adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59f04ba5-e890-4534-8fa9-47dd950d210f.json

2200 lines
1.1 MiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59f04ba5-e890-4534-8fa9-47dd950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59f04ba5-e890-4534-8fa9-47dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"name": "OSINT - BadRabbit Ransomware Compiled by ThaiCERT, a member of the Electronic Transactions Development Agency",
"published": "2017-10-25T11:23:21Z",
"object_refs": [
"observed-data--59f04c02-c344-41df-834f-4b4c950d210f",
"file--59f04c02-c344-41df-834f-4b4c950d210f",
"artifact--59f04c02-c344-41df-834f-4b4c950d210f",
"x-misp-attribute--59f04c43-0da0-47ac-9dd8-47aa950d210f",
"x-misp-attribute--59f04c43-98a4-4ed8-b4ff-48c2950d210f",
"x-misp-attribute--59f04c43-d550-4bd6-912a-457c950d210f",
"x-misp-attribute--59f04c43-23a4-4f3d-aea4-4a8e950d210f",
"x-misp-attribute--59f04c56-7f1c-4ee7-b43c-4bc8950d210f",
"observed-data--59f04c7b-d584-4493-b8e1-4367950d210f",
"url--59f04c7b-d584-4493-b8e1-4367950d210f",
"observed-data--59f04c7b-b790-48b4-9492-4d4b950d210f",
"url--59f04c7b-b790-48b4-9492-4d4b950d210f",
"observed-data--59f04c7b-9658-4755-ab9c-4860950d210f",
"url--59f04c7b-9658-4755-ab9c-4860950d210f",
"observed-data--59f04c7b-2188-4046-b429-4a25950d210f",
"url--59f04c7b-2188-4046-b429-4a25950d210f",
"observed-data--59f04c7b-2c10-43f3-9b66-4f48950d210f",
"url--59f04c7b-2c10-43f3-9b66-4f48950d210f",
"observed-data--59f04c7b-6efc-4c7d-aa76-40de950d210f",
"url--59f04c7b-6efc-4c7d-aa76-40de950d210f",
"observed-data--59f04c7b-2bcc-4171-887e-4084950d210f",
"url--59f04c7b-2bcc-4171-887e-4084950d210f",
"observed-data--59f04c7b-6c44-437d-9ac0-4ebb950d210f",
"url--59f04c7b-6c44-437d-9ac0-4ebb950d210f",
"observed-data--59f04c7b-971c-4c87-bec5-4110950d210f",
"url--59f04c7b-971c-4c87-bec5-4110950d210f",
"observed-data--59f04c7b-ea28-4569-b8b3-4e2b950d210f",
"url--59f04c7b-ea28-4569-b8b3-4e2b950d210f",
"observed-data--59f04c8a-edfc-4f0f-97a2-4d37950d210f",
"url--59f04c8a-edfc-4f0f-97a2-4d37950d210f",
"observed-data--59f04ca9-d00c-4043-897c-44db950d210f",
"url--59f04ca9-d00c-4043-897c-44db950d210f",
"observed-data--59f04ca9-ad18-4172-92c5-43b2950d210f",
"url--59f04ca9-ad18-4172-92c5-43b2950d210f",
"observed-data--59f04ca9-53a4-4546-a05f-4a38950d210f",
"url--59f04ca9-53a4-4546-a05f-4a38950d210f",
"observed-data--59f04ca9-8a84-4e67-b96a-4bcc950d210f",
"url--59f04ca9-8a84-4e67-b96a-4bcc950d210f",
"observed-data--59f04ca9-00f0-4d6c-861f-4f0a950d210f",
"url--59f04ca9-00f0-4d6c-861f-4f0a950d210f",
"observed-data--59f04ca9-9080-49be-96b2-4b33950d210f",
"url--59f04ca9-9080-49be-96b2-4b33950d210f",
"observed-data--59f04ca9-76d0-4712-b9bf-41fa950d210f",
"url--59f04ca9-76d0-4712-b9bf-41fa950d210f",
"observed-data--59f04ca9-18fc-4672-8078-41e5950d210f",
"url--59f04ca9-18fc-4672-8078-41e5950d210f",
"observed-data--59f04ca9-0d54-42c2-bfea-4017950d210f",
"url--59f04ca9-0d54-42c2-bfea-4017950d210f",
"observed-data--59f04ca9-f1a8-4ee7-9195-4a3c950d210f",
"url--59f04ca9-f1a8-4ee7-9195-4a3c950d210f",
"observed-data--59f04ca9-16cc-4f80-8ba4-406e950d210f",
"url--59f04ca9-16cc-4f80-8ba4-406e950d210f",
"observed-data--59f04ca9-7f20-4363-8096-4a8c950d210f",
"url--59f04ca9-7f20-4363-8096-4a8c950d210f",
"observed-data--59f04ca9-14f0-4ad8-bbb4-4c6b950d210f",
"url--59f04ca9-14f0-4ad8-bbb4-4c6b950d210f",
"observed-data--59f04ca9-4624-4a61-bb1d-4a80950d210f",
"url--59f04ca9-4624-4a61-bb1d-4a80950d210f",
"observed-data--59f04ca9-b7c4-4496-94b5-4bd4950d210f",
"url--59f04ca9-b7c4-4496-94b5-4bd4950d210f",
"observed-data--59f04ca9-1c5c-48a5-940e-4846950d210f",
"url--59f04ca9-1c5c-48a5-940e-4846950d210f",
"observed-data--59f04ca9-2cd4-407f-93cc-47e3950d210f",
"url--59f04ca9-2cd4-407f-93cc-47e3950d210f",
"observed-data--59f04ca9-2384-4933-a65f-44a4950d210f",
"url--59f04ca9-2384-4933-a65f-44a4950d210f",
"observed-data--59f04ca9-20b4-41b5-9814-45da950d210f",
"url--59f04ca9-20b4-41b5-9814-45da950d210f",
"observed-data--59f04caa-13e0-43c0-b1ab-4f6a950d210f",
"url--59f04caa-13e0-43c0-b1ab-4f6a950d210f",
"observed-data--59f04caa-a06c-4fa8-9068-4cdf950d210f",
"url--59f04caa-a06c-4fa8-9068-4cdf950d210f",
"observed-data--59f04caa-f4dc-454f-8eee-416d950d210f",
"url--59f04caa-f4dc-454f-8eee-416d950d210f",
"observed-data--59f04caa-2cc8-483e-a992-4be4950d210f",
"url--59f04caa-2cc8-483e-a992-4be4950d210f",
"observed-data--59f04caa-c97c-4ed4-a364-410d950d210f",
"url--59f04caa-c97c-4ed4-a364-410d950d210f",
"observed-data--59f04caa-0a40-4ec0-aadc-498e950d210f",
"url--59f04caa-0a40-4ec0-aadc-498e950d210f",
"observed-data--59f04cbe-55c4-43b3-9b81-4a39950d210f",
"url--59f04cbe-55c4-43b3-9b81-4a39950d210f",
"observed-data--59f04cbe-eed8-40ca-aad0-464f950d210f",
"url--59f04cbe-eed8-40ca-aad0-464f950d210f",
"observed-data--59f04cbe-a1a4-416b-9f68-4764950d210f",
"url--59f04cbe-a1a4-416b-9f68-4764950d210f",
"observed-data--59f04cbe-e4e4-4d6d-8eab-4e42950d210f",
"url--59f04cbe-e4e4-4d6d-8eab-4e42950d210f",
"observed-data--59f04cbe-c9dc-4e7f-98ee-43e3950d210f",
"url--59f04cbe-c9dc-4e7f-98ee-43e3950d210f",
"observed-data--59f04cbe-09b0-4172-9c38-4ece950d210f",
"url--59f04cbe-09b0-4172-9c38-4ece950d210f",
"observed-data--59f04cbe-1888-4a4e-8e13-4f6e950d210f",
"url--59f04cbe-1888-4a4e-8e13-4f6e950d210f",
"observed-data--59f04ce0-ace4-4fd9-a5e1-4384950d210f",
"url--59f04ce0-ace4-4fd9-a5e1-4384950d210f",
"x-misp-attribute--59f04ddb-4394-4395-a6dc-4cad950d210f",
"x-misp-attribute--59f04ddb-8c10-49a8-8478-4af9950d210f",
"indicator--59f04e08-25d8-45ee-8504-4e93950d210f",
"indicator--59f04e08-95a8-4618-9479-44db950d210f",
"indicator--59f04e08-ccc4-488b-b969-4333950d210f",
"indicator--59f04e08-6ae4-489b-be10-4669950d210f",
"x-misp-attribute--59f04e1b-213c-4331-928a-4c81950d210f",
"x-misp-attribute--59f04e1b-a3f8-4600-8f29-40ea950d210f",
"x-misp-attribute--59f04e1b-c00c-4b3e-ac65-4124950d210f",
"indicator--59f04e62-cb50-4df9-abff-4be0950d210f",
"indicator--59f04e62-b7e4-48b7-8223-485f950d210f",
"indicator--59f04e62-6178-4db1-8e6b-41d0950d210f",
"indicator--59f04e9c-1a6c-4b65-ace5-4043950d210f",
"indicator--59f04e9c-94e4-4a5c-91e5-481a950d210f",
"indicator--59f04e9c-0ad8-41a7-9039-45a2950d210f",
"indicator--59f04eb4-d490-4167-a395-4b88950d210f",
"indicator--59f04f7a-dd8c-4fb0-a584-4d3202de0b81",
"indicator--59f04f7a-9058-4c94-b7d7-44eb02de0b81",
"observed-data--59f04f7a-ede0-414e-89d5-49a902de0b81",
"url--59f04f7a-ede0-414e-89d5-49a902de0b81",
"indicator--59f04f7a-a1bc-4d00-ab1f-408a02de0b81",
"indicator--59f04f7a-f30c-4b40-8e0b-41eb02de0b81",
"observed-data--59f04f7a-ffb8-4ccf-a9e4-4a8c02de0b81",
"url--59f04f7a-ffb8-4ccf-a9e4-4a8c02de0b81",
"indicator--59f04f7a-52b0-4877-b62a-45f802de0b81",
"indicator--59f04f7a-6898-4e2e-84f0-4d5c02de0b81",
"observed-data--59f04f7a-0b4c-4347-ba7a-4bde02de0b81",
"url--59f04f7a-0b4c-4347-ba7a-4bde02de0b81",
"indicator--59f04f7a-80dc-41da-97fd-476202de0b81",
"indicator--59f04f7a-eca0-453f-88f3-425902de0b81",
"observed-data--59f04f7a-0e90-4e91-85c6-433702de0b81",
"url--59f04f7a-0e90-4e91-85c6-433702de0b81",
"indicator--59f04f7a-de34-4cca-ad90-4b9302de0b81",
"indicator--59f04f7a-26ac-4faf-a5c9-412402de0b81",
"observed-data--59f04f7b-9318-4819-94bb-419e02de0b81",
"url--59f04f7b-9318-4819-94bb-419e02de0b81",
"indicator--59f04f7b-9110-465c-98b1-4ebf02de0b81",
"indicator--59f04f7b-7134-494e-9467-411b02de0b81",
"observed-data--59f04f7b-667c-4ad9-ad32-42b102de0b81",
"url--59f04f7b-667c-4ad9-ad32-42b102de0b81",
"indicator--59f04f7b-d238-4e6b-8d21-445502de0b81",
"indicator--59f04f7b-c8e0-4bdf-a5c9-46ed02de0b81",
"observed-data--59f04f7b-099c-46e6-a0b0-4a4f02de0b81",
"url--59f04f7b-099c-46e6-a0b0-4a4f02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Bad Rabbit\"",
"misp-galaxy:preventive-measure=\"Restrict Workstation Communication\"",
"misp-galaxy:preventive-measure=\"Backup and Restore Process\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c02-c344-41df-834f-4b4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:49.000Z",
"modified": "2017-10-25T08:46:49.000Z",
"first_observed": "2017-10-25T08:46:49Z",
"last_observed": "2017-10-25T08:46:49Z",
"number_observed": 1,
"object_refs": [
"file--59f04c02-c344-41df-834f-4b4c950d210f",
"artifact--59f04c02-c344-41df-834f-4b4c950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--59f04c02-c344-41df-834f-4b4c950d210f",
"name": "BadRabbit Ransomware v0.2.pdf",
"content_ref": "artifact--59f04c02-c344-41df-834f-4b4c950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--59f04c02-c344-41df-834f-4b4c950d210f",
"payload_bin": "JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFuZyhlbi1VUykgL1N0cnVjdFRyZWVSb290IDE0OCAwIFIvTWFya0luZm88PC9NYXJrZWQgdHJ1ZT4+Pj4NCmVuZG9iag0KMiAwIG9iag0KPDwvVHlwZS9QYWdlcy9Db3VudCA5L0tpZHNbIDMgMCBSIDI4IDAgUiAzMyAwIFIgMzYgMCBSIDQwIDAgUiA0NyAwIFIgNDkgMCBSIDUzIDAgUiA1OCAwIFJdID4+DQplbmRvYmoNCjMgMCBvYmoNCjw8L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwvRm9udDw8L0YxIDUgMCBSL0YyIDkgMCBSL0YzIDExIDAgUi9GNCAxMyAwIFIvRjUgMTUgMCBSL0Y2IDE3IDAgUi9GNyAxOSAwIFI+Pi9FeHRHU3RhdGU8PC9HUzcgNyAwIFIvR1M4IDggMCBSPj4vWE9iamVjdDw8L0ltYWdlMjIgMjIgMCBSL0ltYWdlMjUgMjUgMCBSL0ltYWdlMjcgMjcgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VCL0ltYWdlQy9JbWFnZUldID4+L0Fubm90c1sgMjEgMCBSIDI0IDAgUl0gL01lZGlhQm94WyAwIDAgNjEyIDc5Ml0gL0NvbnRlbnRzIDQgMCBSL0dyb3VwPDwvVHlwZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZpY2VSR0I+Pi9UYWJzL1MvU3RydWN0UGFyZW50cyAwPj4NCmVuZG9iag0KNCAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA5MzQ+Pg0Kc3RyZWFtDQp4nJ1W224TMRB9j5R/mEcvIq7vF1RVatMUikCUNoKHloe0LKGIbCApIP6esbNN15t4tSJRHGcynjNz5rKGgws4PDx4Oz4/BXZ0BCenYziZDgcHZxy4gOmX4YADwzcHKygTCox1lMN0gTovryzM18MBg3n85epfL4eDawLFSMj2ynckOfl/ST7B9PVwMEH/QwyPjksmqJQNx7ucS00cnIk2DYoxKmzL2tMpmLwdAzRY5Q1W21RqS7XrY0R0GJGS2j42ZIcN5qlXfYyopEZkpka0M1TW5k6QWEtmkeTPuHfksiG5jZLNeo8STh4yWeRSUe4S07mEc2mpTVWbmFVEW8f9Mu4XxUgy8gdXXuusUM5ImQEQXFPms77ssKbz1Gv81n1smIR5BZgxs5d7w6gRtcXxcvGjGFmkVpPvxciQ8nOhYq0zcvsX4yUw/TpD4jUZTwpJLqf4lybPYbZVW5QoR4I8uS1RuIqHll+2/z98Lbf7ScD6jljlXVB7QGVBltWjB3cBB6ar4MiswlPrIJhtdO8LE7LhSbWOEKfl7/BdotuKLGMU0ZXqoRg5AsfByDxAV/H830yqlEaieMpKJ8824VnneVa+3wBwHcmXjQHwASn0WHKhCQJxNpaoD22BxbmM8iquSLZUhMU9jXuR6wShsUITmGzTCNdWvSHRDRGBdO6cklSrnhjK7Oi+Q+sulAaGiqkVog4VZ4KUWzoy9pykzvTExmZt64qIsSGSx9XG9abINj4OW5sH3Em+b1VTZl4KRUWvScJZRzUxTuVjSU4jrW/iMLuItL4oHPmIDafJq9BM51huvFabZAcp1oRLDXe7x3vdIVR4ePaaelwkBg0iUKYSmxoLEIGs7zeLuUwsWvD7POSGU7WZF/i4NxYYlcLjqriB1Xyf9DJee85wjN3jmJqH0fYrLHFilrmy9IZ6l+BdYylm0oF50IkujBhlgeO7a/IiW/lMI0ZyjMUTx+jrb/zMgpvr9oN3z92HC4Nhp852k6161UN4YBuzYTvcJbdXyFwXGsp089ReN65+zKonTx6fwT+Hg0BaeCGfeC00jjoHBj3TnOK6KoeDj8+gQjy7QcRYueQhcrz1wV24+p4vZvNSCDhdwvsMoNkBlEJJ3wWI44xjRBGThxAlt5TZNqxOYRt0290ghUQIbllom4ApvKbGNUCVsdTrCCrQAQUWBzqOS0adbKLaGpXDnzpDmIpvMLAyKuMNW2FkaEk4hVYCwFXt4z/CcHM1DQplbmRzdHJlYW0NCmVuZG9iag0KNSAwIG9iag0KPDwvVHlwZS9Gb250L1N1YnR5cGUvVHJ1ZVR5cGUvTmFtZS9GMS9CYXNlRm9udC9BQkNERUUrQ2FsaWJyaS1Cb2xkSXRhbGljL0VuY29kaW5nL1dpbkFuc2lFbmNvZGluZy9Gb250RGVzY3JpcHRvciA2IDAgUi9GaXJzdENoYXIgMzIvTGFzdENoYXIgMzIvV2lkdGhzIDk5MiAwIFI+Pg0KZW5kb2JqDQo2IDAgb2JqDQo8PC9UeXBlL0ZvbnREZXNjcmlwdG9yL0ZvbnROYW1lL0FCQ0RFRStDYWxpYnJpLUJvbGRJdGFsaWMvRmxhZ3MgMzIvSXRhbGljQW5nbGUgLTExL0FzY2VudCA3NTAvRGVzY2VudCAtMjUwL0NhcEhlaWdodCA3NTAvQXZnV2lkdGggNTM3L01heFdpZHRoIDE5NTYvRm9udFdlaWdodCA3MDAvWEhlaWdodCAyNTAvU3RlbVYgNTMvRm9udEJCb3hbIC02OTEgLTI1MCAxMjY1IDc1MF0gL0ZvbnRGaWxlMiA5OTMgMCBSPj4NCmVuZG9iag0KNyAwIG9iag0KPDwvVHlwZS9FeHRHU3RhdGUvQk0vTm9ybWFsL2NhIDE+Pg0KZW5kb2JqDQo4IDAgb2JqDQo8PC9UeXBlL0V4dEdTdGF0ZS9CTS9Ob3JtYWwvQ0EgMT4+DQplbmRvYmoNCjkgMCBvYmoNCjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVUeXBlL05hbWUvRjIvQmFzZUZvbnQvQUJDREVFK0NhbGlicmktQm9sZC9FbmNvZGluZy9XaW5BbnNpRW5jb2RpbmcvRm9udERlc2NyaXB0b3IgMTAgMCBSL0ZpcnN0Q2hhciAzMi9MYXN0Q2hhciAxMTUvV2lkdGhzIDk5NCAwIFI+Pg0KZW5kb2JqDQoxMCAwIG9iag0KPDwvVHlwZS9Gb250RGVzY3JpcHRvci9Gb250TmFtZS9BQkNERUUrQ2FsaWJyaS1Cb2xkL0ZsYWdzIDMyL0l0YWxpY0FuZ2xlIDAvQXNjZW50IDc1MC9EZXNjZW50IC0yNTAvQ2FwSGVpZ2h0IDc1MC9BdmdXaWR0aCA1MzYvTWF4V2lkdGggMTc1OS9Gb250V2VpZ2h0IDcwMC9YSGVpZ2h0IDI1MC9TdGVtViA1My9Gb250QkJveFsgLTUxOSAtMjUwIDEyNDAgNzUwXSAvRm9udEZpbGUyIDk5NSAwIFI+Pg0KZW5kb2JqDQoxMSAwIG9iag0KPDwvVHlwZS9Gb250L1N1YnR5cGUvVHJ1ZVR5cGUvTmFtZS9GMy9CYXNlRm9udC9BcmlhbC1Cb2xkTVQvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nL0ZvbnREZXNjcmlwdG9yIDEyIDAgUi9GaXJzdENoYXIgMzIvTGFzdENoYXIgMTIwL1dpZHRocyA5OTYgMCBSPj4NCmVuZG9iag0KMTIgMCBvYmoNCjw8L1R5cGUvRm9udERlc2NyaXB0b3IvRm9udE5hbWUvQXJpYWwtQm9sZE1UL0ZsYWdzIDMyL0l0YWxpY0FuZ2xlIDAvQXNjZW50IDkwNS9EZXNjZW50IC0yMTAvQ2FwSGVpZ2h0IDcyOC9BdmdXaWR0aCA0NzkvTWF4V2lkdGggMjYyOC9Gb250V2VpZ2h0IDcwMC9YSGVpZ2h0IDI1MC9MZWFkaW5nIDMzL1N0ZW1WIDQ3L0ZvbnRCQm94WyAtNjI4IC0yMTAgMjAwMCA3MjhdID4+DQplbmRvYmoNCjEzIDAgb2JqDQo8PC9UeXBlL0ZvbnQvU3VidHlwZS9UcnVlVHlwZS9
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04c43-0da0-47ac-9dd8-47aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:49.000Z",
"modified": "2017-10-25T08:46:49.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Diskcoder.D"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04c43-98a4-4ed8-b4ff-48c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:49.000Z",
"modified": "2017-10-25T08:46:49.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan-Ransom.Win32.Gen.ftl"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04c43-d550-4bd6-912a-457c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:49.000Z",
"modified": "2017-10-25T08:46:49.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Tibbar.A"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04c43-23a4-4f3d-aea4-4a8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:49.000Z",
"modified": "2017-10-25T08:46:49.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Troj/Ransom-ERK"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04c56-7f1c-4ee7-b43c-4bc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:49.000Z",
"modified": "2017-10-25T08:46:49.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "new ransomware strain named BadRabbit is wreaking havoc in many Eastern European countries,\r\naffecting both government agencies and private businesses alike.\r\nAt the time of writing, the ransomware has hit countries such as Russia, Ukraine, Bulgaria, and Turkey.\r\nConfirmed victims include the Odessa airport in Ukraine, the Kiev subway system in Ukraine, the\r\nUkrainian Ministry of Infrastructure, and three Russian news agencies, including Interfax and Fontanka.\r\nUkraine's CERT team has posted an alert and is warning Ukrainian businesses about this new outbreak.\r\nThe speed with which BadRabbit spread is similar to the WannaCry and NotPetya outbreaks that have hit\r\nin May and June this year, respectively.\r\nThe domain where the malware is downloaded from has been taken down already.\r\nAt the time of writing, no recovery tools for the encryption have been found."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-d584-4493-b8e1-4367950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:19:16.000Z",
"modified": "2017-10-25T10:19:16.000Z",
"first_observed": "2017-10-25T10:19:16Z",
"last_observed": "2017-10-25T10:19:16Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-d584-4493-b8e1-4367950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-d584-4493-b8e1-4367950d210f",
"value": "https://securingtomorrow.mcafee.com/mcafee-labs/badrabbit-ransomware-burrows-russia-ukraine/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-b790-48b4-9492-4d4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:16:47.000Z",
"modified": "2017-10-25T10:16:47.000Z",
"first_observed": "2017-10-25T10:16:47Z",
"last_observed": "2017-10-25T10:16:47Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-b790-48b4-9492-4d4b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-b790-48b4-9492-4d4b950d210f",
"value": "https://www.bleepingcomputer.com/news/security/bad-rabbit-ransomware-outbreak-hits-eastern-europe/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-9658-4755-ab9c-4860950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:15:53.000Z",
"modified": "2017-10-25T10:15:53.000Z",
"first_observed": "2017-10-25T10:15:53Z",
"last_observed": "2017-10-25T10:15:53Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-9658-4755-ab9c-4860950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-9658-4755-ab9c-4860950d210f",
"value": "https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-2188-4046-b429-4a25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:15:44.000Z",
"modified": "2017-10-25T10:15:44.000Z",
"first_observed": "2017-10-25T10:15:44Z",
"last_observed": "2017-10-25T10:15:44Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-2188-4046-b429-4a25950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-2188-4046-b429-4a25950d210f",
"value": "https://securelist.com/bad-rabbit-ransomware/82851/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-2c10-43f3-9b66-4f48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:16:03.000Z",
"modified": "2017-10-25T10:16:03.000Z",
"first_observed": "2017-10-25T10:16:03Z",
"last_observed": "2017-10-25T10:16:03Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-2c10-43f3-9b66-4f48950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-2c10-43f3-9b66-4f48950d210f",
"value": "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-6efc-4c7d-aa76-40de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:16:14.000Z",
"modified": "2017-10-25T10:16:14.000Z",
"first_observed": "2017-10-25T10:16:14Z",
"last_observed": "2017-10-25T10:16:14Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-6efc-4c7d-aa76-40de950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-6efc-4c7d-aa76-40de950d210f",
"value": "https://www.group-ib.com/blog/badrabbit"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-2bcc-4171-887e-4084950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:16:57.000Z",
"modified": "2017-10-25T10:16:57.000Z",
"first_observed": "2017-10-25T10:16:57Z",
"last_observed": "2017-10-25T10:16:57Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-2bcc-4171-887e-4084950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-2bcc-4171-887e-4084950d210f",
"value": "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Tibbar.A"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-6c44-437d-9ac0-4ebb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:14:38.000Z",
"modified": "2017-10-25T10:14:38.000Z",
"first_observed": "2017-10-25T10:14:38Z",
"last_observed": "2017-10-25T10:14:38Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-6c44-437d-9ac0-4ebb950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-6c44-437d-9ac0-4ebb950d210f",
"value": "http://blog.talosintelligence.com/2017/10/bad-rabbit.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-971c-4c87-bec5-4110950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:15:34.000Z",
"modified": "2017-10-25T10:15:34.000Z",
"first_observed": "2017-10-25T10:15:34Z",
"last_observed": "2017-10-25T10:15:34Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-971c-4c87-bec5-4110950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-971c-4c87-bec5-4110950d210f",
"value": "https://otx.alienvault.com/pulse/59ef5e053db003162704fcb2/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c7b-ea28-4569-b8b3-4e2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:16:25.000Z",
"modified": "2017-10-25T10:16:25.000Z",
"first_observed": "2017-10-25T10:16:25Z",
"last_observed": "2017-10-25T10:16:25Z",
"number_observed": 1,
"object_refs": [
"url--59f04c7b-ea28-4569-b8b3-4e2b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c7b-ea28-4569-b8b3-4e2b950d210f",
"value": "https://labs.bitdefender.com/2017/10/bad-rabbit-ransomware-strikes-ukraine-likely-related-to-goldeneye/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04c8a-edfc-4f0f-97a2-4d37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:17:24.000Z",
"modified": "2017-10-25T10:17:24.000Z",
"first_observed": "2017-10-25T10:17:24Z",
"last_observed": "2017-10-25T10:17:24Z",
"number_observed": 1,
"object_refs": [
"url--59f04c8a-edfc-4f0f-97a2-4d37950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04c8a-edfc-4f0f-97a2-4d37950d210f",
"value": "https://www.us-cert.gov/ncas/current-activity/2017/10/24/Multiple-Ransomware-Infections-Reported"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-d00c-4043-897c-44db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:19:53.000Z",
"modified": "2017-10-25T10:19:53.000Z",
"first_observed": "2017-10-25T10:19:53Z",
"last_observed": "2017-10-25T10:19:53Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-d00c-4043-897c-44db950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-d00c-4043-897c-44db950d210f",
"value": "https://www.csoonline.com/article/3234691/security/badrabbit-ransomware-attacks-multiple-media-outlets.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-ad18-4172-92c5-43b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:19:24.000Z",
"modified": "2017-10-25T10:19:24.000Z",
"first_observed": "2017-10-25T10:19:24Z",
"last_observed": "2017-10-25T10:19:24Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-ad18-4172-92c5-43b2950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-ad18-4172-92c5-43b2950d210f",
"value": "https://www.cyberscoop.com/badrabbit-ransomware-spreading-across-ukraine-russia/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-53a4-4546-a05f-4a38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:20:03.000Z",
"modified": "2017-10-25T10:20:03.000Z",
"first_observed": "2017-10-25T10:20:03Z",
"last_observed": "2017-10-25T10:20:03Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-53a4-4546-a05f-4a38950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-53a4-4546-a05f-4a38950d210f",
"value": "https://www.darkreading.com/attacks-breaches/bad-rabbit-ransomware-attacks-rock-russia-ukraine---and-"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-8a84-4e67-b96a-4bcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:19:46.000Z",
"modified": "2017-10-25T10:19:46.000Z",
"first_observed": "2017-10-25T10:19:46Z",
"last_observed": "2017-10-25T10:19:46Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-8a84-4e67-b96a-4bcc950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-8a84-4e67-b96a-4bcc950d210f",
"value": "https://www.infosecurity-magazine.com/news/new-waves-of-ransomware-spread/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-00f0-4d6c-861f-4f0a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:19:39.000Z",
"modified": "2017-10-25T10:19:39.000Z",
"first_observed": "2017-10-25T10:19:39Z",
"last_observed": "2017-10-25T10:19:39Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-00f0-4d6c-861f-4f0a950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-00f0-4d6c-861f-4f0a950d210f",
"value": "https://www.itnews.com.au/news/is-bad-rabbit-the-new-notpetya-476121"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-9080-49be-96b2-4b33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:04:11.000Z",
"modified": "2017-10-25T10:04:11.000Z",
"first_observed": "2017-10-25T10:04:11Z",
"last_observed": "2017-10-25T10:04:11Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-9080-49be-96b2-4b33950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-9080-49be-96b2-4b33950d210f",
"value": "https://blog.malwarebytes.com/cybercrime/2017/10/badrabbit-ransomware-strikes-eastern-europe/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-76d0-4712-b9bf-41fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-76d0-4712-b9bf-41fa950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-76d0-4712-b9bf-41fa950d210f",
"value": "https://motherboard.vice.com/en_us/article/59yb4q/bad-rabbit-petya-ransomware-russia-ukraine"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-18fc-4672-8078-41e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:19:32.000Z",
"modified": "2017-10-25T10:19:32.000Z",
"first_observed": "2017-10-25T10:19:32Z",
"last_observed": "2017-10-25T10:19:32Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-18fc-4672-8078-41e5950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-18fc-4672-8078-41e5950d210f",
"value": "https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-0d54-42c2-bfea-4017950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:18:25.000Z",
"modified": "2017-10-25T10:18:25.000Z",
"first_observed": "2017-10-25T10:18:25Z",
"last_observed": "2017-10-25T10:18:25Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-0d54-42c2-bfea-4017950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-0d54-42c2-bfea-4017950d210f",
"value": "https://researchcenter.paloaltonetworks.com/2017/10/threat-brief-information-bad-rabbit-ransomware-attacks/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-f1a8-4ee7-9195-4a3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:18:09.000Z",
"modified": "2017-10-25T10:18:09.000Z",
"first_observed": "2017-10-25T10:18:09Z",
"last_observed": "2017-10-25T10:18:09Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-f1a8-4ee7-9195-4a3c950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-f1a8-4ee7-9195-4a3c950d210f",
"value": "http://www.reuters.com/article/us-ukraine-cyber/new-wave-of-cyber-attacks-hits-ukraine-and-russia-"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-16cc-4f80-8ba4-406e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:18:17.000Z",
"modified": "2017-10-25T10:18:17.000Z",
"first_observed": "2017-10-25T10:18:17Z",
"last_observed": "2017-10-25T10:18:17Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-16cc-4f80-8ba4-406e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-16cc-4f80-8ba4-406e950d210f",
"value": "http://www.reuters.com/article/us-ukraine-cyber/new-cyber-attacks-hit-airport-metro-in-ukraine-"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-7f20-4363-8096-4a8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:17:15.000Z",
"modified": "2017-10-25T10:17:15.000Z",
"first_observed": "2017-10-25T10:17:15Z",
"last_observed": "2017-10-25T10:17:15Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-7f20-4363-8096-4a8c950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-7f20-4363-8096-4a8c950d210f",
"value": "http://securityaffairs.co/wordpress/64713/malware/bad-rabbit-ransomware.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-14f0-4ad8-bbb4-4c6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:17:50.000Z",
"modified": "2017-10-25T10:17:50.000Z",
"first_observed": "2017-10-25T10:17:50Z",
"last_observed": "2017-10-25T10:17:50Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-14f0-4ad8-bbb4-4c6b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-14f0-4ad8-bbb4-4c6b950d210f",
"value": "https://thehackernews.com/2017/10/bad-rabbit-ransomware-attack.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-4624-4a61-bb1d-4a80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:16:38.000Z",
"modified": "2017-10-25T10:16:38.000Z",
"first_observed": "2017-10-25T10:16:38Z",
"last_observed": "2017-10-25T10:16:38Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-4624-4a61-bb1d-4a80950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-4624-4a61-bb1d-4a80950d210f",
"value": "https://www.theregister.co.uk/2017/10/24/badrabbit_ransomware/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-b7c4-4496-94b5-4bd4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-b7c4-4496-94b5-4bd4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-b7c4-4496-94b5-4bd4950d210f",
"value": "https://threatpost.com/badrabbit-ransomware-attacks-hitting-russia-ukraine/128593/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-1c5c-48a5-940e-4846950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:17:59.000Z",
"modified": "2017-10-25T10:17:59.000Z",
"first_observed": "2017-10-25T10:17:59Z",
"last_observed": "2017-10-25T10:17:59Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-1c5c-48a5-940e-4846950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-1c5c-48a5-940e-4846950d210f",
"value": "https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-2cd4-407f-93cc-47e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:17:41.000Z",
"modified": "2017-10-25T10:17:41.000Z",
"first_observed": "2017-10-25T10:17:41Z",
"last_observed": "2017-10-25T10:17:41Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-2cd4-407f-93cc-47e3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-2cd4-407f-93cc-47e3950d210f",
"value": "https://www.kaspersky.com/blog/bad-rabbit-ransomware/19887/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-2384-4933-a65f-44a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:17:33.000Z",
"modified": "2017-10-25T10:17:33.000Z",
"first_observed": "2017-10-25T10:17:33Z",
"last_observed": "2017-10-25T10:17:33Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-2384-4933-a65f-44a4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-2384-4933-a65f-44a4950d210f",
"value": "https://www.pcmag.com/news/356977/badrabbit-ransomware-targets-systems-in-russia-ukraine"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ca9-20b4-41b5-9814-45da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:17:06.000Z",
"modified": "2017-10-25T10:17:06.000Z",
"first_observed": "2017-10-25T10:17:06Z",
"last_observed": "2017-10-25T10:17:06Z",
"number_observed": 1,
"object_refs": [
"url--59f04ca9-20b4-41b5-9814-45da950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ca9-20b4-41b5-9814-45da950d210f",
"value": "https://www.technologyreview.com/the-download/609206/a-new-strain-of-ransomware-is-hitting-eastern-europe/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04caa-13e0-43c0-b1ab-4f6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:05:01.000Z",
"modified": "2017-10-25T10:05:01.000Z",
"first_observed": "2017-10-25T10:05:01Z",
"last_observed": "2017-10-25T10:05:01Z",
"number_observed": 1,
"object_refs": [
"url--59f04caa-13e0-43c0-b1ab-4f6a950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04caa-13e0-43c0-b1ab-4f6a950d210f",
"value": "https://www.bloomberg.com/news/articles/2017-10-24/russian-news-agency-interfax-faces-unprecedented-hacker-"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04caa-a06c-4fa8-9068-4cdf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04caa-a06c-4fa8-9068-4cdf950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04caa-a06c-4fa8-9068-4cdf950d210f",
"value": "https://www.washingtontimes.com/news/2017/oct/24/badrabbit-ransomware-strain-infects-russian-media-/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04caa-f4dc-454f-8eee-416d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:05:01.000Z",
"modified": "2017-10-25T10:05:01.000Z",
"first_observed": "2017-10-25T10:05:01Z",
"last_observed": "2017-10-25T10:05:01Z",
"number_observed": 1,
"object_refs": [
"url--59f04caa-f4dc-454f-8eee-416d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04caa-f4dc-454f-8eee-416d950d210f",
"value": "https://techcrunch.com/2017/10/24/badrabbit-notpetya-russia-ukraine-ransomware-malware/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04caa-2cc8-483e-a992-4be4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:05:01.000Z",
"modified": "2017-10-25T10:05:01.000Z",
"first_observed": "2017-10-25T10:05:01Z",
"last_observed": "2017-10-25T10:05:01Z",
"number_observed": 1,
"object_refs": [
"url--59f04caa-2cc8-483e-a992-4be4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04caa-2cc8-483e-a992-4be4950d210f",
"value": "http://www.bbc.co.uk/news/technology-41740768"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04caa-c97c-4ed4-a364-410d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:05:01.000Z",
"modified": "2017-10-25T10:05:01.000Z",
"first_observed": "2017-10-25T10:05:01Z",
"last_observed": "2017-10-25T10:05:01Z",
"number_observed": 1,
"object_refs": [
"url--59f04caa-c97c-4ed4-a364-410d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04caa-c97c-4ed4-a364-410d950d210f",
"value": "http://www.zdnet.com/article/bad-rabbit-ransomware-a-new-variant-of-petya-is-spreading-warn-researchers/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04caa-0a40-4ec0-aadc-498e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04caa-0a40-4ec0-aadc-498e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04caa-0a40-4ec0-aadc-498e950d210f",
"value": "https://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04cbe-55c4-43b3-9b81-4a39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:05:01.000Z",
"modified": "2017-10-25T10:05:01.000Z",
"first_observed": "2017-10-25T10:05:01Z",
"last_observed": "2017-10-25T10:05:01Z",
"number_observed": 1,
"object_refs": [
"url--59f04cbe-55c4-43b3-9b81-4a39950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04cbe-55c4-43b3-9b81-4a39950d210f",
"value": "https://arstechnica.com/information-technology/2017/10/new-wave-of-data-encrypting-malware-crashes-through-"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04cbe-eed8-40ca-aad0-464f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04cbe-eed8-40ca-aad0-464f950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04cbe-eed8-40ca-aad0-464f950d210f",
"value": "https://www.scmagazine.com/badrabbit-ransomware-spreading-in-russia-and-the-ukraine-vaccine-"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04cbe-a1a4-416b-9f68-4764950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:05:01.000Z",
"modified": "2017-10-25T10:05:01.000Z",
"first_observed": "2017-10-25T10:05:01Z",
"last_observed": "2017-10-25T10:05:01Z",
"number_observed": 1,
"object_refs": [
"url--59f04cbe-a1a4-416b-9f68-4764950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04cbe-a1a4-416b-9f68-4764950d210f",
"value": "https://www.bangkokpost.com/news/world/1348551/new-badrabbit-ransomware-attacks-hit-europe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04cbe-e4e4-4d6d-8eab-4e42950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:05:01.000Z",
"modified": "2017-10-25T10:05:01.000Z",
"first_observed": "2017-10-25T10:05:01Z",
"last_observed": "2017-10-25T10:05:01Z",
"number_observed": 1,
"object_refs": [
"url--59f04cbe-e4e4-4d6d-8eab-4e42950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04cbe-e4e4-4d6d-8eab-4e42950d210f",
"value": "https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04cbe-c9dc-4e7f-98ee-43e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04cbe-c9dc-4e7f-98ee-43e3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04cbe-c9dc-4e7f-98ee-43e3950d210f",
"value": "https://gizmodo.com/bad-rabbit-ransomware-strikes-russia-and-ukraine-1819814538"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04cbe-09b0-4172-9c38-4ece950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04cbe-09b0-4172-9c38-4ece950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04cbe-09b0-4172-9c38-4ece950d210f",
"value": "http://money.cnn.com/2017/10/24/technology/bad-rabbit-ransomware-attack/index.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04cbe-1888-4a4e-8e13-4f6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04cbe-1888-4a4e-8e13-4f6e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04cbe-1888-4a4e-8e13-4f6e950d210f",
"value": "https://www.windowscentral.com/new-bad-rabbit-ransomware-attack-spreading-across-europe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04ce0-ace4-4fd9-a5e1-4384950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T11:08:30.000Z",
"modified": "2017-10-25T11:08:30.000Z",
"first_observed": "2017-10-25T11:08:30Z",
"last_observed": "2017-10-25T11:08:30Z",
"number_observed": 1,
"object_refs": [
"url--59f04ce0-ace4-4fd9-a5e1-4384950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04ce0-ace4-4fd9-a5e1-4384950d210f",
"value": "https://www.cybereason.com/blog/cybereason-researcher-discovers-vaccine-for-badrabbit-ransomware"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04ddb-4394-4395-a6dc-4cad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:21:44.000Z",
"modified": "2017-10-25T10:21:44.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1GxXGMoz7HAVwRDZd7ezkKipY4DHLUqzmM"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04ddb-8c10-49a8-8478-4af9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:21:39.000Z",
"modified": "2017-10-25T10:21:39.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "17GhezAiRhgB8DGArZXBkrZBFTGCC9SQ2Z"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e08-25d8-45ee-8504-4e93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "Distribution URL 1",
"pattern": "[url:value = 'http://1dnscontrol.com/flash_install.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e08-95a8-4618-9479-44db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "Distribution URL 2",
"pattern": "[url:value = 'http://1dnscontrol.com/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e08-ccc4-488b-b969-4333950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "Inject URL",
"pattern": "[url:value = 'http://185.149.120.3/scholargoogle/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e08-6ae4-489b-be10-4669950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "Payment site",
"pattern": "[url:value = 'http://caforssztxqzf2nm.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04e1b-213c-4331-928a-4c81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"labels": [
"misp:type=\"windows-scheduled-task\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "windows-scheduled-task",
"x_misp_value": "viserion_"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04e1b-a3f8-4600-8f29-40ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"labels": [
"misp:type=\"windows-scheduled-task\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "windows-scheduled-task",
"x_misp_value": "rhaegal"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f04e1b-c00c-4b3e-ac65-4124950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"labels": [
"misp:type=\"windows-scheduled-task\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "windows-scheduled-task",
"x_misp_value": "drogon"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e62-cb50-4df9-abff-4be0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "diskcryptor client",
"pattern": "[file:hashes.SHA256 = '8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e62-b7e4-48b7-8223-485f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "mimikatz-like x86",
"pattern": "[file:hashes.SHA256 = '2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e62-6178-4db1-8e6b-41d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "mimikatz-like x64",
"pattern": "[file:hashes.SHA256 = '301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e9c-1a6c-4b65-ace5-4043950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "infpub.dat diskcoder",
"pattern": "[file:hashes.SHA256 = '579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e9c-94e4-4a5c-91e5-481a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "cscc.dat x32 diskcryptor drv",
"pattern": "[file:hashes.SHA256 = '682adcb55fe4649f7b22505a54a9dbc454b4090fc2bb84af7db5b0908f3b7806']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04e9c-0ad8-41a7-9039-45a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "cscc.dat x64 diskcryptor drv",
"pattern": "[file:hashes.SHA256 = '0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04eb4-d490-4167-a395-4b88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "install_flash_player.exe dropper",
"pattern": "[file:hashes.SHA256 = '630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-dd8c-4fb0-a584-4d3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "install_flash_player.exe dropper - Xchecked via VT: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da",
"pattern": "[file:hashes.SHA1 = 'de5c8d858e6e41da715dca1c019df0bfb92d32c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-9058-4c94-b7d7-44eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "install_flash_player.exe dropper - Xchecked via VT: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da",
"pattern": "[file:hashes.MD5 = 'fbbdc39af1139aebba4da004475e8839']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04f7a-ede0-414e-89d5-49a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"first_observed": "2017-10-25T08:46:50Z",
"last_observed": "2017-10-25T08:46:50Z",
"number_observed": 1,
"object_refs": [
"url--59f04f7a-ede0-414e-89d5-49a902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04f7a-ede0-414e-89d5-49a902de0b81",
"value": "https://www.virustotal.com/file/630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da/analysis/1508920901/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-a1bc-4d00-ab1f-408a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "cscc.dat x64 diskcryptor drv - Xchecked via VT: 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6",
"pattern": "[file:hashes.SHA1 = '08f94684e83a27f2414f439975b7f8a6d61fc056']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-f30c-4b40-8e0b-41eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "cscc.dat x64 diskcryptor drv - Xchecked via VT: 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6",
"pattern": "[file:hashes.MD5 = 'edb72f4a46c39452d1a5414f7d26454a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04f7a-ffb8-4ccf-a9e4-4a8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"first_observed": "2017-10-25T08:46:50Z",
"last_observed": "2017-10-25T08:46:50Z",
"number_observed": 1,
"object_refs": [
"url--59f04f7a-ffb8-4ccf-a9e4-4a8c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04f7a-ffb8-4ccf-a9e4-4a8c02de0b81",
"value": "https://www.virustotal.com/file/0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6/analysis/1508918584/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-52b0-4877-b62a-45f802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "cscc.dat x32 diskcryptor drv - Xchecked via VT: 682adcb55fe4649f7b22505a54a9dbc454b4090fc2bb84af7db5b0908f3b7806",
"pattern": "[file:hashes.SHA1 = '59cd4907a438b8300a467cee1c6fc31135757039']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-6898-4e2e-84f0-4d5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "cscc.dat x32 diskcryptor drv - Xchecked via VT: 682adcb55fe4649f7b22505a54a9dbc454b4090fc2bb84af7db5b0908f3b7806",
"pattern": "[file:hashes.MD5 = 'b4e6d97dafd9224ed9a547d52c26ce02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04f7a-0b4c-4347-ba7a-4bde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"first_observed": "2017-10-25T08:46:50Z",
"last_observed": "2017-10-25T08:46:50Z",
"number_observed": 1,
"object_refs": [
"url--59f04f7a-0b4c-4347-ba7a-4bde02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04f7a-0b4c-4347-ba7a-4bde02de0b81",
"value": "https://www.virustotal.com/file/682adcb55fe4649f7b22505a54a9dbc454b4090fc2bb84af7db5b0908f3b7806/analysis/1508920930/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-80dc-41da-97fd-476202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "infpub.dat diskcoder - Xchecked via VT: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648",
"pattern": "[file:hashes.SHA1 = '79116fe99f2b421c52ef64097f0f39b815b20907']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-eca0-453f-88f3-425902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "infpub.dat diskcoder - Xchecked via VT: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648",
"pattern": "[file:hashes.MD5 = '1d724f95c61f1055f0d02c2154bbccd3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04f7a-0e90-4e91-85c6-433702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"first_observed": "2017-10-25T08:46:50Z",
"last_observed": "2017-10-25T08:46:50Z",
"number_observed": 1,
"object_refs": [
"url--59f04f7a-0e90-4e91-85c6-433702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04f7a-0e90-4e91-85c6-433702de0b81",
"value": "https://www.virustotal.com/file/579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648/analysis/1508917915/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-de34-4cca-ad90-4b9302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "mimikatz-like x64 - Xchecked via VT: 301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c",
"pattern": "[file:hashes.SHA1 = '413eba3973a15c1a6429d9f170f3e8287f98c21c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7a-26ac-4faf-a5c9-412402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:50.000Z",
"modified": "2017-10-25T08:46:50.000Z",
"description": "mimikatz-like x64 - Xchecked via VT: 301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c",
"pattern": "[file:hashes.MD5 = '347ac3b6b791054de3e5720a7144a977']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04f7b-9318-4819-94bb-419e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:51.000Z",
"modified": "2017-10-25T08:46:51.000Z",
"first_observed": "2017-10-25T08:46:51Z",
"last_observed": "2017-10-25T08:46:51Z",
"number_observed": 1,
"object_refs": [
"url--59f04f7b-9318-4819-94bb-419e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04f7b-9318-4819-94bb-419e02de0b81",
"value": "https://www.virustotal.com/file/301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c/analysis/1508918790/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7b-9110-465c-98b1-4ebf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:51.000Z",
"modified": "2017-10-25T08:46:51.000Z",
"description": "mimikatz-like x86 - Xchecked via VT: 2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035",
"pattern": "[file:hashes.SHA1 = '16605a4a29a101208457c47ebfde788487be788d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7b-7134-494e-9467-411b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:51.000Z",
"modified": "2017-10-25T08:46:51.000Z",
"description": "mimikatz-like x86 - Xchecked via VT: 2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035",
"pattern": "[file:hashes.MD5 = '37945c44a897aa42a66adcab68f560e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04f7b-667c-4ad9-ad32-42b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:51.000Z",
"modified": "2017-10-25T08:46:51.000Z",
"first_observed": "2017-10-25T08:46:51Z",
"last_observed": "2017-10-25T08:46:51Z",
"number_observed": 1,
"object_refs": [
"url--59f04f7b-667c-4ad9-ad32-42b102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04f7b-667c-4ad9-ad32-42b102de0b81",
"value": "https://www.virustotal.com/file/2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035/analysis/1508915760/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7b-d238-4e6b-8d21-445502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:51.000Z",
"modified": "2017-10-25T08:46:51.000Z",
"description": "diskcryptor client - Xchecked via VT: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93",
"pattern": "[file:hashes.SHA1 = 'afeee8b4acff87bc469a6f0364a81ae5d60a2add']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f04f7b-c8e0-4bdf-a5c9-46ed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:51.000Z",
"modified": "2017-10-25T08:46:51.000Z",
"description": "diskcryptor client - Xchecked via VT: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93",
"pattern": "[file:hashes.MD5 = 'b14d8faf7f0cbcfad051cefe5f39645f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T08:46:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f04f7b-099c-46e6-a0b0-4a4f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T08:46:51.000Z",
"modified": "2017-10-25T08:46:51.000Z",
"first_observed": "2017-10-25T08:46:51Z",
"last_observed": "2017-10-25T08:46:51Z",
"number_observed": 1,
"object_refs": [
"url--59f04f7b-099c-46e6-a0b0-4a4f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f04f7b-099c-46e6-a0b0-4a4f02de0b81",
"value": "https://www.virustotal.com/file/8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93/analysis/1508918221/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink