misp-circl-feed/feeds/circl/stix-2.1/5e27f3d8-e238-4290-8b2c-422e950d210f.json

832 lines
No EOL
35 KiB
JSON

{
"type": "bundle",
"id": "bundle--5e27f3d8-e238-4290-8b2c-422e950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:41:10.000Z",
"modified": "2020-01-22T07:41:10.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e27f3d8-e238-4290-8b2c-422e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:41:10.000Z",
"modified": "2020-01-22T07:41:10.000Z",
"name": "Muhstik Botnet Attacks Tomato Routers",
"published": "2020-01-22T09:14:28Z",
"object_refs": [
"indicator--5e27f431-6074-4393-8d36-4643950d210f",
"indicator--5e27f432-029c-415b-b8f7-4884950d210f",
"indicator--5e27f432-268c-444b-b628-4a10950d210f",
"indicator--5e27f432-0558-4d1c-a3aa-444a950d210f",
"indicator--5e27f432-b7b8-4264-af32-43e6950d210f",
"indicator--5e27f432-6fb4-4896-a5a4-4ec5950d210f",
"indicator--5e27f432-f41c-4b03-b2e8-4854950d210f",
"indicator--5e27f432-cd80-4a00-9121-4536950d210f",
"indicator--5e27f432-f3fc-4a5b-b104-40a3950d210f",
"indicator--5e27f454-9754-44e2-8360-49a1950d210f",
"indicator--5e27f454-f6b8-4a7f-aac6-4a66950d210f",
"indicator--5e27f454-b2dc-430c-a7e2-4e01950d210f",
"indicator--5e27f454-ded0-4a34-b6c6-47c9950d210f",
"indicator--5e27f454-4ab0-485f-930d-4fb5950d210f",
"indicator--5e27f454-ec38-4063-94da-4e10950d210f",
"indicator--5e27f454-b2e4-4773-a425-4766950d210f",
"observed-data--5e27f61d-4a0c-426c-b827-42f1950d210f",
"url--5e27f61d-4a0c-426c-b827-42f1950d210f",
"indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014",
"x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641",
"indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
"x-misp-object--59005259-d99c-4501-b679-27cc1352be06",
"indicator--d0e82d91-4339-424a-9b54-4b665bec0acd",
"x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b",
"indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
"x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe",
"indicator--bd930756-f6fa-414c-ab91-40111e80a4c7",
"x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a",
"relationship--46ad9fee-8caf-4d78-ab2c-03266952a8ed",
"relationship--8a22b1d6-1a50-4e32-bea5-5fa2d0d8c69a",
"relationship--48abd2af-7499-423f-8838-1acf47acf04b",
"relationship--138dd578-e6f0-4f88-9f13-4c1541ceb04f",
"relationship--6cff2705-2f31-442c-af5d-ac6c4cd9687c"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:botnet=\"Muhstik\"",
"misp-galaxy:malpedia=\"Tsunami (ELF)\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f431-6074-4393-8d36-4643950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:21.000Z",
"modified": "2020-01-22T07:05:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.149.233.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-029c-415b-b8f7-4884950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.66.253.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-268c-444b-b628-4a10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.61.149.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-0558-4d1c-a3aa-444a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[url:value = 'http://y.fd6fq54s6df541q23sdxfg.eu/nvr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-b7b8-4264-af32-43e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[url:value = 'http://159.89.156.190/.y/pty1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-6fb4-4896-a5a4-4ec5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[url:value = 'http://159.89.156.190/.y/pty3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-f41c-4b03-b2e8-4854950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[url:value = 'http://159.89.156.190/.y/pty5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-cd80-4a00-9121-4536950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[url:value = 'http://159.89.156.190/.y/pty6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f432-f3fc-4a5b-b104-40a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:22.000Z",
"modified": "2020-01-22T07:05:22.000Z",
"pattern": "[domain-name:value = 's.shadow.mods.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f454-9754-44e2-8360-49a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:56.000Z",
"modified": "2020-01-22T07:05:56.000Z",
"pattern": "[file:hashes.SHA256 = '492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f454-f6b8-4a7f-aac6-4a66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:56.000Z",
"modified": "2020-01-22T07:05:56.000Z",
"pattern": "[file:hashes.SHA256 = '2548f5b1613f6ebba2ff589c7b3416ccdd066b73644d4d212232beb1cecd9c31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f454-b2dc-430c-a7e2-4e01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:56.000Z",
"modified": "2020-01-22T07:05:56.000Z",
"pattern": "[file:hashes.SHA256 = 'a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f454-ded0-4a34-b6c6-47c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:56.000Z",
"modified": "2020-01-22T07:05:56.000Z",
"pattern": "[file:hashes.SHA256 = '7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f454-4ab0-485f-930d-4fb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:56.000Z",
"modified": "2020-01-22T07:05:56.000Z",
"pattern": "[file:hashes.SHA256 = '72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f454-ec38-4063-94da-4e10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:56.000Z",
"modified": "2020-01-22T07:05:56.000Z",
"pattern": "[file:hashes.SHA256 = 'cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e27f454-b2e4-4773-a425-4766950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:05:56.000Z",
"modified": "2020-01-22T07:05:56.000Z",
"pattern": "[file:hashes.SHA256 = 'dc52a1193ecf6096192f771ae663de6e0389840cb5ceb7b979091333ce6f7f02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e27f61d-4a0c-426c-b827-42f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:17:41.000Z",
"modified": "2020-01-22T07:17:41.000Z",
"first_observed": "2020-01-22T07:17:41Z",
"last_observed": "2020-01-22T07:17:41Z",
"number_observed": 1,
"object_refs": [
"url--5e27f61d-4a0c-426c-b827-42f1950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e27f61d-4a0c-426c-b827-42f1950d210f",
"value": "https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:13.000Z",
"modified": "2020-01-22T07:25:13.000Z",
"pattern": "[file:hashes.MD5 = '2d8a62b8a27e14f741098fe1ced8eae4' AND file:hashes.SHA1 = 'e9a8aebc6822f01199ff311b94641044c4a38dd3' AND file:hashes.SHA256 = '492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:26.000Z",
"modified": "2020-01-22T07:25:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-01-22T02:13:52",
"category": "Other",
"uuid": "08464849-dffa-4bfe-981b-c6ac353080c5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f/analysis/1579659232/",
"category": "Payload delivery",
"uuid": "62282ccb-bfe8-4f86-9345-c1ed07e2c6b3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/57",
"category": "Payload delivery",
"uuid": "b2164fbc-0292-4439-9a3f-556c2873ed7f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:26.000Z",
"modified": "2020-01-22T07:25:26.000Z",
"pattern": "[file:hashes.MD5 = '8154ace62f0dcf7c47447153746c4be5' AND file:hashes.SHA1 = '6c9f004c977d3ce1ebda3b6e50313556f977d654' AND file:hashes.SHA256 = 'a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--59005259-d99c-4501-b679-27cc1352be06",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:26.000Z",
"modified": "2020-01-22T07:25:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-01-22T02:11:30",
"category": "Other",
"uuid": "62de76cd-7eeb-4c9b-bf8e-917137803cd6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687/analysis/1579659090/",
"category": "Payload delivery",
"uuid": "6858ce27-5914-41ea-a246-40cfdc33e04a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/57",
"category": "Payload delivery",
"uuid": "9089e013-f176-4f78-a05e-8624247c7115"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0e82d91-4339-424a-9b54-4b665bec0acd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:27.000Z",
"modified": "2020-01-22T07:25:27.000Z",
"pattern": "[file:hashes.MD5 = '167c2f5e0d6abe5b9b35348fd0269928' AND file:hashes.SHA1 = '7914fb8e72e6a7a57998f8b7817c2508ce9ec865' AND file:hashes.SHA256 = '7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:27.000Z",
"modified": "2020-01-22T07:25:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-01-22T02:14:04",
"category": "Other",
"uuid": "ee761208-581a-463f-bd07-a6a16db38a4f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435/analysis/1579659244/",
"category": "Payload delivery",
"uuid": "fa0222dd-230a-4c6d-9ac8-4f382cd21ef9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/57",
"category": "Payload delivery",
"uuid": "55ee0b95-4cb9-4805-8669-e8766e01ceb2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:27.000Z",
"modified": "2020-01-22T07:25:27.000Z",
"pattern": "[file:hashes.MD5 = 'a3e3809eb10bae7d19787f6c52d2b289' AND file:hashes.SHA1 = '00e4457de90df173b51757fcf120bc31ce16040e' AND file:hashes.SHA256 = '72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:27.000Z",
"modified": "2020-01-22T07:25:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-01-22T02:12:09",
"category": "Other",
"uuid": "5d6040e0-a8c8-44e4-ac5e-8f7ca6fd856a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0/analysis/1579659129/",
"category": "Payload delivery",
"uuid": "a1431de8-5639-40e8-b902-f7f51a47c035"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/57",
"category": "Payload delivery",
"uuid": "0abc5f32-ac9a-435d-9ae4-3f26fc75c0bf"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bd930756-f6fa-414c-ab91-40111e80a4c7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:27.000Z",
"modified": "2020-01-22T07:25:27.000Z",
"pattern": "[file:hashes.MD5 = 'b66fbdec14a7f7b0087aebb9c176ac12' AND file:hashes.SHA1 = '0c6484d5bc91a75cb0d94a55795d543c409b3fb8' AND file:hashes.SHA256 = 'cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-01-22T07:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-22T07:25:28.000Z",
"modified": "2020-01-22T07:25:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-01-22T02:12:56",
"category": "Other",
"uuid": "ce51439d-924b-4d65-b570-88a97c546fdc"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c/analysis/1579659176/",
"category": "Payload delivery",
"uuid": "d5f26a7b-7151-43d4-91d3-03f7456f886b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/57",
"category": "Payload delivery",
"uuid": "b2de9ec0-3be3-462b-9250-e457f57ba795"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--46ad9fee-8caf-4d78-ab2c-03266952a8ed",
"created": "2020-01-22T07:25:28.000Z",
"modified": "2020-01-22T07:25:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ca140315-88e6-4fa3-913c-6d3b95cb2014",
"target_ref": "x-misp-object--e9108fdc-2a51-4bcb-bf26-d96fc21ff641"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8a22b1d6-1a50-4e32-bea5-5fa2d0d8c69a",
"created": "2020-01-22T07:25:28.000Z",
"modified": "2020-01-22T07:25:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
"target_ref": "x-misp-object--59005259-d99c-4501-b679-27cc1352be06"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48abd2af-7499-423f-8838-1acf47acf04b",
"created": "2020-01-22T07:25:28.000Z",
"modified": "2020-01-22T07:25:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d0e82d91-4339-424a-9b54-4b665bec0acd",
"target_ref": "x-misp-object--0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--138dd578-e6f0-4f88-9f13-4c1541ceb04f",
"created": "2020-01-22T07:25:28.000Z",
"modified": "2020-01-22T07:25:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
"target_ref": "x-misp-object--fbe12b3c-849a-4b2e-8ef8-7fa83af759fe"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6cff2705-2f31-442c-af5d-ac6c4cd9687c",
"created": "2020-01-22T07:25:28.000Z",
"modified": "2020-01-22T07:25:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bd930756-f6fa-414c-ab91-40111e80a4c7",
"target_ref": "x-misp-object--b9d8b1eb-c098-4e3a-af07-cd37c40d345a"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}