2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5c829fc2-7e94-4722-8c67-2e8468f8e8cf",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2021-05-24T09:54:24.000Z",
|
|
|
|
"modified": "2021-05-24T09:54:24.000Z",
|
|
|
|
"name": "VK-Intel",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5c829fc2-7e94-4722-8c67-2e8468f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2021-05-24T09:54:24.000Z",
|
|
|
|
"modified": "2021-05-24T09:54:24.000Z",
|
|
|
|
"name": "2019-03-08: TerraLoader Signed -> JS RAT",
|
|
|
|
"published": "2021-05-26T09:40:16Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5c82a0a3-0368-4fe2-b9a6-1b9d68f8e8cf",
|
|
|
|
"indicator--5c829fd4-6c58-4888-81f6-1b9e68f8e8cf",
|
|
|
|
"x-misp-object--aa54ad77-4a78-41b0-8f7b-6534e0944ba8",
|
2024-08-07 08:13:15 +00:00
|
|
|
"relationship--4dd17c94-b2e6-43f9-8893-da3bc71cfcc0"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"TerraLoader",
|
|
|
|
"Digital Signature",
|
|
|
|
"ARTILDA CONSULTING LIMITED",
|
|
|
|
"var BV = \"6.0\"",
|
|
|
|
"rkey: \"wearenotcobaltthanks\"",
|
|
|
|
".kz Domain",
|
|
|
|
"misp-galaxy:tool=\"Terra Loader\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c82a0a3-0368-4fe2-b9a6-1b9d68f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-03-08T17:04:35.000Z",
|
|
|
|
"modified": "2019-03-08T17:04:35.000Z",
|
|
|
|
"description": "Terra JS",
|
|
|
|
"pattern": "[url:value = 'https://host.moresecurity.kz/host/info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-08T17:04:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c829fd4-6c58-4888-81f6-1b9e68f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-03-08T22:17:39.000Z",
|
|
|
|
"modified": "2019-03-08T22:17:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9b3ec7553b079f413565a7f61c8efd3c' AND file:hashes.SHA1 = '24d6407e700152c83ed7f0b33c7cf9d86e2bff92' AND file:hashes.SHA256 = '49af65995e51d88bbe8b0d4be5a5df2692aa57800f1875a18ecbd3f483c8a094' AND file:name = '2019-03-08-TerraLoader-DLL-Signed.vk.ocx' AND file:size = '515280' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIACSIaE5ZBMkaEWUEANDcBwAgABwAOWIzZWM3NTUzYjA3OWY0MTM1NjVhN2Y2MWM4ZWZkM2NVVAkAA9SfglzUn4JcdXgLAAEEIQAAAAQhAAAAZFm/gT/JGV+f5P2lB2dXkrPrl/CUBAnD073/7VD9rFdDQ/R1r+YrAzVvh4q82/ezad/fUrTrX+EDyo2w0zfNHjUHJ/JdCize939y1/at1892tney/+2p2JLCDBJjRg/HFa1r00QsbqLuHQ/khDQQg5iqzsHxP1nMZg57lj9UN43gQdUlyOUEOU3Zi0AsAH3+BdKiZa6hGJoFebe3OItnrEgrytccU2OvukRcnaqP/JarZz0ZKkEAxYJvOl24FnqP9yWCocFtbKDVrxC1yNZ24cU0OJcmnLyNmnCpZ8CLE9yzgLqZCfzdZkMUGRXaMyrrp2LMSf466ENr6wS7ui5unrSA3M6zc/v/AOOQMYy7JK4AZTKnogh+vFnhqz4xsJNpEi/QyEtahC/jwI05RJOm+79Hdrm4XB/gMFFyHOS1F+ssXcRsK/g2CdRzbu+6EyPo/rZ24GXHT4uiDVbqXYXIV5a/XDXTOOEtupynfb4RlDMDkEzTmcKAfBU8eCf7UBRA9aIztcQZn/QQOiWTHMHOK6bTn2A9xqqZIbeQYmrWkrsIBOA7Wi84D5JxKYWm/Ws9T3Jeub1bLY5fTuNwFLNyZtAE9pqXMkE4wiWumeL/F/m2R4GV1STPvJ9BFVky+w5ZzPPWDPOJVfRtOUg3492WiCFeCG44VT7qoggUbFnFkdUV3tXbEY1xy/g4BqFhBUWy9K9osSobVxLr74zROjrCu1aW7S3Ra8vfxivFbEMBGr5dF7kGHa/X1+Gy3wneAoqPe819tQaCqCpqYxNE6jor1FnXPrBcL90nwxL53fYedoFzelfiVQXojZZD2Re9dbJdILatwIMtYBto2WF4uL/+EAGLyRrEZLS/1fGGX5etZLVOwFNcTO2ADyy8T5lyEsynFEnHjBZHPDrWPAIwZ11ktib1vaxC5fx4yzUGSK4O0MPZ1vNZ75AzMSwGgQrnYbVgOFJXq0FRK49XsrBI9IqCOL+sd7uo7vPf9ezVsrMbHKzbxou8xwA6ZDjSW+GBKzmhh6IU0ydtuNEfzOBKNQKPI9pF3JL/AhYu+Pt6/yuoKka2P9FeELkDkFil3BqS8C2EGY2ViTZKowZwkuM1ENI92GmA98hMS12Efl/cCc51TGe44hKE0l4JpCArhYf2AZV0KFhnpHEoapcqdodW0yG0gLeZzmkfHUGjLpazWFI+qxQm9ICPOhprSX5XlDL44yxCd9dGVgfZvmOG0HQD1G8wHKGVt/NPYXCtxzEPT3VEcW/5XmXZLtbPzGXXRm0Fdqrh9ypyh6Oeh5b9Ox43728MEAzkRZaUIaJTQ4njMx3C9Q9JAwlm/tHwBdutkOCgwF8MvCTDA/p5qHRDKginbA4SdFgNLWe9EQrf52R/uRBzC2qZ9NWz5kV81fJj1BK208NGadO9jaG9E+xdSMnu1/6Y/EhTc6b/MQIc+t5B5h1bE2QT6lUYqoB2WlneRq28OmRWTJ4PO5jN/aqnlwGEF7vBcZ0q8No28Fwu9DqqONrrzNttn1KZfe+PPr/F42ckYioAzj+mdwGleNA/cJzEROhc8CD3expCVw6RyVvK3yeGGr6C5UC1TARgU77j2liUe9oxk5cXy6nXy84rEzO1cjGVaFM5slj7dyT5A4J1NsB+V1geG3y/6Tl93qVUBobvMHh5IViosc//MW1rOdapnX8pyo79r6IuYUAENqzo3slU5GUukWubG0AvADGCG8q788ilikbsxoMJg1ENrFF8Pl549OVjgiywgr1Z0FdPwJZhSxNtfRYI1yVA+ciZmjoszsa+6RF6zdlAd7b9qhuiuItEvgcHMGxyyvLGfGSamfUX722aPLowQiW97i+Hq8VW4nfZiDyCFCsFUggcStJwZk8t/oMsIXxZ56rWD4ulM88c61x6mAuGpjeLky4TnecztjUlSfX8gls0xH2+/Nyrs6AS63nYi2g3h56OTCoyaEaZYHDZ7Hi0Wju1dHF716/pu0VWBHnIYBNWn77MxbimSNczJeOj6081srctoNsg3ZmQfNd24vIR6gpzplEdLvVTSrlYjWoj6lYce3LbbFK9pFeoQ+ONGRz8WJDZasWp39AjUP/itbO3D/ua6Jdlds7iFAIrB65IeVyDmoDuJIlhtWKMnzZWjpkeDA5e1ppA8MTwYpfr4++1uPinoEkTDabLyG/rxoMxgYzbRJQd5UFpT6SsOfBd+pB1LT8cJ0IsKf/UwM/iiJhU35DxmCRy76KMwv4+9kPj3Pw/mg44PqJSpvB81Rt4REM5BM4boP5eiZc0kzXsdyvoJP98CcAbPlVW7j3IdbW3wY8E74JP0knAeXyCYVe+TCIFpVOasKpR/Vm3kij4v3uWH22LtxkNVqu/sbZFXrCup7OoInoDubH8kqwnmPqbeYNPSJ+yvHfeVzei5R4dBm5iApB/gaaExExjKiqmaHBi2cteY3q5DcUuWWxjqdY2rHanqaik1yzfri3ZeAXCiqKslNokoBkqiw5sJ9h/29EIXg8TpC4rM+SFZkbn6vT9TdXrbv3yvXx3xaGMOf3SZnQiAb5+vO81kH58AHMYnBb/SeoptGo1Yaq4HqvkV8q9aljJ3kAge2PIuGq4OuQw4TGy93cx36ReBHgEjlpX7Y5Ey1WFZdL1dIssfI8jQCU7iB/4XvUtwExIwmm0sxGKsgFtF1Ji0cC0yiK3GKKvl8+C5GA+GW1L0iHBSO7ggXUrH1nfOPWAMD7YxBZslJqaQ4fWwQG8FR6vUodiNsaC8kTHlY3hX1UU6+bdVLFH9hfqJi1D4Eh9gQUDDPaCv/Xmt/rJiwtr7b/xJYC90RUidYHhVjBchFEBnnM1eIXs3D9YxMKQXggEhAMZy6BGPgIDDiWdL+qSFIx93QD0jLTRcKCaNy+E1m3f5sZOSUdPj2yFlr/qWplzrAAMg5AJULFYdQk0mzXttn+1xjpHCpm/L6SmVf3jLnZ3tJzev6/3Z+GPAsMBPZdSNC4tApagkO/R3yjZ7ZO2Tp4DmXkvqOIUl7tXqtIji8Avk9KxlEr0oSQz2QqddjpiFO94Dp7fOdMQEG62BoPWNiJjcuDH5n8n+AlL18m9U2t/9Leu4L00HalHECoeK84dCsWTmUyhkCScNO3edrMv4A0mq0txc8MSd+eGO1PcEShM3DnN0c44xR0S9IlEBmrYhFtyLj4JTQmSLAMaAGwZ/eE0V2iTTdD0iyqkqwPOHUl7QHIHZBwqDCBznXk62pjLLeMfzuV2ZayJ2W+QjTcekhokbeDIO6ewvopJ04YcDRp/JnLKJRy5K0s/dLfqG7DYsg7wCW1wPlkD9ggwCsbTFZadZ33H6/X6ORMoum4yoQGv414TlRwcg16roqWTLQxTgXowgG1NBvh4BsJufTXXuLW98Os1rXTn7FaXtx6MhxHu1PuNLIHp58jl3byZZNYMpebV4JAUH72EhbBwkR2OJ+2mCpp8oR1y+qJCySIQAdz0wm+Czya5vl9pztbGTKFWichCHAWKC1A3umDLDVB19HxOJnlP56YQ0Hg9OruX/wX0GeHrO7WwyuLyP0/RnL5U25jB7jnZJWlhg4CG7+pQ19eewXaZhciyJQpr08PVdDYd7bFqOhHIa/K1IQx0q+SFgZ
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-08T22:17:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--aa54ad77-4a78-41b0-8f7b-6534e0944ba8",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-03-08T22:17:39.000Z",
|
|
|
|
"modified": "2019-03-08T22:17:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-08T18:42:12",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1a1cc932-6715-4472-8d33-b8c3dcac0518"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/49af65995e51d88bbe8b0d4be5a5df2692aa57800f1875a18ecbd3f483c8a094/analysis/1552070532/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "a4ac7353-7b42-4f17-ab49-036ebdea2d8a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "5/70",
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"uuid": "0352b7e6-10ee-4741-825f-7a7b11090e08"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-08-07 08:13:15 +00:00
|
|
|
"id": "relationship--4dd17c94-b2e6-43f9-8893-da3bc71cfcc0",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2021-05-24T09:54:24.000Z",
|
|
|
|
"modified": "2021-05-24T09:54:24.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--5c829fd4-6c58-4888-81f6-1b9e68f8e8cf",
|
|
|
|
"target_ref": "x-misp-object--aa54ad77-4a78-41b0-8f7b-6534e0944ba8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|