2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--3dd18ce2-fa55-4f0d-b88e-7d4144cb0dcb" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-15T14:38:47.000Z" ,
"modified" : "2021-02-15T14:38:47.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--3dd18ce2-fa55-4f0d-b88e-7d4144cb0dcb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-15T14:38:47.000Z" ,
"modified" : "2021-02-15T14:38:47.000Z" ,
"name" : "OSINT - AN ANALYSIS OF THE EGREGOR RANSOMWARE" ,
"published" : "2021-02-15T15:43:30Z" ,
"object_refs" : [
"indicator--17dc0ffa-4a2b-4d42-ba06-6aa03a3d1c90" ,
"indicator--876d3f0f-67be-460a-9698-5d4c71608542" ,
"indicator--ce5fee99-343b-4587-b457-e2cfb4e93609" ,
"indicator--a0833512-12b4-4ecc-8e8d-a3098e898712" ,
"x-misp-object--b071f5ab-13d6-4ad5-a672-4cebaa5e153a" ,
"indicator--2cf059bf-c9bb-45ec-8081-24580591c28e" ,
"indicator--a3ea3a58-f109-43b1-b078-9e11b542313c" ,
"indicator--63d7f5b9-41c5-4f44-ace0-26e11e0cc229" ,
"indicator--f2936b0e-ae7a-42eb-bace-3a0bad808bc3" ,
"indicator--5ad71033-a9bc-4b2f-9cc1-e88e9ef18061" ,
"x-misp-object--0e312499-9395-4abe-9028-45e95f2f4fbf" ,
"indicator--7a5449ce-4045-483d-b35d-dfc66a616bd6" ,
"observed-data--a8074bad-06e1-49f3-86d8-4b19e56a4ae0" ,
"file--a8074bad-06e1-49f3-86d8-4b19e56a4ae0" ,
"observed-data--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a" ,
"file--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a" ,
"observed-data--c4538780-11c9-4a5c-8d0d-7434ff9181dc" ,
"file--c4538780-11c9-4a5c-8d0d-7434ff9181dc" ,
"observed-data--fed58fdc-7c0c-4002-bbef-86fb4726a3da" ,
"file--fed58fdc-7c0c-4002-bbef-86fb4726a3da" ,
"observed-data--f8579a05-7f96-4268-82cf-645c0045ca55" ,
"file--f8579a05-7f96-4268-82cf-645c0045ca55" ,
"observed-data--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8" ,
"file--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8" ,
"observed-data--0b2884d2-bc50-4685-a67b-8d991954a6cb" ,
"file--0b2884d2-bc50-4685-a67b-8d991954a6cb" ,
"observed-data--83a484b6-76fb-4f76-9678-aa8ce5b58a33" ,
"file--83a484b6-76fb-4f76-9678-aa8ce5b58a33" ,
"indicator--49deb639-c2c2-4827-9432-eb26dfa7eda3" ,
"x-misp-object--747a5248-50e1-4f7f-9613-8ad4e705c566" ,
"indicator--b2a0e9be-8266-4563-84af-71c7a50340b5" ,
"x-misp-object--76476e47-b0f8-4fd5-bf5a-e1c5c3306583" ,
"indicator--eafad8c7-10ef-40e1-8855-31ac9348109f" ,
"x-misp-object--97c200ee-bddf-4ed8-8d67-56e294ff5bc6" ,
"indicator--1abfca9e-ff3b-46b7-a292-f1da37e5ce53" ,
"x-misp-object--0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2" ,
"x-misp-object--b22441f3-3561-404b-8d8a-fa996e2ea559" ,
"indicator--51189739-090d-4aef-91a4-19919d5351da" ,
"x-misp-object--3d9f587c-1c2c-4487-906b-049a8432d905" ,
"indicator--373e4c46-6e28-4c3e-af34-5887827e0ac2" ,
"x-misp-object--40b097c3-8697-4a70-8912-d74e9607e00e" ,
"indicator--0e7323a8-652c-4d44-a51a-6d69e1191047" ,
"x-misp-object--bfc79a66-c531-41e0-9ca9-eb49d718210a" ,
2024-04-05 12:15:17 +00:00
"relationship--09ec7aa8-e7c3-4233-980f-3986c21df12c" ,
"relationship--481495d7-8897-4aa4-bef5-b3d62f717571" ,
"relationship--db3d4abc-8fd7-414d-83e1-19d8d7e0d0c3" ,
"relationship--5f9edcef-73f0-400a-9cc6-61383a6881a0" ,
"relationship--1a11e455-073d-4faa-a933-a9cfd1b732e2" ,
"relationship--7711eeff-33cb-4606-a89c-5c84c9e0fc4e" ,
"relationship--83040457-aa2a-4c32-8826-db662474090a" ,
"relationship--23c4c8ec-f679-495d-a8f5-b460100f3ab0" ,
"relationship--c447770e-809b-4399-9c57-44e21d45b11d"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:ransomware=\"Egregor\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:mitre-malware=\"REvil - S0496\"" ,
"misp-galaxy:ransomware=\"Sodinokibi\"" ,
"misp-galaxy:malpedia=\"Gandcrab\"" ,
"misp-galaxy:ransomware=\"GandCrab\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--17dc0ffa-4a2b-4d42-ba06-6aa03a3d1c90" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:08:46.000Z" ,
"modified" : "2021-02-11T17:08:46.000Z" ,
"pattern" : "[url:value = 'https://aes.one/files/d/p43/r1jv9967jd1i3kik9knctlok5/35f35ecea4d8a142/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-11T17:08:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--876d3f0f-67be-460a-9698-5d4c71608542" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:08:46.000Z" ,
"modified" : "2021-02-11T17:08:46.000Z" ,
"pattern" : "[url:value = 'https://aes.one/files/d/pc3/2iopi0o8coob22n8s60pn6b7ps/b6bbf78b901c1fdf/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-11T17:08:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ce5fee99-343b-4587-b457-e2cfb4e93609" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:08:46.000Z" ,
"modified" : "2021-02-11T17:08:46.000Z" ,
"pattern" : "[url:value = 'https://file.io/WmCH77xcKmbJ']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-11T17:08:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a0833512-12b4-4ecc-8e8d-a3098e898712" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-15T14:30:04.000Z" ,
"modified" : "2021-02-15T14:30:04.000Z" ,
"description" : "The local IP was assigned to a Tor exit\r\nnode; which belongs to a Calyx Institute." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.247.74.74']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-15T14:30:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"tor:tor-relay-type=\"exit-relay\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b071f5ab-13d6-4ad5-a672-4cebaa5e153a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:02:38.000Z" ,
"modified" : "2021-02-11T17:02:38.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://www.morphisec.com/hubfs/eBooks_and_Whitepapers/EGREGOR%20REPORT%20WEB%20FINAL.pdf" ,
"category" : "External analysis" ,
"uuid" : "b1e7d38b-85f9-4406-bdc8-3214b8e8d833"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.In this report, we will provide a detailed and anonymized coverage of Egregor\u2019s tactics, techniques, and procedures (TTPs) following an incident response activity that was conducted at the end of November 2020. The goal of this report is to shed light on some very different techniques for initial access, persistence, and exfiltration than what is typically reported on with respect to the Egregor group. In this report, you will not find any indication of Qbot or Cobalt Strike beacons.Though we are not going to provide an exact attribution, you will find evidence in the report that may indicate a connection to the Revil group. We will provide evidence such as upload accounts, download links, and services that can result in additional community wide research which hopefully can lead to further conclusions.We invite the research community to share additional insights that may correlate with the published IOCs." ,
"category" : "Other" ,
"uuid" : "ffe5e67e-b713-4417-8016-aaf050c56dc8"
} ,
{
"type" : "attachment" ,
"value" : "EGREGOR REPORT WEB FINAL.pdf" ,
"object_relation" : "report-file" ,
"category" : "External analysis" ,
"uuid" : "0a00eea3-720a-4bcd-a25f-da0e78f069a0" ,
"data" : " J V B E R i 0 x L j c N J e L j z 9 M N C j I y M i A w I G 9 i a g 0 8 P C 9 M a W 5 l Y X J p e m V k I D E v T C A 0 O T k x N j M 4 L 0 8 g M j I 1 L 0 U g M z k 5 M z c 3 N i 9 O I D E 2 L 1 Q g N D k 4 N z A 4 M i 9 I I F s g N T Q 2 M z Y g N D c z N F 0 + P g 1 l b m R v Y m o N I C A g I C A g I A 14 c m V m D Q o y M j I g M j c x N w 0 K M D A w M D A w M D A x N i A w M D A w M C B u D Q o w M D A w M D U 5 M z c w I D A w M D A w I G 4 N C j A w M D A w N T k 1 M T U g M D A w M D A g b g 0 K M D A w M D A 1 O T U 1 M S A w M D A w M C B u D Q o w M D A w M T E w N D c 2 I D A w M D A w I G 4 N C j A w M D A x M T A 1 M j I g M D A w M D A g b g 0 K M D A w M D E x M D Y z N i A w M D A w M C B u D Q o w M D A w M T E w N j c z I D A w M D A w I G 4 N C j A w M D A x M T A 3 M T k g M D A w M D A g b g 0 K M D A w M D E x M D c 2 N S A w M D A w M C B u D Q o w M D A w M T E w O D E x I D A w M D A w I G 4 N C j A w M D A x M T A 4 N T g g M D A w M D A g b g 0 K M D A w M D E x M D k w N C A w M D A w M C B u D Q o w M D A w M T E w O T U x I D A w M D A w I G 4 N C j A w M D A x M T A 5 O T k g M D A w M D A g b g 0 K M D A w M D E x M T A 0 N i A w M D A w M C B u D Q o w M D A w M T E x M D k 0 I D A w M D A w I G 4 N C j A w M D A x M T E x N D A g M D A w M D A g b g 0 K M D A w M D E x M T E 4 N i A w M D A w M C B u D Q o w M D A w M T E x M j M z I D A w M D A w I G 4 N C j A w M D A x M T E y O D A g M D A w M D A g b g 0 K M D A w M D E x M T M y N i A w M D A w M C B u D Q o w M D A w M T E x M z c y I D A w M D A w I G 4 N C j A w M D A x M T E 0 M T g g M D A w M D A g b g 0 K M D A w M D E x M T Q 2 N i A w M D A w M C B u D Q o w M D A w M T E x N T E y I D A w M D A w I G 4 N C j A w M D A x M T E 1 N T g g M D A w M D A g b g 0 K M D A w M D E x M T Y w N C A w M D A w M C B u D Q o w M D A w M T E x N j U w I D A w M D A w I G 4 N C j A w M D A x M T E 2 O T c g M D A w M D A g b g 0 K M D A w M D E x M T c 0 N C A w M D A w M C B u D Q o w M D A w M T E x N z k w I D A w M D A w I G 4 N C j A w M D A x M T E 4 M z c g M D A w M D A g b g 0 K M D A w M D E x M T g 4 N C A w M D A w M C B u D Q o w M D A w M T E x O T M x I D A w M D A w I G 4 N C j A w M D A x M T E 5 N z g g M D A w M D A g b g 0 K M D A w M D E x M j A y N S A w M D A w M C B u D Q o w M D A w M T E y M D c y I D A w M D A w I G 4 N C j A w M D A x M T I x M T k g M D A w M D A g b g 0 K M D A w M D E x M j E 2 N i A w M D A w M C B u D Q o w M D A w M T E y M j E y I D A w M D A w I G 4 N C j A w M D A x M T I y N T k g M D A w M D A g b g 0 K M D A w M D E x M j M w N S A w M D A w M C B u D Q o w M D A w M T E y M z U y I D A w M D A w I G 4 N C j A w M D A x M T I z O T k g M D A w M D A g b g 0 K M D A w M D E x M j Q 0 N i A w M D A w M C B u D Q o w M D A w M T E y N D k z I D A w M D A w I G 4 N C j A w M D A x M T I 1 N D A g M D A w M D A g b g 0 K M D A w M D E x M j U 4 N y A w M D A w M C B u D Q o w M D A w M T E y N j M 0 I D A w M D A w I G 4 N C j A w M D A x M T I 2 O D E g M D A w M D A g b g 0 K M D A w M D E x M j c y O C A w M D A w M C B u D Q o w M D A w M T E y N z c 1 I D A w M D A w I G 4 N C j A w M D A x M T I 4 M j E g M D A w M D A g b g 0 K M D A w M D E x M j g 2 O C A w M D A w M C B u D Q o w M D A w M T E y O T E 1 I D A w M D A w I G 4 N C j A w M D A x M T I 5 N j I g M D A w M D A g b g 0 K M D A w M D E x M z A w O S A w M D A w M C B u D Q o w M D A w M T E z M D U 2 I D A w M D A w I G 4 N C j A w M D A x M T M x M D M g M D A w M D A g b g 0 K M D A w M D E x M z E 1 M C A w M D A w M C B u D Q o w M D A w M T E z M T k 3 I D A w M D A w I G 4 N C j A w M D A x M T M y N D M g M D A w M D A g b g 0 K M D A w M D E x M z I 4 O S A w M D A w M C B u D Q o w M D A w M T E z M z M 2 I D A w M D A w I G 4 N C j A w M D A x M T M z O D I g M D A w M D A g b g 0 K M D A w M D E x M z Q y O S A w M D A w M C B u D Q o w M D A w M T E z N D c 2 I D A w M D A w I G 4 N C j A w M D A x M T M 1 M j I g M D A w M D A g b g 0 K M D A w M D E x M z U 3 M C A w M D A w M C B u D Q o w M D A w M T E z N j E 4 I D A w M D A w I G 4 N C j A w M D A x M T M 2 N j Q g M D A w M D A g b g 0 K M D A w M D E x M z c x M S A w M D A w M C B u D Q o w M D A w M T E z N z U 4 I D A w M D A w I G 4 N C j A w M D A x M T M 4 M D Q g M D A w M D A g b g 0 K M D A w M D E x M z g 1 M C A w M D A w M C B u D Q o w M D A w M T E z O D k 4 I D A w M D A w I G 4 N C j A w M D A x M T M 5 N D U g M D A w M D A g b g 0 K M D A w M D E x M z k 5 M S A w M D A w M C B u D Q o w M D A w M T E 0 M D M 4 I D A w M D A w I G 4 N C j A w M D A x M T Q w O D U g M D A w M D A g b g 0 K M D A w M D E x N D E z M S A w M D A w M C B u D Q o w M D A w M T E 0 M T c 4 I D A w M D A w I G 4 N C j A w M D A x M T Q y M j Q g M D A w M D A g b g 0 K M D A w M D E x N D I 3 M S A w M D A w M C B u D Q o w M D A w M T E 0 M z E 3 I D A w M D A w I G 4 N C j A w M D A x M T Q z N j Q g M D A w M D A g b g 0 K M D A w M D E x N D Q x M C A w M D A w M C B u D Q o w M D A w M T E 0 N D U 2 I D A w M D A w I G 4 N C j A w M D A x M T Q 1 M D I g M D A w M D A g b g 0 K M D A w M D E x N D U 0 O C A w M D A w M C B u D Q o w M D A w M T E 0 N T k 0 I D A w M D A w I G 4 N C j A w M D A x M T Q 2 N D A g M D A w M D A g b g 0 K M D A w M D E x N D Y 4 N i A w M D A w M C B u D Q o w M D A w M T E 0 N z M y I D A w M D A w I G 4 N C j A w M D A x M T Q 3 N z k g M D A w M D A g b g 0 K M D A w M D E x N D g y N S A w M D A w M C B u D Q o w M D A w M T E 0 O D c x I D A w M D A w I G 4 N C j A w M D A x M T Q 5 M T c g M D A w M D A g b g 0 K M D A w M D E x N D k 2 N C A w M D A w M C B u D Q o w M D A w M T E 1 M D E w I D A w M D A w I G 4 N C j A w M D A x M T U w N T Y g M D A w M D A g b g 0 K M D A w M D E x N T E w M y A w M D A w M C B u D Q o w M D A w M T E 1 M T U w I D A w M D A w I G 4 N C j A w M D A x M T U x O T Y g M D A w M D A g b g 0 K M D A w M D E x N T I 0 M i A w M D A w M C B u D Q o w M D A w M T E 1 M j g 5 I D A w M D A w I G 4 N C j A w M D A x M T U z M z U g M D A w M D A g b g 0 K M D A w M D E x N T M 4 M i A w M D A w M C B u D Q o w M D A w M T E 1 N D I 4 I D A w M D A w I G 4 N C j A w M D A x M T U 0 N z U g M D A w M D A g b g 0 K M D A w M D E x N T U y M i A w M D A w M C B u D Q o w M D A w M T E 1 N T Y 5 I D A w M D A w I G 4 N C j A w M D A x M T U 2 M T Y g M D A w M D A g b g 0 K M D A w M D E x N T Y 2 M y A w M D A w M C B u D Q o w M D A w M T E 1 N z E w I D A w M D A w I G 4 N C j A w M D A x M T U 3 N T c g M D A w M D A g b g 0 K M D A w M D E x N T g w N C A w M D A w M C B u D Q o w M D A w M T E 1 O D U x I D A w M D A w I G 4 N C j A w M D A x M T U 4 O T g g M D A w M D A g b g 0 K M D A w M D E x N T k 0 N S A w M D A w M C B u D Q o w M D A w M T E 1 O T k y I D A w M D A w I G 4 N C j A w M D A x M T Y w M z k g M D A w M D A g b g 0 K M D A w M D E x N j A 4 N i A w M D A w M C B u D Q o w M D A w M T E 2 M T M z I D A w M D A w I G 4 N C j A w M D A x M T Y x O D A g M D A w M D A g b g 0 K M D A w M D E x N j I y N y A w M D A w M C B u D Q o w M D A w M T E 2 M j c 0 I D A w M D A w I G 4 N C j A w M D A x M T Y z M j E g M D A w M D A g b g 0 K M D A w M D E x N j M 2 O C A w M D A w M C B u D Q o w M D A w M T E 2 N D E 1 I D A w M D A w I G 4 N C j A w M D A x M T Y 0 N j I g M D A w M D A g b g 0 K M D A w M D E x N j U w O S A w M D A w M C B u D Q o w M D A w M T E 2 N T U 2 I D A w M D A w I G 4 N C j A w M D A x M T Y 2 M D I g M D A w M D A g b g 0 K M D A w M D E x N j Y 0 O S A w M D A w M C B u D Q o w M D A w M T E 2 N j k 2 I D A w M D A w I G 4 N C j A w M D A x M T Y 3 N D Q g M D A w M D A g b g 0 K M D A w M D E x N j c 5 M S A w M D A w M C B u D Q o w M D A w M T E 2 O D M 5 I D A w M D A w I G 4 N C j A w M D A x M T Y 4 O D Y g M D A w M D A g b g 0 K M D A w M D E x N j k z N C A w M D A w M C B u D Q o w M D A w M T E 2 O T g x I D A w M D A w I G 4 N C j A w M D A x M T c w M j g g M D A w M D A g b g 0 K M D A w M D E x N z A 3 N C A w M D A w M C B u D Q o w M D A w M T E 3 M T I x I D A w M D A w I G
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2cf059bf-c9bb-45ec-8081-24580591c28e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:04:45.000Z" ,
"modified" : "2021-02-11T17:04:45.000Z" ,
"description" : "-plocklist11" ,
"pattern" : "[file:hashes.MD5 = 'd0ab713f502d01ddf73694276f0199db' AND file:name = 'Salsa.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-11T17:04:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a3ea3a58-f109-43b1-b078-9e11b542313c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:05:39.000Z" ,
"modified" : "2021-02-11T17:05:39.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd20cd3f8f0ecc34fa400edf72687b215' AND file:name = 'Salsa.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-11T17:05:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--63d7f5b9-41c5-4f44-ace0-26e11e0cc229" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"description" : "PowerTool v2 x64" ,
"pattern" : "[file:hashes.MD5 = '3fadbe9038c51c12014818f172e43a7d' AND file:name = '777.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f2936b0e-ae7a-42eb-bace-3a0bad808bc3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:08:24.000Z" ,
"modified" : "2021-02-11T17:08:24.000Z" ,
"pattern" : "[email-message:from_ref.value = 'tacok79159@tjuln.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-11T17:08:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"email\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad71033-a9bc-4b2f-9cc1-e88e9ef18061" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:12:55.000Z" ,
"modified" : "2021-02-11T17:12:55.000Z" ,
"pattern" : "[file:hashes.MD5 = '3fadbe9038c51c12014818f172e43a7d' AND file:hashes.SHA1 = 'a8d17bd6fcee5b9ce9287f2c6742377b0c24d9d7' AND file:hashes.SHA256 = '8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-11T17:12:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0e312499-9395-4abe-9028-45e95f2f4fbf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-11T17:12:55.000Z" ,
"modified" : "2021-02-11T17:12:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-06T03:45:11+00:00" ,
"category" : "Other" ,
"uuid" : "15228703-593c-40d2-a43a-415ee6399a30"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c/detection/f-8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c-1612583111" ,
"category" : "Payload delivery" ,
"uuid" : "bf9a0f9e-2ef9-4281-85af-dd21d2c602a6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/69" ,
"category" : "Payload delivery" ,
"uuid" : "fdb16f2c-a00a-4ca9-b5fc-2e4386023691"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7a5449ce-4045-483d-b35d-dfc66a616bd6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T13:46:12.000Z" ,
"modified" : "2021-02-12T13:46:12.000Z" ,
"pattern" : "[file:name = '32x.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T13:46:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--a8074bad-06e1-49f3-86d8-4b19e56a4ae0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:19:24.000Z" ,
"modified" : "2021-02-12T15:19:24.000Z" ,
"first_observed" : "2021-02-12T15:19:24Z" ,
"last_observed" : "2021-02-12T15:19:24Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--a8074bad-06e1-49f3-86d8-4b19e56a4ae0"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--a8074bad-06e1-49f3-86d8-4b19e56a4ae0" ,
"hashes" : {
"MD5" : "365aa18cadc5b80a9b5ca5950690c7f8"
} ,
"name" : "AnyDesk.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:18:52.000Z" ,
"modified" : "2021-02-12T15:18:52.000Z" ,
"first_observed" : "2021-02-12T15:18:52Z" ,
"last_observed" : "2021-02-12T15:18:52Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--18f4b83c-0e6d-4cda-bc99-a33bfafdee4a" ,
"hashes" : {
"MD5" : "00283740140dbe5c227bd15733d7a3b6"
} ,
"name" : "Supremo.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--c4538780-11c9-4a5c-8d0d-7434ff9181dc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:18:58.000Z" ,
"modified" : "2021-02-12T15:18:58.000Z" ,
"first_observed" : "2021-02-12T15:18:58Z" ,
"last_observed" : "2021-02-12T15:18:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--c4538780-11c9-4a5c-8d0d-7434ff9181dc"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--c4538780-11c9-4a5c-8d0d-7434ff9181dc" ,
"hashes" : {
"MD5" : "b04f9b4feac14cff959718b69b7bbeaf"
} ,
"name" : "MEGAsyncSetup64.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--fed58fdc-7c0c-4002-bbef-86fb4726a3da" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:19:01.000Z" ,
"modified" : "2021-02-12T15:19:01.000Z" ,
"first_observed" : "2021-02-12T15:19:01Z" ,
"last_observed" : "2021-02-12T15:19:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--fed58fdc-7c0c-4002-bbef-86fb4726a3da"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--fed58fdc-7c0c-4002-bbef-86fb4726a3da" ,
"name" : "Netscan.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--f8579a05-7f96-4268-82cf-645c0045ca55" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:18:22.000Z" ,
"modified" : "2021-02-12T15:18:22.000Z" ,
"first_observed" : "2021-02-12T15:18:22Z" ,
"last_observed" : "2021-02-12T15:18:22Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--f8579a05-7f96-4268-82cf-645c0045ca55"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--f8579a05-7f96-4268-82cf-645c0045ca55" ,
"hashes" : {
"MD5" : "7af4a442683662b020fd391e26666958"
} ,
"name" : "Chromesetup.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:20:05.000Z" ,
"modified" : "2021-02-12T15:20:05.000Z" ,
"first_observed" : "2021-02-12T15:20:05Z" ,
"last_observed" : "2021-02-12T15:20:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8" ,
"hashes" : {
"MD5" : "fabe184f6721e640474e1497c69ffc98"
} ,
"name" : "7z1900.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--0b2884d2-bc50-4685-a67b-8d991954a6cb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:22:30.000Z" ,
"modified" : "2021-02-12T15:22:30.000Z" ,
"first_observed" : "2021-02-12T15:22:30Z" ,
"last_observed" : "2021-02-12T15:22:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--0b2884d2-bc50-4685-a67b-8d991954a6cb"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--0b2884d2-bc50-4685-a67b-8d991954a6cb" ,
"hashes" : {
"MD5" : "27304b246c7d5b4e149124d5f93c5b01"
} ,
"name" : "PsExec.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--83a484b6-76fb-4f76-9678-aa8ce5b58a33" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T15:23:16.000Z" ,
"modified" : "2021-02-12T15:23:16.000Z" ,
"first_observed" : "2021-02-12T15:23:16Z" ,
"last_observed" : "2021-02-12T15:23:16Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--83a484b6-76fb-4f76-9678-aa8ce5b58a33"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--83a484b6-76fb-4f76-9678-aa8ce5b58a33" ,
"hashes" : {
"MD5" : "f41a1afc4cfb95f35cd92da98d90c27b"
} ,
"name" : "sdelete.exe"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--49deb639-c2c2-4827-9432-eb26dfa7eda3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '365aa18cadc5b80a9b5ca5950690c7f8' AND file:hashes.SHA1 = '16c33a2907264382715fba2061e4ff803a41c629' AND file:hashes.SHA256 = '4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--747a5248-50e1-4f7f-9613-8ad4e705c566" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-11T19:56:31+00:00" ,
"category" : "Other" ,
"uuid" : "7f7700cc-f79c-421f-b95f-df885bf93ae9"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97/detection/f-4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97-1613073391" ,
"category" : "Payload delivery" ,
"uuid" : "579fb04e-ec48-42dc-9abe-5c3dc8d5fd8b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/69" ,
"category" : "Payload delivery" ,
"uuid" : "72d4f9db-c7de-457a-964e-06dc8bfe0ba1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b2a0e9be-8266-4563-84af-71c7a50340b5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fabe184f6721e640474e1497c69ffc98' AND file:hashes.SHA1 = '2f23a6389470db5d0dd2095d64939657d8d3ea9d' AND file:hashes.SHA256 = '759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--76476e47-b0f8-4fd5-bf5a-e1c5c3306583" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-12T17:18:27+00:00" ,
"category" : "Other" ,
"uuid" : "d9a0235b-f1a4-4eaa-8de4-92665efc8cbd"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80/detection/f-759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80-1613150307" ,
"category" : "Payload delivery" ,
"uuid" : "99d8d730-ba8b-404f-9b55-f04df5e0e0d0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/68" ,
"category" : "Payload delivery" ,
"uuid" : "9ed39fba-af99-46d3-b40c-acd7bd61d5c4"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--eafad8c7-10ef-40e1-8855-31ac9348109f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '27304b246c7d5b4e149124d5f93c5b01' AND file:hashes.SHA1 = 'e50d9e3bd91908e13a26b3e23edeaf577fb3a095' AND file:hashes.SHA256 = '3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--97c200ee-bddf-4ed8-8d67-56e294ff5bc6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-12T10:07:36+00:00" ,
"category" : "Other" ,
"uuid" : "d498021c-ff37-444d-bc1a-c2e0b410b1a5"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef/detection/f-3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef-1613124456" ,
"category" : "Payload delivery" ,
"uuid" : "49c34366-962b-42f1-ae48-21fc00969ef3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/70" ,
"category" : "Payload delivery" ,
"uuid" : "2fdb8139-b3a6-49eb-a7f6-273883ca2f54"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1abfca9e-ff3b-46b7-a292-f1da37e5ce53" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '00283740140dbe5c227bd15733d7a3b6' AND file:hashes.SHA1 = 'a5e9003ff1514ef74fe8e39cb753cbc4f5b0b687' AND file:hashes.SHA256 = '5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-11T19:53:32+00:00" ,
"category" : "Other" ,
"uuid" : "9013e2f0-e1c7-4d9f-82cd-8db5a75b52f8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b/detection/f-5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b-1613073212" ,
"category" : "Payload delivery" ,
"uuid" : "4aff0f4d-0fcc-4c62-8bb7-ec3c69b3f351"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/69" ,
"category" : "Payload delivery" ,
"uuid" : "8ea2bb4e-dfb3-4b36-aff3-a0cdb618a37e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b22441f3-3561-404b-8d8a-fa996e2ea559" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-12T19:08:32+00:00" ,
"category" : "Other" ,
"uuid" : "8ae7b03b-6064-478f-b664-c85d0db1f71c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c/detection/f-8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c-1613156912" ,
"category" : "Payload delivery" ,
"uuid" : "defe6a8a-dddb-4a55-82fb-b3573b7f87e3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "35/67" ,
"category" : "Payload delivery" ,
"uuid" : "fa51ad25-03c2-47b7-99c0-ffa616286b79"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--51189739-090d-4aef-91a4-19919d5351da" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '7af4a442683662b020fd391e26666958' AND file:hashes.SHA1 = '226155d4b86497acd3d34f33e93f3d94ef176d0b' AND file:hashes.SHA256 = '3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3d9f587c-1c2c-4487-906b-049a8432d905" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-12T18:23:43+00:00" ,
"category" : "Other" ,
"uuid" : "c5fd927f-97ed-467c-9703-d77fba079144"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9/detection/f-3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9-1613154223" ,
"category" : "Payload delivery" ,
"uuid" : "8794fdd5-a550-40f0-8d3f-4809a6daca98"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/70" ,
"category" : "Payload delivery" ,
"uuid" : "9e624467-4acf-4449-8428-9b90ca3b644f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--373e4c46-6e28-4c3e-af34-5887827e0ac2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f41a1afc4cfb95f35cd92da98d90c27b' AND file:hashes.SHA1 = 'b9c162e7817d7d99720fd97d9f7cab342dd2812a' AND file:hashes.SHA256 = '746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--40b097c3-8697-4a70-8912-d74e9607e00e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-02T20:53:27+00:00" ,
"category" : "Other" ,
"uuid" : "1f86d846-dda6-4abe-be90-f4cdaa3921f1"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07/detection/f-746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07-1612299207" ,
"category" : "Payload delivery" ,
"uuid" : "5925b5fa-ed9f-432b-a1b9-e69781a2be77"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/70" ,
"category" : "Payload delivery" ,
"uuid" : "765969b4-4e9a-4411-bb51-261591288953"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0e7323a8-652c-4d44-a51a-6d69e1191047" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b04f9b4feac14cff959718b69b7bbeaf' AND file:hashes.SHA1 = 'f92394246a01e29d001d995c8a752374743efde4' AND file:hashes.SHA256 = '25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-02-12T22:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bfc79a66-c531-41e0-9ca9-eb49d718210a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-02-12T22:23:10.000Z" ,
"modified" : "2021-02-12T22:23:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-11T20:01:17+00:00" ,
"category" : "Other" ,
"uuid" : "b4ce371c-f8e3-4741-93a9-fb860cf6e4eb"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114/detection/f-25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114-1613073677" ,
"category" : "Payload delivery" ,
"uuid" : "4588e157-ed53-425f-a50f-9516cde62654"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/68" ,
"category" : "Payload delivery" ,
"uuid" : "24240522-f8eb-47ba-9576-35670e7990ca"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--09ec7aa8-e7c3-4233-980f-3986c21df12c" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--63d7f5b9-41c5-4f44-ace0-26e11e0cc229" ,
"target_ref" : "x-misp-object--b22441f3-3561-404b-8d8a-fa996e2ea559"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--481495d7-8897-4aa4-bef5-b3d62f717571" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5ad71033-a9bc-4b2f-9cc1-e88e9ef18061" ,
"target_ref" : "x-misp-object--0e312499-9395-4abe-9028-45e95f2f4fbf"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--db3d4abc-8fd7-414d-83e1-19d8d7e0d0c3" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--49deb639-c2c2-4827-9432-eb26dfa7eda3" ,
"target_ref" : "x-misp-object--747a5248-50e1-4f7f-9613-8ad4e705c566"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--5f9edcef-73f0-400a-9cc6-61383a6881a0" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b2a0e9be-8266-4563-84af-71c7a50340b5" ,
"target_ref" : "x-misp-object--76476e47-b0f8-4fd5-bf5a-e1c5c3306583"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--1a11e455-073d-4faa-a933-a9cfd1b732e2" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--eafad8c7-10ef-40e1-8855-31ac9348109f" ,
"target_ref" : "x-misp-object--97c200ee-bddf-4ed8-8d67-56e294ff5bc6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--7711eeff-33cb-4606-a89c-5c84c9e0fc4e" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1abfca9e-ff3b-46b7-a292-f1da37e5ce53" ,
"target_ref" : "x-misp-object--0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--83040457-aa2a-4c32-8826-db662474090a" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--51189739-090d-4aef-91a4-19919d5351da" ,
"target_ref" : "x-misp-object--3d9f587c-1c2c-4487-906b-049a8432d905"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--23c4c8ec-f679-495d-a8f5-b460100f3ab0" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--373e4c46-6e28-4c3e-af34-5887827e0ac2" ,
"target_ref" : "x-misp-object--40b097c3-8697-4a70-8912-d74e9607e00e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--c447770e-809b-4399-9c57-44e21d45b11d" ,
2023-04-21 14:44:17 +00:00
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0e7323a8-652c-4d44-a51a-6d69e1191047" ,
"target_ref" : "x-misp-object--bfc79a66-c531-41e0-9ca9-eb49d718210a"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}