2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5a390de6-4a58-4a19-89fb-4620950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T03:00:39.000Z" ,
"modified" : "2017-12-21T03:00:39.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a390de6-4a58-4a19-89fb-4620950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T03:00:39.000Z" ,
"modified" : "2017-12-21T03:00:39.000Z" ,
"name" : "OSINT - Zeus Panda Banking Trojan Targets Online Holiday Shoppers" ,
"published" : "2017-12-28T13:33:53Z" ,
"object_refs" : [
"observed-data--5a390e33-a644-4e3a-957d-1606950d210f" ,
"url--5a390e33-a644-4e3a-957d-1606950d210f" ,
"x-misp-attribute--5a390e5c-090c-4b23-83f0-1714950d210f" ,
"indicator--5a390ecd-e0a8-4c1e-95bc-498c950d210f" ,
"indicator--5a390eec-3874-4509-a0dd-1708950d210f" ,
"indicator--5a390efa-6134-40fc-901a-1713950d210f" ,
"indicator--5a390f86-f3c8-4662-96dd-1690950d210f" ,
"indicator--5a390f86-06c8-4a7b-a2de-1690950d210f" ,
"indicator--5a390f87-2be4-4d90-b4b6-1690950d210f" ,
"indicator--5a390f87-208c-477f-a436-1690950d210f" ,
"indicator--5a390f87-7364-456f-9669-1690950d210f" ,
"indicator--5a390f87-7528-4d33-a029-1690950d210f" ,
"indicator--5a3910b0-33e0-4ba5-b4e3-18e3950d210f" ,
"indicator--5a3910b0-2350-40f6-bf70-18e3950d210f" ,
"observed-data--5a390eac-8b20-4401-83c1-169e950d210f" ,
"email-message--5a390eac-8b20-4401-83c1-169e950d210f" ,
"indicator--5a390f46-b670-4975-842a-473d950d210f" ,
"indicator--5a3910e8-d3fc-421d-a96b-1690950d210f" ,
"indicator--5a39110d-413c-4ff2-b531-bfd8950d210f" ,
"indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e" ,
"x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b" ,
"indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8" ,
"x-misp-object--8e8856ca-85ff-4643-9b60-708617003213" ,
"indicator--23b939ba-58a7-4265-acbb-12945bdaf96f" ,
"x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9" ,
"indicator--c299d343-7fb7-4bda-bc3c-578213b2333d" ,
"x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa" ,
2024-04-05 12:15:17 +00:00
"relationship--d31062ea-466d-4eea-bbbe-9f7d9a5efd0e" ,
"relationship--2e81c9b8-bc12-4a5b-8cd1-f3c3bffa49b0" ,
"relationship--3e0d700f-6db2-4364-9b0c-cd2b35494f71" ,
"relationship--6baaf6db-350b-4125-8aa8-a01fbaabb18e"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:banker=\"Panda Banker\"" ,
"type:OSINT" ,
"osint:source-type=\"blog-post\"" ,
"ms-caro-malware-full:malware-family=\"Banker\"" ,
"malware_classification:malware-category=\"Trojan\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a390e33-a644-4e3a-957d-1606950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"first_observed" : "2017-12-20T09:11:54Z" ,
"last_observed" : "2017-12-20T09:11:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a390e33-a644-4e3a-957d-1606950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a390e33-a644-4e3a-957d-1606950d210f" ,
"value" : "https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a390e5c-090c-4b23-83f0-1714950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Banking Trojans work by injecting code into web pages as they are viewed on infected machines, allowing the malware to harvest banking credentials and credit card information as victims interact with legitimate sites. Most often, the injects -- the code that actually performs the man-in-the-browser attacks -- are configured for region-specific banking sites. More recently, we have seen injects for online payment sites, casinos, retailers, and more appearing in banking Trojan campaigns.\r\n\r\nSince November -- a period of time that includes Thanksgiving, Black Friday, Cyber Monday and now leading up to Christmas -- we have observed Zeus Panda banking Trojan campaigns that have an increasing focus on non-banking targets with an extensive list of injects clearly designed to capitalize on holiday shopping and activities.\r\n\r\nMore specifically, these Zeus Panda (aka Panda Banker) campaigns expanded their injects to a variety of online shopping sites for brick and mortar retailers like Zara, specialty online retailers, travel sites, and video streaming sites, among others. The vast majority of these new targets will potentially see higher-than-normal numbers of credit card transactions for the holidays. While Zeus Panda can be configured to steal a variety of information, these injects collected the credit card number, address, phone number, DOB, SSN, and security question-related information such as mother\u00e2\u20ac\u2122s maiden name."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390ecd-e0a8-4c1e-95bc-498c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-19T13:06:21.000Z" ,
"modified" : "2017-12-19T13:06:21.000Z" ,
"pattern" : "[file:name = 'receipt-package-5a0a062cae04a.doc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-19T13:06:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390eec-3874-4509-a0dd-1708950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"description" : "Landing page redirection" ,
"pattern" : "[url:value = 'https://canadapost-packagecenter.com/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390efa-6134-40fc-901a-1713950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"pattern" : "[file:name = 'resume.doc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390f86-f3c8-4662-96dd-1690950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"description" : "Document payload" ,
"pattern" : "[url:value = 'http://80.82.67.217/moo.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390f86-06c8-4a7b-a2de-1690950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-19T13:09:26.000Z" ,
"modified" : "2017-12-19T13:09:26.000Z" ,
"description" : "Panda" ,
"pattern" : "[file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-19T13:09:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390f87-2be4-4d90-b4b6-1690950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"description" : "Panda C&C" ,
"pattern" : "[domain-name:value = 'gromnes.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390f87-208c-477f-a436-1690950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"description" : "Panda C&C" ,
"pattern" : "[domain-name:value = 'aklexim.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390f87-7364-456f-9669-1690950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"description" : "Panda C&C" ,
"pattern" : "[domain-name:value = 'kichamyn.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390f87-7528-4d33-a029-1690950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-19T13:09:27.000Z" ,
"modified" : "2017-12-19T13:09:27.000Z" ,
"description" : "Attachment" ,
"pattern" : "[file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-19T13:09:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3910b0-33e0-4ba5-b4e3-18e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"description" : "Malicious URL in email" ,
"pattern" : "[url:value = 'http://www.nfk-trading.com/analyticsmmrxbctq/redirect/0849e22e843170e1600c1910df8cf9da-id-qblozsmn-to-package-awaiting']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3910b0-2350-40f6-bf70-18e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"description" : "Document payload" ,
"pattern" : "[url:value = 'http://89.248.169.136/bigmac.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a390eac-8b20-4401-83c1-169e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-19T13:05:48.000Z" ,
"modified" : "2017-12-19T13:05:48.000Z" ,
"first_observed" : "2017-12-19T13:05:48Z" ,
"last_observed" : "2017-12-19T13:05:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"email-message--5a390eac-8b20-4401-83c1-169e950d210f"
] ,
"labels" : [
"misp:name=\"email\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "email-message" ,
"spec_version" : "2.1" ,
"id" : "email-message--5a390eac-8b20-4401-83c1-169e950d210f" ,
"is_multipart" : false ,
"date" : "2017-11-13T00:00:00Z" ,
"subject" : "Your package is ready to be picked up\u00e2\u20ac\u009d"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a390f46-b670-4975-842a-473d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-19T13:08:22.000Z" ,
"modified" : "2017-12-19T13:08:22.000Z" ,
"pattern" : "[email-message:date = '2017-12-11T00:00:00' AND email-message:subject = 'Application submitted from Gumtree Jobs by [First Last Names] for Field Sales Consultant - Status: Emailed' AND email-message:body_multipart[0].body_raw_ref.name = 'resume.doc' AND email-message:body_multipart[0].content_disposition = 'attachment']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-19T13:08:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"email\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3910e8-d3fc-421d-a96b-1690950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-19T13:15:20.000Z" ,
"modified" : "2017-12-19T13:15:20.000Z" ,
"pattern" : "[file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b' AND file:name = 'receipt-package-5a0a062cae04a.doc' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-19T13:15:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a39110d-413c-4ff2-b531-bfd8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-19T13:15:57.000Z" ,
"modified" : "2017-12-19T13:15:57.000Z" ,
"description" : "Panda executable" ,
"pattern" : "[file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d' AND file:name = 'Bigmac.jpg' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-19T13:15:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:57.000Z" ,
"modified" : "2017-12-20T09:11:57.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a02d6ca05cbc89a317d82945bcb6b15b' AND file:hashes.SHA1 = '2cacb877c487b6dae47fb16fdd1dc7b05595125b' AND file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:54.000Z" ,
"modified" : "2017-12-20T09:11:54.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d/analysis/1513357351/" ,
"category" : "External analysis" ,
"uuid" : "5a3a295b-b3fc-4cce-92cd-431402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/67" ,
"category" : "Other" ,
"uuid" : "5a3a295b-18c0-4bed-af46-433102de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-15T17:02:31" ,
"category" : "Other" ,
"uuid" : "5a3a295b-6208-4950-9d19-4b6a02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:58.000Z" ,
"modified" : "2017-12-20T09:11:58.000Z" ,
"pattern" : "[file:hashes.MD5 = '52b053886cc0ca44df86cba91de968fa' AND file:hashes.SHA1 = 'ef22bcec61cb2aea85cd93cede6af5f4b27e011b' AND file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8e8856ca-85ff-4643-9b60-708617003213" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:55.000Z" ,
"modified" : "2017-12-20T09:11:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3/analysis/1513686510/" ,
"category" : "External analysis" ,
"comment" : "Panda" ,
"uuid" : "5a3a295b-c948-41f7-9f3c-4eb802de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "44/66" ,
"category" : "Other" ,
"comment" : "Panda" ,
"uuid" : "5a3a295b-1164-44e5-a7fb-4bc902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-19T12:28:30" ,
"category" : "Other" ,
"comment" : "Panda" ,
"uuid" : "5a3a295b-f134-4097-aaad-481602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--23b939ba-58a7-4265-acbb-12945bdaf96f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:58.000Z" ,
"modified" : "2017-12-20T09:11:58.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b2a6ec17f49740ddc699640fb19f951d' AND file:hashes.SHA1 = '00d8ef79f6fe532815c0325fb6d7165cdae98548' AND file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:55.000Z" ,
"modified" : "2017-12-20T09:11:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc/analysis/1513686599/" ,
"category" : "External analysis" ,
"comment" : "Attachment" ,
"uuid" : "5a3a295b-9dd4-4202-b6ac-44e102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/58" ,
"category" : "Other" ,
"comment" : "Attachment" ,
"uuid" : "5a3a295b-bb18-4c9d-b107-418e02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-19T12:29:59" ,
"category" : "Other" ,
"comment" : "Attachment" ,
"uuid" : "5a3a295b-30fc-4206-af56-438802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c299d343-7fb7-4bda-bc3c-578213b2333d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:58.000Z" ,
"modified" : "2017-12-20T09:11:58.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bcac60105cb24fdbcc03c1d52d09bfd1' AND file:hashes.SHA1 = '8eab9d3dfe6ac35a3624e916bb3cdc6d390a83d2' AND file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-20T09:11:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-20T09:11:55.000Z" ,
"modified" : "2017-12-20T09:11:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b/analysis/1513686655/" ,
"category" : "External analysis" ,
"uuid" : "5a3a295b-efcc-4b80-b82d-4cb402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/58" ,
"category" : "Other" ,
"uuid" : "5a3a295b-3e4c-474f-8b74-480c02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-19T12:30:55" ,
"category" : "Other" ,
"uuid" : "5a3a295b-f240-48da-adee-467702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--d31062ea-466d-4eea-bbbe-9f7d9a5efd0e" ,
2023-04-21 14:44:17 +00:00
"created" : "2017-12-28T13:33:53.000Z" ,
"modified" : "2017-12-28T13:33:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--85fc2ee8-1979-4b2b-8a01-a6e86992950e" ,
"target_ref" : "x-misp-object--6ef84376-1a21-41b0-8079-fe58470e8a3b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--2e81c9b8-bc12-4a5b-8cd1-f3c3bffa49b0" ,
2023-04-21 14:44:17 +00:00
"created" : "2017-12-28T13:33:53.000Z" ,
"modified" : "2017-12-28T13:33:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cd87750f-ad31-466c-8256-6bb5c496c7e8" ,
"target_ref" : "x-misp-object--8e8856ca-85ff-4643-9b60-708617003213"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--3e0d700f-6db2-4364-9b0c-cd2b35494f71" ,
2023-04-21 14:44:17 +00:00
"created" : "2017-12-28T13:33:53.000Z" ,
"modified" : "2017-12-28T13:33:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--23b939ba-58a7-4265-acbb-12945bdaf96f" ,
"target_ref" : "x-misp-object--1b72a2c1-dda3-4770-9bfd-a29f36fbb9b9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--6baaf6db-350b-4125-8aa8-a01fbaabb18e" ,
2023-04-21 14:44:17 +00:00
"created" : "2017-12-28T13:33:53.000Z" ,
"modified" : "2017-12-28T13:33:53.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c299d343-7fb7-4bda-bc3c-578213b2333d" ,
"target_ref" : "x-misp-object--5d0428a2-0eaa-4719-89c9-c696ddf72dfa"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}