888 lines
No EOL
38 KiB
JSON
888 lines
No EOL
38 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5b9f39b4-f618-494f-ad3e-030d950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:27:38.000Z",
|
|
"modified": "2018-09-17T05:27:38.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5b9f39b4-f618-494f-ad3e-030d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:27:38.000Z",
|
|
"modified": "2018-09-17T05:27:38.000Z",
|
|
"name": "OSINT - Dangerous Invoices and Dangerous Infrastructure",
|
|
"published": "2018-09-17T05:27:53Z",
|
|
"object_refs": [
|
|
"observed-data--5b9f39c0-4670-40cd-9d22-030d950d210f",
|
|
"url--5b9f39c0-4670-40cd-9d22-030d950d210f",
|
|
"x-misp-attribute--5b9f39da-599c-4f46-aefe-38dd950d210f",
|
|
"indicator--5b9f3a36-188c-4de2-93a8-38dd950d210f",
|
|
"indicator--5b9f3a37-eea0-4d2c-8bff-38dd950d210f",
|
|
"indicator--5b9f3a38-2828-40bf-83ee-38dd950d210f",
|
|
"indicator--5b9f3a38-6d14-4c06-89a9-38dd950d210f",
|
|
"indicator--5b9f3a39-c504-4bc1-98c4-38dd950d210f",
|
|
"indicator--5b9f3a39-644c-487a-b7a8-38dd950d210f",
|
|
"indicator--5b9f3a3a-a7f4-4390-9f37-38dd950d210f",
|
|
"indicator--5b9f3a3a-d1bc-47fa-9b90-38dd950d210f",
|
|
"indicator--5b9f3a6e-bfec-4d60-861c-4719950d210f",
|
|
"observed-data--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"network-traffic--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"ipv4-addr--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"indicator--5b9f3aa6-a274-4e40-b424-030e950d210f",
|
|
"indicator--5b9f3ac3-3b24-4b5d-81d9-389a950d210f",
|
|
"indicator--5b9f3ac4-a598-44eb-a781-389a950d210f",
|
|
"indicator--5b9f3ae0-18c8-4bc4-add5-389a950d210f",
|
|
"indicator--89ea32c5-8ed1-4a5d-b6eb-81b304692175",
|
|
"x-misp-object--d61a6111-686f-48d9-aa71-670e4ad3af92",
|
|
"indicator--41249430-fd98-43d4-8b38-f483450a56e4",
|
|
"x-misp-object--600366d9-9b77-418e-afcb-d68d3e6c4f5a",
|
|
"indicator--04e56925-da33-4e08-b9a0-9779b75b573d",
|
|
"x-misp-object--4d83c4be-5177-4d47-93b9-b31795bbe3af",
|
|
"indicator--b74ed736-91e3-4f21-a403-56d5e9b898e6",
|
|
"x-misp-object--5b126f66-2005-4273-b502-1ece9c0c273e",
|
|
"indicator--e377a0f7-f82e-4ee3-90d0-8404af82b73a",
|
|
"x-misp-object--2301b7c2-06a6-4778-a34f-919a1896a278",
|
|
"indicator--d32dd9f0-12c0-44c0-8e3e-4cf0bc236a2c",
|
|
"x-misp-object--260c7a64-d633-49a2-84de-1dcdabaf419c",
|
|
"relationship--19dfa73b-b2d9-44db-954c-5788957e19c7",
|
|
"relationship--04304602-832c-4c7c-bb86-f695274ef5f1",
|
|
"relationship--0095337d-340f-455f-8bdc-d2a6e58e4661",
|
|
"relationship--58ba5078-96ff-42ad-b95e-b9b35cadbf52",
|
|
"relationship--04e21657-49a6-4538-8753-2269b0abaa70",
|
|
"relationship--b31ce94f-c820-4da6-b7bd-e842f358a6b1"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b9f39c0-4670-40cd-9d22-030d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:21:04.000Z",
|
|
"modified": "2018-09-17T05:21:04.000Z",
|
|
"first_observed": "2018-09-17T05:21:04Z",
|
|
"last_observed": "2018-09-17T05:21:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5b9f39c0-4670-40cd-9d22-030d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5b9f39c0-4670-40cd-9d22-030d950d210f",
|
|
"value": "https://garwarner.blogspot.com/2018/09/dangerous-invoices-and-dangerous.html"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5b9f39da-599c-4f46-aefe-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:21:30.000Z",
|
|
"modified": "2018-09-17T05:21:30.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "My friends at Cofense published their finding last week that Microsoft Office macros are still the number one way that malware is being delivered via email, accounting for 45% of all malware delivery mechanisms they have recently studied. Anyone with a spam collection can quickly reach that same conclusion. A couple such campaigns even showed up in my personal email this week."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a36-188c-4de2-93a8-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:02.000Z",
|
|
"modified": "2018-09-17T05:23:02.000Z",
|
|
"description": "Invoice.exe",
|
|
"pattern": "[file:hashes.MD5 = '1261b8382cfa2b905f0f52a3aef49ce4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a37-eea0-4d2c-8bff-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:03.000Z",
|
|
"modified": "2018-09-17T05:23:03.000Z",
|
|
"description": "Invoice.exe",
|
|
"pattern": "[file:hashes.SHA1 = 'e80c07f700cf817a1eca1f8186f820492f8a2fbc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a38-2828-40bf-83ee-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:04.000Z",
|
|
"modified": "2018-09-17T05:23:04.000Z",
|
|
"description": "Order.exe",
|
|
"pattern": "[file:hashes.MD5 = '57b430ea422d1f33fef19f02fb85c7f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a38-6d14-4c06-89a9-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:04.000Z",
|
|
"modified": "2018-09-17T05:23:04.000Z",
|
|
"description": "Order.exe",
|
|
"pattern": "[file:hashes.SHA1 = '60a64400207fd9835899189aa0c3cbca027fe8cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a39-c504-4bc1-98c4-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:05.000Z",
|
|
"modified": "2018-09-17T05:23:05.000Z",
|
|
"description": "xox.exe",
|
|
"pattern": "[file:hashes.MD5 = '0fa8876252c632b64afad8fd7fa6344f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a39-644c-487a-b7a8-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:05.000Z",
|
|
"modified": "2018-09-17T05:23:05.000Z",
|
|
"description": "xox.exe",
|
|
"pattern": "[file:hashes.SHA1 = 'ab372d169743758bb81abaa4bc303d5303f6d913']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a3a-a7f4-4390-9f37-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:06.000Z",
|
|
"modified": "2018-09-17T05:23:06.000Z",
|
|
"description": "ogo.exe",
|
|
"pattern": "[file:hashes.MD5 = 'f321b38b171a3cbc1eff4a41ac5bbe47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a3a-d1bc-47fa-9b90-38dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:06.000Z",
|
|
"modified": "2018-09-17T05:23:06.000Z",
|
|
"description": "ogo.exe",
|
|
"pattern": "[file:hashes.SHA1 = 'da61f88e2e95a23e58d96cf845c523fd10023cb7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3a6e-bfec-4d60-861c-4719950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:23:58.000Z",
|
|
"modified": "2018-09-17T05:23:58.000Z",
|
|
"description": "Payload delivery",
|
|
"pattern": "[domain-name:value = 'rollboat.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:23:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:24:18.000Z",
|
|
"modified": "2018-09-17T05:24:18.000Z",
|
|
"first_observed": "2018-09-17T05:24:18Z",
|
|
"last_observed": "2018-09-17T05:24:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"ipv4-addr--5b9f3a82-435c-4cdd-9fd3-4685950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"src_ref": "ipv4-addr--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5b9f3a82-435c-4cdd-9fd3-4685950d210f",
|
|
"value": "89.40.14.229"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3aa6-a274-4e40-b424-030e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:24:54.000Z",
|
|
"modified": "2018-09-17T05:24:54.000Z",
|
|
"description": "kc.exe",
|
|
"pattern": "[file:hashes.MD5 = '02b6f049f4d8246ee982d8c34a160311']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:24:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3ac3-3b24-4b5d-81d9-389a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:25:23.000Z",
|
|
"modified": "2018-09-17T05:25:23.000Z",
|
|
"description": "kc.exe",
|
|
"pattern": "[file:hashes.MD5 = '736de7cd6a9c76bd7df49e6b3df6000e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:25:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3ac4-a598-44eb-a781-389a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:25:24.000Z",
|
|
"modified": "2018-09-17T05:25:24.000Z",
|
|
"description": "kc.exe",
|
|
"pattern": "[file:hashes.SHA1 = '1315994222d45410c8508cf614378e35c4f56c94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:25:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5b9f3ae0-18c8-4bc4-add5-389a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:25:52.000Z",
|
|
"modified": "2018-09-17T05:25:52.000Z",
|
|
"pattern": "[url:value = 'rollboat.tk/new']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:25:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--89ea32c5-8ed1-4a5d-b6eb-81b304692175",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:22.000Z",
|
|
"modified": "2018-09-17T05:26:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0fa8876252c632b64afad8fd7fa6344f' AND file:hashes.SHA1 = 'ab372d169743758bb81abaa4bc303d5303f6d913' AND file:hashes.SHA256 = 'aff30dd46fdbfa278e95e5958d1dd7ff0e525e5e4d3dc2b214a6ed267f27184f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:26:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d61a6111-686f-48d9-aa71-670e4ad3af92",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:20.000Z",
|
|
"modified": "2018-09-17T05:26:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-17T01:18:34",
|
|
"category": "Other",
|
|
"uuid": "3197363d-d391-4900-bee2-e2878d91c00c"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/aff30dd46fdbfa278e95e5958d1dd7ff0e525e5e4d3dc2b214a6ed267f27184f/analysis/1537147114/",
|
|
"category": "External analysis",
|
|
"uuid": "c1c04a0a-af3e-450c-8b7c-400d1dcffd7b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/66",
|
|
"category": "Other",
|
|
"uuid": "f921dfe5-7e4b-4602-b3b6-360716995d38"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--41249430-fd98-43d4-8b38-f483450a56e4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:24.000Z",
|
|
"modified": "2018-09-17T05:26:24.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f321b38b171a3cbc1eff4a41ac5bbe47' AND file:hashes.SHA1 = 'da61f88e2e95a23e58d96cf845c523fd10023cb7' AND file:hashes.SHA256 = '107e57389903e3ea717845570a9e68174cfff86f70ebfa5f0023236eb1fb3d46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:26:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--600366d9-9b77-418e-afcb-d68d3e6c4f5a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:23.000Z",
|
|
"modified": "2018-09-17T05:26:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-13T00:29:32",
|
|
"category": "Other",
|
|
"uuid": "7c08ff39-894e-4007-925d-6085cfb8d259"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/107e57389903e3ea717845570a9e68174cfff86f70ebfa5f0023236eb1fb3d46/analysis/1536798572/",
|
|
"category": "External analysis",
|
|
"uuid": "0430321e-799d-4c3f-80ba-02bf62f9d100"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/68",
|
|
"category": "Other",
|
|
"uuid": "fe44287a-28d0-4274-8318-00baac491602"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--04e56925-da33-4e08-b9a0-9779b75b573d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:27.000Z",
|
|
"modified": "2018-09-17T05:26:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = '736de7cd6a9c76bd7df49e6b3df6000e' AND file:hashes.SHA1 = '1315994222d45410c8508cf614378e35c4f56c94' AND file:hashes.SHA256 = '4a274d49ff47697d3098cf73a05e3c7ccb323f2a57b5865fa2f924a22f13f9d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:26:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--4d83c4be-5177-4d47-93b9-b31795bbe3af",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:25.000Z",
|
|
"modified": "2018-09-17T05:26:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-13T12:10:02",
|
|
"category": "Other",
|
|
"uuid": "85d9ef1c-07e5-47f1-8792-3717ef47f092"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4a274d49ff47697d3098cf73a05e3c7ccb323f2a57b5865fa2f924a22f13f9d0/analysis/1536840602/",
|
|
"category": "External analysis",
|
|
"uuid": "48a52550-d950-4b6e-b2db-cadf09a55bf9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "29/59",
|
|
"category": "Other",
|
|
"uuid": "bef3c88a-01eb-43d2-b1e8-1531de455a0b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b74ed736-91e3-4f21-a403-56d5e9b898e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:29.000Z",
|
|
"modified": "2018-09-17T05:26:29.000Z",
|
|
"pattern": "[file:hashes.MD5 = '57b430ea422d1f33fef19f02fb85c7f0' AND file:hashes.SHA1 = '60a64400207fd9835899189aa0c3cbca027fe8cf' AND file:hashes.SHA256 = '1c1e473d385b1c258f15d344ac5856fe88df88b1c477d9d8300e2981bb762525']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:26:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5b126f66-2005-4273-b502-1ece9c0c273e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:28.000Z",
|
|
"modified": "2018-09-17T05:26:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-13T06:39:02",
|
|
"category": "Other",
|
|
"uuid": "1558c0de-5432-4951-85c8-e1c34c691cf0"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1c1e473d385b1c258f15d344ac5856fe88df88b1c477d9d8300e2981bb762525/analysis/1536820742/",
|
|
"category": "External analysis",
|
|
"uuid": "1dfde30c-fe74-49b7-b8aa-86d6aba5b50b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "34/68",
|
|
"category": "Other",
|
|
"uuid": "109de2e8-534c-41f5-8d3c-c6d86203b18b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e377a0f7-f82e-4ee3-90d0-8404af82b73a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:31.000Z",
|
|
"modified": "2018-09-17T05:26:31.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02b6f049f4d8246ee982d8c34a160311' AND file:hashes.SHA1 = '088ed5abd0edda72a846ddcec24fceeafe394188' AND file:hashes.SHA256 = 'a7aae83573aa9a682ce9733468882e841564f41ec4aa004cb795b98fd4834d15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:26:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2301b7c2-06a6-4778-a34f-919a1896a278",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:30.000Z",
|
|
"modified": "2018-09-17T05:26:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-16T00:10:47",
|
|
"category": "Other",
|
|
"uuid": "b9f4be59-77d6-4f98-beb7-396b3e59bc3a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a7aae83573aa9a682ce9733468882e841564f41ec4aa004cb795b98fd4834d15/analysis/1537056647/",
|
|
"category": "External analysis",
|
|
"uuid": "830a2370-da92-408f-822b-5654b57782e4"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "33/59",
|
|
"category": "Other",
|
|
"uuid": "a37788dd-7086-4358-8478-e216fc028a08"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d32dd9f0-12c0-44c0-8e3e-4cf0bc236a2c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:34.000Z",
|
|
"modified": "2018-09-17T05:26:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1261b8382cfa2b905f0f52a3aef49ce4' AND file:hashes.SHA1 = 'e80c07f700cf817a1eca1f8186f820492f8a2fbc' AND file:hashes.SHA256 = '7b75837021f0271da96082239bd1ab650a5391919da7decc93ca03a7ae51899d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-09-17T05:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--260c7a64-d633-49a2-84de-1dcdabaf419c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-17T05:26:32.000Z",
|
|
"modified": "2018-09-17T05:26:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-09-17T01:11:37",
|
|
"category": "Other",
|
|
"uuid": "279db2a1-f030-41a7-90a5-815bc730f887"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7b75837021f0271da96082239bd1ab650a5391919da7decc93ca03a7ae51899d/analysis/1537146697/",
|
|
"category": "External analysis",
|
|
"uuid": "365e4a3a-871b-48df-8f58-501ce05f45cb"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "14/67",
|
|
"category": "Other",
|
|
"uuid": "1231e817-ea81-4f5f-b239-bc07aec47332"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--19dfa73b-b2d9-44db-954c-5788957e19c7",
|
|
"created": "2018-09-17T05:26:33.000Z",
|
|
"modified": "2018-09-17T05:26:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--89ea32c5-8ed1-4a5d-b6eb-81b304692175",
|
|
"target_ref": "x-misp-object--d61a6111-686f-48d9-aa71-670e4ad3af92"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--04304602-832c-4c7c-bb86-f695274ef5f1",
|
|
"created": "2018-09-17T05:26:33.000Z",
|
|
"modified": "2018-09-17T05:26:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--41249430-fd98-43d4-8b38-f483450a56e4",
|
|
"target_ref": "x-misp-object--600366d9-9b77-418e-afcb-d68d3e6c4f5a"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0095337d-340f-455f-8bdc-d2a6e58e4661",
|
|
"created": "2018-09-17T05:26:33.000Z",
|
|
"modified": "2018-09-17T05:26:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--04e56925-da33-4e08-b9a0-9779b75b573d",
|
|
"target_ref": "x-misp-object--4d83c4be-5177-4d47-93b9-b31795bbe3af"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--58ba5078-96ff-42ad-b95e-b9b35cadbf52",
|
|
"created": "2018-09-17T05:26:33.000Z",
|
|
"modified": "2018-09-17T05:26:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b74ed736-91e3-4f21-a403-56d5e9b898e6",
|
|
"target_ref": "x-misp-object--5b126f66-2005-4273-b502-1ece9c0c273e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--04e21657-49a6-4538-8753-2269b0abaa70",
|
|
"created": "2018-09-17T05:26:33.000Z",
|
|
"modified": "2018-09-17T05:26:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--e377a0f7-f82e-4ee3-90d0-8404af82b73a",
|
|
"target_ref": "x-misp-object--2301b7c2-06a6-4778-a34f-919a1896a278"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b31ce94f-c820-4da6-b7bd-e842f358a6b1",
|
|
"created": "2018-09-17T05:26:33.000Z",
|
|
"modified": "2018-09-17T05:26:33.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d32dd9f0-12c0-44c0-8e3e-4cf0bc236a2c",
|
|
"target_ref": "x-misp-object--260c7a64-d633-49a2-84de-1dcdabaf419c"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |