adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59cd5d0e-8280-4acd-a27e-427302de0b81.json

997 lines
43 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59cd5d0e-8280-4acd-a27e-427302de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:39:08.000Z",
"modified": "2017-09-28T20:39:08.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59cd5d0e-8280-4acd-a27e-427302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:39:08.000Z",
"modified": "2017-09-28T20:39:08.000Z",
"name": "OSINT - Banking Trojan Attempts To Steal Brazillion$",
"published": "2017-09-28T20:39:40Z",
"object_refs": [
"observed-data--59cd5d1b-82a8-44f8-84bd-48c702de0b81",
"url--59cd5d1b-82a8-44f8-84bd-48c702de0b81",
"x-misp-attribute--59cd5d2a-c288-49c6-90c3-445302de0b81",
"indicator--59cd5d89-592c-4e51-9d5c-471302de0b81",
"indicator--59cd5d89-0120-47f5-bb38-48e002de0b81",
"indicator--59cd5d89-c20c-4052-8022-440002de0b81",
"indicator--59cd5d89-e00c-478a-8b99-4f7b02de0b81",
"indicator--59cd5d89-9d94-4dc4-95cd-4cf802de0b81",
"indicator--59cd5d89-6954-4479-9a61-4b2402de0b81",
"indicator--59cd5d89-1fd0-4aa1-a172-4eaa02de0b81",
"indicator--59cd5d89-8d68-4081-b19f-4beb02de0b81",
"indicator--59cd5d89-7e4c-4191-974f-48c702de0b81",
"indicator--59cd5dba-761c-4b2b-9fda-4cb002de0b81",
"indicator--59cd5dba-c394-4a70-a032-471a02de0b81",
"observed-data--59cd5dba-a558-4fae-8a03-43c202de0b81",
"url--59cd5dba-a558-4fae-8a03-43c202de0b81",
"indicator--59cd5dba-049c-4005-a327-4e7902de0b81",
"indicator--59cd5dba-6124-42b4-8061-438c02de0b81",
"observed-data--59cd5dba-4944-43a2-a0dc-48ba02de0b81",
"url--59cd5dba-4944-43a2-a0dc-48ba02de0b81",
"indicator--59cd5dba-fca8-4d0f-9318-4c4102de0b81",
"indicator--59cd5dba-21b8-40f2-86b2-4a8202de0b81",
"observed-data--59cd5dba-3830-4107-9293-46c902de0b81",
"url--59cd5dba-3830-4107-9293-46c902de0b81",
"indicator--59cd5dba-99cc-4c15-aa93-43b802de0b81",
"indicator--59cd5dba-1274-4eb7-8170-4b9402de0b81",
"observed-data--59cd5dba-63b0-4cfd-801a-4e6802de0b81",
"url--59cd5dba-63b0-4cfd-801a-4e6802de0b81",
"indicator--59cd5dba-7218-4880-8d58-40cb02de0b81",
"indicator--59cd5dba-24d8-4408-a7d7-499b02de0b81",
"observed-data--59cd5dba-bc5c-456b-8a47-43b302de0b81",
"url--59cd5dba-bc5c-456b-8a47-43b302de0b81",
"indicator--59cd5dba-13ac-44ae-8366-4ab702de0b81",
"indicator--59cd5dba-69d0-4624-a6e6-4ba602de0b81",
"observed-data--59cd5dba-2990-4468-9ca1-40c902de0b81",
"url--59cd5dba-2990-4468-9ca1-40c902de0b81",
"indicator--59cd5dba-76a4-4d4d-8197-490802de0b81",
"indicator--59cd5dba-c750-4b2c-90a9-420b02de0b81",
"observed-data--59cd5dba-bfb4-44d5-9d15-4f3102de0b81",
"url--59cd5dba-bfb4-44d5-9d15-4f3102de0b81",
"indicator--59cd5dba-fea8-4cea-ae18-420a02de0b81",
"indicator--59cd5dba-3778-4f06-8f19-4caa02de0b81",
"observed-data--59cd5dba-4f9c-4ca4-b121-4d4b02de0b81",
"url--59cd5dba-4f9c-4ca4-b121-4d4b02de0b81",
"indicator--59cd5dba-bdf8-420a-a454-413d02de0b81",
"indicator--59cd5dba-e644-4409-bc70-405b02de0b81",
"observed-data--59cd5dba-3c68-4d2e-9862-478c02de0b81",
"url--59cd5dba-3c68-4d2e-9862-478c02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:topic=\"finance\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5d1b-82a8-44f8-84bd-48c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5d1b-82a8-44f8-84bd-48c702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5d1b-82a8-44f8-84bd-48c702de0b81",
"value": "http://blog.talosintelligence.com/2017/09/brazilbanking.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59cd5d2a-c288-49c6-90c3-445302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Banking trojans are among some of the biggest threats to everyday users as they directly impact the user in terms of financial loss. Talos recently observed a new campaign specific to South America, namely Brazil. This campaign was focused on various South American banks in an attempt to steal credentials from the user to allow for illicit financial gain for the malicious actors. The campaign Talos analysed focused on Brazilian users and also attempted to remain stealthy by using multiple methods of re-direction in an attempt to infect the victim machine. It also used multiple anti-analysis techniques and the final payload was written in Delphi which is quite unique to the banking trojan landscape."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-592c-4e51-9d5c-471302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "HTML attachment",
"pattern": "[file:hashes.SHA256 = '927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-0120-47f5-bb38-48e002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "RAR archive",
"pattern": "[file:hashes.SHA256 = '5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-c20c-4052-8022-440002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "BOLETO_09848378974093798043.jar",
"pattern": "[file:hashes.SHA256 = 'b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-e00c-478a-8b99-4f7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "gbs.png",
"pattern": "[file:hashes.SHA256 = '0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-9d94-4dc4-95cd-4cf802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "i.dk",
"pattern": "[file:hashes.SHA256 = '6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-6954-4479-9a61-4b2402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "prs.png",
"pattern": "[file:hashes.SHA256 = '56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-1fd0-4aa1-a172-4eaa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "pz.zip",
"pattern": "[file:hashes.SHA256 = '641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-8d68-4081-b19f-4beb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "vm.png",
"pattern": "[file:hashes.SHA256 = '79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5d89-7e4c-4191-974f-48c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "vmwarebase.dll",
"pattern": "[file:hashes.SHA256 = '969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-761c-4b2b-9fda-4cb002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "vmwarebase.dll - Xchecked via VT: 969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be",
"pattern": "[file:hashes.SHA1 = '215864580545fe063ef7e11502aee333e2b5b985']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-c394-4a70-a032-471a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "vmwarebase.dll - Xchecked via VT: 969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be",
"pattern": "[file:hashes.MD5 = '22f826ba98c8a8478881bdfe73e6b86b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-a558-4fae-8a03-43c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-a558-4fae-8a03-43c202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-a558-4fae-8a03-43c202de0b81",
"value": "https://www.virustotal.com/file/969a5dcf8f42574e5b0c0adda0ff28ce310e0b72d94a92b70f23d06ca5b438be/analysis/1506627369/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-049c-4005-a327-4e7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "vm.png - Xchecked via VT: 79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2",
"pattern": "[file:hashes.SHA1 = 'b87c2ceadd200b1bf7f9eeef3c5137620cf991b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-6124-42b4-8061-438c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "vm.png - Xchecked via VT: 79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2",
"pattern": "[file:hashes.MD5 = '217c29852569b3f21ff588a038a27423']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-4944-43a2-a0dc-48ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-4944-43a2-a0dc-48ba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-4944-43a2-a0dc-48ba02de0b81",
"value": "https://www.virustotal.com/file/79a68c59004e3444dfd64794c68528187e3415b3da58f953b8cc7967475884c2/analysis/1506627368/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-fca8-4d0f-9318-4c4102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "pz.zip - Xchecked via VT: 641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98",
"pattern": "[file:hashes.SHA1 = '8e48a22aba894d0fc81501b88c5fc9c53a7671c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-21b8-40f2-86b2-4a8202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "pz.zip - Xchecked via VT: 641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98",
"pattern": "[file:hashes.MD5 = '910050bc1fcea33836fa2e9978bbea10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-3830-4107-9293-46c902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-3830-4107-9293-46c902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-3830-4107-9293-46c902de0b81",
"value": "https://www.virustotal.com/file/641a58b667248fc1aec80a0d0e9a515ba43e6ca9a8bdd162edd66e58703f8f98/analysis/1506627368/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-99cc-4c15-aa93-43b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "prs.png - Xchecked via VT: 56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf",
"pattern": "[file:hashes.SHA1 = '840db25ff4e601891ef7b87378edbafa88b1b89a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-1274-4eb7-8170-4b9402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "prs.png - Xchecked via VT: 56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf",
"pattern": "[file:hashes.MD5 = '9500ef3e0efb0253e67092733c6171fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-63b0-4cfd-801a-4e6802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-63b0-4cfd-801a-4e6802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-63b0-4cfd-801a-4e6802de0b81",
"value": "https://www.virustotal.com/file/56664ec3cbb228e8fa21ec44224d68902d1fbe20687fd88922816464ea5d4cdf/analysis/1506627367/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-7218-4880-8d58-40cb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "i.dk - Xchecked via VT: 6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10",
"pattern": "[file:hashes.SHA1 = 'd4f4b6ae16132f0f3dbf229261b8c9c0e0f6dacb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-24d8-4408-a7d7-499b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "i.dk - Xchecked via VT: 6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10",
"pattern": "[file:hashes.MD5 = '07bac99d36fd5bae4d600356398c7a1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-bc5c-456b-8a47-43b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-bc5c-456b-8a47-43b302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-bc5c-456b-8a47-43b302de0b81",
"value": "https://www.virustotal.com/file/6d8c7760ac76af40b7f9cc4af31da8931cef0d9b4ad02aba0816fa2c24f76f10/analysis/1506627367/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-13ac-44ae-8366-4ab702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "gbs.png - Xchecked via VT: 0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab",
"pattern": "[file:hashes.SHA1 = '369daf3580d3bb3c82c2232998b041718755414f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-69d0-4624-a6e6-4ba602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "gbs.png - Xchecked via VT: 0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab",
"pattern": "[file:hashes.MD5 = '5cce471463f3f2a9fd14f92787ab90a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-2990-4468-9ca1-40c902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-2990-4468-9ca1-40c902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-2990-4468-9ca1-40c902de0b81",
"value": "https://www.virustotal.com/file/0ce1eac877cdd87fea25050b0780e354fe3b7d6ca96c505b2cd36ca319dc6cab/analysis/1506627367/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-76a4-4d4d-8197-490802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "BOLETO_09848378974093798043.jar - Xchecked via VT: b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9",
"pattern": "[file:hashes.SHA1 = 'c6b649e402b97ad971609837b6c79812d568f322']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-c750-4b2c-90a9-420b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "BOLETO_09848378974093798043.jar - Xchecked via VT: b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9",
"pattern": "[file:hashes.MD5 = 'c80f7dc56e5a2e301a450b5a96af1c23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-bfb4-44d5-9d15-4f3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-bfb4-44d5-9d15-4f3102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-bfb4-44d5-9d15-4f3102de0b81",
"value": "https://www.virustotal.com/file/b76344ba438520a19fff51a1217e3c6898858f4d07cfe89f7b1fe35e30a6ece9/analysis/1506045471/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-fea8-4cea-ae18-420a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "RAR archive - Xchecked via VT: 5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c",
"pattern": "[file:hashes.SHA1 = '2f2cac51734e2d4c123e9b857aeef5abbf56e47d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-3778-4f06-8f19-4caa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "RAR archive - Xchecked via VT: 5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c",
"pattern": "[file:hashes.MD5 = '90fca6fff9e677184329fc1f7a9fa632']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-4f9c-4ca4-b121-4d4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-4f9c-4ca4-b121-4d4b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-4f9c-4ca4-b121-4d4b02de0b81",
"value": "https://www.virustotal.com/file/5730b4e0dd520caba11f9224de8cfd1a8c52e0cc2ee98b2dac79e40088fe681c/analysis/1506627366/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-bdf8-420a-a454-413d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "HTML attachment - Xchecked via VT: 927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10",
"pattern": "[file:hashes.SHA1 = '1ed0f239e26bc011b248784dff55d25e5ada732c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59cd5dba-e644-4409-bc70-405b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"description": "HTML attachment - Xchecked via VT: 927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10",
"pattern": "[file:hashes.MD5 = 'c77397555decc0f026a84897a324a448']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-28T20:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59cd5dba-3c68-4d2e-9862-478c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-28T20:38:18.000Z",
"modified": "2017-09-28T20:38:18.000Z",
"first_observed": "2017-09-28T20:38:18Z",
"last_observed": "2017-09-28T20:38:18Z",
"number_observed": 1,
"object_refs": [
"url--59cd5dba-3c68-4d2e-9862-478c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59cd5dba-3c68-4d2e-9862-478c02de0b81",
"value": "https://www.virustotal.com/file/927d914f46715a9ed29810ed73f9464e4dadfe822ee09d945a04623fa3f4bc10/analysis/1506628022/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink