adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b671098-3024-42db-b972-42ae02de0b81.json

1700 lines
74 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b671098-3024-42db-b972-42ae02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T16:16:48.000Z",
"modified": "2018-08-05T16:16:48.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b671098-3024-42db-b972-42ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T16:16:48.000Z",
"modified": "2018-08-05T16:16:48.000Z",
"name": "OSINT - Off-the-shelf RATs Targeting Pakistan",
"published": "2018-08-05T16:16:53Z",
"object_refs": [
"indicator--5b671120-d7a8-4a19-acac-479e02de0b81",
"indicator--5b671165-fb38-48bb-95ce-4ecc02de0b81",
"indicator--5b671166-8a94-4c41-9759-418c02de0b81",
"indicator--5b671166-3b9c-4460-847c-453302de0b81",
"indicator--5b671167-d4cc-4140-9529-412802de0b81",
"indicator--5b671167-47cc-468c-84a0-4db902de0b81",
"indicator--5b671168-5b54-430a-b339-4e7302de0b81",
"indicator--5b671168-17d4-42da-b68f-452f02de0b81",
"indicator--5b671169-a128-4fdd-847b-413f02de0b81",
"indicator--5b671169-3998-4ac4-80c0-415102de0b81",
"indicator--5b67116a-6acc-48aa-b6b1-4fc202de0b81",
"indicator--5b67116a-8108-42d2-8b83-430a02de0b81",
"indicator--5b67116b-98b4-4179-8ca5-48bc02de0b81",
"indicator--5b67116b-fef4-446c-ac17-410302de0b81",
"indicator--5b67116c-e530-4499-a463-462002de0b81",
"indicator--5b6711d4-8a28-4851-9d08-42a902de0b81",
"indicator--5b671207-b040-414e-9ece-44e702de0b81",
"indicator--5b671208-791c-42c5-971f-47d702de0b81",
"indicator--5b671208-419c-4af5-8327-4ea302de0b81",
"indicator--5b671209-d958-4ec5-ba1d-4ac902de0b81",
"indicator--5b671209-2cb8-4150-841b-4c2d02de0b81",
"indicator--5b67120a-18e0-43fd-ad6a-40c602de0b81",
"indicator--5b67120a-9410-441b-8044-420d02de0b81",
"indicator--5b67120b-9798-46ce-9573-405e02de0b81",
"indicator--5b67120b-8f84-4e53-8f59-4e3102de0b81",
"observed-data--5b67129d-2b54-4e4c-8041-4fd002de0b81",
"url--5b67129d-2b54-4e4c-8041-4fd002de0b81",
"observed-data--5b67129d-7880-4d91-8327-4aea02de0b81",
"url--5b67129d-7880-4d91-8327-4aea02de0b81",
"observed-data--5b67129d-313c-471d-ae49-4d3302de0b81",
"url--5b67129d-313c-471d-ae49-4d3302de0b81",
"x-misp-attribute--5b6712cc-2788-47c0-a58f-4e3102de0b81",
"x-misp-attribute--5b6712cc-2528-4489-89bb-4b2c02de0b81",
"x-misp-attribute--5b6712cc-c314-44aa-90d1-4d3502de0b81",
"x-misp-attribute--5b6712cc-654c-4ae2-9301-429b02de0b81",
"x-misp-attribute--5b6712cc-197c-477c-9b95-4fb602de0b81",
"x-misp-attribute--5b6712cc-cc80-4b5b-8f2a-4c1e02de0b81",
"x-misp-attribute--5b6712cc-9a78-41bb-8d9d-479402de0b81",
"x-misp-attribute--5b6712cc-4bec-43bd-9015-477a02de0b81",
"observed-data--5b671300-43f4-46cf-809f-4be202de0b81",
"url--5b671300-43f4-46cf-809f-4be202de0b81",
"x-misp-attribute--5b671328-93d8-4cbf-bdf5-421702de0b81",
"indicator--9cce2fcc-4464-411e-9110-154917ff6bc5",
"x-misp-object--31bb0167-40ca-41eb-a417-9f8b3576ce5f",
"indicator--cc9b6626-45ea-4ead-acf8-d36c1c177a66",
"x-misp-object--7408bb22-5f1b-47d2-acd9-a01582835166",
"indicator--67cc0e21-fb7b-43cc-90f4-271daa7a9568",
"x-misp-object--19a292d2-047b-4dac-afae-09753f498dde",
"indicator--aaee8c31-e7f3-48c2-9110-f3d1c262d886",
"x-misp-object--571a9d80-2124-46f6-bce7-f3db505b4eb1",
"indicator--339b2d38-8ed0-4de6-8139-d52bb2e6d46e",
"x-misp-object--c701290b-dea4-4ac3-8912-6dc78e89c279",
"indicator--1f18b9c7-fd52-4946-aa17-6d866bbe492a",
"x-misp-object--05308a13-616d-4518-96e6-6a879c797d45",
"indicator--fa7ddde5-5384-4723-bb39-00e95638691d",
"x-misp-object--aebfb468-c063-40be-94e1-63716a123348",
"indicator--e73e6cf3-61ba-4b28-b57e-b0e126141bf1",
"x-misp-object--6c2d9377-1c97-42c0-97a0-9f9e4878f812",
"indicator--2cb966ab-da1e-48a0-a09a-2b9a1f142a33",
"x-misp-object--ce0481e6-1fdc-4a29-be69-4d032f657aa2",
"indicator--b3a2372f-d21e-4ccb-a23b-ffc763c1c41e",
"x-misp-object--2c9ddf5d-caf3-44b3-aa26-a48dcf1158d1",
"indicator--b7f9bf64-db5e-49ed-9103-bde68b528cc3",
"x-misp-object--0dd1d615-e935-4eec-b381-6883de074d83",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"relationship--d487b978-a413-4d20-bb4f-ec7d6a4e359f",
"relationship--227976fd-0b20-4487-8376-0ae74300c45a",
"relationship--c7cf9294-a309-4aa6-ab54-4a99d65c8cf2",
"relationship--46dfea9c-d52f-426d-8c08-ba6cedf95d42",
"relationship--b723cef1-8dc7-4d38-9a27-83a566df3609",
"relationship--c90e96ba-ff23-4d20-ad9d-ce94746045a5",
"relationship--f16b6308-d3f9-47bd-b14d-a28a24582f46",
"relationship--4e5117be-3fa4-40b5-ab7f-32f1a637292e",
"relationship--ed29f139-bc65-4c0a-881d-85f64d6a937b",
"relationship--67001122-c3c5-4c1b-be21-05a30653c54a",
"relationship--656963a3-dcca-4c77-9fcb-90298e46791e"
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"",
"misp-galaxy:rat=\"Netwire\"",
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671120-d7a8-4a19-acac-479e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:00:48.000Z",
"modified": "2018-08-05T15:00:48.000Z",
"pattern": "[domain-name:value = '0x0.ignorelist.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671165-fb38-48bb-95ce-4ecc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:01:57.000Z",
"modified": "2018-08-05T15:01:57.000Z",
"pattern": "[file:hashes.SHA256 = '027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671166-8a94-4c41-9759-418c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:01:58.000Z",
"modified": "2018-08-05T15:01:58.000Z",
"pattern": "[file:hashes.SHA256 = '81e518e094d597965f578f6f42c22c363450e8fb8d33c0a9568254ca048c15e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671166-3b9c-4460-847c-453302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:01:58.000Z",
"modified": "2018-08-05T15:01:58.000Z",
"pattern": "[file:hashes.SHA256 = '096012a5a9cf483fe0bdcd5a1030cc4d85b8e5296609fdc3632f2337a897a394']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671167-d4cc-4140-9529-412802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:01:59.000Z",
"modified": "2018-08-05T15:01:59.000Z",
"pattern": "[file:hashes.SHA256 = '291ca9e4aa9db88635a89cb58f8dbf49e60abddbbcec1c4a611ef4192bfc6d24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:01:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671167-47cc-468c-84a0-4db902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:01:59.000Z",
"modified": "2018-08-05T15:01:59.000Z",
"pattern": "[file:hashes.SHA256 = '2be03e829856ad2ff772ba1f5074d4eafbf3ecab8d97794d1cc6589e043e3a28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:01:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671168-5b54-430a-b339-4e7302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:00.000Z",
"modified": "2018-08-05T15:02:00.000Z",
"pattern": "[file:hashes.SHA256 = '2e219fc95d7b44d8b0e748628e559a9ec79a068b90fe162b192daa8cf8d6f3ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671168-17d4-42da-b68f-452f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:00.000Z",
"modified": "2018-08-05T15:02:00.000Z",
"pattern": "[file:hashes.SHA256 = '40e9287ff8828fb0e6baedcff873e8e35520c6227200f1c84b63446f07a59289']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671169-a128-4fdd-847b-413f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:01.000Z",
"modified": "2018-08-05T15:02:01.000Z",
"pattern": "[file:hashes.SHA256 = '48463e268acb50ffbcb27eaff46f757486a985ffc2d10f35ae1b9422660a20d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671169-3998-4ac4-80c0-415102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:01.000Z",
"modified": "2018-08-05T15:02:01.000Z",
"pattern": "[file:hashes.SHA256 = '4ba13add1aa8ae3fffcb83f9b0990a6cd8b8912fc0e26811d0211f72aaaa7c79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67116a-6acc-48aa-b6b1-4fc202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:02.000Z",
"modified": "2018-08-05T15:02:02.000Z",
"pattern": "[file:hashes.SHA256 = '82ce7dffef284571ca21eb240869148b7f3583d9cb95ebdc42c77536dccc9060']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67116a-8108-42d2-8b83-430a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:02.000Z",
"modified": "2018-08-05T15:02:02.000Z",
"pattern": "[file:hashes.SHA256 = '855ad4dcb9c5502d6ef73528704046cacf006770fd4af23259cb33e7577cd205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67116b-98b4-4179-8ca5-48bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:03.000Z",
"modified": "2018-08-05T15:02:03.000Z",
"pattern": "[file:hashes.SHA256 = 'f110283c4e459cc20e908267d88edba26e2135bcb7d7335cabbed1a128edeb86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67116b-fef4-446c-ac17-410302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:03.000Z",
"modified": "2018-08-05T15:02:03.000Z",
"pattern": "[file:hashes.SHA256 = 'a70cacc8bfffc4a67171122fc424ed95fc3f89bc592d7489aacc666e5834f571']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67116c-e530-4499-a463-462002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:02:04.000Z",
"modified": "2018-08-05T15:02:04.000Z",
"pattern": "[file:hashes.SHA256 = 'a8fa4c806d97e59db0c42b574558a68942eadfe56286a66d90a8f6248a34cf43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6711d4-8a28-4851-9d08-42a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:03:48.000Z",
"modified": "2018-08-05T15:03:48.000Z",
"pattern": "[{\r\n\r\n meta:\r\n\r\n description = \"Pakistani Atomic Energy Commission Spearphishing dropped DLL\"\r\n\r\n author = \"Jose M Martin\"\r\n\r\n date = \"2018/07/10\"\r\n\r\n hash = \"027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb\"\r\n\r\n strings:\r\n\r\n $s1 = \"ExploitTagMenuState start\" fullword ascii\r\n\r\n $s2 = \"ExploitTagMenuState end\" fullword ascii\r\n\r\n $s3 = \"DonorThread start\" fullword ascii\r\n\r\n $s4 = \"EscalateThread start\" fullword ascii\r\n\r\n $s5 = \"EscalatePrivilegesOld start\" fullword ascii\r\n\r\n $s6 = \"EscalatePrivilegesWow\" fullword ascii\r\n\r\n condition:\r\n\r\nuint16(0) == 0x5A4D and filesize < 30KB and (any of them)\r\n\r\n}]",
"pattern_type": "yara",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2018-08-05T15:03:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671207-b040-414e-9ece-44e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:39.000Z",
"modified": "2018-08-05T15:04:39.000Z",
"pattern": "[url:value = 'http://careers.fwo.com.pk/css/microsoftdm.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671208-791c-42c5-971f-47d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:40.000Z",
"modified": "2018-08-05T15:04:40.000Z",
"pattern": "[url:value = 'http://careers.fwo.com.pk/css/printer.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671208-419c-4af5-8327-4ea302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:40.000Z",
"modified": "2018-08-05T15:04:40.000Z",
"pattern": "[url:value = 'http://sandipuniversity.edu.in/list/87_Copy.docx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671209-d958-4ec5-ba1d-4ac902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:41.000Z",
"modified": "2018-08-05T15:04:41.000Z",
"pattern": "[url:value = 'http://www.serrurier-secours.be/./China-Pakistan-Internet-Security-LAW_2017.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b671209-2cb8-4150-841b-4c2d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:41.000Z",
"modified": "2018-08-05T15:04:41.000Z",
"pattern": "[url:value = 'http://www.serrurier-secours.be/./PAF\\\\%e2\\\\%80\\\\%99s\\\\%20first\\\\%20multinational\\\\%20air\\\\%20exercise\\\\%20ACES\\\\%20Meet\\\\%202017\\\\%20concludes\\\\%20in\\\\%20Pakistan.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67120a-18e0-43fd-ad6a-40c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:42.000Z",
"modified": "2018-08-05T15:04:42.000Z",
"pattern": "[url:value = 'https://www.serrurier-secours.be/./Fazaia_Housing_Scheme_Notice_Inviting_Tenders.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67120a-9410-441b-8044-420d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:42.000Z",
"modified": "2018-08-05T15:04:42.000Z",
"pattern": "[url:value = 'https://www.serrurier-secours.be/./Hajj\\\\%20Policy\\\\%20and\\\\%20Plan\\\\%202017.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67120b-9798-46ce-9573-405e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:43.000Z",
"modified": "2018-08-05T15:04:43.000Z",
"pattern": "[url:value = 'https://www.serrurier-secours.be/./Pakistan\\\\%20Air\\\\%20Force\\\\%20Jet\\\\%20Crashes\\\\%20During\\\\%20Routine\\\\%20Operation.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b67120b-8f84-4e53-8f59-4e3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:04:43.000Z",
"modified": "2018-08-05T15:04:43.000Z",
"pattern": "[url:value = 'https://www.serrurier-secours.be/./Sales\\\\%20-\\\\%20Tax\\\\%20&amp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:04:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b67129d-2b54-4e4c-8041-4fd002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:09.000Z",
"modified": "2018-08-05T15:07:09.000Z",
"first_observed": "2018-08-05T15:07:09Z",
"last_observed": "2018-08-05T15:07:09Z",
"number_observed": 1,
"object_refs": [
"url--5b67129d-2b54-4e4c-8041-4fd002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b67129d-2b54-4e4c-8041-4fd002de0b81",
"value": "https://twitter.com/securitydoggo/status/926144466674647041"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b67129d-7880-4d91-8327-4aea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:09.000Z",
"modified": "2018-08-05T15:07:09.000Z",
"first_observed": "2018-08-05T15:07:09Z",
"last_observed": "2018-08-05T15:07:09Z",
"number_observed": 1,
"object_refs": [
"url--5b67129d-7880-4d91-8327-4aea02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b67129d-7880-4d91-8327-4aea02de0b81",
"value": "https://twitter.com/avman1995/status/905694140788219904"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b67129d-313c-471d-ae49-4d3302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:09.000Z",
"modified": "2018-08-05T15:07:09.000Z",
"first_observed": "2018-08-05T15:07:09Z",
"last_observed": "2018-08-05T15:07:09Z",
"number_observed": 1,
"object_refs": [
"url--5b67129d-313c-471d-ae49-4d3302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b67129d-313c-471d-ae49-4d3302de0b81",
"value": "https://twitter.com/ImPureMotion/status/906216798986670080"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-2788-47c0-a58f-4e3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ETPRO TROJAN NetWireRAT Keep-Alive"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-2528-4489-89bb-4b2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ETPRO TROJAN NetWire Variant"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-c314-44aa-90d1-4d3502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ETPRO TROJAN Netwire RAT Check-in"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-654c-4ae2-9301-429b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ETPRO TROJAN Fareit/Pony Downloader CnC response"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-197c-477c-9b95-4fb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ETPRO TROJAN Fareit/Pony Variant CnC Beacon"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-cc80-4b5b-8f2a-4c1e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ETPRO TROJAN MSIL/Revenge-RAT CnC Checkin"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-9a78-41bb-8d9d-479402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ET POLICY PE EXE or DLL Windows file download HTTP"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b6712cc-4bec-43bd-9015-477a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:07:56.000Z",
"modified": "2018-08-05T15:07:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b671300-43f4-46cf-809f-4be202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:08:48.000Z",
"modified": "2018-08-05T15:08:48.000Z",
"first_observed": "2018-08-05T15:08:48Z",
"last_observed": "2018-08-05T15:08:48Z",
"number_observed": 1,
"object_refs": [
"url--5b671300-43f4-46cf-809f-4be202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b671300-43f4-46cf-809f-4be202de0b81",
"value": "https://www.alienvault.com/blogs/labs-research/off-the-shelf-rats-targeting-pakistan"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b671328-93d8-4cbf-bdf5-421702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:09:28.000Z",
"modified": "2018-08-05T15:09:28.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "We\u00e2\u20ac\u2122ve identified a number of spear phishing campaigns with Pakistani themed documents, likely targeting the region. These spear phishing emails use a mix of different openly available malware and document exploits for delivery. These are served from the compromised domains www.serrurier-secours[.]be and careers.fwo.com[.]pk (a part of the Pakistani army). There are some clear trends in the themes of the decoy documents the attackers chose to include with file names such as:"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9cce2fcc-4464-411e-9110-154917ff6bc5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:19.000Z",
"modified": "2018-08-05T15:10:19.000Z",
"pattern": "[file:hashes.MD5 = '6f454d39f02bc3e75e904a0f2f5edb89' AND file:hashes.SHA1 = 'd83c7410c9140710f60d35af4402964c0e697a9f' AND file:hashes.SHA256 = '48463e268acb50ffbcb27eaff46f757486a985ffc2d10f35ae1b9422660a20d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--31bb0167-40ca-41eb-a417-9f8b3576ce5f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:18.000Z",
"modified": "2018-08-05T15:10:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:29:14",
"category": "Other",
"uuid": "de23891a-63aa-4cb2-9717-1091ccfe2487"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/48463e268acb50ffbcb27eaff46f757486a985ffc2d10f35ae1b9422660a20d2/analysis/1533364154/",
"category": "External analysis",
"uuid": "d04ad598-b232-4961-a8dc-acee2c12dd7c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/68",
"category": "Other",
"uuid": "f52f931b-98f0-424b-a03c-79a8f59f6c0d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cc9b6626-45ea-4ead-acf8-d36c1c177a66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:22.000Z",
"modified": "2018-08-05T15:10:22.000Z",
"pattern": "[file:hashes.MD5 = '0edd591ba9fc1c8a4d133eae5e1414b0' AND file:hashes.SHA1 = '5f251e6bd7faf337880555c9410bf885964951ca' AND file:hashes.SHA256 = '2e219fc95d7b44d8b0e748628e559a9ec79a068b90fe162b192daa8cf8d6f3ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7408bb22-5f1b-47d2-acd9-a01582835166",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:20.000Z",
"modified": "2018-08-05T15:10:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:29:17",
"category": "Other",
"uuid": "1aa628eb-2631-4ecb-9479-f6b65299442e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2e219fc95d7b44d8b0e748628e559a9ec79a068b90fe162b192daa8cf8d6f3ee/analysis/1533364157/",
"category": "External analysis",
"uuid": "83882a76-f7d1-4121-9111-95c274bcee7c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/60",
"category": "Other",
"uuid": "c365f82b-6c73-4d8a-b1cc-60426b19528b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67cc0e21-fb7b-43cc-90f4-271daa7a9568",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:24.000Z",
"modified": "2018-08-05T15:10:24.000Z",
"pattern": "[file:hashes.MD5 = '58e3de0352abeacb25e65657e6cb3d1a' AND file:hashes.SHA1 = 'c8c547e8565fafdd7f76974d2533e2282a1bf52a' AND file:hashes.SHA256 = 'a8fa4c806d97e59db0c42b574558a68942eadfe56286a66d90a8f6248a34cf43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--19a292d2-047b-4dac-afae-09753f498dde",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:23.000Z",
"modified": "2018-08-05T15:10:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:29:07",
"category": "Other",
"uuid": "de27edf7-b783-4c0c-ab07-6f7bffcde04d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a8fa4c806d97e59db0c42b574558a68942eadfe56286a66d90a8f6248a34cf43/analysis/1533364147/",
"category": "External analysis",
"uuid": "93659a93-29cf-4527-a290-d7dadf220d5a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/60",
"category": "Other",
"uuid": "b4dfd2be-b2f9-4ef1-9fec-2bfebd534efc"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aaee8c31-e7f3-48c2-9110-f3d1c262d886",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:27.000Z",
"modified": "2018-08-05T15:10:27.000Z",
"pattern": "[file:hashes.MD5 = '5ea2ac12ff2ea7672a1b1d088a9056ef' AND file:hashes.SHA1 = 'b023d97223473b425623408191d09500b3c59cdf' AND file:hashes.SHA256 = '291ca9e4aa9db88635a89cb58f8dbf49e60abddbbcec1c4a611ef4192bfc6d24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--571a9d80-2124-46f6-bce7-f3db505b4eb1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:25.000Z",
"modified": "2018-08-05T15:10:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:29:20",
"category": "Other",
"uuid": "9e719b2b-675a-4313-9669-ed3de6620236"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/291ca9e4aa9db88635a89cb58f8dbf49e60abddbbcec1c4a611ef4192bfc6d24/analysis/1533364160/",
"category": "External analysis",
"uuid": "c2d9e2cb-213a-41f4-8597-71e4c699c719"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/68",
"category": "Other",
"uuid": "1734cf52-3313-4f1c-a4b5-dfe242a8e92e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--339b2d38-8ed0-4de6-8139-d52bb2e6d46e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:29.000Z",
"modified": "2018-08-05T15:10:29.000Z",
"pattern": "[file:hashes.MD5 = '6f3beaca4f864a15ac5eb70391a5e9e3' AND file:hashes.SHA1 = '0b449c49ab8f06f4334a08fa1803b4e727101ed6' AND file:hashes.SHA256 = '81e518e094d597965f578f6f42c22c363450e8fb8d33c0a9568254ca048c15e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c701290b-dea4-4ac3-8912-6dc78e89c279",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:28.000Z",
"modified": "2018-08-05T15:10:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-03T19:30:55",
"category": "Other",
"uuid": "83c238ab-019c-4cc8-9548-f2ac0c1974a5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/81e518e094d597965f578f6f42c22c363450e8fb8d33c0a9568254ca048c15e6/analysis/1533324655/",
"category": "External analysis",
"uuid": "599de03a-9c7b-4ab6-a5db-f8fa990c537d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "20/59",
"category": "Other",
"uuid": "dddfc72c-8ac2-4892-ac99-581b66265fa7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f18b9c7-fd52-4946-aa17-6d866bbe492a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:32.000Z",
"modified": "2018-08-05T15:10:32.000Z",
"pattern": "[file:hashes.MD5 = '987cda2d7593cb61f1432d7955eb2cfd' AND file:hashes.SHA1 = '54191c5052111bd7a8cfa06f4333c4dd99eeb366' AND file:hashes.SHA256 = '40e9287ff8828fb0e6baedcff873e8e35520c6227200f1c84b63446f07a59289']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--05308a13-616d-4518-96e6-6a879c797d45",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:30.000Z",
"modified": "2018-08-05T15:10:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:29:16",
"category": "Other",
"uuid": "967d117a-9ac8-4151-9a93-2a53b81aa8f4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/40e9287ff8828fb0e6baedcff873e8e35520c6227200f1c84b63446f07a59289/analysis/1533364156/",
"category": "External analysis",
"uuid": "fc6e0948-906d-425a-9129-d0c7596a0f4b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/58",
"category": "Other",
"uuid": "6a0d257b-92a9-4225-aef4-e79dda7818e2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fa7ddde5-5384-4723-bb39-00e95638691d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:34.000Z",
"modified": "2018-08-05T15:10:34.000Z",
"pattern": "[file:hashes.MD5 = '8975f12194624aaffb37a4e9f615b790' AND file:hashes.SHA1 = 'fa6c44ddae42a281752822ad8b868af248fff66f' AND file:hashes.SHA256 = '2be03e829856ad2ff772ba1f5074d4eafbf3ecab8d97794d1cc6589e043e3a28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aebfb468-c063-40be-94e1-63716a123348",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:33.000Z",
"modified": "2018-08-05T15:10:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-03T19:32:41",
"category": "Other",
"uuid": "85bb26b6-1b5a-42f6-bbae-734217d9ac10"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2be03e829856ad2ff772ba1f5074d4eafbf3ecab8d97794d1cc6589e043e3a28/analysis/1533324761/",
"category": "External analysis",
"uuid": "928f79fa-b21f-4384-8679-57691c448800"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/60",
"category": "Other",
"uuid": "bcbccb66-35e0-4874-b080-abd254de9bc8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e73e6cf3-61ba-4b28-b57e-b0e126141bf1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:37.000Z",
"modified": "2018-08-05T15:10:37.000Z",
"pattern": "[file:hashes.MD5 = 'cf63638a2cfce962e228a06413dba33f' AND file:hashes.SHA1 = 'c344bcbee4c2ba94597c9a04c7b4aaa25e5e9a68' AND file:hashes.SHA256 = '82ce7dffef284571ca21eb240869148b7f3583d9cb95ebdc42c77536dccc9060']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6c2d9377-1c97-42c0-97a0-9f9e4878f812",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:35.000Z",
"modified": "2018-08-05T15:10:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:29:11",
"category": "Other",
"uuid": "426b267a-29bc-4703-b719-4017b405d634"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/82ce7dffef284571ca21eb240869148b7f3583d9cb95ebdc42c77536dccc9060/analysis/1533364151/",
"category": "External analysis",
"uuid": "cb864217-7090-4af8-b5a3-53bfc5b57a39"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/60",
"category": "Other",
"uuid": "5ae31f9e-ba26-4224-b486-cc2e2ea01c5e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2cb966ab-da1e-48a0-a09a-2b9a1f142a33",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:39.000Z",
"modified": "2018-08-05T15:10:39.000Z",
"pattern": "[file:hashes.MD5 = '8d536b85d05b8220e0e01f787db9a90c' AND file:hashes.SHA1 = '481d88db215bf9ed480e2749409987987a451605' AND file:hashes.SHA256 = 'a70cacc8bfffc4a67171122fc424ed95fc3f89bc592d7489aacc666e5834f571']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ce0481e6-1fdc-4a29-be69-4d032f657aa2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:37.000Z",
"modified": "2018-08-05T15:10:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:29:08",
"category": "Other",
"uuid": "09ee5d35-4432-458c-8c5b-bdc7b7af027b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a70cacc8bfffc4a67171122fc424ed95fc3f89bc592d7489aacc666e5834f571/analysis/1533364148/",
"category": "External analysis",
"uuid": "b95c2d5b-8896-4564-ac0a-f2b4fe4487e9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/68",
"category": "Other",
"uuid": "8d38ee24-68ca-4979-a8b4-ed7738da6ae0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b3a2372f-d21e-4ccb-a23b-ffc763c1c41e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:41.000Z",
"modified": "2018-08-05T15:10:41.000Z",
"pattern": "[file:hashes.MD5 = '44551844584d5f4371d945afccf26a81' AND file:hashes.SHA1 = '7f631934c3a1bf28d539964b99e92749e84c3e60' AND file:hashes.SHA256 = '027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2c9ddf5d-caf3-44b3-aa26-a48dcf1158d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:40.000Z",
"modified": "2018-08-05T15:10:40.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-04T06:31:51",
"category": "Other",
"uuid": "3750271b-5952-480a-83c9-a831e3837643"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/027e4c6c51e315f0e49f3644af08479303a747ed55ecba5aa0ae75c27cd6efeb/analysis/1533364311/",
"category": "External analysis",
"uuid": "a4e4caec-63dc-47f9-8bfe-eca7f0202865"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/59",
"category": "Other",
"uuid": "35a6ed8e-b2a5-4d35-ab9c-84f93d4e0e96"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b7f9bf64-db5e-49ed-9103-bde68b528cc3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"pattern": "[file:hashes.MD5 = '856d79a39ca67e61ec9a34e103b0e4ce' AND file:hashes.SHA1 = 'b0c82d9ddc1b51cfb84797d593b38e3cc638b642' AND file:hashes.SHA256 = '096012a5a9cf483fe0bdcd5a1030cc4d85b8e5296609fdc3632f2337a897a394']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-05T15:10:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0dd1d615-e935-4eec-b381-6883de074d83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-05T15:10:43.000Z",
"modified": "2018-08-05T15:10:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-03T19:31:47",
"category": "Other",
"uuid": "53ec942e-db04-4a13-8365-c385fe833985"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/096012a5a9cf483fe0bdcd5a1030cc4d85b8e5296609fdc3632f2337a897a394/analysis/1533324707/",
"category": "External analysis",
"uuid": "98802cca-95aa-468e-b297-ca964e469db8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/60",
"category": "Other",
"uuid": "c7c47210-68e7-4530-9dc5-626620300989"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--d487b978-a413-4d20-bb4f-ec7d6a4e359f",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9cce2fcc-4464-411e-9110-154917ff6bc5",
"target_ref": "x-misp-object--31bb0167-40ca-41eb-a417-9f8b3576ce5f"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--227976fd-0b20-4487-8376-0ae74300c45a",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cc9b6626-45ea-4ead-acf8-d36c1c177a66",
"target_ref": "x-misp-object--7408bb22-5f1b-47d2-acd9-a01582835166"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--c7cf9294-a309-4aa6-ab54-4a99d65c8cf2",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--67cc0e21-fb7b-43cc-90f4-271daa7a9568",
"target_ref": "x-misp-object--19a292d2-047b-4dac-afae-09753f498dde"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--46dfea9c-d52f-426d-8c08-ba6cedf95d42",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--aaee8c31-e7f3-48c2-9110-f3d1c262d886",
"target_ref": "x-misp-object--571a9d80-2124-46f6-bce7-f3db505b4eb1"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--b723cef1-8dc7-4d38-9a27-83a566df3609",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--339b2d38-8ed0-4de6-8139-d52bb2e6d46e",
"target_ref": "x-misp-object--c701290b-dea4-4ac3-8912-6dc78e89c279"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--c90e96ba-ff23-4d20-ad9d-ce94746045a5",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1f18b9c7-fd52-4946-aa17-6d866bbe492a",
"target_ref": "x-misp-object--05308a13-616d-4518-96e6-6a879c797d45"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--f16b6308-d3f9-47bd-b14d-a28a24582f46",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fa7ddde5-5384-4723-bb39-00e95638691d",
"target_ref": "x-misp-object--aebfb468-c063-40be-94e1-63716a123348"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--4e5117be-3fa4-40b5-ab7f-32f1a637292e",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e73e6cf3-61ba-4b28-b57e-b0e126141bf1",
"target_ref": "x-misp-object--6c2d9377-1c97-42c0-97a0-9f9e4878f812"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--ed29f139-bc65-4c0a-881d-85f64d6a937b",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2cb966ab-da1e-48a0-a09a-2b9a1f142a33",
"target_ref": "x-misp-object--ce0481e6-1fdc-4a29-be69-4d032f657aa2"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--67001122-c3c5-4c1b-be21-05a30653c54a",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b3a2372f-d21e-4ccb-a23b-ffc763c1c41e",
"target_ref": "x-misp-object--2c9ddf5d-caf3-44b3-aa26-a48dcf1158d1"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--656963a3-dcca-4c77-9fcb-90298e46791e",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-08-05T15:10:44.000Z",
"modified": "2018-08-05T15:10:44.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b7f9bf64-db5e-49ed-9103-bde68b528cc3",
"target_ref": "x-misp-object--0dd1d615-e935-4eec-b381-6883de074d83"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink