adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/ea44bf19-332c-4dd8-8149-cd64a020c460.json

663 lines
157 KiB
JSON
Raw Permalink Normal View History

chg: [feeds] updated
2024-08-07 08:13:15 +00:00
{
"type": "bundle",
"id": "bundle--ea44bf19-332c-4dd8-8149-cd64a020c460",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:40.000Z",
"modified": "2024-04-24T08:17:40.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--ea44bf19-332c-4dd8-8149-cd64a020c460",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:40.000Z",
"modified": "2024-04-24T08:17:40.000Z",
"name": "OSINT - Potential abuse by Lazarus group using LinkedIn to spread malware",
"published": "2024-04-24T08:18:04Z",
"object_refs": [
"x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"indicator--4e694833-a507-490c-801e-4a1d046c6bb6",
"indicator--0a261f97-18ef-48b1-8413-41cdb23af57e",
"indicator--e8ce3ab9-ca6c-435a-8ffd-e530bbe2b586",
"indicator--0d697be1-5bb2-4165-832a-de7ec5ec6c3b",
"indicator--0f888db2-f528-4be7-b773-30746f468564",
"indicator--ccb4f586-8d20-44c9-8409-7f9bf82ab1f3",
"indicator--bbdc449d-f104-4ee0-b5e0-49f22bc8ae77",
"indicator--fcd9e347-7ff2-4396-a87f-b560b1e4d9c6",
"indicator--ae7750cc-6d46-4aa4-854b-faa653a7ffc6",
"x-misp-object--c4d5fb0e-ed0d-46b1-8c9f-43141bf5f080",
"indicator--d804ff70-5868-4d8a-a9f9-445b372d928d",
"x-misp-object--8a453d92-de5f-46f3-951b-7dbd33aeea36",
"indicator--c0ad189d-c3a5-448d-8e12-0edcf29357eb",
"x-misp-object--2fb6dad2-122d-4845-ab45-ce5b76ae3038",
"indicator--b0301e3d-0788-4959-b7d1-128510c2f015",
"x-misp-object--52c29329-199a-41ff-84b1-edc3b91e98ac",
"indicator--c5aec8df-8d20-494d-be8b-8844cb015d8a",
"relationship--45bcac97-6f1e-4a14-bd76-50bf625cda0f",
"relationship--a45c7c26-1ca3-41d5-935a-03f62bc83245",
"relationship--3123ff4c-8e72-4836-b9df-77852e6cb492",
"relationship--11a5fcb4-b1d1-4e95-804c-c757b0862258",
"relationship--7fec8a9b-3758-4bc7-ad0e-db1e6a11882e",
"relationship--804b0eda-2c76-4322-8043-c270bc0a38d6",
"relationship--6fdf3c1c-e09b-4ed9-94d9-91c5c27bcbc8",
"relationship--91f2b448-463e-4070-b4f3-28d2cc30878b",
"relationship--3ebfa23c-e131-4900-a5a5-28f34f64f14a"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Lazarus Group\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear",
"estimative-language:confidence-in-analytic-judgment=\"low\"",
"misp-galaxy:rat=\"NukeSped\"",
"misp-galaxy:sector=\"Employment\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:16:50.000Z",
"modified": "2024-04-24T08:16:50.000Z",
"labels": [
"misp:name=\"twitter-post\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "#Lazarus #APT \r\n\r\nThe Lazarus group appears to be currently reaching out to targets via LinkedIn and spreading malware\r\n\r\nhttps://stackoverflow.com/questions/78328188/scam-js-code-does-this-script-install-anything-malicious-locally-if-i-ran-it-wi\r\n\r\nIOC : \r\nhttps://pastebin.com/2pz1iQFm",
"category": "Other",
"uuid": "e35bb345-cc62-48fc-af66-a7a8cf634a28"
},
{
"type": "link",
"object_relation": "link",
"value": "https://twitter.com/asdasd13asbz/status/1782951380568936481",
"category": "External analysis",
"uuid": "8ce28ce4-8339-447d-9d92-a7e2bc410127"
},
{
"type": "text",
"object_relation": "name",
"value": "asdasd13asbz",
"category": "Other",
"uuid": "7b2a2276-ec54-400a-a44f-2d518daf1f9a"
},
{
"type": "link",
"object_relation": "embedded-safe-link",
"value": "https://stackoverflow.com/questions/78328188/scam-js-code-does-this-script-install-anything-malicious-locally-if-i-ran-it-wi",
"category": "External analysis",
"uuid": "1b609691-69fe-4f86-a1ad-c77dc2707e74"
},
{
"type": "text",
"object_relation": "user-id",
"value": "asdasd13asbz",
"category": "Other",
"uuid": "32ca742e-630e-4d05-81eb-7f5bb9e1db85"
},
{
"type": "attachment",
"object_relation": "media",
"value": "GL5Qx1MboAAZwsk.png",
"category": "External analysis",
"uuid": "fe1cbfd9-09e4-428b-8609-7b81400a6ee0",
"data": "iVBORw0KGgoAAAANSUhEUgAABIUAAAJXCAIAAACCCHPkAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7L1psx3VlS16f4DLEe9+rfsi6gfUhxf3W5mqKKrBhG1ssLFxgzu4hpIuNhSNm6J1AwYhDFg0xti0MpaFDYUFGDAWvehMp0MjJFlCQhLSUQNCAgkJIb+ROTLnnnutlXn22f05OUaM2FrNXHPNNTN35hrKvff5H3/N8crKv7AgCIIgCIIgCIIgDAfSY4IgCIIgCIIgCKOB9JggCIIgCIIgDBVXPzT5sctX/t33lv/tt18QkQdkAzkpstMwSI8JgiAIgiAIwpCwbvt70B6BIBFJZAb5KTLVGEiPCYIgCIIgCMKQIDFWT+SnyFRjID0mCIIgCIIgCMPA1Q9NBvJDjNm0Dy5KjwmCIAiCIAjCMKCHY52waY/IpMcEQRAEQRAEYRjQD3h0QmSpyFczID0mCIIgCIIgCMNAIDzEKhb5agakx4S/7njzzS999fiPH/nZ1X9ZUzQJ3WJaydy7d+/Z5/3w8E8c9eTTfy6axhvbt+848f+e/Jljjl372rqiafAYyaRdIHnocWQPOfSwM757Fo510TTTMK0lzJSD1V8gM8gPsuTfyCjjrY03+HQPfdcDh4zkqkeL+Fzte5BwWHPRfn3DhtO+c+Y///vHMOOCq35WtM4K1C98CMC803pf3Hrbf+MozL/0p0V9nBCoDrGKRb6agQHqsb3vvffAgw+ffOq38RbCuwL8t8OP+PLXv3Hzrxbt37+/MJqBqNlw79q1+/Y7lpww91tYKZeMtR93wty7/nBvYdEZ4Oe++5fGqbvksgWbt2wpjPqHoekxXh8DMkU/u/a6latWf3DwYGE6YzGtZMIGlkjCeN4zYnC7A+JQFk2Dx0gm7QLSY8BMOVj9BTITb/rxpkZLF9fVrgcOGclVjxbxudr3IGsu2ssef5K3/iOO+twXvnzc5VdcXXREGNo9t4+oWfhwMN33hfTYLGCRr2ZgUHpsxasrP3PMsXgzxOzwvj62SF5JDx48+Oiyx00+Bez8ivD+++//7vY7qvyAg7jzjVaPeUKYTbz0cmE93njxpZd/PO+SO5bcVdRLTCuZ77z77lnn/vCTn/n88y/MjM9JT27ddsKcb371+BNfW7e+aJo+Dhw48ORTT3/3zHP//MyzRVMt+jLplNi9ezfeet876zwcwaJpmkge+niDOLaoOqWntYThHKxxQ3LTv+yJJz/2yc9cePFPpnvoux44ZCRXPVrE52rfg6y6aKP95FO//U//evitv7t9yv9YHNo9t4+oWnjVdaPvSL4vaq7b0mOzgEW+moGB6LH1r2+gGDvplNNfevkVPg3DFQpvmIcfeWzBVT8b89tMPZJXUlyh/u3wI3AtPu+HF7y2bh1kFRrxunXbtrv+cO8vr7+JZvXA9e78Cy9G3uAH15dnn3vBEoWuV1a8iisLGtnSRwzt3pC8PtrS+D+LeH3ksWXQt0X3uAIBI9r4IcBMvNEOGX3fIfUFOF44ajh28X29QyQPfbxBHFtUndIzaAmjwnie0oPGGK46PleHFuTa19Z98tPHfO6LX+3kMyyz6TZRdd0YDmqu29Jjs4BFvpqBgeixq3/+S7wNTvvOmdhqF02zCPGVFILz7O//CEu+5LIFVGJdAAMvv+JqOIHnJ596epiCZGj3hvrr4+Tk1pNOPo0ZWLlqddE6rpAe6xrjuXmtua93iOShjzeIYwvpsa4xnqf0oDGGq47P1aEFOa0LyGy6TUiPdYFAdYhVLPLVDPRfj+19773vnHnOCN+fg0Z8JX3rrZ1fOe6EHq/4Dzz48D/96+GHH/Hpp//c0Ye4+oih3RumvD5Obt329W/Mgc25Pzh/3759RetYQnqsa4zn5rXmvt4hkoc+3iCOLaTHusZ4ntKDxhiuOj5XhxbktC4gs+k2IT3WBQLVIVaxyFczMEA9dvXPf1k0dYAtk5NX/uzazx/7NWgSjD3iqM9dctmCrdu2sffgwYOvb9iw4KqfmcHhnzjqnO+fv3HTJhoQ/sr77rt7rrvx5iOP/gKqeP3VosXc339w8OAjjy077oS58PPP//6xk0/7zssrXuXwDhFfSU2P/eHeP7Jluti1a/eJ//dkeLjpV7+e1pMxGL+2bt2P512CjGE4+NkvfuXa626ouiUgLb+97b+P/do3uPwT5nxz2eNP7tixo+regKQtuesPtAeRtz898FCglCAgP/6po5F5rKJoqkAn18eHH3kME8XBTHelsH/xpZf/84zv8mOQOAeSxjgfEL+Z4fVbp56BgUV3BB59BuBp9wMaMH5/EsLz2d//EU5j+iGq9gr+MKEXS774J5dXrdSjw4E4UgtvWfTV40/k74Dx3WQ/iGeHCcm59777j/78l1Hlb4X51dEY8IcVC8QymUzMfvmCq7Zt304zAKMwFl0B/f4pRv2kPNB4I3MtuEQ89Mij8fc3ajJDVzHRzrGYopPrTzLOeINYhQ5n8ecM356wRxXLP+07Z/oT7NnnXviXj36i6gNUPBbofXXlKoQNDwHRyPz4JfjjixMbpzcSS4fElEkIPPzu9juS//PCCzUuUDyseLMvuvV3uLngiKNqh6YKPkv+bYjXad0LujgoRVPtoa9/A9YM5I0S2YABiNMYN8oNG9uCAXhw7Qh6VHWhiiukec6urr+8IQ7AI7lq4v33339s2RO4lvJAY5k4lPG9w0B7+wkr2uONfODAARoEPw+GY4H38p133xN8ICVOXRAkAjjznB+geuPNt9DAA4cb+azqJeJVJy8gwVsgQPJtkoSfbvfu3T+98mdIKfJj31zANunGhbfYuYRe3M7iM3m6F8wYwcK5BFQDJs86AlmFwY9+fLEdVmLd+tfxxvz0MV/asGFj0ZQDFy5coOwKFhzcKa/bNUvGZbPqVBwOAtXRC09etH7HO+9fdv+WoH2YRAy73/vg10/tCNp7Z5GvZmAgn1f81a9/g5Meb7BXOpA6eKvc9Yd77Sp8zJe+BvJtY9c73kLM4AtfPs5u5/6DbXa9uPue+3gngCXuWGgBL7/ialzT+ZlANNosMHvyqacLFx0gvpLi4nLhxT+Bq69/Y84bm7v5/cPnl09g54Tl4MJUNHUA3Ip+cf2N3CVwsdg6s4rw4udsuNhRN4JHffaLTCPsr77mFyjH9wZ+NR/GTDuGcOxZ5/7QfxKVOyTYTPndNrs+FvUUIA5xo4WZF7fTXSnsr7jqGhogbDvWnznmWL9G/4U9OGRCULULeoydO3eeesb3vviV43jG4kRCGUQjumBgpwe2F8gePVu0VWesnerAmrWvwSEa/UrjoxOjw4HPPPvcJz/zeZhVrZqHCXIFAoZhgzxqyW2EHVb+vFhwtvicv7Zu/Qlzv2UzwobZg8zGe5M2MWomRZC337EEM+JwwI/t1a665lp/y6/PDC4X6GUjg2dUaOdwmMEYw9lr8QdHMxlnsIeoQYez2Dmz9MGH8E5EwZ/hyICdS7vfeYcfAH7goUfY4sEE4sKFd1z9KW1LuH/pg7BhDu26+p0zz/FXg/okJD3EP2Btb0wQ9giGxpgLugUFO1er0K97wXQPin8jVx36Kd+AyYG4UUJ+0JLB+LDRBYPCtFp0Acmu7P/U8mUy23zzJod7JFcNbN++gyceiPTa4QPRjt7CrgRaTjn9u7G9zwDvMmbACEEcRC/J4tTFQeLtgCoiwRuELQbefQ4/4tMrXl1ZNEWIHSYvILjQ1fykTfJtkoRNh/c7/6eb5Oz0gyrPJczLdzFOCVyN6YGY1gUziWDhU94KY7z8yorDPv4p5Oatt9oMcK+HBzC4UuHNiNjO/v6P+BsEwcGd8rpds2QwOHOGjEB11BBCa/+BgzVSpxM9RiecGoW+iDc4wbyYPWjvLxlzQzAQPYbLK65GOONx6mNLV///EPfedz/eKrh83Pq7221PhgKqUCmsrn1tHa4XuLrZ/+Ls3r372/91NqbAfqL1X2jl9eLTx3xp3iWX8T9uMeS++5fCPw
},
{
"type": "link",
"object_relation": "embedded-safe-link",
"value": "https://pastebin.com/2pz1iQFm",
"category": "External analysis",
"uuid": "1bc07857-8aec-4007-b69a-881e1036f86a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "twitter-post"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4e694833-a507-490c-801e-4a1d046c6bb6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:40.000Z",
"modified": "2024-04-24T08:17:40.000Z",
"pattern": "[file:hashes.MD5 = '7a5a694ac7d4068f580be624ece44f4f' AND file:name = 'Archive.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T08:17:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0a261f97-18ef-48b1-8413-41cdb23af57e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:37.000Z",
"modified": "2024-04-24T08:17:37.000Z",
"pattern": "[file:hashes.MD5 = 'aad9dcd3a2045dafea47eef776ec5b8a' AND file:name = 'E.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T08:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e8ce3ab9-ca6c-435a-8ffd-e530bbe2b586",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:14:01.000Z",
"modified": "2024-04-24T07:14:01.000Z",
"pattern": "[file:hashes.MD5 = '53ec27df858d3d133808ec338df29fc6' AND file:name = 'cryptoPriceMonitoringSite-main.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T07:14:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0d697be1-5bb2-4165-832a-de7ec5ec6c3b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:34.000Z",
"modified": "2024-04-24T08:17:34.000Z",
"pattern": "[file:hashes.MD5 = 'e6d09c7ad340d10109e6781bfb05a319' AND file:name = 'dev_now_gold.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T08:17:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0f888db2-f528-4be7-b773-30746f468564",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:14:34.000Z",
"modified": "2024-04-24T07:14:34.000Z",
"pattern": "[file:hashes.MD5 = 'f1b78698b108fbf5bfcbb6d7f3bbad76' AND file:name = 'purchased-casino-template-master.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T07:14:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ccb4f586-8d20-44c9-8409-7f9bf82ab1f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:26.000Z",
"modified": "2024-04-24T08:17:26.000Z",
"pattern": "[file:hashes.MD5 = 'fa174cdd22080f11e13844c1e3326cd2' AND file:name = 'server.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T08:17:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bbdc449d-f104-4ee0-b5e0-49f22bc8ae77",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:23.000Z",
"modified": "2024-04-24T08:17:23.000Z",
"pattern": "[file:hashes.MD5 = '97868b884fc9d01c0cb1f3fa4d80b09f' AND file:name = 'test_interview.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T08:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fcd9e347-7ff2-4396-a87f-b560b1e4d9c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:19.000Z",
"modified": "2024-04-24T08:17:19.000Z",
"pattern": "[file:hashes.MD5 = 'd3a85f6ccf117fb1cdb506094edddd22' AND file:name = 'test-project.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T08:17:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae7750cc-6d46-4aa4-854b-faa653a7ffc6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T08:17:15.000Z",
"modified": "2024-04-24T08:17:15.000Z",
"pattern": "[file:hashes.MD5 = '46b2cfef633e6e531928a9c606b40b16' AND file:name = 'test-task.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T08:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c4d5fb0e-ed0d-46b1-8c9f-43141bf5f080",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:16:05.000Z",
"modified": "2024-04-24T07:16:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/c09271054916807f78795a7440c6223d05c6dd543b97fd3a32aa44b1e8dc658e",
"category": "External analysis",
"uuid": "085b382d-634d-4ddb-aa13-67ae7a0020b3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/63",
"category": "Other",
"uuid": "02d189ab-bebd-4db1-8a33-e188891d1da2"
}
],
"x_misp_comment": "7a5a694ac7d4068f580be624ece44f4f: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d804ff70-5868-4d8a-a9f9-445b372d928d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:16:06.000Z",
"modified": "2024-04-24T07:16:06.000Z",
"description": "7a5a694ac7d4068f580be624ece44f4f: Enriched via the virustotal module",
"pattern": "[file:hashes.MD5 = '7a5a694ac7d4068f580be624ece44f4f' AND file:hashes.SHA1 = '3e52250148123c5105ce251899cf6ba696657daf' AND file:hashes.SHA256 = 'c09271054916807f78795a7440c6223d05c6dd543b97fd3a32aa44b1e8dc658e' AND file:hashes.SSDEEP = '384:DlV7q4PW1bzAhWoiqy6F2Axnyrk/YnW2xXsju46qXAEVsbYIGiXsrJ9ZjadxNtTf:GfbzAhWoiq1Ffsn462hi8rPxWL' AND file:hashes.VHASH = '8ea2b911231296d0b157663c9925747a' AND file:x_misp_tlsh = 't181a21a7d862c1d56eb425279db828b4c92c7480253d7298ff794a80c9b6f1c4eb3f687']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T07:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8a453d92-de5f-46f3-951b-7dbd33aeea36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:16:38.000Z",
"modified": "2024-04-24T07:16:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/1e959131e5964fc47b468bd5b920221a418b660898a692215ee996452d0b741a",
"category": "External analysis",
"uuid": "4bd2066f-86ad-4ddf-9f65-c64c217839c1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/63",
"category": "Other",
"uuid": "c9dfa03f-8f3e-4123-8fae-14df1f2fefc6"
}
],
"x_misp_comment": "aad9dcd3a2045dafea47eef776ec5b8a: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c0ad189d-c3a5-448d-8e12-0edcf29357eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:16:38.000Z",
"modified": "2024-04-24T07:16:38.000Z",
"description": "aad9dcd3a2045dafea47eef776ec5b8a: Enriched via the virustotal module",
"pattern": "[file:hashes.MD5 = 'aad9dcd3a2045dafea47eef776ec5b8a' AND file:hashes.SHA1 = 'b69740225bf9c370ade85120fabff3e0a06ec747' AND file:hashes.SHA256 = '1e959131e5964fc47b468bd5b920221a418b660898a692215ee996452d0b741a' AND file:hashes.SSDEEP = '196608:/TiGy2glm8hpEs6nfk3VXPsI7wSAcGqO2glnHXLN++37gD8MumWhIIIDizJBbEQ:+XXxhL2sF/siwSAcq2gZ35++LpMumWKA' AND file:hashes.VHASH = '368ee962ab7ee47e59e1451977b49a53' AND file:x_misp_tlsh = 't1ebc633e9d60afd13cfb330fd15232197d62b403a04d93a0e6ae7275849a7e716b481b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T07:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2fb6dad2-122d-4845-ab45-ce5b76ae3038",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:18:16.000Z",
"modified": "2024-04-24T07:18:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/5cc1493357886c767354f152b940d63991f07a5010f22a46e8a514a08fbe3b18",
"category": "External analysis",
"uuid": "a2f13666-190c-43a5-b7f9-4bccd10573ed"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "14/62",
"category": "Other",
"uuid": "65f2ce24-7453-4cdd-b787-7a9c77b1b3f9"
}
],
"x_misp_comment": "d3a85f6ccf117fb1cdb506094edddd22: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b0301e3d-0788-4959-b7d1-128510c2f015",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:18:16.000Z",
"modified": "2024-04-24T07:18:16.000Z",
"description": "d3a85f6ccf117fb1cdb506094edddd22: Enriched via the virustotal module",
"pattern": "[file:hashes.MD5 = 'd3a85f6ccf117fb1cdb506094edddd22' AND file:hashes.SHA1 = '9be879834f1b2e19adfc342657a70be2da5fb27e' AND file:hashes.SHA256 = '5cc1493357886c767354f152b940d63991f07a5010f22a46e8a514a08fbe3b18' AND file:hashes.SSDEEP = '384:i/3WEvsdCWlcn8IKO/XE6nvmjFAHl9/xsazRDtQYBrpP:6UCW50XQWFVx9zRhzr1' AND file:hashes.VHASH = '44a94cf9b723ba33e3c34a03cbf30a77' AND file:x_misp_tlsh = 't19192e10892fa3a12e6a9ea3ceeaa7a77dfc4c76013219b371c155f40bd614731786748']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T07:18:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--52c29329-199a-41ff-84b1-edc3b91e98ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:18:39.000Z",
"modified": "2024-04-24T07:18:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/f790ad0bfe7a465805b44264c88588e70eb3200806ac290150205a57d28d6b1a",
"category": "External analysis",
"uuid": "14b96d22-9e65-4bbc-abc1-aae00d71544c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "7/63",
"category": "Other",
"uuid": "7b7cc868-a164-43b6-a756-9a2fd2f08425"
}
],
"x_misp_comment": "46b2cfef633e6e531928a9c606b40b16: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c5aec8df-8d20-494d-be8b-8844cb015d8a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-04-24T07:18:39.000Z",
"modified": "2024-04-24T07:18:39.000Z",
"description": "46b2cfef633e6e531928a9c606b40b16: Enriched via the virustotal module",
"pattern": "[file:hashes.MD5 = '46b2cfef633e6e531928a9c606b40b16' AND file:hashes.SHA1 = '9cacbe18dca9df61f8adffd856193519d45425b2' AND file:hashes.SHA256 = 'f790ad0bfe7a465805b44264c88588e70eb3200806ac290150205a57d28d6b1a' AND file:hashes.SSDEEP = '12288:WPG0mF7+lXnIxgscWkYfdiDUZzCdbq8N8Eu:R5F7eXnLscWkkPybq8Nju' AND file:hashes.VHASH = 'a3db384a0b424982d7ba1e63c5ce7c17' AND file:x_misp_tlsh = 't157c41251e02b4921e74fb73e68c54b79f1a8c75941b8fa1716d3e0d2c80a9ea0e53e0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-04-24T07:18:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--45bcac97-6f1e-4a14-bd76-50bf625cda0f",
"created": "2024-04-24T07:55:31.000Z",
"modified": "2024-04-24T07:55:31.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--bbdc449d-f104-4ee0-b5e0-49f22bc8ae77"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a45c7c26-1ca3-41d5-935a-03f62bc83245",
"created": "2024-04-24T07:55:45.000Z",
"modified": "2024-04-24T07:55:45.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--e8ce3ab9-ca6c-435a-8ffd-e530bbe2b586"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3123ff4c-8e72-4836-b9df-77852e6cb492",
"created": "2024-04-24T07:55:58.000Z",
"modified": "2024-04-24T07:55:58.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--ccb4f586-8d20-44c9-8409-7f9bf82ab1f3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--11a5fcb4-b1d1-4e95-804c-c757b0862258",
"created": "2024-04-24T07:56:13.000Z",
"modified": "2024-04-24T07:56:13.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--fcd9e347-7ff2-4396-a87f-b560b1e4d9c6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7fec8a9b-3758-4bc7-ad0e-db1e6a11882e",
"created": "2024-04-24T08:12:57.000Z",
"modified": "2024-04-24T08:12:57.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--ae7750cc-6d46-4aa4-854b-faa653a7ffc6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--804b0eda-2c76-4322-8043-c270bc0a38d6",
"created": "2024-04-24T08:13:17.000Z",
"modified": "2024-04-24T08:13:17.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--4e694833-a507-490c-801e-4a1d046c6bb6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6fdf3c1c-e09b-4ed9-94d9-91c5c27bcbc8",
"created": "2024-04-24T08:13:30.000Z",
"modified": "2024-04-24T08:13:30.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--0a261f97-18ef-48b1-8413-41cdb23af57e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--91f2b448-463e-4070-b4f3-28d2cc30878b",
"created": "2024-04-24T08:13:47.000Z",
"modified": "2024-04-24T08:13:47.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--0d697be1-5bb2-4165-832a-de7ec5ec6c3b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3ebfa23c-e131-4900-a5a5-28f34f64f14a",
"created": "2024-04-24T08:14:06.000Z",
"modified": "2024-04-24T08:14:06.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"target_ref": "indicator--0f888db2-f528-4be7-b773-30746f468564"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink