890 lines
No EOL
38 KiB
JSON
890 lines
No EOL
38 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5dc12abf-dbec-4acb-83a5-419d950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5dc12abf-dbec-4acb-83a5-419d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"name": "OSINT - Turla/Venomous Bear Implants",
|
|
"published": "2019-12-10T09:28:18Z",
|
|
"object_refs": [
|
|
"x-misp-object--5dc12b04-4520-4f4d-bdc4-43fa950d210f",
|
|
"indicator--c329341a-9840-40f5-a7bc-ed64a2ec7820",
|
|
"indicator--ff441ee8-3fda-4c78-800f-fa48072df42b",
|
|
"indicator--896deec8-8e3c-4a6b-926e-de60c02d9c47",
|
|
"indicator--12b2a838-6f7c-4b4a-a1e6-46c033185348",
|
|
"indicator--77802fc2-8e23-4b3f-8c0b-e06ea8570015",
|
|
"indicator--ae94dbdf-74c8-4d41-bbe4-f92e921b960a",
|
|
"indicator--cf81da33-c913-4f1e-b78f-a8acab71f9cb",
|
|
"indicator--ced4d2d6-f1fb-4722-b7b5-7791ef662199",
|
|
"indicator--5942762c-c826-4076-90ff-9e4beb34430e",
|
|
"x-misp-object--8beecab4-010e-4450-8dac-a31df82c3279",
|
|
"indicator--4e097b0f-e05c-400b-98d3-af0ce5432479",
|
|
"x-misp-object--8940fb6d-41a6-4268-96fa-a9a0c9d36780",
|
|
"indicator--ba9b7334-d60e-48dd-a675-8f99e0291e0a",
|
|
"x-misp-object--a82564a5-e84b-4697-83a4-d70c3ff8b320",
|
|
"indicator--0755c767-324a-4687-b231-d565cfaf10ec",
|
|
"x-misp-object--4ece2478-f095-4408-85c8-23dc011fadcc",
|
|
"indicator--75b7df34-d401-46d9-99f1-e6ef1e4f9cc2",
|
|
"x-misp-object--dcf6461e-eabe-4050-b75a-183f1fca9199",
|
|
"indicator--529f959d-3e86-4c0a-8a74-617284841a81",
|
|
"x-misp-object--7e6ffeb9-c041-45ab-bd40-12f1827d706a",
|
|
"indicator--21d50aa1-ce06-4e01-b17b-650b0a4259fb",
|
|
"x-misp-object--624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b",
|
|
"indicator--62c2c068-3e13-4646-a264-2498ecdc21dc",
|
|
"x-misp-object--00429de3-12c5-4a51-a22a-ebfb1c3cd3eb",
|
|
"relationship--2fae86c8-ce8e-437d-b8c9-b257307856ca",
|
|
"relationship--40f0042e-1173-4054-bf45-afc35200effa",
|
|
"relationship--162f2fe9-ec33-4d0a-b9dc-7996691bb15b",
|
|
"relationship--9ee03e59-f76c-49d9-8822-e51da0060b03",
|
|
"relationship--fde6e68b-6808-4337-b617-0afedd0e7c3a",
|
|
"relationship--31f5a1fc-aaeb-4f31-b7db-943fc12566dd",
|
|
"relationship--f1ebb096-8020-4ac9-b2a9-740eb95b0a52",
|
|
"relationship--6a4eaaf2-762e-4669-9dd2-ef716e6f7912"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\"",
|
|
"misp-galaxy:malpedia=\"Turla RAT\"",
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla\"",
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"",
|
|
"misp-galaxy:mitre-intrusion-set=\"Turla\"",
|
|
"misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"",
|
|
"misp-galaxy:threat-actor=\"Turla Group\"",
|
|
"misp-galaxy:tool=\"Turla\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5dc12b04-4520-4f4d-bdc4-43fa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:55:48.000Z",
|
|
"modified": "2019-11-05T07:55:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"microblog\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "post",
|
|
"value": "Casey Brooks\r\n@DrunkBinary\r\nTurla/Venomous Bear Implants\r\n687d7ddb080fb769b26a0c054f4cd422\r\n5b3ff56e7fe3e3a71fca4c844d1e02db\r\n535e67930dfbec1a0ae2671b63e2ef8e\r\n2d4578a2bbf5418de1fd4783e555f100\r\n198ee041e8f3eb12a19bc321f86ccb88\r\n1753424464a00c628d7166152cc30d1e\r\n6e4b7f13178ebc04304ee2b5ee646d09",
|
|
"category": "Other",
|
|
"uuid": "5dc12b04-c32c-4304-a463-4b3b950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://mobile.twitter.com/DrunkBinary/status/1191382141579476998",
|
|
"category": "External analysis",
|
|
"uuid": "5dc12b05-07c4-4553-bf3a-45a1950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "type",
|
|
"value": "Twitter",
|
|
"category": "Other",
|
|
"uuid": "5dc12b05-8388-4289-b089-439e950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "DrunkBinary",
|
|
"category": "Other",
|
|
"uuid": "5dc12b05-603c-418d-8712-477d950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "state",
|
|
"value": "Informative",
|
|
"category": "Other",
|
|
"uuid": "5dc12b05-08ac-4652-9e94-44f0950d210f"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "creation-date",
|
|
"value": "2019-11-04T16:50:00",
|
|
"category": "Other",
|
|
"uuid": "5dc12b05-81e8-4306-b82f-4968950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "microblog"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c329341a-9840-40f5-a7bc-ed64a2ec7820",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:40.000Z",
|
|
"modified": "2019-11-05T07:58:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '687d7ddb080fb769b26a0c054f4cd422']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ff441ee8-3fda-4c78-800f-fa48072df42b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:40.000Z",
|
|
"modified": "2019-11-05T07:58:40.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5b3ff56e7fe3e3a71fca4c844d1e02db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--896deec8-8e3c-4a6b-926e-de60c02d9c47",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:41.000Z",
|
|
"modified": "2019-11-05T07:58:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '535e67930dfbec1a0ae2671b63e2ef8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--12b2a838-6f7c-4b4a-a1e6-46c033185348",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:41.000Z",
|
|
"modified": "2019-11-05T07:58:41.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d4578a2bbf5418de1fd4783e555f100']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--77802fc2-8e23-4b3f-8c0b-e06ea8570015",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:42.000Z",
|
|
"modified": "2019-11-05T07:58:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '198ee041e8f3eb12a19bc321f86ccb88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ae94dbdf-74c8-4d41-bbe4-f92e921b960a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:43.000Z",
|
|
"modified": "2019-11-05T07:58:43.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1753424464a00c628d7166152cc30d1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cf81da33-c913-4f1e-b78f-a8acab71f9cb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:43.000Z",
|
|
"modified": "2019-11-05T07:58:43.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6e4b7f13178ebc04304ee2b5ee646d09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ced4d2d6-f1fb-4722-b7b5-7791ef662199",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-11-05T07:58:44.000Z",
|
|
"modified": "2019-11-05T07:58:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'afcf3936639b706221d5f67afa75d80b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-11-05T07:58:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942762c-c826-4076-90ff-9e4beb34430e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:25:35.000Z",
|
|
"modified": "2019-12-10T09:25:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6e4b7f13178ebc04304ee2b5ee646d09' AND file:hashes.SHA1 = '663a78cb5e6f3ab54cd0d3f67bd8c9545b341d6f' AND file:hashes.SHA256 = '24fe571f3066045497b1d8316040734c81c71dcb1747f1d7026cda810085fad7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:25:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8beecab4-010e-4450-8dac-a31df82c3279",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:25:40.000Z",
|
|
"modified": "2019-12-10T09:25:40.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-10-23T13:06:09",
|
|
"category": "Other",
|
|
"uuid": "39464f1b-abd9-4278-8984-ed2605ebc764"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/24fe571f3066045497b1d8316040734c81c71dcb1747f1d7026cda810085fad7/analysis/1571835969/",
|
|
"category": "Payload delivery",
|
|
"uuid": "009c4163-da4a-425e-baa8-9f39a81f47c2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/67",
|
|
"category": "Payload delivery",
|
|
"uuid": "88b75e39-9615-4833-9bfb-912eb249492e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4e097b0f-e05c-400b-98d3-af0ce5432479",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:25:42.000Z",
|
|
"modified": "2019-12-10T09:25:42.000Z",
|
|
"pattern": "[file:hashes.MD5 = '198ee041e8f3eb12a19bc321f86ccb88' AND file:hashes.SHA1 = 'ee583451c832b07d8f2b4d6b8dd36ccb280ff421' AND file:hashes.SHA256 = 'c63f425d96365d906604b1529611eefe5524432545a7977ebe2ac8c79f90ad7e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:25:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8940fb6d-41a6-4268-96fa-a9a0c9d36780",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:25:51.000Z",
|
|
"modified": "2019-12-10T09:25:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-11-12T15:05:11",
|
|
"category": "Other",
|
|
"uuid": "db8e2be8-5902-4322-9da5-536f77a869cc"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c63f425d96365d906604b1529611eefe5524432545a7977ebe2ac8c79f90ad7e/analysis/1573571111/",
|
|
"category": "Payload delivery",
|
|
"uuid": "13f2f09d-83ec-4f87-a0c3-b2b48db6c7bf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/70",
|
|
"category": "Payload delivery",
|
|
"uuid": "cbe967c3-f348-4174-b1f9-d56f84af11cf"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ba9b7334-d60e-48dd-a675-8f99e0291e0a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:02.000Z",
|
|
"modified": "2019-12-10T09:26:02.000Z",
|
|
"pattern": "[file:hashes.MD5 = '535e67930dfbec1a0ae2671b63e2ef8e' AND file:hashes.SHA1 = '3b203f328048b837030b6f0ff595968486cc1b44' AND file:hashes.SHA256 = 'db9902cb42f6dc9f1c02bd3413ab3969d345eb6b0660bd8356a0c328f1ec0c07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:26:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--a82564a5-e84b-4697-83a4-d70c3ff8b320",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:05.000Z",
|
|
"modified": "2019-12-10T09:26:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-10-23T13:07:53",
|
|
"category": "Other",
|
|
"uuid": "9687daad-0e1b-4197-ac07-af6faedc2130"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/db9902cb42f6dc9f1c02bd3413ab3969d345eb6b0660bd8356a0c328f1ec0c07/analysis/1571836073/",
|
|
"category": "Payload delivery",
|
|
"uuid": "47135dc2-701d-433d-9930-d692cf6bdb9d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/69",
|
|
"category": "Payload delivery",
|
|
"uuid": "5f598518-92a3-4dda-b5fa-852e10d79a01"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0755c767-324a-4687-b231-d565cfaf10ec",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:06.000Z",
|
|
"modified": "2019-12-10T09:26:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'afcf3936639b706221d5f67afa75d80b' AND file:hashes.SHA1 = 'd98643af5619781280b4418d224a07c36d462a84' AND file:hashes.SHA256 = '43eb5196379c3394f60014335871457b19a6784dd1de5fd490042a3801a9fa89']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:26:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4ece2478-f095-4408-85c8-23dc011fadcc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:06.000Z",
|
|
"modified": "2019-12-10T09:26:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-10-23T13:05:51",
|
|
"category": "Other",
|
|
"uuid": "859a70c4-0b4d-4fa1-86dc-1a23c2409f73"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/43eb5196379c3394f60014335871457b19a6784dd1de5fd490042a3801a9fa89/analysis/1571835951/",
|
|
"category": "Payload delivery",
|
|
"uuid": "c88401f1-1d62-4b5a-960b-4ba03e10518d"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "46/67",
|
|
"category": "Payload delivery",
|
|
"uuid": "e5c2c08c-79ef-47a5-9ee3-55d93a159361"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--75b7df34-d401-46d9-99f1-e6ef1e4f9cc2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:06.000Z",
|
|
"modified": "2019-12-10T09:26:06.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1753424464a00c628d7166152cc30d1e' AND file:hashes.SHA1 = '05071cf5da3040d6cbdfd9413a79029e605ac364' AND file:hashes.SHA256 = '7bd3ff9ba43020688acaa05ce4e0a8f92f53d9d9264053255a5937cbd7a5465e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:26:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--dcf6461e-eabe-4050-b75a-183f1fca9199",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:06.000Z",
|
|
"modified": "2019-12-10T09:26:06.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-10-23T13:06:27",
|
|
"category": "Other",
|
|
"uuid": "202ca9e6-3d55-4e52-ab2f-5c0164d2d9fa"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7bd3ff9ba43020688acaa05ce4e0a8f92f53d9d9264053255a5937cbd7a5465e/analysis/1571835987/",
|
|
"category": "Payload delivery",
|
|
"uuid": "dff115c3-2d30-4f79-a525-27fbdb3054d1"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "f0645ffb-2291-48ef-a6d7-4d0233af89eb"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--529f959d-3e86-4c0a-8a74-617284841a81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:07.000Z",
|
|
"modified": "2019-12-10T09:26:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d4578a2bbf5418de1fd4783e555f100' AND file:hashes.SHA1 = '6c24db5a4d30a8287c36d21c16c0d45050a975c4' AND file:hashes.SHA256 = '5f56627cf168fcf5ffc3f5bcb9bf7f968f8428d53d8b2e00c1622c2da67965cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:26:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7e6ffeb9-c041-45ab-bd40-12f1827d706a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:07.000Z",
|
|
"modified": "2019-12-10T09:26:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-10-23T13:07:36",
|
|
"category": "Other",
|
|
"uuid": "97bbdbe3-56cc-435b-8365-4e34e19147c8"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/5f56627cf168fcf5ffc3f5bcb9bf7f968f8428d53d8b2e00c1622c2da67965cf/analysis/1571836056/",
|
|
"category": "Payload delivery",
|
|
"uuid": "19a18bf2-de93-48e2-a6b9-4333cbeaaef5"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/69",
|
|
"category": "Payload delivery",
|
|
"uuid": "f11e5be1-6cfb-4e2a-a983-5e176a12b585"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--21d50aa1-ce06-4e01-b17b-650b0a4259fb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:07.000Z",
|
|
"modified": "2019-12-10T09:26:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5b3ff56e7fe3e3a71fca4c844d1e02db' AND file:hashes.SHA1 = '1b8e06751ecc87826bd258d5182ab33c1e20c8f7' AND file:hashes.SHA256 = 'ba9a2b8573282e9f449e53142542acd2e854206b67db12058a4195cfbd692f79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:26:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:07.000Z",
|
|
"modified": "2019-12-10T09:26:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-10-23T13:41:54",
|
|
"category": "Other",
|
|
"uuid": "4812d651-6871-44c6-951f-e5d047e26e46"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ba9a2b8573282e9f449e53142542acd2e854206b67db12058a4195cfbd692f79/analysis/1571838114/",
|
|
"category": "Payload delivery",
|
|
"uuid": "26a72c15-240b-4d2a-ae5a-9dfad7d14c3e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "30609a1d-5955-4c9c-a353-6794ebad86b4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--62c2c068-3e13-4646-a264-2498ecdc21dc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:07.000Z",
|
|
"modified": "2019-12-10T09:26:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = '687d7ddb080fb769b26a0c054f4cd422' AND file:hashes.SHA1 = '3227e0b8181f05e393be41d633b08da07fadf194' AND file:hashes.SHA256 = '66893ab83a7d4e298720da28cd2ea4a860371ae938cdd86035ce920b933c9d85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-12-10T09:26:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--00429de3-12c5-4a51-a22a-ebfb1c3cd3eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-11-14T08:28:17",
|
|
"category": "Other",
|
|
"uuid": "93ec40f8-6f63-41ff-a27e-1891c57b456b"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/66893ab83a7d4e298720da28cd2ea4a860371ae938cdd86035ce920b933c9d85/analysis/1573720097/",
|
|
"category": "Payload delivery",
|
|
"uuid": "eda19702-19eb-4e5a-9c8d-31de2e456e05"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "47/70",
|
|
"category": "Payload delivery",
|
|
"uuid": "6c063632-74a2-4192-8570-2501e90ac8ab"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2fae86c8-ce8e-437d-b8c9-b257307856ca",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5942762c-c826-4076-90ff-9e4beb34430e",
|
|
"target_ref": "x-misp-object--8beecab4-010e-4450-8dac-a31df82c3279"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--40f0042e-1173-4054-bf45-afc35200effa",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4e097b0f-e05c-400b-98d3-af0ce5432479",
|
|
"target_ref": "x-misp-object--8940fb6d-41a6-4268-96fa-a9a0c9d36780"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--162f2fe9-ec33-4d0a-b9dc-7996691bb15b",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--ba9b7334-d60e-48dd-a675-8f99e0291e0a",
|
|
"target_ref": "x-misp-object--a82564a5-e84b-4697-83a4-d70c3ff8b320"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9ee03e59-f76c-49d9-8822-e51da0060b03",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0755c767-324a-4687-b231-d565cfaf10ec",
|
|
"target_ref": "x-misp-object--4ece2478-f095-4408-85c8-23dc011fadcc"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fde6e68b-6808-4337-b617-0afedd0e7c3a",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--75b7df34-d401-46d9-99f1-e6ef1e4f9cc2",
|
|
"target_ref": "x-misp-object--dcf6461e-eabe-4050-b75a-183f1fca9199"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--31f5a1fc-aaeb-4f31-b7db-943fc12566dd",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--529f959d-3e86-4c0a-8a74-617284841a81",
|
|
"target_ref": "x-misp-object--7e6ffeb9-c041-45ab-bd40-12f1827d706a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f1ebb096-8020-4ac9-b2a9-740eb95b0a52",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--21d50aa1-ce06-4e01-b17b-650b0a4259fb",
|
|
"target_ref": "x-misp-object--624f5fe8-f2a2-45e4-bdc6-9f84e0d9ae7b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--6a4eaaf2-762e-4669-9dd2-ef716e6f7912",
|
|
"created": "2019-12-10T09:26:08.000Z",
|
|
"modified": "2019-12-10T09:26:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--62c2c068-3e13-4646-a264-2498ecdc21dc",
|
|
"target_ref": "x-misp-object--00429de3-12c5-4a51-a22a-ebfb1c3cd3eb"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |