615 lines
No EOL
27 KiB
JSON
615 lines
No EOL
27 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5e2a97e7-4bd4-41c4-8aaf-4262950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-26T06:57:06.000Z",
|
|
"modified": "2020-02-26T06:57:06.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5e2a97e7-4bd4-41c4-8aaf-4262950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-26T06:57:06.000Z",
|
|
"modified": "2020-02-26T06:57:06.000Z",
|
|
"name": "OSINT - Iranian PupyRAT Bites Middle Eastern Organizations",
|
|
"published": "2020-02-26T06:57:49Z",
|
|
"object_refs": [
|
|
"indicator--5e3194f2-e0f0-432a-bc5d-aea2950d210f",
|
|
"indicator--5e3194f4-98d0-4693-9695-aea2950d210f",
|
|
"x-misp-object--5e2a9a69-4f24-4f73-983b-478b950d210f",
|
|
"indicator--5e3187c7-9b64-4c78-b33f-1c2f950d210f",
|
|
"indicator--5e318cb9-f1ac-4eac-a1b6-aea2950d210f",
|
|
"indicator--5e318e40-4368-4040-bf75-4888950d210f",
|
|
"indicator--5e318ece-eb38-430b-9235-2768950d210f",
|
|
"indicator--5e3190e6-cdc4-4ef3-8ee6-d77d950d210f",
|
|
"indicator--5e3193d9-9110-4de4-85c0-4844950d210f",
|
|
"indicator--5e319643-2f90-4bf1-89f5-7f0b950d210f",
|
|
"indicator--5e31969e-8ca8-462e-b114-7f1d950d210f",
|
|
"indicator--5e3196dc-2b94-4648-97b0-d77c950d210f",
|
|
"x-misp-object--e5e73bc0-efa0-484e-8086-0f3137f470e3",
|
|
"x-misp-object--83aabfa5-efd1-401e-a84d-75ab6ab670f0",
|
|
"x-misp-object--87cbd279-31f6-474e-92b7-6f1ca9c322c8",
|
|
"x-misp-object--959f1fb7-4ad0-4407-82e1-0aa582296285",
|
|
"relationship--29683ada-8a00-4574-a893-1d3f9342e3dd",
|
|
"relationship--8e96a015-9ec7-474c-adf6-24b1134c5603",
|
|
"relationship--782f05bb-cda3-4a1b-b759-62ea20ee12e8",
|
|
"relationship--7520b0a7-a0d2-462e-affc-241c0fb15a93"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:mitre-enterprise-attack-tool=\"Pupy - S0192\"",
|
|
"misp-galaxy:mitre-tool=\"Pupy - S0192\"",
|
|
"misp-galaxy:tool=\"PupyRAT\"",
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound\"",
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"",
|
|
"misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"",
|
|
"misp-galaxy:threat-actor=\"Cleaver\"",
|
|
"misp-galaxy:threat-actor=\"OilRig\"",
|
|
"misp-galaxy:threat-actor=\"APT35\"",
|
|
"ms-caro-malware:malware-type=\"RemoteAccess\"",
|
|
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
|
|
"veris:asset:variety=\"S - Remote access\"",
|
|
"veris:action:misuse:vector=\"Remote access\"",
|
|
"ms-caro-malware-full:malware-type=\"RemoteAccess\"",
|
|
"CERT-XLM:malicious-code=\"spyware-rat\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e3194f2-e0f0-432a-bc5d-aea2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-29T14:21:38.000Z",
|
|
"modified": "2020-01-29T14:21:38.000Z",
|
|
"description": "Hosting PowerShell stages of PupyRAT download",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.59.46.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-29T14:21:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e3194f4-98d0-4693-9695-aea2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-29T14:21:40.000Z",
|
|
"modified": "2020-01-29T14:21:40.000Z",
|
|
"description": "PupyRAT command and control server",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.107.62.39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-01-29T14:21:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5e2a9a69-4f24-4f73-983b-478b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-01-24T07:53:47.000Z",
|
|
"modified": "2020-01-24T07:53:47.000Z",
|
|
"labels": [
|
|
"misp:name=\"microblog\"",
|
|
"misp:meta-category=\"misc\"",
|
|
"osint:source-type=\"technical-report\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "post",
|
|
"value": "Thanks for reaching out @QW5kcmV3\r\n! Here is the report that mentions COBALT GYPSY use of the OST PupyRAT (https://secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations). Iran-nexus group overlaps are a fun challenge to deconstruct\u00e2\u20ac\u00a6Always appreciate the constructive feedback!\u00e2\u20ac\u00a6",
|
|
"category": "Other",
|
|
"uuid": "5e2a9a69-57e8-40b5-a0bb-4768950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "type",
|
|
"value": "Twitter",
|
|
"category": "Other",
|
|
"uuid": "5e2aa05f-4cd0-4f9b-9d01-49de950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://mobile.twitter.com/maggintel/status/1220440024631644160",
|
|
"category": "External analysis",
|
|
"uuid": "5e2aa060-7c98-4c40-9641-4b5f950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "embedded-safe-link",
|
|
"value": "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",
|
|
"category": "External analysis",
|
|
"uuid": "5e2aa060-5a2c-4588-ba48-4f90950d210f"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "embedded-safe-link",
|
|
"value": "https://t.co/NP4e8FXfKI?amp=1",
|
|
"category": "External analysis",
|
|
"uuid": "5e2aa060-8c70-4462-8ead-45bf950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username-quoted",
|
|
"value": "@QW5kcmV3",
|
|
"category": "Other",
|
|
"uuid": "5e2aa060-9c48-4326-96bd-4301950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "verified-username",
|
|
"value": "Unverified",
|
|
"category": "Other",
|
|
"uuid": "5e2aa060-1864-4154-9d99-43e1950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "state",
|
|
"value": "Informative",
|
|
"category": "Other",
|
|
"uuid": "5e2aa060-e708-4e1f-8e34-4e22950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "maggintel",
|
|
"category": "Other",
|
|
"uuid": "5e2aa060-e184-4c09-afb0-4b1d950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "microblog"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e3187c7-9b64-4c78-b33f-1c2f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-26T06:57:06.000Z",
|
|
"modified": "2020-02-26T06:57:06.000Z",
|
|
"description": "Associated organization : National Technology Group, a Saudi Arabian telecommunications company",
|
|
"pattern": "[domain-name:value = 'ntg-sa.com' AND domain-name:value = 'ntg.com.sa' AND domain-name:resolves_to_refs[*].value = '45.32.186.33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-26T06:57:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e318cb9-f1ac-4eac-a1b6-aea2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-26T06:56:58.000Z",
|
|
"modified": "2020-02-26T06:56:58.000Z",
|
|
"description": "Associated organization : ITWorx, an Egyptian information technology services firm",
|
|
"pattern": "[domain-name:value = 'itworx.com-ho.me' AND domain-name:value = 'itworx.com' AND domain-name:resolves_to_refs[*].value = '45.32.186.33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-26T06:56:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e318e40-4368-4040-bf75-4888950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-26T06:56:52.000Z",
|
|
"modified": "2020-02-26T06:56:52.000Z",
|
|
"description": "Associated organization : Saudi Ministry of Commerce",
|
|
"pattern": "[domain-name:value = 'mci.com-ho.me' AND domain-name:value = 'mci.gov.sa' AND domain-name:resolves_to_refs[*].value = '45.32.186.33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-26T06:56:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e318ece-eb38-430b-9235-2768950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-26T06:56:45.000Z",
|
|
"modified": "2020-02-26T06:56:45.000Z",
|
|
"description": "Associated organization : Saudi Ministry of Health",
|
|
"pattern": "[domain-name:value = 'moh.com-ho.me' AND domain-name:value = 'moh.gov.sa' AND domain-name:resolves_to_refs[*].value = '45.32.186.33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-26T06:56:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e3190e6-cdc4-4ef3-8ee6-d77d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-26T06:56:39.000Z",
|
|
"modified": "2020-02-26T06:56:39.000Z",
|
|
"description": "Associated organization : Saudi Ministry of Labor",
|
|
"pattern": "[domain-name:value = 'mol.com-ho.me' AND domain-name:value = 'mol.gov.sa' AND domain-name:resolves_to_refs[*].value = '45.32.186.33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-26T06:56:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e3193d9-9110-4de4-85c0-4844950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:42:24.000Z",
|
|
"modified": "2020-02-21T10:42:24.000Z",
|
|
"description": "Ministry of Health lure (Health_insurance_registration.doc) delivering PupyRAT",
|
|
"pattern": "[file:hashes.MD5 = '1b5e33e5a244d2d67d7a09c4ccf16e56' AND file:hashes.SHA1 = '934c51ff1ea00af2cb3b8465f0a3effcf759d866' AND file:hashes.SHA256 = '66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-21T10:42:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e319643-2f90-4bf1-89f5-7f0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:42:25.000Z",
|
|
"modified": "2020-02-21T10:42:25.000Z",
|
|
"description": "PupyRAT (pupyx86.dll) ",
|
|
"pattern": "[file:hashes.MD5 = '97cb7dc1395918c2f3018c109ab4ea5b' AND file:hashes.SHA1 = '3215021976b933ff76ce3436e828286e124e2527' AND file:hashes.SHA256 = '8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71' AND file:name = 'pupyx86.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-21T10:42:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e31969e-8ca8-462e-b114-7f1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:42:25.000Z",
|
|
"modified": "2020-02-21T10:42:25.000Z",
|
|
"description": "Password-themed lure (Password_Policy.xlsm) delivering PupyRAT",
|
|
"pattern": "[file:hashes.MD5 = '03ea9457bf71d51d8109e737158be888' AND file:hashes.SHA1 = 'd20168c523058c7a82f6d79ef63ea546c794e57b' AND file:hashes.SHA256 = '6c195ea18c05bbf091f09873ed9cd533ec7c8de7a831b85690e48290b579634b' AND file:name = 'Password_Policy.xlsm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-21T10:42:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5e3196dc-2b94-4648-97b0-d77c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:42:25.000Z",
|
|
"modified": "2020-02-21T10:42:25.000Z",
|
|
"description": "Job-themed Word document lure (qhtma) delivering PupyRAT",
|
|
"pattern": "[file:hashes.MD5 = '43fad2d62bc23ffdc6d301571135222c' AND file:hashes.SHA1 = '735f5d7ef0c5129f0574bec3cf3d6b06b052744a' AND file:hashes.SHA256 = 'e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2020-02-21T10:42:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e5e73bc0-efa0-484e-8086-0f3137f470e3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:42:25.000Z",
|
|
"modified": "2020-02-21T10:42:25.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-10-06T12:32:49+00:00",
|
|
"category": "Other",
|
|
"uuid": "4efc3fca-4e47-41d4-9c53-6855fa268695"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71/analysis/1570365169/",
|
|
"category": "Payload delivery",
|
|
"uuid": "1c2fbc9e-ec53-4563-a2fa-cbc5382a3f1e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "48/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "2c9d6d4a-d21b-483d-8e06-5a477d379ecd"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--83aabfa5-efd1-401e-a84d-75ab6ab670f0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:42:48.000Z",
|
|
"modified": "2020-02-21T10:42:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-27T06:52:25+00:00",
|
|
"category": "Other",
|
|
"uuid": "bb7e0f82-e140-4983-81f3-1f50292b574a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b/analysis/1580107945/",
|
|
"category": "Payload delivery",
|
|
"uuid": "8c5c9af9-34a4-4495-b646-c40794eec2e9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/61",
|
|
"category": "Payload delivery",
|
|
"uuid": "920edadd-fc71-4b17-8faa-66e75327811d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--87cbd279-31f6-474e-92b7-6f1ca9c322c8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:43:01.000Z",
|
|
"modified": "2020-02-21T10:43:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-16T14:24:18+00:00",
|
|
"category": "Other",
|
|
"uuid": "20e4a0ed-3bd1-4690-a439-eada2cb6a90a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/6c195ea18c05bbf091f09873ed9cd533ec7c8de7a831b85690e48290b579634b/analysis/1579184658/",
|
|
"category": "Payload delivery",
|
|
"uuid": "8eb1988e-1d7e-4c00-8988-fbccd32e52ef"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/60",
|
|
"category": "Payload delivery",
|
|
"uuid": "3f0c1ac0-fb20-4ecd-922a-cf23a82fd177"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--959f1fb7-4ad0-4407-82e1-0aa582296285",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2020-02-21T10:43:01.000Z",
|
|
"modified": "2020-02-21T10:43:01.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2020-01-15T20:35:20+00:00",
|
|
"category": "Other",
|
|
"uuid": "53ff6fff-365d-4afa-94dd-bac37560dba3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6/analysis/1579120520/",
|
|
"category": "Payload delivery",
|
|
"uuid": "8148d76e-ac8e-4380-b1bb-0d233f81375c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "42/59",
|
|
"category": "Payload delivery",
|
|
"uuid": "4eb9669c-778b-42fc-a507-99bbd567195d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--29683ada-8a00-4574-a893-1d3f9342e3dd",
|
|
"created": "2020-02-21T10:43:01.000Z",
|
|
"modified": "2020-02-21T10:43:01.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e3193d9-9110-4de4-85c0-4844950d210f",
|
|
"target_ref": "x-misp-object--83aabfa5-efd1-401e-a84d-75ab6ab670f0"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8e96a015-9ec7-474c-adf6-24b1134c5603",
|
|
"created": "2020-02-21T10:43:01.000Z",
|
|
"modified": "2020-02-21T10:43:01.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e319643-2f90-4bf1-89f5-7f0b950d210f",
|
|
"target_ref": "x-misp-object--e5e73bc0-efa0-484e-8086-0f3137f470e3"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--782f05bb-cda3-4a1b-b759-62ea20ee12e8",
|
|
"created": "2020-02-21T10:43:01.000Z",
|
|
"modified": "2020-02-21T10:43:01.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e31969e-8ca8-462e-b114-7f1d950d210f",
|
|
"target_ref": "x-misp-object--87cbd279-31f6-474e-92b7-6f1ca9c322c8"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7520b0a7-a0d2-462e-affc-241c0fb15a93",
|
|
"created": "2020-02-21T10:43:01.000Z",
|
|
"modified": "2020-02-21T10:43:01.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5e3196dc-2b94-4648-97b0-d77c950d210f",
|
|
"target_ref": "x-misp-object--959f1fb7-4ad0-4407-82e1-0aa582296285"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |