2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5c5d6a71-da60-46ba-bc18-42d4950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:49:18.000Z" ,
"modified" : "2019-02-08T11:49:18.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5c5d6a71-da60-46ba-bc18-42d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:49:18.000Z" ,
"modified" : "2019-02-08T11:49:18.000Z" ,
"name" : "OSINT - DanaBot updated with new C&C communication" ,
"published" : "2019-02-08T11:49:55Z" ,
"object_refs" : [
"indicator--5c5d6b05-4c10-4a17-8463-4198950d210f" ,
"indicator--5c5d6b05-1788-4af2-b0d1-4dd4950d210f" ,
"indicator--5c5d6b05-5b50-4f2e-be1c-40d4950d210f" ,
"indicator--5c5d6b05-418c-4d37-85a4-49cb950d210f" ,
"indicator--5c5d6b05-66c4-4ec8-b52d-43b1950d210f" ,
"indicator--5c5d6b05-0de8-48de-961e-4589950d210f" ,
"indicator--5c5d6b21-de34-4dde-9244-4e7f950d210f" ,
"indicator--5c5d6b21-4928-4656-b206-4d03950d210f" ,
"indicator--5c5d6b21-2890-4a6c-8d62-4c45950d210f" ,
"indicator--5c5d6b77-3c20-4699-8d35-4190950d210f" ,
"indicator--5c5d6b77-a534-47c3-8984-4b58950d210f" ,
"indicator--5c5d6b77-15e8-4e3e-b76e-4c49950d210f" ,
"indicator--5c5d6b77-a27c-4527-a7b0-4a24950d210f" ,
"indicator--5c5d6b77-d664-44e7-9e7a-43a3950d210f" ,
"indicator--5c5d6b77-78d8-4a6c-a2aa-4672950d210f" ,
"indicator--5c5d6b77-d060-4077-9ee8-4ae1950d210f" ,
"indicator--5c5d6bc5-5ce4-41ce-84d8-438a950d210f" ,
"indicator--5c5d6bc5-44e4-455f-a85b-4619950d210f" ,
"indicator--5c5d6bc5-7b48-4c19-92c8-4ff6950d210f" ,
"indicator--5c5d6bc6-1144-4b60-a261-4cec950d210f" ,
"indicator--5c5d6bc6-9d20-4dda-b223-4dc3950d210f" ,
"indicator--5c5d6bc6-a804-4ef2-8ead-494d950d210f" ,
"observed-data--5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"file--5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"artifact--5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"observed-data--5c5d6c97-41a8-4b1b-a0ad-4482950d210f" ,
"url--5c5d6c97-41a8-4b1b-a0ad-4482950d210f" ,
"x-misp-attribute--5c5d6cb0-c3f4-4a8f-a32d-4139950d210f" ,
"indicator--809364d9-f8ed-485e-92db-60638ead238f" ,
"x-misp-object--1e3059fc-984b-493e-bc29-fc20bd3b0995" ,
"indicator--a8e983ae-06de-41b1-a289-064ea6badeeb" ,
"x-misp-object--b74bed56-8cd2-45ce-8d22-8172c7243e6f" ,
"indicator--11ab22da-a5e0-4a38-8fc3-9f9aaf44346a" ,
"x-misp-object--9368ef9c-5fcc-49f5-b13a-258fdafe4b15" ,
"indicator--46b1753f-048d-42c6-ad26-3ecc56d33076" ,
"x-misp-object--07554fd7-f152-4243-805d-c359f5334102" ,
2024-08-07 08:13:15 +00:00
"relationship--e665e527-0d0c-4057-adb2-87fe06beadf0" ,
"relationship--6ff82921-506f-4be2-ba8e-e58c795016a5" ,
"relationship--e193d612-17c4-465e-b12b-e37a59378c03" ,
"relationship--c3c201b6-9758-4017-8259-ae0574e3894c"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:banker=\"DanaBot\"" ,
"misp-galaxy:malpedia=\"DanaBot\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b05-4c10-4a17-8463-4198950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:41:57.000Z" ,
"modified" : "2019-02-08T11:41:57.000Z" ,
"description" : "C&C servers used by the new version of DanaBot" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.54.37.102']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:41:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b05-1788-4af2-b0d1-4dd4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:41:57.000Z" ,
"modified" : "2019-02-08T11:41:57.000Z" ,
"description" : "C&C servers used by the new version of DanaBot" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.25.243']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:41:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b05-5b50-4f2e-be1c-40d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:41:57.000Z" ,
"modified" : "2019-02-08T11:41:57.000Z" ,
"description" : "C&C servers used by the new version of DanaBot" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.25.104']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:41:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b05-418c-4d37-85a4-49cb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:41:57.000Z" ,
"modified" : "2019-02-08T11:41:57.000Z" ,
"description" : "C&C servers used by the new version of DanaBot" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.209.51.211']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:41:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b05-66c4-4ec8-b52d-43b1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:41:57.000Z" ,
"modified" : "2019-02-08T11:41:57.000Z" ,
"description" : "C&C servers used by the new version of DanaBot" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.92.222.238']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:41:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b05-0de8-48de-961e-4589950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:41:57.000Z" ,
"modified" : "2019-02-08T11:41:57.000Z" ,
"description" : "C&C servers used by the new version of DanaBot" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.71.249.51']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:41:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b21-de34-4dde-9244-4e7f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:42:25.000Z" ,
"modified" : "2019-02-08T11:42:25.000Z" ,
"description" : "Webinject and redirect servers" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.74.249.106']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:42:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b21-4928-4656-b206-4d03950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:42:25.000Z" ,
"modified" : "2019-02-08T11:42:25.000Z" ,
"description" : "Webinject and redirect servers" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.179.227.160']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:42:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b21-2890-4a6c-8d62-4c45950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:42:25.000Z" ,
"modified" : "2019-02-08T11:42:25.000Z" ,
"description" : "Webinject and redirect servers" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.158.249.144']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:42:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b77-3c20-4699-8d35-4190950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:43:51.000Z" ,
"modified" : "2019-02-08T11:43:51.000Z" ,
"description" : "Win32/TrojanDropper.Danabot.O" ,
"pattern" : "[file:hashes.SHA1 = '98c70361ea611ba33ee3a79816a88b2500ed7844']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:43:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b77-a534-47c3-8984-4b58950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:43:51.000Z" ,
"modified" : "2019-02-08T11:43:51.000Z" ,
"description" : "Win32/Spy.Danabot.L" ,
"pattern" : "[file:hashes.SHA1 = '0df17562844b7a0a0170c9830921c3442d59c73c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:43:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b77-15e8-4e3e-b76e-4c49950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:43:51.000Z" ,
"modified" : "2019-02-08T11:43:51.000Z" ,
"description" : "Win64/Spy.Danabot.G" ,
"pattern" : "[file:hashes.SHA1 = 'b816e90e9b71c85539ea3bb897e4f234a0422f85']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:43:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b77-a27c-4527-a7b0-4a24950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:43:51.000Z" ,
"modified" : "2019-02-08T11:43:51.000Z" ,
"description" : "Win32/Spy.Danabot.I" ,
"pattern" : "[file:hashes.SHA1 = '5f085b19657d2511a89f3172b7887ce29fc70792']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:43:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b77-d664-44e7-9e7a-43a3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:43:51.000Z" ,
"modified" : "2019-02-08T11:43:51.000Z" ,
"description" : "Win64/Spy.Danabot.F" ,
"pattern" : "[file:hashes.SHA1 = '4075375a08273e65c223116ecd2cef903ba97b1e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:43:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b77-78d8-4a6c-a2aa-4672950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:43:51.000Z" ,
"modified" : "2019-02-08T11:43:51.000Z" ,
"description" : "Win32/Spy.Danabot.K" ,
"pattern" : "[file:hashes.SHA1 = '28139782562b0e4cab7f7885eca75dfca5e1d570']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:43:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6b77-d060-4077-9ee8-4ae1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:43:51.000Z" ,
"modified" : "2019-02-08T11:43:51.000Z" ,
"description" : "Win64/Spy.Danabot.C" ,
"pattern" : "[file:hashes.SHA1 = 'b1ff7285b49f36fe8d65e7b896fccdb1618eaa4b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:43:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6bc5-5ce4-41ce-84d8-438a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:45:09.000Z" ,
"modified" : "2019-02-08T11:45:09.000Z" ,
"description" : "Win32/Spy.Danabot.H" ,
"pattern" : "[file:hashes.SHA1 = '890b5473b419057f89802e0b6da011b315f3ef94']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:45:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6bc5-44e4-455f-a85b-4619950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:45:09.000Z" ,
"modified" : "2019-02-08T11:45:09.000Z" ,
"description" : "Win32/Spy.Danabot.C" ,
"pattern" : "[file:hashes.SHA1 = 'e50a03d12ddac6ea626718286650b9bb858b2e69']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:45:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6bc5-7b48-4c19-92c8-4ff6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:45:09.000Z" ,
"modified" : "2019-02-08T11:45:09.000Z" ,
"description" : "Win64/Spy.Danabot.E" ,
"pattern" : "[file:hashes.SHA1 = '9b0ec454401023df6d3d4903735301ba669aadd1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:45:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6bc6-1144-4b60-a261-4cec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:45:09.000Z" ,
"modified" : "2019-02-08T11:45:09.000Z" ,
"description" : "Win32/Spy.Danabot.B" ,
"pattern" : "[file:hashes.SHA1 = 'dbfd8553c66275694fc4b32f9df16adea74145e6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:45:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6bc6-9d20-4dda-b223-4dc3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:45:10.000Z" ,
"modified" : "2019-02-08T11:45:10.000Z" ,
"description" : "Win32/Spy.Danabot.D" ,
"pattern" : "[file:hashes.SHA1 = 'e0880dcfcb1724790dfeb7dfe01a5d54b33d80b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:45:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c5d6bc6-a804-4ef2-8ead-494d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:45:10.000Z" ,
"modified" : "2019-02-08T11:45:10.000Z" ,
"description" : "Win32/Spy.Danabot.G" ,
"pattern" : "[file:hashes.SHA1 = '73a5b0bee8c9fb4703a206608ed277a06aa1e384']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:45:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:47:25.000Z" ,
"modified" : "2019-02-08T11:47:25.000Z" ,
"first_observed" : "2019-02-08T11:47:25Z" ,
"last_observed" : "2019-02-08T11:47:25Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"artifact--5c5d6c4d-fddc-4889-9442-4da9950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"name" : "Figure5a.png" ,
"content_ref" : "artifact--5c5d6c4d-fddc-4889-9442-4da9950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B d w A A A K b C A I A A A B g r d 9 p A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s M A A A 7 D A c d v q G Q A A P + l S U R B V H h e 7 P 0 J n B T V v T f + T + / b z L A M m w H C I u I C c U h + E T X G L W j 8 y a N k M W i 8 i Z A o u Z E 8 L v m J 2 T R i X G 9 M x C c u T 0 x y 1 Q S 8 e Q w S T a K + 8 D G K a w y K / i N j c E M Q u G A E h o F h Z n r f / p / q c 6 Y o u r p 7 u r t O r 3 z e q W C d m u r a u 6 r O t 89 i S 6 f T L U R E R E R E R E R E V F 12 + V 8 i I i I i I i I i I q o i B m W I i I i I i I i I i G q A Q R k i I i I i I i I i o h p g U I a I i I i I i I i I q A Y Y l C E i I i I i I i I i q g E G Z Y i I i I i I i I i I a o B B G S I i I i I i I i K i G m B Q h o i I i I i I i I i o B h i U I S I i I i I i I i K q A Q Z l i I i I i I i I i I h q g E E Z I i I i I i I i I q I a Y F C G i I i I i I i I i K g G G J Q h I i I i I i I i I q o B B m W I i I i I i I i I i G q A Q R k i I i I i I i I i o h p g U I a I i I i I i I i I q A Y Y l C E i I i I i I i I i q g E G Z Y i I i I i I i I i I a o B B G S I i I i I i I i K i G m B Q h o i I i I i I i I i o B h i U I S I i I i I i I i K q A V s 6 n Z a j Z E 3 X P 99 e v + E t m c g Y N 2 b 0 W X N O k w l q O s s f W i X H B u F 0 46 T L B B E R E R E R E V F B D M o o g y z 6 i o f + K B M Z n Z 845 o 5 b r p c J a j p z 5 l 0 g x w b h d O O k y w Q R E R E R E R F R Q a y + R E R E R E R E R E R U A 4 p L y j y 15 v m d u 7 t l I o 9 p U y a P H T N 62 t T J M t 0 s W F L m U M O S M k R E R E R E R G S F 4 q D M V d f e 0 P X P t 2 W i o H F j R n 9 + z q n n z Z v b G g j I S Q 2 O Q Z l D D Y M y R E R E R E R E Z E X N q i / t 3 N 294 q E / f m 3 R 5 S + / 8 p q c R E R E R E R E R E R 0 y K h Z S R m j 71 + 5 m L 0 U E R E R E R E R E d E h p S 4 a + v 3 Z n f e W E c o h I i I i I i I i I m p c F S 8 p 0 / m J Y z p n H m h l Y / O W b T n r K 7 H 5 F S I i I i I i I i I 6 p F Q 8 K L P g w q 8 s v H C + T G R s + m D r z + + 6 F //K9KBf/+I20SXTzt3dT615XkzUiYUMBIMvv/Lay6++jhEkp02Z/J1FCzN/P0DM07XhnZ27dweDIayoNRA4fOokzNw585iTTjhOzpeBmR95bLVMDJo1c0a+5lpzbptorhg7vn7DW3JSxrgxowtUyxKL6trw9uYPtondARyBw7XtPDrfBwscnCzmnrDy7RcO0V+ffWHTlq3Gc4c5sVM4YhiG7CoLBxwfl4lBObdKMG8bzk7WqYHMeXxbLFlsG7Zq3JgxOD6YOWcT0QXOAtaYuXhkTPCsz52adZDFpbV5y1b94hRXjlhj5ydmYFFiurD8oVVybBAWmDWPUeZ0v2NePo5wgQ8W2CNcNk+teQF7JC4hTB87dvRJxx931pxTcx4cIiIiIiIiqis1CMoA5sGcMjFInzPnX9c8thJZ2etvvd2Ymc8qX4N86YqH/mgOshhNmzr5e1csNkYZvrbosqwAATL8N15ztUwc7Jf3Lc9aPnLCv7/vHowU3/sStvOX960wx1aMkKnGATlv3lyZHpTv4MgxgyIDZL+8f3nWbGY5T6IR9uVnd94rE4P0KFsW7P4XLrxYJgZltSuEg4yDiTll2gTHBx8xx3HynQVsIY65cYHGnXr5lddwZrMuA7OszpWK732pmOXjg9+/8jvm0EzOPcL1WeBSx8FZdsvSIUNpREREREREVFu1aVMGuUpz5nPzlm1yLBdkqr/93R9kZWuNxQGQ315y7Y2FIzKw6YOtmE0vqgA5C2jIMZOn1rwgxwZ92RQ3KQyr/tqiywtHZCATuFlujnQoJA7FkBEZmDVzhhzLw3wMQS+TksV8DHEejREZ7DX2vUBEBvDXpbfePuRhFLBADFkL1C8eLASLGjIiAzkDLkPCqotZPk7Et6/8gfHKzGfXrm5cQgUudfFdKHwAiYiIiIiIqOZq1tDv2LHZQZnCechf3rdCjhkcPmWSHGtpyQq1FIAVXX/r7TKRJ6qSMy6DieaNPGvOqXKsCCIOUnxu+ak1z5vryCghDkKRWzJkMCIrqiL8/dXX5djB/vpsdlDGeAx/ed/yIkMt8LM77x0y2LH5g205FzhtilaQBGcECxFTCis7IlP87uB0FHN5YJeHnAczmINfREREREREVFfqovelYuTMhYp8NSDfa47IIBf9/SsX33HL9eZ4AbK1ekGDcWNGmyt6vJwroGCemK9lk3x+fld2eY0hrXjoj8UU4ijVy6+8VuRiiwxGnHT8p+XYIJwR8yowxXymPv85GZQxnhcdTtB3Fi3EeVxw4VfMR/uX9y2XY3nkO+CHT9Uieo8+/qRIDsnYXnWRcJCLj8gI2Nqc8ccydG0YugwUERERERER1VDNgjKbP8iurKRHWAqYNnUycub6MHawDlRWoxtw1pzTRDhGhGYws/zDIGN5DT0ooMtXUkaODTrL9MECckaOTjrhuN/fd8+ax1ZiwIg5fgTmvbPOHGDCsdW3RAw4gN9ZtLDIfcwZnzIfMfMUrFcPipn3FH/69Z23nTdvLs7jwgvnm9v6wQKLjHNhC/UrR7TNjIk5zumc0/7y0AP6QcC4iAcNWYfLzBwwwkpxNeoLx+6YDxquk2LiZWJ3sG3iNJmXs6sCsTwiIiIiIiJSqDZBmUceW23OSBcuiSCCF7/+xW3ImeuDyMznLJHxnUUL5FgGZpZjg/ApfRvMVZDwp6zGVsyZ/3FjRmOrZKII5kIZ+Diy5XrzOhjJ2XitOXBgnfn4jx0zWt8SofMTx5w3b27OOFFO5sNoblbGXHfpy+eeLcdy7emCrx5UOgabZC65U0xDxX956AEcav3K0TvtMh+Hw6dMMq4R4yIeZF5vYdgX82W57JalxuOJc40pMmFQ+Izjstd3RxwQnCbso/zzIHMEkIiIiIiIiOpKDYIyjzy2OmcJgsIBDmPwIou5mgayqeaCA+ZMtV5aJ+faswIKOesuybEiIPNvziQv+Gp2RhpydvKtPIM9bswYOTbo5Vdeu+raG55a87w5TlEkc4Gjrn++bVxazrpL+mE0hsl05oNsDt6Ze+M2wnlfeOF88/UgmC8qXJw/u/Ne64Ew82WJfdHLBOkwxRz2KlzzKBDwm3enmIJmREREREREVFcqHpRB9nL5Q6vEsPTW27+26LKcjYB8/8rFcqx05pz8rl3d+kr1ARPlnwcZM/PmJlGysuXmXHpJ/S6Zq2shX23OosO4MaPNWW7lVVE6Zx4txwy6/vn2z+689wsXXlxeVAK7Y45xGJdjXuZZc07TdzYYDIkRo6yTiMEcsCjcb1dhnZ/IUSnpqUx/TDgOuFbLDoeZQ0X5yoIZ26sWWPOIiIiIiIjoUFD5oMw/317x0B/FgDx5zsYykDMvqdRJFnMuHWvRV6oP5lUboznYgKxQiLFYh7n8SGeuXr0LWL/hLTk2SDQ0m5P5T4ULg5QBx7zA9ouoxNcWXVZqaObzOWowHShh9KipEV9jgzXmQwRZJxGDubKSOSpXPHOtHx0W+8hjq7/93R9cde0NZYRmzNuZrzCLeXrZkSAiIiIiIiJqIDVr6Fd33ry5VorJqNKaqwaTHu4x110qqYnf+nRDrlZmjXbu7l566+1F9hgt5KiJMxib2GRq+mfcmNHmOmVVhm0Y8vLDLnz7uz94qsR+lIiIiIiIiIgKq2VQZtrUyaLjGJmuNXMNJtEq7UAwmFVgpDUQMEcfGg6O/6/vvG3IsMhTa57PWeMsp3Gm/sX1o5ejid9S6n9VDk4lrsMhyz0paWiGiIiIiIiISFeDoAwy7efNm/vrX9yGQUlBCXNxDyx2gaHn7HxDVifHJ51wXFbOfFOm6VlzPZQyKluZN9Lcxo3O3LpKhZpxxf7eccv1OBGFazPl7C0rH2NvSoIocGSuZZZ1GM2HCJuUdcpyDtZLLeGC+f1999x4zdXmWmxGK/5QQt/k5uXs3L1bjh3MfGyzAltERERERETUlCoelBHFEMSAfO+ax1b++he3fWfRQoXZTnM7qdOmTBY9HxcezCGhHDWY/vm2ue6SOe4wJHNUZefu7pyRDkw0Nyk
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c5d6c97-41a8-4b1b-a0ad-4482950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:39.000Z" ,
"modified" : "2019-02-08T11:48:39.000Z" ,
"first_observed" : "2019-02-08T11:48:39Z" ,
"last_observed" : "2019-02-08T11:48:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5c5d6c97-41a8-4b1b-a0ad-4482950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5c5d6c97-41a8-4b1b-a0ad-4482950d210f" ,
"value" : "https://www.welivesecurity.com/2019/02/07/danabot-updated-new-cc-communication/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5c5d6cb0-c3f4-4a8f-a32d-4139950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:49:04.000Z" ,
"modified" : "2019-02-08T11:49:04.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "The fast-evolving, modular Trojan DanaBot has undergone further changes, with the latest version featuring an entirely new communication protocol. The protocol, introduced to DanaBot at the end of January 2019, adds several layers of encryption to DanaBot\u00e2\u20ac\u2122s C&C communication.\r\n\r\nBesides the changes in communication, DanaBot\u00e2\u20ac\u2122s architecture and campaign IDs have also been modified.\r\nThe evolution of DanaBot\r\n\r\nAfter being discovered in May 2018 as part of Australia-targeted spam campaigns, DanaBot has had an eventful time since, appearing in malspam campaigns in Poland, Italy, Germany, Austria and Ukraine, as well as in the United States. The European campaigns have seen the Trojan expanding its capabilities with new plugins and spam-sending features.\r\n\r\nIn ESET telemetry on January 25, 2019, we noticed unusual DanaBot-related executables. Upon further inspection, these binaries were, indeed, revealed to be DanaBot variants, but using a different communication protocol to communicate with the C&C server. Starting January 26, 2019, DanaBot operators stopped building binaries with the old protocol."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--809364d9-f8ed-485e-92db-60638ead238f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:08.000Z" ,
"modified" : "2019-02-08T11:48:08.000Z" ,
"pattern" : "[file:hashes.MD5 = '42ed833c083f6f3815b2e38c30751220' AND file:hashes.SHA1 = '5f085b19657d2511a89f3172b7887ce29fc70792' AND file:hashes.SHA256 = '2b7483856431572f7db06cc34d1deee58fa79b5ca93920107df3822f794d572a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:48:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1e3059fc-984b-493e-bc29-fc20bd3b0995" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-02-08T11:09:24" ,
"category" : "Other" ,
"uuid" : "00879520-be39-4ca6-b9f7-6f01319e2bfc"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2b7483856431572f7db06cc34d1deee58fa79b5ca93920107df3822f794d572a/analysis/1549624164/" ,
"category" : "External analysis" ,
"uuid" : "d447f1ca-ea38-4c9e-ba11-4eb7d36d7e7e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/69" ,
"category" : "Other" ,
"uuid" : "d60b9ed1-315c-484f-9336-4952fae37989"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a8e983ae-06de-41b1-a289-064ea6badeeb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '8c310a91aba32fd60df859896d5a2f2d' AND file:hashes.SHA1 = '0df17562844b7a0a0170c9830921c3442d59c73c' AND file:hashes.SHA256 = '31fafbc37dd3bc55e4dae9c3ffee48dfb132827a3adf836b33c205c6164fbecf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:48:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b74bed56-8cd2-45ce-8d22-8172c7243e6f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-02-08T11:09:24" ,
"category" : "Other" ,
"uuid" : "b629437e-6ddd-481e-8507-49843cd47a2b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/31fafbc37dd3bc55e4dae9c3ffee48dfb132827a3adf836b33c205c6164fbecf/analysis/1549624164/" ,
"category" : "External analysis" ,
"uuid" : "c94e94a1-ffed-4b8d-be27-d3560d66f9db"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/69" ,
"category" : "Other" ,
"uuid" : "e1fa2f15-90a3-43db-8950-7e7a94753eae"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--11ab22da-a5e0-4a38-8fc3-9f9aaf44346a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '6b83c0cd765311d2144f7e7d5885e013' AND file:hashes.SHA1 = '98c70361ea611ba33ee3a79816a88b2500ed7844' AND file:hashes.SHA256 = 'ef613c0b16f054289f1dc9791502306fced588a36183fa4b9625356dbe42af26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:48:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9368ef9c-5fcc-49f5-b13a-258fdafe4b15" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-02-08T11:09:27" ,
"category" : "Other" ,
"uuid" : "c71ec83e-f0b9-4acc-8afe-1922f0069167"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ef613c0b16f054289f1dc9791502306fced588a36183fa4b9625356dbe42af26/analysis/1549624167/" ,
"category" : "External analysis" ,
"uuid" : "9eb655e9-c49b-4626-baca-84a98b02d581"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/70" ,
"category" : "Other" ,
"uuid" : "d8dc19bf-e978-45f6-89db-8edb60a7ea37"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--46b1753f-048d-42c6-ad26-3ecc56d33076" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '3e63651c8ee9143db65c6c1f12936437' AND file:hashes.SHA1 = '4075375a08273e65c223116ecd2cef903ba97b1e' AND file:hashes.SHA256 = '4054ca079a1c1af7a9531c160be7025930e45e739af847b264ca6a49b0ea0571']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-02-08T11:48:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--07554fd7-f152-4243-805d-c359f5334102" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-02-08T11:09:24" ,
"category" : "Other" ,
"uuid" : "117cbced-d0e7-4fa6-8cf9-1296a2c59163"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4054ca079a1c1af7a9531c160be7025930e45e739af847b264ca6a49b0ea0571/analysis/1549624164/" ,
"category" : "External analysis" ,
"uuid" : "4602b191-b961-4bb4-9acd-9a09b91bc4f8"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/69" ,
"category" : "Other" ,
"uuid" : "3c574c96-6ad6-47c2-b95c-aa1fa77c96b2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--e665e527-0d0c-4057-adb2-87fe06beadf0" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-02-08T11:48:09.000Z" ,
"modified" : "2019-02-08T11:48:09.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--809364d9-f8ed-485e-92db-60638ead238f" ,
"target_ref" : "x-misp-object--1e3059fc-984b-493e-bc29-fc20bd3b0995"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--6ff82921-506f-4be2-ba8e-e58c795016a5" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-02-08T11:48:10.000Z" ,
"modified" : "2019-02-08T11:48:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a8e983ae-06de-41b1-a289-064ea6badeeb" ,
"target_ref" : "x-misp-object--b74bed56-8cd2-45ce-8d22-8172c7243e6f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--e193d612-17c4-465e-b12b-e37a59378c03" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-02-08T11:48:10.000Z" ,
"modified" : "2019-02-08T11:48:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--11ab22da-a5e0-4a38-8fc3-9f9aaf44346a" ,
"target_ref" : "x-misp-object--9368ef9c-5fcc-49f5-b13a-258fdafe4b15"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--c3c201b6-9758-4017-8259-ae0574e3894c" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-02-08T11:48:10.000Z" ,
"modified" : "2019-02-08T11:48:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--46b1753f-048d-42c6-ad26-3ecc56d33076" ,
"target_ref" : "x-misp-object--07554fd7-f152-4243-805d-c359f5334102"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
