misp-circl-feed/feeds/circl/stix-2.1/5b60b046-c0c8-49ce-aa97-437a02de0b81.json

1335 lines
243 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b60b046-c0c8-49ce-aa97-437a02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T12:57:31.000Z",
"modified": "2018-08-03T12:57:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b60b046-c0c8-49ce-aa97-437a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T12:57:31.000Z",
"modified": "2018-08-03T12:57:31.000Z",
"name": "OSINT - Malicious document targets Vietnamese officials",
"published": "2018-08-03T12:57:39Z",
"object_refs": [
"x-misp-attribute--5b60b05e-a498-4fbf-989a-415f02de0b81",
"observed-data--5b60b07d-2a4c-4a69-bf54-45c902de0b81",
"url--5b60b07d-2a4c-4a69-bf54-45c902de0b81",
"indicator--5b60b0aa-8804-41de-b5f9-4b1502de0b81",
"indicator--5b60b0aa-8ffc-4f81-b727-4f7a02de0b81",
"indicator--5b60b0ab-35c8-4772-a501-457402de0b81",
"indicator--5b60b0ab-ffb8-4dbb-8955-4acb02de0b81",
"indicator--5b60b0ac-0c6c-46bc-87ca-46ab02de0b81",
"indicator--5b60b0ac-42b0-4015-8080-4c3e02de0b81",
"indicator--5b60b0ad-fc20-44d6-864e-403502de0b81",
"indicator--5b60b0ad-8620-4f8e-9fe9-491902de0b81",
"indicator--5b60b0ae-342c-442f-86ae-45ae02de0b81",
"indicator--5b60b0ae-bd04-4ad5-80a3-416b02de0b81",
"indicator--5b60b0ae-1190-4c13-8312-4c1d02de0b81",
"indicator--5b60b0af-f70c-4cdb-ad89-426f02de0b81",
"indicator--5b60b0af-e20c-4100-b7ac-43ae02de0b81",
"indicator--5b60b0f4-223c-4110-86b9-40d302de0b81",
"indicator--5b60b0f5-fc4c-4bdf-b0e0-492a02de0b81",
"indicator--5b60b116-c4b8-4db1-a759-488602de0b81",
"indicator--5b60b12a-7f14-4224-b16a-46f702de0b81",
"indicator--5b60b14d-4b2c-46aa-83a7-4e2902de0b81",
"indicator--5b60b14d-82a0-49a6-8fad-49ce02de0b81",
"observed-data--5b60b17d-48b8-4f9c-a13c-484602de0b81",
"file--5b60b17d-48b8-4f9c-a13c-484602de0b81",
"artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81",
"indicator--5b644a64-8644-4576-a851-41b7950d210f",
"indicator--440c258f-8bb9-488f-9ba4-11d2d4a0c491",
"x-misp-object--28410a9f-3d9e-4e02-ab8a-9ad909a615fd",
"indicator--28ff01c4-0217-4836-a385-3e490837c712",
"x-misp-object--dbc74363-ad91-41ec-9380-a91ae88b02e0",
"indicator--341880ea-3069-4d12-bd1e-9e855ee3edb7",
"x-misp-object--97460a0b-9f53-4f2d-afa1-b3eccf30fd47",
"indicator--5b62fa30-d240-4632-b970-4eb802de0b81",
"indicator--5b62fa56-9f74-4086-b0f6-48f002de0b81",
"indicator--5b62fa78-2388-4104-80f1-4b6a02de0b81",
"indicator--5b62fa99-c394-40ff-8bca-447402de0b81",
"indicator--5b62fab3-512c-40ac-bd39-45c802de0b81",
"indicator--5b62fad4-270c-4ffc-8aff-4ee002de0b81",
"indicator--5b62fafd-f4b0-409c-aba6-4ae602de0b81",
"indicator--5b62fb15-ba10-4e32-ba11-49ba02de0b81",
"indicator--5b62fb36-9314-4c86-b3eb-484202de0b81",
"indicator--f2b65487-b330-43d5-b152-9d8e7ab9fa86",
"x-misp-object--081c7113-f184-47ac-bcc8-85e42c98a503",
"indicator--22279826-2833-439c-831b-2d754ad300e5",
"x-misp-object--c45609ff-9cc7-4d9c-8647-8b500b1b3379",
"indicator--db3fbbf0-53b2-43de-8b00-e1950b22026b",
"x-misp-object--08289608-6e5c-4d58-8899-6e53368135e8",
"indicator--13d8c40b-9f39-424e-b9fa-369a41b15415",
"x-misp-object--74e8e845-1d59-4a37-8932-1132e84831e4",
2024-08-07 08:13:15 +00:00
"relationship--0e76f078-1678-454f-b555-a854a0d2df84",
"relationship--37c34196-5c4b-4c1a-9292-c230732adb96",
"relationship--2902ec59-815b-4721-ab7d-d823372829d0",
"relationship--569a1ba1-4850-4894-839c-874fb05be92b",
"relationship--bf282684-c932-401b-a58c-7d3ef486da5c",
"relationship--35f5bd63-ed5e-47d6-9166-9ca270b8faad",
"relationship--f595feda-b115-4128-922d-44cdf0119275"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:threat-actor=\"Hellsing\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b60b05e-a498-4fbf-989a-415f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:54:22.000Z",
"modified": "2018-07-31T18:54:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "After our investigation of APT SideWinder, we\u00e2\u20ac\u2122ve done a yara rule for hunting RTF document exploiting the CVE-2017\u00e2\u20ac\u201c11882.\r\n\r\nWe found a document written in Vietnamese dealing with a summary about differents projects in the district H\u00e1\u00ba\u00a3i Ch\u00c3\u00a2u of \u00c4\u0090\u00c3\u00a0 N\u00e1\u00ba\u00b5ng."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b60b07d-2a4c-4a69-bf54-45c902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:54:53.000Z",
"modified": "2018-07-31T18:54:53.000Z",
"first_observed": "2018-07-31T18:54:53Z",
"last_observed": "2018-07-31T18:54:53Z",
"number_observed": 1,
"object_refs": [
"url--5b60b07d-2a4c-4a69-bf54-45c902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b60b07d-2a4c-4a69-bf54-45c902de0b81",
"value": "https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0aa-8804-41de-b5f9-4b1502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:38.000Z",
"modified": "2018-07-31T18:55:38.000Z",
"pattern": "[domain-name:value = 'dn.dulichbiendao.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0aa-8ffc-4f81-b727-4f7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:38.000Z",
"modified": "2018-07-31T18:55:38.000Z",
"pattern": "[domain-name:value = 'gateway.vietbaotinmoi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ab-35c8-4772-a501-457402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:39.000Z",
"modified": "2018-07-31T18:55:39.000Z",
"pattern": "[domain-name:value = 'fis.malware-sinkhole.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ab-ffb8-4dbb-8955-4acb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:39.000Z",
"modified": "2018-07-31T18:55:39.000Z",
"pattern": "[domain-name:value = 'hn.dulichbiendao.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ac-0c6c-46bc-87ca-46ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:40.000Z",
"modified": "2018-07-31T18:55:40.000Z",
"pattern": "[domain-name:value = 'halong.dulichculao.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ac-42b0-4015-8080-4c3e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:40.000Z",
"modified": "2018-07-31T18:55:40.000Z",
"pattern": "[domain-name:value = 'news.malware-sinkhole.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ad-fc20-44d6-864e-403502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:41.000Z",
"modified": "2018-07-31T18:55:41.000Z",
"pattern": "[domain-name:value = 'cat.toonganuh.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ad-8620-4f8e-9fe9-491902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:41.000Z",
"modified": "2018-07-31T18:55:41.000Z",
"pattern": "[domain-name:value = 'new.sggpnews.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ae-342c-442f-86ae-45ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:42.000Z",
"modified": "2018-07-31T18:55:42.000Z",
"pattern": "[domain-name:value = 'dulichculao.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ae-bd04-4ad5-80a3-416b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:42.000Z",
"modified": "2018-07-31T18:55:42.000Z",
"pattern": "[domain-name:value = 'coco.sodexoa.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0ae-1190-4c13-8312-4c1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:42.000Z",
"modified": "2018-07-31T18:55:42.000Z",
"pattern": "[domain-name:value = 'thoitiet.malware-sinkhole.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0af-f70c-4cdb-ad89-426f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:43.000Z",
"modified": "2018-07-31T18:55:43.000Z",
"pattern": "[domain-name:value = 'wouderfulu.impresstravel.ga']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0af-e20c-4100-b7ac-43ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:55:43.000Z",
"modified": "2018-07-31T18:55:43.000Z",
"pattern": "[domain-name:value = 'toonganuh.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0f4-223c-4110-86b9-40d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:56:52.000Z",
"modified": "2018-07-31T18:56:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.99.181.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:56:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b0f5-fc4c-4bdf-b0e0-492a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:56:53.000Z",
"modified": "2018-07-31T18:56:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.223.165.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:56:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b116-c4b8-4db1-a759-488602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:57:26.000Z",
"modified": "2018-07-31T18:57:26.000Z",
"description": "RTF",
"pattern": "[file:hashes.SHA256 = '42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:57:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b12a-7f14-4224-b16a-46f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:57:46.000Z",
"modified": "2018-07-31T18:57:46.000Z",
"description": "8.t",
"pattern": "[file:hashes.SHA256 = '2c60d4312e4416745e56048ee35e694a79e1bc77e7e4d0b5811e64c84a72d2d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:57:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b14d-4b2c-46aa-83a7-4e2902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:58:21.000Z",
"modified": "2018-07-31T18:58:21.000Z",
"description": "exe",
"pattern": "[file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b60b14d-82a0-49a6-8fad-49ce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:58:21.000Z",
"modified": "2018-07-31T18:58:21.000Z",
"description": "dll",
"pattern": "[file:hashes.SHA256 = '9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T18:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b60b17d-48b8-4f9c-a13c-484602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T18:59:09.000Z",
"modified": "2018-07-31T18:59:09.000Z",
"first_observed": "2018-07-31T18:59:09Z",
"last_observed": "2018-07-31T18:59:09Z",
"number_observed": 1,
"object_refs": [
"file--5b60b17d-48b8-4f9c-a13c-484602de0b81",
"artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b60b17d-48b8-4f9c-a13c-484602de0b81",
"name": "joe.png",
"content_ref": "artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABPkAAAOgCAIAAADAnTTnAACAAElEQVR42uzdB1QU1/4H8JntsEvvVaSsAiI2sGJvJFYUe401sT01xmgSSzSJRp+Jvhg1JkaNEjV2jb0XwEZRBOlIE2m7lO07O/8T5r39E1QkCrLA93M4nN3ZO3fu3Nmdnd/eO/dyaJomAAAAAAAAoCHQaDRyuRz18FIkSZaWljo7OxMEwUJ1AAAAAAAAQCODWBcAAAAAAAAQ6wIAAAAAAAAg1gUAAAAAAABArAsAAAAAAAA1cjc6ITY+pcrCBw8THzxMZB6fu3qnSFL64ooR9+Mysp7VfEMR9+PinqQZyF6/tvCIdQEAAAAAABowmqZJgqwmgYujLZ/HfcmKxD+blocmDGgSn9cWHrEuAAAAAABAY+bborlIaKR/qlJrdDrdS1PqdDq1WvPGG3rV6upXbLH6zak1L1mrmsJXwcGBBwAAAAAAaMSu3o5q08rLwsxEWlr+KCGtXCZnsVgujraV20W1WiouMS0vv5imaSMB37dFcxsr85pv4lWrl8sUsfEppWUyNpvl0cxJWlru7GBjZ2NZzeZu3nko9nBJzcgpKS0nSdLNxaGlpytBENUUHrEuAAAAAABAI6RSqyXSsspLNBotl/vfcE+pUusqRD1KEgmN2vi2Jggi7klaaZnM0c6aSROXmF5WLu/U3pfP46ZnPot6lNQt0E9obFTDArx0dWMjQXRckrGRoI2vp05HP0xILZcpHGytqt+cSqVKSMrwbdHc0tw0J6/gcWK6g62lici4msIj1gUAAAAAAGiECotLCotLqiy0tbao/PRZfpFGo23j68WriIH9fT1vRMYyLymUqmfPC7sE+JmZCAmC8BG7FUtLc54Vij1carL1V61ubiZSKFUd2/kyW2zV0j383qOabM7Bzopp5nV1snuSkqlQqcvlilcVHrEuAAAAAABA4+RgZ93G17PyEv0gzHrl5QozEyHvf429xkYCAZ/HPC4rlxMEkZtX+Ox5IbOEpulyuaKGW3/V6hwO29hIoN+imYmQxWLVZHMmQmP9Y3bFKtUUHrEuAEDjR1GUTqf7ZyMqAlSLJEk2m81cmgAAQINGEzRJ/m24Zv3pnaJ0LBZLH0kSBOFoZ21kxK/xFcjLV5fJlFW+QZjtv3ZzLDar5oVHrAsA0JhptVqNRoMoF+qCRqP564qEx0PECwDQoBkbCXLyCnU6HXM+12ophVLFvGRkxNfpdC5Otjzuf6cmyi+UvLbhVO9Vq9M0Lc9R0vR/w1SlSk1RujfbXDWFfxV8aQEANGw0TSuVSgS6UKd0Oh3zNkNVAAA0XMzox0lpWXSFhOQM/eQ9ZiZCkdA4LiGNWVJUXBL1KIl62dQ+KrVGIi2r/FfN6jZWFgRNpz3NZa5YklIz/+nmalL4V0G7LgBAww50VSoVc9JHbUBdY35S4fF4qAoAgIaIz+O2atE8LjE9KyefIAiR0Eg/zQ9Jkv4+HlGPkq7cesDlcpUqlZe7s4WZyYuZ5BdK8gsllZcM6BnIYrFetbqfj2fs4+Sn2Xk0QdjbWPJ4XBaLVfPN1aTwr0Li8ggAoOFSqVQURaEe4J0hSZLL5XI4+K0cAKDeaDQauVz+5hcPak1JaTmXyzE3FVW5A1an00mkZZROZ2oirHkH5mpW1+l0Gi3FTI0r4HFNRMYXb9wLbOvDhLVvsLlqCq//niotLXV2dka7LgBAA8aMRIV6gHeJpmmNRsNms196hQEAAIaPz+NWmYtIj8ViWVmavXHOL66uUKpvRMZ0bOdjV7HFtMxcNpvNzDP0ZpurpvAvKQ8ONgBAA9VE7tE9e/asewUfH59ly5ZVeXXnzp1z5sypST41T7lr1y4fHx8bG5vRo0dLJJLazbxxQG8CAACoCaGxQOzucj/2ya07D6+FR6dl5LT29nhnIx2iXRcAoEGiabqJNOqqVCoOh3Pt2rXs7Ow+ffpMnjw5u8LQoUMtLCwUCoVUKj158iSLxRo0aJBGozl16lRhYeGAAQMePXrk4+Pj7u5++PDhrl27+vv729jYEATx4MGDmJiYrl27tmzZMi4urqSkpLi4ePDgwczmbt68uWzZssOHD4vF4vnz569evXr69OlMmoEDB+ozl0gkMpksOzvb0dExKCioSjEa/XtPo9GgGzMAANSEh5uTi5OdTKbgcNlCI8G7HNKfvWrVKhwAAIAGR1ehKezpkydPjhw5olQqr1y5IhQKuVzuli1bBALB8uXLp0+f/uDBg99//10kEn355ZeBgYEHKlAUtXbtWjabHRUV5efnN3DgwI8//vjPP/+8ePEii8WaPn26s7PzokWLevToceHChc8++ywtLW3ChAnM5n788UcXF5d58+aVlZV16tQpKCjo+PHjTJrs7Gx95iwW69NPP7WwsFi5cqWPj09xcXHlYri5uTXug8LctYuPIQBAfVGr1Q2otGw2y0jA5/O47+D+F5IkVSqVqakp2nUBABqqJjWyIJvNdnJyMjIyCg8PP3z4sLm5uU6ny8rKevz4MUEQXbt2/fe//x0XF/f06dOxY8fSNH3nzp3c3NzQ0NAZM2b4+/v37dvX3Py/QzUePXp09uzZn3zyiUwmO3r0qLm5eevWrY8fP67fllKpZFosf/nll/379zs7O/fr149Jk5aWps+cIIg+ffps2rSJx+OdOXNGLBZXLgbefgAAUKdfi2w2G7eTvBbu1wUAAENnamo6Z86c+fPnkySpVCp79eo1bdq077//nmk+ZUJT5qfipUuXSiSSf/3rXwRBdO7cmaKobdu2hYaG6rMyMjKSSqUEQUgkEmNjY4IgrKysKm8rKCjozJkzmZmZn3/+ub43MpOmcuYEQTD5FBcXi0SiKsUAAACoU8bGxvjGeS206wIAgKHLzMw0NTXl8Xjdu3efPHny0qVLT58+bWVlNWXKlCopXVxcTpw4ER8fT1GUVCoNDQ3dtm3be++9p08wZ86coUOH3rhxo7i4+Ouvv96/f3+VHEaMGHH16lV/f38zM7Nu3bq9KnOlUpmSktKxY8dnz55dvnz57NmzOEwAAPDOsFgskUikUqm0Wi0mZXgVzK8LANAgabXaJjIO84tKSkqKiorc3d1ffImm6YyMDBcXl2pGTlIqldnZ2c2aNavmjlOJRKJSqezt7XU6nX4UjcqZr1ixoqio6LPPPjMzMxMKhU3wKDCt4gBN55Qrk8lQDwANIL7F/LoAANBwmVV41Tdc8+bNq19dIBB4enpWn8bC4r9z91UeLrJy5q6urubm5o6OjjgcAAAABhr3ol0XAKAhasrtumAI0K4LTe2Ui3ZdgIYR31Zq18XYVAAAAAAAANDYINYFAAAAAAAAxLoAAAAAAAAAiHUBAAAAAAAAEOsCAAAAAAAAvDnMOQQA0AilpaVpNJrS0lJzc3MvLy9UCAAAACDWBQCABu+rr77S6XQ0TVMU5e7uvmrVKpqmK08VW4/Ky8uFQiFJkmVlZSYmJgRBKBQKIyMj5lWZTCYUCvUvAQAAACDWBQCAvxk5cmRwcHC7du26deuWmJg4d+7cei/SiRMnnj59KpVKrayseDyeRCIJDQ1dtGjR4cOH2Wz27t27KYpSKpXMS5988gkOIgAYpi1btsTGxvr4+CxevNgAi3fx4sUDBw44ODisXbsWBwuaLNyvCwDQmCkUCi6X269fP0MIdAmCuHnzJkmSffr0yczMnDZtWmpqqoODg6+vL0EQ8fHx5eXlBEHoX8LhAwCDlZ+fn5GRkZeXZ5jFKysry8jIyMnJwZECxLoAANAIff311/3791+yZMn58+e3bNliCEWSy+WzZ88+ffr05MmTN23aRFGUQCAwNjYmCGL9+vWlpaXXrl2bNGkS8xKOIAAAALwx9GEGAGiEfvnllypLBgwYYAgF69ixY1hYGI/He/DggZWVVatWrfQv7dq1Kycn59y5c1FRUVVeAgBoWHQ63fHjx69cuSKRSFxcXAYNGtStWzf9qxcvXjx27Fh5eXmfPn3EYvGBAwfc3NwWLlxY/YoLFy7U6XSTJ0+OrGBsbNyrV6/Q0FD9WAxnzpw5dep
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b644a64-8644-4576-a851-41b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-03T12:28:20.000Z",
"modified": "2018-08-03T12:28:20.000Z",
"pattern": "[file:hashes.SHA256 = 'dd89d33e275e99e288e4c50bdafbb4584a9565189491af0a66f8a506eaf53859']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-03T12:28:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--440c258f-8bb9-488f-9ba4-11d2d4a0c491",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T19:00:18.000Z",
"modified": "2018-07-31T19:00:18.000Z",
"pattern": "[file:hashes.MD5 = '56c52e6a3dede484b44d1dbfed8a92f0' AND file:hashes.SHA1 = '505bd0f307da1efe9785044fa7dfbe655da231a5' AND file:hashes.SHA256 = '9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T19:00:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--28410a9f-3d9e-4e02-ab8a-9ad909a615fd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T19:00:17.000Z",
"modified": "2018-07-31T19:00:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-29T07:48:40",
"category": "Other",
"uuid": "5c2b8366-1836-4e0c-8a19-501a98245585"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368/analysis/1532850520/",
"category": "External analysis",
"uuid": "cbe263b6-e9d2-4432-a74f-ed814315b04f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/65",
"category": "Other",
"uuid": "a4e00129-18fa-483c-a624-c460ecf18ec2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--28ff01c4-0217-4836-a385-3e490837c712",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T19:00:21.000Z",
"modified": "2018-07-31T19:00:21.000Z",
"pattern": "[file:hashes.MD5 = 'd64161db327f4ec91d458a00293c62b0' AND file:hashes.SHA1 = '364570ca28e004bed1d9d4e5853befd77b88465f' AND file:hashes.SHA256 = '42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T19:00:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dbc74363-ad91-41ec-9380-a91ae88b02e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T19:00:20.000Z",
"modified": "2018-07-31T19:00:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-23T15:44:31",
"category": "Other",
"uuid": "aca159f6-9481-42db-a2c2-42ac503fa261"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed/analysis/1532360671/",
"category": "External analysis",
"uuid": "19e1bc6e-a9ea-4bbb-bfac-e27af4df4921"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/60",
"category": "Other",
"uuid": "9a0e8dc2-5f70-4f8f-9279-116ae36d69de"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--341880ea-3069-4d12-bd1e-9e855ee3edb7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T19:00:24.000Z",
"modified": "2018-07-31T19:00:24.000Z",
"pattern": "[file:hashes.MD5 = '62944e26b36b1dcace429ae26ba66164' AND file:hashes.SHA1 = '2616da1697f7c764ee7fb558887a6a3279861fac' AND file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-31T19:00:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--97460a0b-9f53-4f2d-afa1-b3eccf30fd47",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-31T19:00:22.000Z",
"modified": "2018-07-31T19:00:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-24T09:20:59",
"category": "Other",
"uuid": "01d43de5-edc2-4275-a5b2-b42e76b5544d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68/analysis/1532424059/",
"category": "External analysis",
"uuid": "8835b84d-dad7-4cbc-afde-ed46122a4768"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/67",
"category": "Other",
"uuid": "fe6851a5-9f11-4ce3-9725-7b452118a065"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fa30-d240-4632-b970-4eb802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:33:52.000Z",
"modified": "2018-08-02T12:33:52.000Z",
"pattern": "[file:hashes.SHA256 = '597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486' AND file:name = '59.rtf' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:33:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fa56-9f74-4086-b0f6-48f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:34:30.000Z",
"modified": "2018-08-02T12:34:30.000Z",
"pattern": "[file:hashes.SHA256 = '11f38b6a69978dad95c9b1479db9a8729ca57329855998bd41befc364657d654' AND file:name = 'RasTls.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:34:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fa78-2388-4104-80f1-4b6a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:35:04.000Z",
"modified": "2018-08-02T12:35:04.000Z",
"pattern": "[file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68' AND file:name = 'RasTls.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:35:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fa99-c394-40ff-8bca-447402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:35:37.000Z",
"modified": "2018-08-02T12:35:37.000Z",
"pattern": "[file:hashes.SHA256 = 'b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253' AND file:name = 'b7.rtf' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:35:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fab3-512c-40ac-bd39-45c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:36:03.000Z",
"modified": "2018-08-02T12:36:03.000Z",
"pattern": "[file:hashes.SHA256 = '77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2' AND file:name = 'spoolsver.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:36:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fad4-270c-4ffc-8aff-4ee002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:36:36.000Z",
"modified": "2018-08-02T12:36:36.000Z",
"pattern": "[file:hashes.SHA256 = '9fba998ab2c1b7fec39da9817b27768ba7892c0613c4be7c525989161981d2e2' AND file:name = 'vsodscpl.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fafd-f4b0-409c-aba6-4ae602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:37:17.000Z",
"modified": "2018-08-02T12:37:17.000Z",
"pattern": "[file:hashes.SHA256 = '9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0' AND file:name = '9d.rtf' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fb15-ba10-4e32-ba11-49ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:37:41.000Z",
"modified": "2018-08-02T12:37:41.000Z",
"pattern": "[file:hashes.SHA256 = '087d8bee1db61273a7cd533d52b63265d3a8a8b897526d7849c48bcdba4b22ec' AND file:name = 'RasTls.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b62fb36-9314-4c86-b3eb-484202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:14.000Z",
"modified": "2018-08-02T12:38:14.000Z",
"pattern": "[file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68' AND file:name = 'RasTls.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:38:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f2b65487-b330-43d5-b152-9d8e7ab9fa86",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:33.000Z",
"modified": "2018-08-02T12:38:33.000Z",
"pattern": "[file:hashes.MD5 = '88d667cc01c4d8ee32e9de116f3bfdeb' AND file:hashes.SHA1 = '5ca26b6eae6bdf038c4ec61b174a3825bcde95fd' AND file:hashes.SHA256 = '597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:38:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--081c7113-f184-47ac-bcc8-85e42c98a503",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:31.000Z",
"modified": "2018-08-02T12:38:31.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-23T13:07:30",
"category": "Other",
"uuid": "30ab8a9f-fae7-49f2-a665-8b44627f1b16"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486/analysis/1532351250/",
"category": "External analysis",
"uuid": "89a4f45a-ff7c-4db1-a3a2-3336464ca4ec"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/59",
"category": "Other",
"uuid": "c3d87ac0-c1c7-45bc-97cc-c3798f16b5d2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--22279826-2833-439c-831b-2d754ad300e5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:35.000Z",
"modified": "2018-08-02T12:38:35.000Z",
"pattern": "[file:hashes.MD5 = '9c7297f032b5c1cfbc2d819815f72f80' AND file:hashes.SHA1 = 'f2bad341629f6e4397158e5a66a94e5f5aea5d48' AND file:hashes.SHA256 = 'b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:38:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c45609ff-9cc7-4d9c-8647-8b500b1b3379",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:33.000Z",
"modified": "2018-08-02T12:38:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-24T01:00:29",
"category": "Other",
"uuid": "b1241a90-9dc5-437c-abd3-f3355401c57a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253/analysis/1532394029/",
"category": "External analysis",
"uuid": "ae05b8e6-8d3d-441f-ab3e-877be4a23ad1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/59",
"category": "Other",
"uuid": "8e84a1a9-3b35-484e-99c2-c66b03b21fdc"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--db3fbbf0-53b2-43de-8b00-e1950b22026b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:37.000Z",
"modified": "2018-08-02T12:38:37.000Z",
"pattern": "[file:hashes.MD5 = 'bd19302a58133803622e119080a5ceda' AND file:hashes.SHA1 = '2c0b6a27dd227d18b312c4a42b3e3fbc233ae996' AND file:hashes.SHA256 = '77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:38:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--08289608-6e5c-4d58-8899-6e53368135e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:36.000Z",
"modified": "2018-08-02T12:38:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-06-20T08:14:35",
"category": "Other",
"uuid": "24e8ba59-3a65-464c-b611-840d0d554777"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2/analysis/1529482475/",
"category": "External analysis",
"uuid": "d9548805-42a2-4119-b35b-0d979e8c0c52"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/68",
"category": "Other",
"uuid": "daff5ae1-4274-45e3-a522-141a42c8ab50"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--13d8c40b-9f39-424e-b9fa-369a41b15415",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:40.000Z",
"modified": "2018-08-02T12:38:40.000Z",
"pattern": "[file:hashes.MD5 = '9ca6d45643f89bf233f08b7d74910346' AND file:hashes.SHA1 = '16163b8182d5d55a75f87c10eacb9240fa2de9af' AND file:hashes.SHA256 = '9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-02T12:38:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--74e8e845-1d59-4a37-8932-1132e84831e4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-02T12:38:38.000Z",
"modified": "2018-08-02T12:38:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-01T16:48:13",
"category": "Other",
"uuid": "8efd1b93-8d49-46f4-8b29-c8cc33fcdf7c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0/analysis/1533142093/",
"category": "External analysis",
"uuid": "95843f4e-383d-4bf4-8f8c-9ce96cc1819e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "23/59",
"category": "Other",
"uuid": "bdb347e0-ded3-4f72-8360-06865baf1f77"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--0e76f078-1678-454f-b555-a854a0d2df84",
2023-04-21 14:44:17 +00:00
"created": "2018-07-31T19:00:23.000Z",
"modified": "2018-07-31T19:00:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--440c258f-8bb9-488f-9ba4-11d2d4a0c491",
"target_ref": "x-misp-object--28410a9f-3d9e-4e02-ab8a-9ad909a615fd"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--37c34196-5c4b-4c1a-9292-c230732adb96",
2023-04-21 14:44:17 +00:00
"created": "2018-07-31T19:00:23.000Z",
"modified": "2018-07-31T19:00:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--28ff01c4-0217-4836-a385-3e490837c712",
"target_ref": "x-misp-object--dbc74363-ad91-41ec-9380-a91ae88b02e0"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--2902ec59-815b-4721-ab7d-d823372829d0",
2023-04-21 14:44:17 +00:00
"created": "2018-07-31T19:00:24.000Z",
"modified": "2018-07-31T19:00:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--341880ea-3069-4d12-bd1e-9e855ee3edb7",
"target_ref": "x-misp-object--97460a0b-9f53-4f2d-afa1-b3eccf30fd47"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--569a1ba1-4850-4894-839c-874fb05be92b",
2023-04-21 14:44:17 +00:00
"created": "2018-08-02T12:38:39.000Z",
"modified": "2018-08-02T12:38:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f2b65487-b330-43d5-b152-9d8e7ab9fa86",
"target_ref": "x-misp-object--081c7113-f184-47ac-bcc8-85e42c98a503"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--bf282684-c932-401b-a58c-7d3ef486da5c",
2023-04-21 14:44:17 +00:00
"created": "2018-08-02T12:38:39.000Z",
"modified": "2018-08-02T12:38:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--22279826-2833-439c-831b-2d754ad300e5",
"target_ref": "x-misp-object--c45609ff-9cc7-4d9c-8647-8b500b1b3379"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--35f5bd63-ed5e-47d6-9166-9ca270b8faad",
2023-04-21 14:44:17 +00:00
"created": "2018-08-02T12:38:39.000Z",
"modified": "2018-08-02T12:38:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--db3fbbf0-53b2-43de-8b00-e1950b22026b",
"target_ref": "x-misp-object--08289608-6e5c-4d58-8899-6e53368135e8"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f595feda-b115-4128-922d-44cdf0119275",
2023-04-21 14:44:17 +00:00
"created": "2018-08-02T12:38:39.000Z",
"modified": "2018-08-02T12:38:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--13d8c40b-9f39-424e-b9fa-369a41b15415",
"target_ref": "x-misp-object--74e8e845-1d59-4a37-8932-1132e84831e4"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}