misp-circl-feed/feeds/circl/stix-2.1/5c125ad1-a1a8-495e-ae07-48bd950d210f.json

742 lines
328 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c125ad1-a1a8-495e-ae07-48bd950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:48:05.000Z",
"modified": "2018-12-13T20:48:05.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c125ad1-a1a8-495e-ae07-48bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:48:05.000Z",
"modified": "2018-12-13T20:48:05.000Z",
"name": "OSINT - \u00e2\u20ac\u02dcOperation Sharpshooter\u00e2\u20ac\u2122 Targets Global Defense, Critical Infrastructure",
"published": "2018-12-13T20:48:18Z",
"object_refs": [
"observed-data--5c125bbd-4cd4-483a-97d1-64d4950d210f",
"url--5c125bbd-4cd4-483a-97d1-64d4950d210f",
"x-misp-attribute--5c125bd9-6bc0-4b84-ba4d-46ef950d210f",
"observed-data--5c126156-a2b8-4a54-8f69-4194950d210f",
"file--5c126156-a2b8-4a54-8f69-4194950d210f",
"artifact--5c126156-a2b8-4a54-8f69-4194950d210f",
"indicator--5c126b18-c97c-4e7d-83cb-a888950d210f",
"indicator--5c126b19-e450-4088-8f8f-a888950d210f",
"indicator--5c126b19-142c-4031-9abe-a888950d210f",
"indicator--5c126d44-d118-499a-bd9e-4461950d210f",
"indicator--5c126d44-be2c-4844-8cba-4967950d210f",
"indicator--5c126d44-6b94-4c6d-8529-472d950d210f",
"indicator--5c126e65-7fac-4f8f-9baf-a990950d210f",
"indicator--5c126772-3754-43c8-b207-a987950d210f",
"indicator--5c12678c-09d8-44f1-9577-4e00950d210f",
"indicator--5c12679e-ce18-4784-b08d-4edb950d210f",
"indicator--5c1267af-ceb0-43dc-bc4e-abe5950d210f",
"indicator--5c1267c0-6b40-4204-8386-a9b9950d210f",
"indicator--01b4e240-92ee-4abd-9dc7-e651a9c56369",
"x-misp-object--4ac47589-4bd9-4247-95ce-5350273ed603",
"indicator--ed7d8444-7cfb-4c9a-a436-041beb725059",
"x-misp-object--53d6207d-b0b8-48d1-90c5-f9134729de63",
"indicator--cb7c776c-3e25-4929-b398-0ce77563fa7f",
"x-misp-object--32186bb1-e22d-4822-a776-a0950c0f79f8",
"indicator--c9ea439c-5d53-4ec3-92bf-c8117af4c85c",
"x-misp-object--bd24b025-5401-4279-8325-8152c67f94f8",
"indicator--a52369be-f657-4192-a4dc-bed0d0e14079",
"x-misp-object--953c11fd-3bc6-44ae-98de-8d091f84f732"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Account Discovery - T1087\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File and Directory Discovery - T1083\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Discovery - T1057\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Configuration Discovery - T1016\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Connections Discovery - T1049\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Time Discovery - T1124\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Exfiltration - T1020\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encrypted - T1022\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Injection - T1055\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"misp-galaxy:threat-actor=\"Operation Sharpshooter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c125bbd-4cd4-483a-97d1-64d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T13:16:45.000Z",
"modified": "2018-12-13T13:16:45.000Z",
"first_observed": "2018-12-13T13:16:45Z",
"last_observed": "2018-12-13T13:16:45Z",
"number_observed": 1,
"object_refs": [
"url--5c125bbd-4cd4-483a-97d1-64d4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c125bbd-4cd4-483a-97d1-64d4950d210f",
"value": "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c125bd9-6bc0-4b84-ba4d-46ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T13:17:13.000Z",
"modified": "2018-12-13T13:17:13.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee\u00c2\u00ae Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant\u00e2\u20ac\u201dwhich we call Rising Sun\u00e2\u20ac\u201dfor further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group\u00e2\u20ac\u2122s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.\r\n\r\nOperation Sharpshooter\u00e2\u20ac\u2122s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags. Our research focuses on how this actor operates, the global impact, and how to detect the attack. We shall leave attribution to the broader security community."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c126156-a2b8-4a54-8f69-4194950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T13:40:38.000Z",
"modified": "2018-12-13T13:40:38.000Z",
"first_observed": "2018-12-13T13:40:38Z",
"last_observed": "2018-12-13T13:40:38Z",
"number_observed": 1,
"object_refs": [
"file--5c126156-a2b8-4a54-8f69-4194950d210f",
"artifact--5c126156-a2b8-4a54-8f69-4194950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c126156-a2b8-4a54-8f69-4194950d210f",
"name": "20181210-Sharpshooter-1.png",
"content_ref": "artifact--5c126156-a2b8-4a54-8f69-4194950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5c126156-a2b8-4a54-8f69-4194950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABSwAAAM6CAYAAAH8sz3OAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7J0FfBw39sfNFDMzM9uxw5zYYWyYGdowc8Nl5jZJkzbpleHaf/nKvSv3rtdre2Vur70y073//LTRWjurXS97dy1/Pl/PrKTRaGY0b56enqQA7S9FY4RC4WWwf6RQeBmqYlrjiy++oI8//pjOOOMMSktLY2G7du2i+Ph4ti/+/fjjj/Tll1/SU089Ra+//jp98MEHdN9999G+ffvo+uuvp7Vr11JsbCwVFRXR3LlzTc6jMENVTGv85z//Ydu33nrLWBkDAwONlZTHJyUlsS3+rrvuOrb/7rvv0jvvvEOffPIJq8wHDhxgFfPVV1+lyspKlkZhEVUxFV6JqpgKr0RVTIVrGbXrLaoeuZtmzJghjbcRVTEVrqW4z2JKLRlAs2bNYo281NRUabp2UBVT4ZWoiqlwLXRGM10+Lo/uuusuaTznzDPPZNvMzEyzOA1VMRWupU9eNJWnRFBwcDD7nZGRwbaRkZEUFRVF6enpFBERQQkJCSwuLCzM5PgTqIqp8EpUxVS4lgceeIBWrFhBEydONAkfN24cPfvssyZhVlAVU+Fapk+fTj169KAhQ4Ywk9GECRPYdsyYMXTSSSdJj5Hg2xUzpaiByobMpPLBM2nW4ddpxlX/Yiy4/mMavfcuiomJoZSUFOrSpQvrNiwoKKDS0lJGVlYW6yKE7oNuRuTHt64iJixIGq5oF++vmIGBhoc777oPjWGj995J846/T3GZxVQ1fCGrjHEZhSwOrbyysjJjBbQVWyol8i0uLqbo6GhpvDN00Srxyl5pRKc1U1p0qDSNL0D/DKBrtwWweyqLtxHvqpjFfSdSxdD5lFbWzH7PPPQa22bV9KMplzxPRX1OotlXv87C0sq7GY/j5OTkMAcLOFzoK5413FHRRGrSImnX4Ez6cHOdNJ6TEBmivSAB9Nn2evpiRwN9v7sr/bqvSZrWWxnSFEC1hYZ9CAl8tUJDQ9lXC18o/qXSH6fDOypmfFYJk3oLbzB463AyKnuy7eA1B6nbrJ1apXyDQsKjKDGvgiq1Clw9colJepHy8nJpJdSDz7vseFfxn231FBdhMJ1wQoPbpHN4SCBtHZjBKqKMb3Y10qjyOFrRM41GVxg8nEBlaqRxn3PtZMNXww9wX8WMCrVNv+Kf6rpxKzQ98d9GPXH49ptYeFRiOk089wm2H5dRRDMPvmpMA8bsv8eYl572PumILykpkR5rC5BuKfHyOM6TSyto/9BskzBUuDtmF9OXOxtoYXMKfadVPn2FtJVf9jZRXnwY/bjHIF3FuA9OSOiCxHCT84scm1JI4ysTpHGOsOS2b6jPknOYbi+LtxHXVMzj2sX9pN0Y8aaIvLmykFWi6Vf+U/s8t1UsfKqx7b3oLJbPhLMepujkbAoOxY0MpJqRS9lnHGnGnfkQSzPjqpeN523ddIzFxaaZSz0YcfUVUQS6ov4YW8hICqB/X6tVyPpZdPKsKFp9y1B2jV9plQwVTEy7ZYDBuAwStc/0LTOKWNqrJuSzSjm8LI7+qlXc/wr3ylOgIr+8uprto+wDCtv9vNpE09QtVNB9JNXW1tLJJ58sTWMDzlfMnYMyaXJtotmFcwbM3MQqj7OgQvect9/k3Lxiz7nmHRYvxukrIoCEFNM4Aj2h5T1kM6Nk8HZWMUetqaNvTm2kkdonl+uEZckRmo5oXRJePCZXGt6RPLigjH7Qyv3L3q5m1+5BnK+Yr6wxvHUyZhx916yC2QsqHz7h2B+z7252zvisUuqjSVmeRl8mYGuF5J97KOiyeBH6RwBNGpZqrJgIQ8XkUhMgTLwHvgb//DvKtofG0LBVNXT22WdL423EsYq5TftEyS4Knye+L+qLjqCXgCC9ogeTjsibh5UOmm6ShiPql7J4eyjJ1irlIwZklRJ8qT1Q8V74AldPLGDbnzXpKIbrr98e8htTKKUglvWBFxYWUlxcHGVnZ9v04gs4LjH5Rdw0vZgeWlhuEjevazLNckJazr32HZP8RHgaXjnnHnvfLI2rCQ81VMoFI9oqZnSqqRQWH6y3gnYAKuEFo3OZmsHLfssMx/RtN+J4xbxjVjFtH9Sm3Ot5c32NSWWzF1megUHBNqd1Bphw0KDTh8M7hlfM/B4LjOHJycnSiuBtiNci0l68PVSNPp0yqsfSsGHDpPE2Yl/FrE4zt51ZAra7WScaJ46Cz7aYpywNENO4goTIYPpW18IGubm5FNbFMCKSA1UB4VAdxEpgD0u6p0vDXclc7SsmllsPT4d9mMH08baSWj6UYjOqmSNHt26GTpC//e1vZunaof2KmRlrf/fYxPOeoOz6gdJKZC9VIwxGdFmcSHbdALNyOMIf2icbW9gX0dLm4cUD1hilpXjeOde+a9RlgVgZ2kM8DmTm5rOt3h5pL/fNL6OUrDwtH7kJb12fdON1iSAuyIlK6UIc/5S3R/OMnSYP0Bnaa0gFh0idTZ2ipTjWaJfcvm2rsVKCxokbTM6PygSJifEt2EeF1lcGNAxzC4tpx+Bs+s/WOqbjZeXkGiulnsMnFdAPu00r1o8nfielZVJxqXUJzfNJzJCbpM4YnmN2za7g1nHxtLg2kpYtW0Z9+vRhY+tl6dppDLmvYrZuPk7Dtt9Erdtv1riFMfTE1pybaX2vJJOHbZGDrxjPkaa10rE19Aa1Gd5dxX3z2iRgXf0AVinLWrbS1EtfpLnHP6bmCeVUPniaSYUSeU0wpcnibaWsvJxKtIooi+MU5aRTdkGxNK5Ue2lmNpmqC/do1/abG/rhG1JDKT8umPWT19XVMTUH3cM8HuXhwyny8/MpKEjaQ+i+ionGkXgj7OHnPY3mFVJj+pUv05FJhVpFbKucIDw6nsYeuNckzBWIZTrtnPOZ8wFMH7i56C1BOCQXfkNi4iHwyoA+eNF8BhAORxOexhaQD4YgYD8vL88s3hFQFvT84BrR0NNftxfgvoopPhBHeGZRvrFC9l55kEbP38IeNCptUHAIzdV0O9l5XQn6uXl5ktPS2UNFBUQc3npUsoqKCuMDh90OcUhzqa5Xh6sFSB8SEsK8bAA/1hJiZQfog0b+YpgIulp5RZaRm26wILy1oZaVJzQ6kW1dxerVq2nQoEE0ePBgaTzn5ZetfuHcUzHFB+Ios65+nZrWXGcidWTncjVXrAugQxsD6OrNAfThpnp2fjEeDxdb+G/iEyV6MYnpOPi8fn1qW/nx6UJaSF6xgmGQFt9HBcdnDhNwWapkOFZ/fiC+KDLwQh2bbOpbUDrnIkrqOtYkzFGgV+I869evpy1bthjnfOK0trayLZ9Y7NdffzWJP4H3VkyRqXWufautgZuKyskR47KyDQ0GfF4hyViYJvUwSRZsmZBm2CIPLlmRDiMCeUVEGD7JqHRIJ0pEribwSsobU86CSo4temGwRRlEItP9yMBuCegussrlKLJzuJOysraKefla0zjRy527y/HKBkdYsTLoGVQYTcdGtnnw6ONR2UUJqpeEjsIbGhyubuhJaZ4gDbeXG3YF0PwRAXThhRey38eOHTNLYwOur5iLml3XC/L+JuccChwBfbyolEe3mIbDvAFJxvfFOIBKi88WdDxUCFQyAIkISdoztwsdHhZL142KY+lvHRvHfl/eEmOsREiPCo889J96Z4B0RkXnZUUY3weZAxdT6dyLTcIcpWup9kXJaBtPjnvG7xfUjCVLLDt3C3j3p/zgBPd6l1sCFQKSRv+A9Q9UBJ9rvo9PNbb6Y1ERZTTnGj6xelAOjAFCpZfF2wMvG0C+2IZ0SaDSeZdSaveJFJ5o6szcwbinYoL2fBGtIfa4eBrZQxWxZygG0ouf5FMaIqUVszpbqyAn0gCua/5jRSWt65NGXWJiTeIdxax8cy8xC3OWylOOU3r/uTRggOWeOD7RrRXcVzFTo0NZJcPAqi+17f/NKTGrgJaQ5ecJ8MmVPVCO+GnlUodXvA821dBzyyv
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126b18-c97c-4e7d-83cb-a888950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:22:16.000Z",
"modified": "2018-12-13T14:22:16.000Z",
"description": "Control servers",
"pattern": "[url:value = '34.214.99.20/view_style.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:22:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126b19-e450-4088-8f8f-a888950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:22:17.000Z",
"modified": "2018-12-13T14:22:17.000Z",
"description": "Control servers",
"pattern": "[url:value = '137.74.41.56/board.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:22:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126b19-142c-4031-9abe-a888950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:22:17.000Z",
"modified": "2018-12-13T14:22:17.000Z",
"description": "Control servers",
"pattern": "[url:value = 'kingkoil.com.sg/board.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:22:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126d44-d118-499a-bd9e-4461950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:31:32.000Z",
"modified": "2018-12-13T14:31:32.000Z",
"description": "Document URLs",
"pattern": "[url:value = 'http://208.117.44.112/document/Strategic Planning Manager.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:31:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126d44-be2c-4844-8cba-4967950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:31:32.000Z",
"modified": "2018-12-13T14:31:32.000Z",
"description": "Document URLs",
"pattern": "[url:value = 'http://208.117.44.112/document/Business Intelligence Administrator.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:31:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126d44-6b94-4c6d-8529-472d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:31:32.000Z",
"modified": "2018-12-13T14:31:32.000Z",
"description": "Document URLs",
"pattern": "[url:value = 'http://www.dropbox.com/s/2shp23ogs113hnd/Customer Service Representative.doc?dl=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:31:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126e65-7fac-4f8f-9baf-a990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:36:21.000Z",
"modified": "2018-12-13T14:36:21.000Z",
"description": "Control servers",
"pattern": "[url:value = 'kingkoil.com.sg/query.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c126772-3754-43c8-b207-a987950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:06:42.000Z",
"modified": "2018-12-13T14:06:42.000Z",
"pattern": "[file:hashes.SHA1 = '8106a30bd35526bded384627d8eebce15da35d17' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c12678c-09d8-44f1-9577-4e00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:07:08.000Z",
"modified": "2018-12-13T14:07:08.000Z",
"pattern": "[file:hashes.SHA1 = '31e79093d452426247a56ca0eff860b0ecc86009' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c12679e-ce18-4784-b08d-4edb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:07:26.000Z",
"modified": "2018-12-13T14:07:26.000Z",
"pattern": "[file:hashes.SHA1 = '9b0f22e129c73ce4c21be4122182f6dcbc351c95' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:07:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c1267af-ceb0-43dc-bc4e-abe5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:07:43.000Z",
"modified": "2018-12-13T14:07:43.000Z",
"pattern": "[file:hashes.SHA1 = '668b0df94c6d12ae86711ce24ce79dbe0ee2d463' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:07:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c1267c0-6b40-4204-8386-a9b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T14:08:00.000Z",
"modified": "2018-12-13T14:08:00.000Z",
"pattern": "[file:hashes.SHA1 = '66776c50bcc79bbcecdbe99960e6ee39c8a31181' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T14:08:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--01b4e240-92ee-4abd-9dc7-e651a9c56369",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:22.000Z",
"modified": "2018-12-13T20:39:22.000Z",
"pattern": "[file:hashes.MD5 = 'a82cdb9f5bffcb24708e66eb52cce2af' AND file:hashes.SHA1 = '8106a30bd35526bded384627d8eebce15da35d17' AND file:hashes.SHA256 = '4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T20:39:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4ac47589-4bd9-4247-95ce-5350273ed603",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:24.000Z",
"modified": "2018-12-13T20:39:24.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-13T19:12:29",
"category": "Other",
"uuid": "da335c3b-b482-436b-8e20-fab2fcc54513"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264/analysis/1544728349/",
"category": "External analysis",
"uuid": "2fe77aa9-c3f3-4300-8991-2b6e9f92ec77"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/60",
"category": "Other",
"uuid": "2097472e-75fe-4683-a088-82f9bb0977fa"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ed7d8444-7cfb-4c9a-a436-041beb725059",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:25.000Z",
"modified": "2018-12-13T20:39:25.000Z",
"pattern": "[file:hashes.MD5 = '2e17b048c7e317da9024a86d9439c74b' AND file:hashes.SHA1 = '31e79093d452426247a56ca0eff860b0ecc86009' AND file:hashes.SHA256 = '37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T20:39:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--53d6207d-b0b8-48d1-90c5-f9134729de63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:26.000Z",
"modified": "2018-12-13T20:39:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-13T19:12:25",
"category": "Other",
"uuid": "7550d696-ca00-4938-8624-eabfa3d242d9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71/analysis/1544728345/",
"category": "External analysis",
"uuid": "b7eb41fe-1ac2-45e7-b51c-7a35ea75b6c7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/70",
"category": "Other",
"uuid": "ba73dcb4-0807-423f-956b-4337f0ae984d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cb7c776c-3e25-4929-b398-0ce77563fa7f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:28.000Z",
"modified": "2018-12-13T20:39:28.000Z",
"pattern": "[file:hashes.MD5 = '20594c33c2d59544a3e8ef5b7a547e71' AND file:hashes.SHA1 = '66776c50bcc79bbcecdbe99960e6ee39c8a31181' AND file:hashes.SHA256 = '876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T20:39:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--32186bb1-e22d-4822-a776-a0950c0f79f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:29.000Z",
"modified": "2018-12-13T20:39:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-13T19:13:07",
"category": "Other",
"uuid": "e2c39223-070f-4a0c-9625-3693f08c6832"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03/analysis/1544728387/",
"category": "External analysis",
"uuid": "d5033847-94c7-424b-952e-3c257464bb87"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/60",
"category": "Other",
"uuid": "7fc077d6-0d98-4c82-b55c-3c3dc3404f86"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c9ea439c-5d53-4ec3-92bf-c8117af4c85c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:30.000Z",
"modified": "2018-12-13T20:39:30.000Z",
"pattern": "[file:hashes.MD5 = 'f3bd9e1c01f2145eb475a98c87f94a25' AND file:hashes.SHA1 = '9b0f22e129c73ce4c21be4122182f6dcbc351c95' AND file:hashes.SHA256 = '88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T20:39:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bd24b025-5401-4279-8325-8152c67f94f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:32.000Z",
"modified": "2018-12-13T20:39:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-13T19:13:09",
"category": "Other",
"uuid": "8b7b7fd9-ffa8-429e-87a1-707f07448a86"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646/analysis/1544728389/",
"category": "External analysis",
"uuid": "4963e282-7e10-406d-acf6-65c59626cf2f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/68",
"category": "Other",
"uuid": "80862ebc-3c21-45a0-b8b9-47f8df1ba5f3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a52369be-f657-4192-a4dc-bed0d0e14079",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:33.000Z",
"modified": "2018-12-13T20:39:33.000Z",
"pattern": "[file:hashes.MD5 = 'fa27a81d0109653e67019f387bad2494' AND file:hashes.SHA1 = '668b0df94c6d12ae86711ce24ce79dbe0ee2d463' AND file:hashes.SHA256 = 'f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-13T20:39:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--953c11fd-3bc6-44ae-98de-8d091f84f732",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-13T20:39:34.000Z",
"modified": "2018-12-13T20:39:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-13T19:14:06",
"category": "Other",
"uuid": "69bd825c-7d76-474a-92f7-976cfbf8fddf"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11/analysis/1544728446/",
"category": "External analysis",
"uuid": "3ff05754-f3f2-40f0-b8a7-fc7756abc603"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/59",
"category": "Other",
"uuid": "bd15cc1f-3d97-42cc-a6e2-06b725553164"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}