misp-circl-feed/feeds/circl/stix-2.1/3dd18ce2-fa55-4f0d-b88e-7d4144cb0dcb.json

1182 lines
6.4 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--3dd18ce2-fa55-4f0d-b88e-7d4144cb0dcb",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-15T14:38:47.000Z",
"modified": "2021-02-15T14:38:47.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--3dd18ce2-fa55-4f0d-b88e-7d4144cb0dcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-15T14:38:47.000Z",
"modified": "2021-02-15T14:38:47.000Z",
"name": "OSINT - AN ANALYSIS OF THE EGREGOR RANSOMWARE",
"published": "2021-02-15T15:43:30Z",
"object_refs": [
"indicator--17dc0ffa-4a2b-4d42-ba06-6aa03a3d1c90",
"indicator--876d3f0f-67be-460a-9698-5d4c71608542",
"indicator--ce5fee99-343b-4587-b457-e2cfb4e93609",
"indicator--a0833512-12b4-4ecc-8e8d-a3098e898712",
"x-misp-object--b071f5ab-13d6-4ad5-a672-4cebaa5e153a",
"indicator--2cf059bf-c9bb-45ec-8081-24580591c28e",
"indicator--a3ea3a58-f109-43b1-b078-9e11b542313c",
"indicator--63d7f5b9-41c5-4f44-ace0-26e11e0cc229",
"indicator--f2936b0e-ae7a-42eb-bace-3a0bad808bc3",
"indicator--5ad71033-a9bc-4b2f-9cc1-e88e9ef18061",
"x-misp-object--0e312499-9395-4abe-9028-45e95f2f4fbf",
"indicator--7a5449ce-4045-483d-b35d-dfc66a616bd6",
"observed-data--a8074bad-06e1-49f3-86d8-4b19e56a4ae0",
"file--a8074bad-06e1-49f3-86d8-4b19e56a4ae0",
"observed-data--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a",
"file--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a",
"observed-data--c4538780-11c9-4a5c-8d0d-7434ff9181dc",
"file--c4538780-11c9-4a5c-8d0d-7434ff9181dc",
"observed-data--fed58fdc-7c0c-4002-bbef-86fb4726a3da",
"file--fed58fdc-7c0c-4002-bbef-86fb4726a3da",
"observed-data--f8579a05-7f96-4268-82cf-645c0045ca55",
"file--f8579a05-7f96-4268-82cf-645c0045ca55",
"observed-data--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8",
"file--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8",
"observed-data--0b2884d2-bc50-4685-a67b-8d991954a6cb",
"file--0b2884d2-bc50-4685-a67b-8d991954a6cb",
"observed-data--83a484b6-76fb-4f76-9678-aa8ce5b58a33",
"file--83a484b6-76fb-4f76-9678-aa8ce5b58a33",
"indicator--49deb639-c2c2-4827-9432-eb26dfa7eda3",
"x-misp-object--747a5248-50e1-4f7f-9613-8ad4e705c566",
"indicator--b2a0e9be-8266-4563-84af-71c7a50340b5",
"x-misp-object--76476e47-b0f8-4fd5-bf5a-e1c5c3306583",
"indicator--eafad8c7-10ef-40e1-8855-31ac9348109f",
"x-misp-object--97c200ee-bddf-4ed8-8d67-56e294ff5bc6",
"indicator--1abfca9e-ff3b-46b7-a292-f1da37e5ce53",
"x-misp-object--0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2",
"x-misp-object--b22441f3-3561-404b-8d8a-fa996e2ea559",
"indicator--51189739-090d-4aef-91a4-19919d5351da",
"x-misp-object--3d9f587c-1c2c-4487-906b-049a8432d905",
"indicator--373e4c46-6e28-4c3e-af34-5887827e0ac2",
"x-misp-object--40b097c3-8697-4a70-8912-d74e9607e00e",
"indicator--0e7323a8-652c-4d44-a51a-6d69e1191047",
"x-misp-object--bfc79a66-c531-41e0-9ca9-eb49d718210a",
2024-04-05 12:15:17 +00:00
"relationship--09ec7aa8-e7c3-4233-980f-3986c21df12c",
"relationship--481495d7-8897-4aa4-bef5-b3d62f717571",
"relationship--db3d4abc-8fd7-414d-83e1-19d8d7e0d0c3",
"relationship--5f9edcef-73f0-400a-9cc6-61383a6881a0",
"relationship--1a11e455-073d-4faa-a933-a9cfd1b732e2",
"relationship--7711eeff-33cb-4606-a89c-5c84c9e0fc4e",
"relationship--83040457-aa2a-4c32-8826-db662474090a",
"relationship--23c4c8ec-f679-495d-a8f5-b460100f3ab0",
"relationship--c447770e-809b-4399-9c57-44e21d45b11d"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Egregor\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:mitre-malware=\"REvil - S0496\"",
"misp-galaxy:ransomware=\"Sodinokibi\"",
"misp-galaxy:malpedia=\"Gandcrab\"",
"misp-galaxy:ransomware=\"GandCrab\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--17dc0ffa-4a2b-4d42-ba06-6aa03a3d1c90",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:08:46.000Z",
"modified": "2021-02-11T17:08:46.000Z",
"pattern": "[url:value = 'https://aes.one/files/d/p43/r1jv9967jd1i3kik9knctlok5/35f35ecea4d8a142/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-11T17:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--876d3f0f-67be-460a-9698-5d4c71608542",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:08:46.000Z",
"modified": "2021-02-11T17:08:46.000Z",
"pattern": "[url:value = 'https://aes.one/files/d/pc3/2iopi0o8coob22n8s60pn6b7ps/b6bbf78b901c1fdf/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-11T17:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ce5fee99-343b-4587-b457-e2cfb4e93609",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:08:46.000Z",
"modified": "2021-02-11T17:08:46.000Z",
"pattern": "[url:value = 'https://file.io/WmCH77xcKmbJ']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-11T17:08:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0833512-12b4-4ecc-8e8d-a3098e898712",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-15T14:30:04.000Z",
"modified": "2021-02-15T14:30:04.000Z",
"description": "The local IP was assigned to a Tor exit\r\nnode; which belongs to a Calyx Institute.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.247.74.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-15T14:30:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"tor:tor-relay-type=\"exit-relay\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b071f5ab-13d6-4ad5-a672-4cebaa5e153a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:02:38.000Z",
"modified": "2021-02-11T17:02:38.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.morphisec.com/hubfs/eBooks_and_Whitepapers/EGREGOR%20REPORT%20WEB%20FINAL.pdf",
"category": "External analysis",
"uuid": "b1e7d38b-85f9-4406-bdc8-3214b8e8d833"
},
{
"type": "text",
"object_relation": "summary",
"value": "Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.In this report, we will provide a detailed and anonymized coverage of Egregor\u2019s tactics, techniques, and procedures (TTPs) following an incident response activity that was conducted at the end of November 2020. The goal of this report is to shed light on some very different techniques for initial access, persistence, and exfiltration than what is typically reported on with respect to the Egregor group. In this report, you will not find any indication of Qbot or Cobalt Strike beacons.Though we are not going to provide an exact attribution, you will find evidence in the report that may indicate a connection to the Revil group. We will provide evidence such as upload accounts, download links, and services that can result in additional community wide research which hopefully can lead to further conclusions.We invite the research community to share additional insights that may correlate with the published IOCs.",
"category": "Other",
"uuid": "ffe5e67e-b713-4417-8016-aaf050c56dc8"
},
{
"type": "attachment",
"value": "EGREGOR REPORT WEB FINAL.pdf",
"object_relation": "report-file",
"category": "External analysis",
"uuid": "0a00eea3-720a-4bcd-a25f-da0e78f069a0",
"data": "JVBERi0xLjcNJeLjz9MNCjIyMiAwIG9iag08PC9MaW5lYXJpemVkIDEvTCA0OTkxNjM4L08gMjI1L0UgMzk5Mzc3Ni9OIDE2L1QgNDk4NzA4Mi9IIFsgNTQ2MzYgNDczNF0+Pg1lbmRvYmoNICAgICAgIA14cmVmDQoyMjIgMjcxNw0KMDAwMDAwMDAxNiAwMDAwMCBuDQowMDAwMDU5MzcwIDAwMDAwIG4NCjAwMDAwNTk1MTUgMDAwMDAgbg0KMDAwMDA1OTU1MSAwMDAwMCBuDQowMDAwMTEwNDc2IDAwMDAwIG4NCjAwMDAxMTA1MjIgMDAwMDAgbg0KMDAwMDExMDYzNiAwMDAwMCBuDQowMDAwMTEwNjczIDAwMDAwIG4NCjAwMDAxMTA3MTkgMDAwMDAgbg0KMDAwMDExMDc2NSAwMDAwMCBuDQowMDAwMTEwODExIDAwMDAwIG4NCjAwMDAxMTA4NTggMDAwMDAgbg0KMDAwMDExMDkwNCAwMDAwMCBuDQowMDAwMTEwOTUxIDAwMDAwIG4NCjAwMDAxMTA5OTkgMDAwMDAgbg0KMDAwMDExMTA0NiAwMDAwMCBuDQowMDAwMTExMDk0IDAwMDAwIG4NCjAwMDAxMTExNDAgMDAwMDAgbg0KMDAwMDExMTE4NiAwMDAwMCBuDQowMDAwMTExMjMzIDAwMDAwIG4NCjAwMDAxMTEyODAgMDAwMDAgbg0KMDAwMDExMTMyNiAwMDAwMCBuDQowMDAwMTExMzcyIDAwMDAwIG4NCjAwMDAxMTE0MTggMDAwMDAgbg0KMDAwMDExMTQ2NiAwMDAwMCBuDQowMDAwMTExNTEyIDAwMDAwIG4NCjAwMDAxMTE1NTggMDAwMDAgbg0KMDAwMDExMTYwNCAwMDAwMCBuDQowMDAwMTExNjUwIDAwMDAwIG4NCjAwMDAxMTE2OTcgMDAwMDAgbg0KMDAwMDExMTc0NCAwMDAwMCBuDQowMDAwMTExNzkwIDAwMDAwIG4NCjAwMDAxMTE4MzcgMDAwMDAgbg0KMDAwMDExMTg4NCAwMDAwMCBuDQowMDAwMTExOTMxIDAwMDAwIG4NCjAwMDAxMTE5NzggMDAwMDAgbg0KMDAwMDExMjAyNSAwMDAwMCBuDQowMDAwMTEyMDcyIDAwMDAwIG4NCjAwMDAxMTIxMTkgMDAwMDAgbg0KMDAwMDExMjE2NiAwMDAwMCBuDQowMDAwMTEyMjEyIDAwMDAwIG4NCjAwMDAxMTIyNTkgMDAwMDAgbg0KMDAwMDExMjMwNSAwMDAwMCBuDQowMDAwMTEyMzUyIDAwMDAwIG4NCjAwMDAxMTIzOTkgMDAwMDAgbg0KMDAwMDExMjQ0NiAwMDAwMCBuDQowMDAwMTEyNDkzIDAwMDAwIG4NCjAwMDAxMTI1NDAgMDAwMDAgbg0KMDAwMDExMjU4NyAwMDAwMCBuDQowMDAwMTEyNjM0IDAwMDAwIG4NCjAwMDAxMTI2ODEgMDAwMDAgbg0KMDAwMDExMjcyOCAwMDAwMCBuDQowMDAwMTEyNzc1IDAwMDAwIG4NCjAwMDAxMTI4MjEgMDAwMDAgbg0KMDAwMDExMjg2OCAwMDAwMCBuDQowMDAwMTEyOTE1IDAwMDAwIG4NCjAwMDAxMTI5NjIgMDAwMDAgbg0KMDAwMDExMzAwOSAwMDAwMCBuDQowMDAwMTEzMDU2IDAwMDAwIG4NCjAwMDAxMTMxMDMgMDAwMDAgbg0KMDAwMDExMzE1MCAwMDAwMCBuDQowMDAwMTEzMTk3IDAwMDAwIG4NCjAwMDAxMTMyNDMgMDAwMDAgbg0KMDAwMDExMzI4OSAwMDAwMCBuDQowMDAwMTEzMzM2IDAwMDAwIG4NCjAwMDAxMTMzODIgMDAwMDAgbg0KMDAwMDExMzQyOSAwMDAwMCBuDQowMDAwMTEzNDc2IDAwMDAwIG4NCjAwMDAxMTM1MjIgMDAwMDAgbg0KMDAwMDExMzU3MCAwMDAwMCBuDQowMDAwMTEzNjE4IDAwMDAwIG4NCjAwMDAxMTM2NjQgMDAwMDAgbg0KMDAwMDExMzcxMSAwMDAwMCBuDQowMDAwMTEzNzU4IDAwMDAwIG4NCjAwMDAxMTM4MDQgMDAwMDAgbg0KMDAwMDExMzg1MCAwMDAwMCBuDQowMDAwMTEzODk4IDAwMDAwIG4NCjAwMDAxMTM5NDUgMDAwMDAgbg0KMDAwMDExMzk5MSAwMDAwMCBuDQowMDAwMTE0MDM4IDAwMDAwIG4NCjAwMDAxMTQwODUgMDAwMDAgbg0KMDAwMDExNDEzMSAwMDAwMCBuDQowMDAwMTE0MTc4IDAwMDAwIG4NCjAwMDAxMTQyMjQgMDAwMDAgbg0KMDAwMDExNDI3MSAwMDAwMCBuDQowMDAwMTE0MzE3IDAwMDAwIG4NCjAwMDAxMTQzNjQgMDAwMDAgbg0KMDAwMDExNDQxMCAwMDAwMCBuDQowMDAwMTE0NDU2IDAwMDAwIG4NCjAwMDAxMTQ1MDIgMDAwMDAgbg0KMDAwMDExNDU0OCAwMDAwMCBuDQowMDAwMTE0NTk0IDAwMDAwIG4NCjAwMDAxMTQ2NDAgMDAwMDAgbg0KMDAwMDExNDY4NiAwMDAwMCBuDQowMDAwMTE0NzMyIDAwMDAwIG4NCjAwMDAxMTQ3NzkgMDAwMDAgbg0KMDAwMDExNDgyNSAwMDAwMCBuDQowMDAwMTE0ODcxIDAwMDAwIG4NCjAwMDAxMTQ5MTcgMDAwMDAgbg0KMDAwMDExNDk2NCAwMDAwMCBuDQowMDAwMTE1MDEwIDAwMDAwIG4NCjAwMDAxMTUwNTYgMDAwMDAgbg0KMDAwMDExNTEwMyAwMDAwMCBuDQowMDAwMTE1MTUwIDAwMDAwIG4NCjAwMDAxMTUxOTYgMDAwMDAgbg0KMDAwMDExNTI0MiAwMDAwMCBuDQowMDAwMTE1Mjg5IDAwMDAwIG4NCjAwMDAxMTUzMzUgMDAwMDAgbg0KMDAwMDExNTM4MiAwMDAwMCBuDQowMDAwMTE1NDI4IDAwMDAwIG4NCjAwMDAxMTU0NzUgMDAwMDAgbg0KMDAwMDExNTUyMiAwMDAwMCBuDQowMDAwMTE1NTY5IDAwMDAwIG4NCjAwMDAxMTU2MTYgMDAwMDAgbg0KMDAwMDExNTY2MyAwMDAwMCBuDQowMDAwMTE1NzEwIDAwMDAwIG4NCjAwMDAxMTU3NTcgMDAwMDAgbg0KMDAwMDExNTgwNCAwMDAwMCBuDQowMDAwMTE1ODUxIDAwMDAwIG4NCjAwMDAxMTU4OTggMDAwMDAgbg0KMDAwMDExNTk0NSAwMDAwMCBuDQowMDAwMTE1OTkyIDAwMDAwIG4NCjAwMDAxMTYwMzkgMDAwMDAgbg0KMDAwMDExNjA4NiAwMDAwMCBuDQowMDAwMTE2MTMzIDAwMDAwIG4NCjAwMDAxMTYxODAgMDAwMDAgbg0KMDAwMDExNjIyNyAwMDAwMCBuDQowMDAwMTE2Mjc0IDAwMDAwIG4NCjAwMDAxMTYzMjEgMDAwMDAgbg0KMDAwMDExNjM2OCAwMDAwMCBuDQowMDAwMTE2NDE1IDAwMDAwIG4NCjAwMDAxMTY0NjIgMDAwMDAgbg0KMDAwMDExNjUwOSAwMDAwMCBuDQowMDAwMTE2NTU2IDAwMDAwIG4NCjAwMDAxMTY2MDIgMDAwMDAgbg0KMDAwMDExNjY0OSAwMDAwMCBuDQowMDAwMTE2Njk2IDAwMDAwIG4NCjAwMDAxMTY3NDQgMDAwMDAgbg0KMDAwMDExNjc5MSAwMDAwMCBuDQowMDAwMTE2ODM5IDAwMDAwIG4NCjAwMDAxMTY4ODYgMDAwMDAgbg0KMDAwMDExNjkzNCAwMDAwMCBuDQowMDAwMTE2OTgxIDAwMDAwIG4NCjAwMDAxMTcwMjggMDAwMDAgbg0KMDAwMDExNzA3NCAwMDAwMCBuDQowMDAwMTE3MTIxIDAwMDAwIG
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2cf059bf-c9bb-45ec-8081-24580591c28e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:04:45.000Z",
"modified": "2021-02-11T17:04:45.000Z",
"description": "-plocklist11",
"pattern": "[file:hashes.MD5 = 'd0ab713f502d01ddf73694276f0199db' AND file:name = 'Salsa.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-11T17:04:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a3ea3a58-f109-43b1-b078-9e11b542313c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:05:39.000Z",
"modified": "2021-02-11T17:05:39.000Z",
"pattern": "[file:hashes.MD5 = 'd20cd3f8f0ecc34fa400edf72687b215' AND file:name = 'Salsa.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-11T17:05:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--63d7f5b9-41c5-4f44-ace0-26e11e0cc229",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"description": "PowerTool v2 x64",
"pattern": "[file:hashes.MD5 = '3fadbe9038c51c12014818f172e43a7d' AND file:name = '777.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f2936b0e-ae7a-42eb-bace-3a0bad808bc3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:08:24.000Z",
"modified": "2021-02-11T17:08:24.000Z",
"pattern": "[email-message:from_ref.value = 'tacok79159@tjuln.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-11T17:08:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ad71033-a9bc-4b2f-9cc1-e88e9ef18061",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:12:55.000Z",
"modified": "2021-02-11T17:12:55.000Z",
"pattern": "[file:hashes.MD5 = '3fadbe9038c51c12014818f172e43a7d' AND file:hashes.SHA1 = 'a8d17bd6fcee5b9ce9287f2c6742377b0c24d9d7' AND file:hashes.SHA256 = '8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-11T17:12:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0e312499-9395-4abe-9028-45e95f2f4fbf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-11T17:12:55.000Z",
"modified": "2021-02-11T17:12:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-06T03:45:11+00:00",
"category": "Other",
"uuid": "15228703-593c-40d2-a43a-415ee6399a30"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c/detection/f-8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c-1612583111",
"category": "Payload delivery",
"uuid": "bf9a0f9e-2ef9-4281-85af-dd21d2c602a6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "20/69",
"category": "Payload delivery",
"uuid": "fdb16f2c-a00a-4ca9-b5fc-2e4386023691"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7a5449ce-4045-483d-b35d-dfc66a616bd6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T13:46:12.000Z",
"modified": "2021-02-12T13:46:12.000Z",
"pattern": "[file:name = '32x.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T13:46:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--a8074bad-06e1-49f3-86d8-4b19e56a4ae0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:19:24.000Z",
"modified": "2021-02-12T15:19:24.000Z",
"first_observed": "2021-02-12T15:19:24Z",
"last_observed": "2021-02-12T15:19:24Z",
"number_observed": 1,
"object_refs": [
"file--a8074bad-06e1-49f3-86d8-4b19e56a4ae0"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--a8074bad-06e1-49f3-86d8-4b19e56a4ae0",
"hashes": {
"MD5": "365aa18cadc5b80a9b5ca5950690c7f8"
},
"name": "AnyDesk.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:18:52.000Z",
"modified": "2021-02-12T15:18:52.000Z",
"first_observed": "2021-02-12T15:18:52Z",
"last_observed": "2021-02-12T15:18:52Z",
"number_observed": 1,
"object_refs": [
"file--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a",
"hashes": {
"MD5": "00283740140dbe5c227bd15733d7a3b6"
},
"name": "Supremo.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--c4538780-11c9-4a5c-8d0d-7434ff9181dc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:18:58.000Z",
"modified": "2021-02-12T15:18:58.000Z",
"first_observed": "2021-02-12T15:18:58Z",
"last_observed": "2021-02-12T15:18:58Z",
"number_observed": 1,
"object_refs": [
"file--c4538780-11c9-4a5c-8d0d-7434ff9181dc"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--c4538780-11c9-4a5c-8d0d-7434ff9181dc",
"hashes": {
"MD5": "b04f9b4feac14cff959718b69b7bbeaf"
},
"name": "MEGAsyncSetup64.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--fed58fdc-7c0c-4002-bbef-86fb4726a3da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:19:01.000Z",
"modified": "2021-02-12T15:19:01.000Z",
"first_observed": "2021-02-12T15:19:01Z",
"last_observed": "2021-02-12T15:19:01Z",
"number_observed": 1,
"object_refs": [
"file--fed58fdc-7c0c-4002-bbef-86fb4726a3da"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--fed58fdc-7c0c-4002-bbef-86fb4726a3da",
"name": "Netscan.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--f8579a05-7f96-4268-82cf-645c0045ca55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:18:22.000Z",
"modified": "2021-02-12T15:18:22.000Z",
"first_observed": "2021-02-12T15:18:22Z",
"last_observed": "2021-02-12T15:18:22Z",
"number_observed": 1,
"object_refs": [
"file--f8579a05-7f96-4268-82cf-645c0045ca55"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--f8579a05-7f96-4268-82cf-645c0045ca55",
"hashes": {
"MD5": "7af4a442683662b020fd391e26666958"
},
"name": "Chromesetup.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:20:05.000Z",
"modified": "2021-02-12T15:20:05.000Z",
"first_observed": "2021-02-12T15:20:05Z",
"last_observed": "2021-02-12T15:20:05Z",
"number_observed": 1,
"object_refs": [
"file--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8",
"hashes": {
"MD5": "fabe184f6721e640474e1497c69ffc98"
},
"name": "7z1900.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--0b2884d2-bc50-4685-a67b-8d991954a6cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:22:30.000Z",
"modified": "2021-02-12T15:22:30.000Z",
"first_observed": "2021-02-12T15:22:30Z",
"last_observed": "2021-02-12T15:22:30Z",
"number_observed": 1,
"object_refs": [
"file--0b2884d2-bc50-4685-a67b-8d991954a6cb"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--0b2884d2-bc50-4685-a67b-8d991954a6cb",
"hashes": {
"MD5": "27304b246c7d5b4e149124d5f93c5b01"
},
"name": "PsExec.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--83a484b6-76fb-4f76-9678-aa8ce5b58a33",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T15:23:16.000Z",
"modified": "2021-02-12T15:23:16.000Z",
"first_observed": "2021-02-12T15:23:16Z",
"last_observed": "2021-02-12T15:23:16Z",
"number_observed": 1,
"object_refs": [
"file--83a484b6-76fb-4f76-9678-aa8ce5b58a33"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--83a484b6-76fb-4f76-9678-aa8ce5b58a33",
"hashes": {
"MD5": "f41a1afc4cfb95f35cd92da98d90c27b"
},
"name": "sdelete.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--49deb639-c2c2-4827-9432-eb26dfa7eda3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"pattern": "[file:hashes.MD5 = '365aa18cadc5b80a9b5ca5950690c7f8' AND file:hashes.SHA1 = '16c33a2907264382715fba2061e4ff803a41c629' AND file:hashes.SHA256 = '4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--747a5248-50e1-4f7f-9613-8ad4e705c566",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-11T19:56:31+00:00",
"category": "Other",
"uuid": "7f7700cc-f79c-421f-b95f-df885bf93ae9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97/detection/f-4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97-1613073391",
"category": "Payload delivery",
"uuid": "579fb04e-ec48-42dc-9abe-5c3dc8d5fd8b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/69",
"category": "Payload delivery",
"uuid": "72d4f9db-c7de-457a-964e-06dc8bfe0ba1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b2a0e9be-8266-4563-84af-71c7a50340b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"pattern": "[file:hashes.MD5 = 'fabe184f6721e640474e1497c69ffc98' AND file:hashes.SHA1 = '2f23a6389470db5d0dd2095d64939657d8d3ea9d' AND file:hashes.SHA256 = '759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--76476e47-b0f8-4fd5-bf5a-e1c5c3306583",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-12T17:18:27+00:00",
"category": "Other",
"uuid": "d9a0235b-f1a4-4eaa-8de4-92665efc8cbd"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80/detection/f-759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80-1613150307",
"category": "Payload delivery",
"uuid": "99d8d730-ba8b-404f-9b55-f04df5e0e0d0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/68",
"category": "Payload delivery",
"uuid": "9ed39fba-af99-46d3-b40c-acd7bd61d5c4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eafad8c7-10ef-40e1-8855-31ac9348109f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"pattern": "[file:hashes.MD5 = '27304b246c7d5b4e149124d5f93c5b01' AND file:hashes.SHA1 = 'e50d9e3bd91908e13a26b3e23edeaf577fb3a095' AND file:hashes.SHA256 = '3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--97c200ee-bddf-4ed8-8d67-56e294ff5bc6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-12T10:07:36+00:00",
"category": "Other",
"uuid": "d498021c-ff37-444d-bc1a-c2e0b410b1a5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef/detection/f-3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef-1613124456",
"category": "Payload delivery",
"uuid": "49c34366-962b-42f1-ae48-21fc00969ef3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/70",
"category": "Payload delivery",
"uuid": "2fdb8139-b3a6-49eb-a7f6-273883ca2f54"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1abfca9e-ff3b-46b7-a292-f1da37e5ce53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"pattern": "[file:hashes.MD5 = '00283740140dbe5c227bd15733d7a3b6' AND file:hashes.SHA1 = 'a5e9003ff1514ef74fe8e39cb753cbc4f5b0b687' AND file:hashes.SHA256 = '5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-11T19:53:32+00:00",
"category": "Other",
"uuid": "9013e2f0-e1c7-4d9f-82cd-8db5a75b52f8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b/detection/f-5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b-1613073212",
"category": "Payload delivery",
"uuid": "4aff0f4d-0fcc-4c62-8bb7-ec3c69b3f351"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/69",
"category": "Payload delivery",
"uuid": "8ea2bb4e-dfb3-4b36-aff3-a0cdb618a37e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b22441f3-3561-404b-8d8a-fa996e2ea559",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-12T19:08:32+00:00",
"category": "Other",
"uuid": "8ae7b03b-6064-478f-b664-c85d0db1f71c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c/detection/f-8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c-1613156912",
"category": "Payload delivery",
"uuid": "defe6a8a-dddb-4a55-82fb-b3573b7f87e3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/67",
"category": "Payload delivery",
"uuid": "fa51ad25-03c2-47b7-99c0-ffa616286b79"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--51189739-090d-4aef-91a4-19919d5351da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"pattern": "[file:hashes.MD5 = '7af4a442683662b020fd391e26666958' AND file:hashes.SHA1 = '226155d4b86497acd3d34f33e93f3d94ef176d0b' AND file:hashes.SHA256 = '3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3d9f587c-1c2c-4487-906b-049a8432d905",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-12T18:23:43+00:00",
"category": "Other",
"uuid": "c5fd927f-97ed-467c-9703-d77fba079144"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9/detection/f-3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9-1613154223",
"category": "Payload delivery",
"uuid": "8794fdd5-a550-40f0-8d3f-4809a6daca98"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/70",
"category": "Payload delivery",
"uuid": "9e624467-4acf-4449-8428-9b90ca3b644f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--373e4c46-6e28-4c3e-af34-5887827e0ac2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"pattern": "[file:hashes.MD5 = 'f41a1afc4cfb95f35cd92da98d90c27b' AND file:hashes.SHA1 = 'b9c162e7817d7d99720fd97d9f7cab342dd2812a' AND file:hashes.SHA256 = '746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--40b097c3-8697-4a70-8912-d74e9607e00e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-02T20:53:27+00:00",
"category": "Other",
"uuid": "1f86d846-dda6-4abe-be90-f4cdaa3921f1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07/detection/f-746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07-1612299207",
"category": "Payload delivery",
"uuid": "5925b5fa-ed9f-432b-a1b9-e69781a2be77"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/70",
"category": "Payload delivery",
"uuid": "765969b4-4e9a-4411-bb51-261591288953"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0e7323a8-652c-4d44-a51a-6d69e1191047",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"pattern": "[file:hashes.MD5 = 'b04f9b4feac14cff959718b69b7bbeaf' AND file:hashes.SHA1 = 'f92394246a01e29d001d995c8a752374743efde4' AND file:hashes.SHA256 = '25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-12T22:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bfc79a66-c531-41e0-9ca9-eb49d718210a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-12T22:23:10.000Z",
"modified": "2021-02-12T22:23:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-11T20:01:17+00:00",
"category": "Other",
"uuid": "b4ce371c-f8e3-4741-93a9-fb860cf6e4eb"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114/detection/f-25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114-1613073677",
"category": "Payload delivery",
"uuid": "4588e157-ed53-425f-a50f-9516cde62654"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/68",
"category": "Payload delivery",
"uuid": "24240522-f8eb-47ba-9576-35670e7990ca"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--09ec7aa8-e7c3-4233-980f-3986c21df12c",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--63d7f5b9-41c5-4f44-ace0-26e11e0cc229",
"target_ref": "x-misp-object--b22441f3-3561-404b-8d8a-fa996e2ea559"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--481495d7-8897-4aa4-bef5-b3d62f717571",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5ad71033-a9bc-4b2f-9cc1-e88e9ef18061",
"target_ref": "x-misp-object--0e312499-9395-4abe-9028-45e95f2f4fbf"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--db3d4abc-8fd7-414d-83e1-19d8d7e0d0c3",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--49deb639-c2c2-4827-9432-eb26dfa7eda3",
"target_ref": "x-misp-object--747a5248-50e1-4f7f-9613-8ad4e705c566"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--5f9edcef-73f0-400a-9cc6-61383a6881a0",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b2a0e9be-8266-4563-84af-71c7a50340b5",
"target_ref": "x-misp-object--76476e47-b0f8-4fd5-bf5a-e1c5c3306583"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--1a11e455-073d-4faa-a933-a9cfd1b732e2",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--eafad8c7-10ef-40e1-8855-31ac9348109f",
"target_ref": "x-misp-object--97c200ee-bddf-4ed8-8d67-56e294ff5bc6"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--7711eeff-33cb-4606-a89c-5c84c9e0fc4e",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1abfca9e-ff3b-46b7-a292-f1da37e5ce53",
"target_ref": "x-misp-object--0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--83040457-aa2a-4c32-8826-db662474090a",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--51189739-090d-4aef-91a4-19919d5351da",
"target_ref": "x-misp-object--3d9f587c-1c2c-4487-906b-049a8432d905"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--23c4c8ec-f679-495d-a8f5-b460100f3ab0",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--373e4c46-6e28-4c3e-af34-5887827e0ac2",
"target_ref": "x-misp-object--40b097c3-8697-4a70-8912-d74e9607e00e"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--c447770e-809b-4399-9c57-44e21d45b11d",
2023-04-21 14:44:17 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0e7323a8-652c-4d44-a51a-6d69e1191047",
"target_ref": "x-misp-object--bfc79a66-c531-41e0-9ca9-eb49d718210a"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}