": "7d174551-08ad-4371-819b-4f5ff30ea7e7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c/detection/f-ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c-1600772203",
"category": "Payload delivery",
"comment": "(UPX packed)",
"uuid": "da28f735-72f5-4fe2-9789-adae6df6294f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/60",
"category": "Payload delivery",
"comment": "(UPX packed)",
"uuid": "83b1dbb1-0edf-4939-80d1-7a0635d14587"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--10b7197c-b557-4d29-a593-8f81e682c400",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"pattern": "[file:hashes.MD5 = '444a5116c6e2b37b33066be16f3e7e6d' AND file:hashes.SHA1 = '8532e858eb24ae38632091d2d790a1299b7bbc87' AND file:hashes.SHA256 = 'af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:20:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1752315a-8a3b-4114-badf-c204312c304b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-09-22T10:56:33+00:00",
"category": "Other",
"comment": "(Corrupted)",
"uuid": "f1afdfdd-941e-4136-a79c-19c30e0c3301"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4/detection/f-af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4-1600772193",
"category": "Payload delivery",
"comment": "(Corrupted)",
"uuid": "46b3ca6a-2d76-4117-9317-92c3c5dd32d8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/62",
"category": "Payload delivery",
"comment": "(Corrupted)",
"uuid": "df800269-bf3b-432d-b8b3-aea329ae0be8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4e2be21d-c114-470c-8845-572d708cdbec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"pattern": "[file:hashes.MD5 = '3339b8c4a522548b67fca732c54fa232' AND file:hashes.SHA1 = 'fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac' AND file:hashes.SHA256 = '6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-09-22T12:20:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--25558597-1dd5-4fb9-99b6-53db526d0e6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-09-22T12:20:29.000Z",
"modified": "2020-09-22T12:20:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-09-22T10:56:24+00:00",
"category": "Other",
"uuid": "baf23e87-428f-4974-8764-e4bbcd5ea9b4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6/detection/f-6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6-1600772184",
"category": "Payload delivery",
"uuid": "b397af60-d203-4dfe-bfad-d67bc45763ff"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/61",
"category": "Payload delivery",
"uuid": "f9400666-419d-444a-b2dd-bf8ea02c78e6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--921c4eba-1c6d-4d45-9e73-d8d1b9031088",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f782bda7-4bcb-4ad0-8c2f-2c5f18863652",
"target_ref": "x-misp-object--b53bd1ed-b1e6-46ac-b34d-3bbe67107eae"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--86b08189-0989-4c69-ba1a-bfee4d8b3259",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0bc9fcae-fc75-4910-a8c0-61949bd76bb9",
"target_ref": "x-misp-object--32b7a65f-d4d2-4920-a244-29c98222f6ff"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0285da80-1b44-444d-a1af-9ef6efe55192",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--10b7197c-b557-4d29-a593-8f81e682c400",
"target_ref": "x-misp-object--1752315a-8a3b-4114-badf-c204312c304b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6ee4c98d-d95f-429e-9397-91f8611c7c2a",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4e2be21d-c114-470c-8845-572d708cdbec",
"target_ref": "x-misp-object--25558597-1dd5-4fb9-99b6-53db526d0e6e"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}