2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5d0c8dcc-eae0-4020-b1d0-5526950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:53:14.000Z" ,
"modified" : "2019-06-21T15:53:14.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5d0c8dcc-eae0-4020-b1d0-5526950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:53:14.000Z" ,
"modified" : "2019-06-21T15:53:14.000Z" ,
"name" : "OSINT - Hide \u00e2\u20ac\u02dcN Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP" ,
"published" : "2019-06-21T15:53:29Z" ,
"object_refs" : [
"x-misp-attribute--5d0c9804-7248-45ae-ab57-47fa950d210f" ,
"observed-data--5d0c9e1b-623c-4552-9a6c-41e1950d210f" ,
"url--5d0c9e1b-623c-4552-9a6c-41e1950d210f" ,
"indicator--5d0cae62-69cc-495e-932c-478e950d210f" ,
"indicator--5d0cae78-e888-4c47-b54e-42b5950d210f" ,
"indicator--5d0caf46-8778-4c85-b528-41cf950d210f" ,
"indicator--5d0cb1e1-86b0-4d8c-8c6b-4283950d210f" ,
"indicator--5d0cb1fd-b8a8-44a1-bde0-4b6e950d210f" ,
"indicator--5d0cb217-01d4-460f-bb99-20b8950d210f" ,
"indicator--5d0cb4d6-883c-4e2b-89b6-4bc1950d210f" ,
"indicator--5d0cb4e8-48d8-492e-88e4-48bf950d210f" ,
"indicator--6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b" ,
"x-misp-object--360b84b9-09a3-414f-a88d-558b8503d0eb" ,
"indicator--c3d5088e-84f5-4ef5-b213-67beb35b4e23" ,
"x-misp-object--46bcd5b2-85e1-4961-ad0c-add96cfc111c" ,
"indicator--50675af8-63e6-45fc-8705-fe07a29bcf6a" ,
"x-misp-object--5fc7be9f-fde9-45be-a619-1952b90e8506" ,
"indicator--9803a8e8-e8b7-4708-9565-3f261694a5cb" ,
"x-misp-object--20480301-47fb-4a64-81c9-8aa80a18dc89" ,
"indicator--4e6b8d5b-af14-4a65-833d-5e41861d39a3" ,
"x-misp-object--599d8b4a-50a0-4a83-a25a-dd8b2879fe32" ,
"indicator--40227e50-2444-4a4a-80fe-fe4eeddd8a0c" ,
"x-misp-object--4aaab1e9-b177-41dc-b0a3-891174e327a5" ,
2024-08-07 08:13:15 +00:00
"relationship--827ffad8-99f9-46ee-a041-bafa73baf570" ,
"relationship--daee9148-fdc6-4e90-9bbe-11625c525586" ,
"relationship--deb7ec17-f982-4462-8ac0-f1591da9c416" ,
"relationship--2ae389eb-b3a1-4d7e-a4b0-d03037b32970" ,
"relationship--d65fefc5-41b3-481e-8e8b-08bfb4ade268" ,
"relationship--e8ed234a-b566-4ddd-bf42-7caa03c7c557"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:botnet=\"Hide and Seek\"" ,
"misp-galaxy:malpedia=\"Hide and Seek\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"\tmalware_classification:malware-category=\"Botnet\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d0c9804-7248-45ae-ab57-47fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T08:40:36.000Z" ,
"modified" : "2019-06-21T08:40:36.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "The Hide \u00e2\u20ac\u02dcN Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.\r\n\r\nSince its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).\r\n\r\nThis post details a variant of the family first seen on the 21st of February 2019, incorporating two new exploits \u00e2\u20ac\u201c CVE-2018-20062 which targets ThinkPHP installations, and CVE-2019-7238, a Remote Code Execution (RCE) vulnerability in Sonatype Nexus Repository Manager (NXRM) 3 software installations.\r\n\r\nWhile the ThinkPHP exploit has already been seen employed by several Mirai variants, the only other instance of the CVE-2019-7238 vulnerability being exploited in the wild has been by the DDG botnet. Our research, outlined below, shows that the Hide \u00e2\u20ac\u02dcN Seek botnet incorporated this exploit back in February 2019, even before the DDG botnet."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d0c9e1b-623c-4552-9a6c-41e1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T09:06:35.000Z" ,
"modified" : "2019-06-21T09:06:35.000Z" ,
"first_observed" : "2019-06-21T09:06:35Z" ,
"last_observed" : "2019-06-21T09:06:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5d0c9e1b-623c-4552-9a6c-41e1950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5d0c9e1b-623c-4552-9a6c-41e1950d210f" ,
"value" : "https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0cae62-69cc-495e-932c-478e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:16:02.000Z" ,
"modified" : "2019-06-21T10:16:02.000Z" ,
"pattern" : "[file:hashes.SHA256 = '49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:16:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0cae78-e888-4c47-b54e-42b5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:16:24.000Z" ,
"modified" : "2019-06-21T10:16:24.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'd068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:16:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0caf46-8778-4c85-b528-41cf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:19:50.000Z" ,
"modified" : "2019-06-21T10:19:50.000Z" ,
"pattern" : "[file:hashes.SHA256 = '1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:19:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0cb1e1-86b0-4d8c-8c6b-4283950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:30:57.000Z" ,
"modified" : "2019-06-21T10:30:57.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:30:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0cb1fd-b8a8-44a1-bde0-4b6e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:31:25.000Z" ,
"modified" : "2019-06-21T10:31:25.000Z" ,
"pattern" : "[file:hashes.SHA256 = '0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:31:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0cb217-01d4-460f-bb99-20b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:31:51.000Z" ,
"modified" : "2019-06-21T10:31:51.000Z" ,
"pattern" : "[file:hashes.SHA256 = '73df4e952c581afc427fa18fa2d0bcfa409c1814cd872a3ccf05d44f934ce780']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:31:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0cb4d6-883c-4e2b-89b6-4bc1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:43:34.000Z" ,
"modified" : "2019-06-21T10:43:34.000Z" ,
"pattern" : "[file:hashes.SHA256 = '500dd4c1a5c24495c3bb8173ce5c7b15ba3344aef855090b9b9585b2bfeea974']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:43:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0cb4e8-48d8-492e-88e4-48bf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T10:43:52.000Z" ,
"modified" : "2019-06-21T10:43:52.000Z" ,
"pattern" : "[file:hashes.SHA256 = '7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T10:43:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:47.000Z" ,
"modified" : "2019-06-21T15:52:47.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cc4662e589e8fa58d26f1a8d1c0da21f' AND file:hashes.SHA1 = '15c5554d24169096e756beee8c15e96c6708f06c' AND file:hashes.SHA256 = '1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T15:52:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--360b84b9-09a3-414f-a88d-558b8503d0eb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:48.000Z" ,
"modified" : "2019-06-21T15:52:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-13T22:39:35" ,
"category" : "Other" ,
"uuid" : "56d8e60e-215c-4291-8f44-dfeb61084447"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382/analysis/1560465575/" ,
"category" : "Payload delivery" ,
"uuid" : "c1da88a6-b89a-436f-90a0-dac5f2040c94"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "34/57" ,
"category" : "Payload delivery" ,
"uuid" : "fa401d1d-e971-4d5b-96d4-5f9a142d1c6f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c3d5088e-84f5-4ef5-b213-67beb35b4e23" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:48.000Z" ,
"modified" : "2019-06-21T15:52:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '01a9c99b6c8b812b61ddda76ee5c1899' AND file:hashes.SHA1 = 'e919ad0e40298f1f79d67c2e8ccdbb0acdde5a2b' AND file:hashes.SHA256 = '7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T15:52:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--46bcd5b2-85e1-4961-ad0c-add96cfc111c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:48.000Z" ,
"modified" : "2019-06-21T15:52:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-18T19:16:22" ,
"category" : "Other" ,
"uuid" : "a9cd7679-ab30-44f0-a181-a34756f08f3f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7/analysis/1560885382/" ,
"category" : "Payload delivery" ,
"uuid" : "052fb771-186d-402c-8be5-02ea4657c5ae"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/55" ,
"category" : "Payload delivery" ,
"uuid" : "22f740bd-ce13-43d6-b566-5d09c5cfd814"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--50675af8-63e6-45fc-8705-fe07a29bcf6a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:48.000Z" ,
"modified" : "2019-06-21T15:52:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '6de70812923df430cff73fcf66830e6d' AND file:hashes.SHA1 = '13cc834fbf30e32146ae1be4a6bbba5b7be41ae3' AND file:hashes.SHA256 = '49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T15:52:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5fc7be9f-fde9-45be-a619-1952b90e8506" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:48.000Z" ,
"modified" : "2019-06-21T15:52:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-13T22:39:35" ,
"category" : "Other" ,
"uuid" : "3c70bbea-cf02-4b93-8295-b3b4a116c77c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f/analysis/1560465575/" ,
"category" : "Payload delivery" ,
"uuid" : "a330507d-9192-4e56-ad08-eeb3401a64ab"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/58" ,
"category" : "Payload delivery" ,
"uuid" : "0ef769b9-de75-41b6-86d4-e97d6edef792"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9803a8e8-e8b7-4708-9565-3f261694a5cb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:48.000Z" ,
"modified" : "2019-06-21T15:52:48.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f54c7e19bc1db3b3897b6fe81a403db0' AND file:hashes.SHA1 = '20ee3e5634a7a826a68ec858474f65cd58190870' AND file:hashes.SHA256 = '0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T15:52:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--20480301-47fb-4a64-81c9-8aa80a18dc89" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-14T16:31:05" ,
"category" : "Other" ,
"uuid" : "ad41b356-c3b3-4dcd-855e-7bd45c6d2891"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369/analysis/1560529865/" ,
"category" : "Payload delivery" ,
"uuid" : "4f643b42-1af6-49d6-b5e8-43f72941844a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/50" ,
"category" : "Payload delivery" ,
"uuid" : "baa30bab-f182-4eb5-bba6-db9551c005d1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4e6b8d5b-af14-4a65-833d-5e41861d39a3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '7c48b82ee08fbf7b4f4190b0973dfd5c' AND file:hashes.SHA1 = '1b278755efb2fefde2c32be6d0aa329ae35a9fc6' AND file:hashes.SHA256 = 'd068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T15:52:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--599d8b4a-50a0-4a83-a25a-dd8b2879fe32" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-13T22:39:39" ,
"category" : "Other" ,
"uuid" : "e850ba03-ed6c-474a-ae87-db0f0c31551d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1/analysis/1560465579/" ,
"category" : "Payload delivery" ,
"uuid" : "4ed5c275-ec23-49f5-accf-23d17dfd73b8"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/55" ,
"category" : "Payload delivery" ,
"uuid" : "6aeb3a94-650e-4c76-99da-75e53081eaba"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--40227e50-2444-4a4a-80fe-fe4eeddd8a0c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '784ab23904c34c2033b8ab3fbb18645d' AND file:hashes.SHA1 = '75374fe86e63b1c60b02be4ebe3770a58a4423e1' AND file:hashes.SHA256 = 'c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-21T15:52:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4aaab1e9-b177-41dc-b0a3-891174e327a5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-21T08:57:11" ,
"category" : "Other" ,
"uuid" : "67e1c498-a970-46de-8907-61e496935893"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d/analysis/1561107431/" ,
"category" : "Payload delivery" ,
"uuid" : "e57632b1-769b-4c66-bd28-0c73fdb20fa5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/57" ,
"category" : "Payload delivery" ,
"uuid" : "528491e6-7f21-401a-9749-cb93d8c6fa29"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--827ffad8-99f9-46ee-a041-bafa73baf570" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b" ,
"target_ref" : "x-misp-object--360b84b9-09a3-414f-a88d-558b8503d0eb"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--daee9148-fdc6-4e90-9bbe-11625c525586" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c3d5088e-84f5-4ef5-b213-67beb35b4e23" ,
"target_ref" : "x-misp-object--46bcd5b2-85e1-4961-ad0c-add96cfc111c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--deb7ec17-f982-4462-8ac0-f1591da9c416" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--50675af8-63e6-45fc-8705-fe07a29bcf6a" ,
"target_ref" : "x-misp-object--5fc7be9f-fde9-45be-a619-1952b90e8506"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--2ae389eb-b3a1-4d7e-a4b0-d03037b32970" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-21T15:52:49.000Z" ,
"modified" : "2019-06-21T15:52:49.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9803a8e8-e8b7-4708-9565-3f261694a5cb" ,
"target_ref" : "x-misp-object--20480301-47fb-4a64-81c9-8aa80a18dc89"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--d65fefc5-41b3-481e-8e8b-08bfb4ade268" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-21T15:52:50.000Z" ,
"modified" : "2019-06-21T15:52:50.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--4e6b8d5b-af14-4a65-833d-5e41861d39a3" ,
"target_ref" : "x-misp-object--599d8b4a-50a0-4a83-a25a-dd8b2879fe32"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--e8ed234a-b566-4ddd-bf42-7caa03c7c557" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-21T15:52:50.000Z" ,
"modified" : "2019-06-21T15:52:50.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--40227e50-2444-4a4a-80fe-fe4eeddd8a0c" ,
"target_ref" : "x-misp-object--4aaab1e9-b177-41dc-b0a3-891174e327a5"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}