2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b60b046-c0c8-49ce-aa97-437a02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T12:57:31.000Z" ,
"modified" : "2018-08-03T12:57:31.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b60b046-c0c8-49ce-aa97-437a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T12:57:31.000Z" ,
"modified" : "2018-08-03T12:57:31.000Z" ,
"name" : "OSINT - Malicious document targets Vietnamese officials" ,
"published" : "2018-08-03T12:57:39Z" ,
"object_refs" : [
"x-misp-attribute--5b60b05e-a498-4fbf-989a-415f02de0b81" ,
"observed-data--5b60b07d-2a4c-4a69-bf54-45c902de0b81" ,
"url--5b60b07d-2a4c-4a69-bf54-45c902de0b81" ,
"indicator--5b60b0aa-8804-41de-b5f9-4b1502de0b81" ,
"indicator--5b60b0aa-8ffc-4f81-b727-4f7a02de0b81" ,
"indicator--5b60b0ab-35c8-4772-a501-457402de0b81" ,
"indicator--5b60b0ab-ffb8-4dbb-8955-4acb02de0b81" ,
"indicator--5b60b0ac-0c6c-46bc-87ca-46ab02de0b81" ,
"indicator--5b60b0ac-42b0-4015-8080-4c3e02de0b81" ,
"indicator--5b60b0ad-fc20-44d6-864e-403502de0b81" ,
"indicator--5b60b0ad-8620-4f8e-9fe9-491902de0b81" ,
"indicator--5b60b0ae-342c-442f-86ae-45ae02de0b81" ,
"indicator--5b60b0ae-bd04-4ad5-80a3-416b02de0b81" ,
"indicator--5b60b0ae-1190-4c13-8312-4c1d02de0b81" ,
"indicator--5b60b0af-f70c-4cdb-ad89-426f02de0b81" ,
"indicator--5b60b0af-e20c-4100-b7ac-43ae02de0b81" ,
"indicator--5b60b0f4-223c-4110-86b9-40d302de0b81" ,
"indicator--5b60b0f5-fc4c-4bdf-b0e0-492a02de0b81" ,
"indicator--5b60b116-c4b8-4db1-a759-488602de0b81" ,
"indicator--5b60b12a-7f14-4224-b16a-46f702de0b81" ,
"indicator--5b60b14d-4b2c-46aa-83a7-4e2902de0b81" ,
"indicator--5b60b14d-82a0-49a6-8fad-49ce02de0b81" ,
"observed-data--5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"file--5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"indicator--5b644a64-8644-4576-a851-41b7950d210f" ,
"indicator--440c258f-8bb9-488f-9ba4-11d2d4a0c491" ,
"x-misp-object--28410a9f-3d9e-4e02-ab8a-9ad909a615fd" ,
"indicator--28ff01c4-0217-4836-a385-3e490837c712" ,
"x-misp-object--dbc74363-ad91-41ec-9380-a91ae88b02e0" ,
"indicator--341880ea-3069-4d12-bd1e-9e855ee3edb7" ,
"x-misp-object--97460a0b-9f53-4f2d-afa1-b3eccf30fd47" ,
"indicator--5b62fa30-d240-4632-b970-4eb802de0b81" ,
"indicator--5b62fa56-9f74-4086-b0f6-48f002de0b81" ,
"indicator--5b62fa78-2388-4104-80f1-4b6a02de0b81" ,
"indicator--5b62fa99-c394-40ff-8bca-447402de0b81" ,
"indicator--5b62fab3-512c-40ac-bd39-45c802de0b81" ,
"indicator--5b62fad4-270c-4ffc-8aff-4ee002de0b81" ,
"indicator--5b62fafd-f4b0-409c-aba6-4ae602de0b81" ,
"indicator--5b62fb15-ba10-4e32-ba11-49ba02de0b81" ,
"indicator--5b62fb36-9314-4c86-b3eb-484202de0b81" ,
"indicator--f2b65487-b330-43d5-b152-9d8e7ab9fa86" ,
"x-misp-object--081c7113-f184-47ac-bcc8-85e42c98a503" ,
"indicator--22279826-2833-439c-831b-2d754ad300e5" ,
"x-misp-object--c45609ff-9cc7-4d9c-8647-8b500b1b3379" ,
"indicator--db3fbbf0-53b2-43de-8b00-e1950b22026b" ,
"x-misp-object--08289608-6e5c-4d58-8899-6e53368135e8" ,
"indicator--13d8c40b-9f39-424e-b9fa-369a41b15415" ,
"x-misp-object--74e8e845-1d59-4a37-8932-1132e84831e4" ,
2024-04-05 12:15:17 +00:00
"relationship--36cfb3ee-aadf-4eec-ac35-b9abb16c50bd" ,
"relationship--663bbaab-3196-4a9d-944d-542908e32e99" ,
"relationship--e7de324b-b273-48b3-906c-59436c942d7d" ,
"relationship--18767bab-e94c-450e-9d68-31e4725693df" ,
"relationship--dc049e7e-3467-4915-b216-8ff5bf5cb0c3" ,
"relationship--1e77f79c-40d9-409e-8280-960eab0c133f" ,
"relationship--39263550-e751-45c4-b66a-0941d6f58961"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:threat-actor=\"Hellsing\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b60b05e-a498-4fbf-989a-415f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:54:22.000Z" ,
"modified" : "2018-07-31T18:54:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "After our investigation of APT SideWinder, we\u00e2\u20ac\u2122ve done a yara rule for hunting RTF document exploiting the CVE-2017\u00e2\u20ac\u201c11882.\r\n\r\nWe found a document written in Vietnamese dealing with a summary about differents projects in the district H\u00e1\u00ba\u00a3i Ch\u00c3\u00a2u of \u00c4\u0090\u00c3\u00a0 N\u00e1\u00ba\u00b5ng."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b60b07d-2a4c-4a69-bf54-45c902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:54:53.000Z" ,
"modified" : "2018-07-31T18:54:53.000Z" ,
"first_observed" : "2018-07-31T18:54:53Z" ,
"last_observed" : "2018-07-31T18:54:53Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b60b07d-2a4c-4a69-bf54-45c902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b60b07d-2a4c-4a69-bf54-45c902de0b81" ,
"value" : "https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0aa-8804-41de-b5f9-4b1502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:38.000Z" ,
"modified" : "2018-07-31T18:55:38.000Z" ,
"pattern" : "[domain-name:value = 'dn.dulichbiendao.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0aa-8ffc-4f81-b727-4f7a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:38.000Z" ,
"modified" : "2018-07-31T18:55:38.000Z" ,
"pattern" : "[domain-name:value = 'gateway.vietbaotinmoi.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ab-35c8-4772-a501-457402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:39.000Z" ,
"modified" : "2018-07-31T18:55:39.000Z" ,
"pattern" : "[domain-name:value = 'fis.malware-sinkhole.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ab-ffb8-4dbb-8955-4acb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:39.000Z" ,
"modified" : "2018-07-31T18:55:39.000Z" ,
"pattern" : "[domain-name:value = 'hn.dulichbiendao.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ac-0c6c-46bc-87ca-46ab02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:40.000Z" ,
"modified" : "2018-07-31T18:55:40.000Z" ,
"pattern" : "[domain-name:value = 'halong.dulichculao.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ac-42b0-4015-8080-4c3e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:40.000Z" ,
"modified" : "2018-07-31T18:55:40.000Z" ,
"pattern" : "[domain-name:value = 'news.malware-sinkhole.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ad-fc20-44d6-864e-403502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:41.000Z" ,
"modified" : "2018-07-31T18:55:41.000Z" ,
"pattern" : "[domain-name:value = 'cat.toonganuh.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ad-8620-4f8e-9fe9-491902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:41.000Z" ,
"modified" : "2018-07-31T18:55:41.000Z" ,
"pattern" : "[domain-name:value = 'new.sggpnews.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ae-342c-442f-86ae-45ae02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:42.000Z" ,
"modified" : "2018-07-31T18:55:42.000Z" ,
"pattern" : "[domain-name:value = 'dulichculao.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ae-bd04-4ad5-80a3-416b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:42.000Z" ,
"modified" : "2018-07-31T18:55:42.000Z" ,
"pattern" : "[domain-name:value = 'coco.sodexoa.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0ae-1190-4c13-8312-4c1d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:42.000Z" ,
"modified" : "2018-07-31T18:55:42.000Z" ,
"pattern" : "[domain-name:value = 'thoitiet.malware-sinkhole.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0af-f70c-4cdb-ad89-426f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:43.000Z" ,
"modified" : "2018-07-31T18:55:43.000Z" ,
"pattern" : "[domain-name:value = 'wouderfulu.impresstravel.ga']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0af-e20c-4100-b7ac-43ae02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:55:43.000Z" ,
"modified" : "2018-07-31T18:55:43.000Z" ,
"pattern" : "[domain-name:value = 'toonganuh.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:55:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0f4-223c-4110-86b9-40d302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:56:52.000Z" ,
"modified" : "2018-07-31T18:56:52.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.99.181.14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:56:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b0f5-fc4c-4bdf-b0e0-492a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:56:53.000Z" ,
"modified" : "2018-07-31T18:56:53.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.223.165.122']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:56:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b116-c4b8-4db1-a759-488602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:57:26.000Z" ,
"modified" : "2018-07-31T18:57:26.000Z" ,
"description" : "RTF" ,
"pattern" : "[file:hashes.SHA256 = '42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:57:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b12a-7f14-4224-b16a-46f702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:57:46.000Z" ,
"modified" : "2018-07-31T18:57:46.000Z" ,
"description" : "8.t" ,
"pattern" : "[file:hashes.SHA256 = '2c60d4312e4416745e56048ee35e694a79e1bc77e7e4d0b5811e64c84a72d2d7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:57:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b14d-4b2c-46aa-83a7-4e2902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:58:21.000Z" ,
"modified" : "2018-07-31T18:58:21.000Z" ,
"description" : "exe" ,
"pattern" : "[file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:58:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b60b14d-82a0-49a6-8fad-49ce02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:58:21.000Z" ,
"modified" : "2018-07-31T18:58:21.000Z" ,
"description" : "dll" ,
"pattern" : "[file:hashes.SHA256 = '9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T18:58:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T18:59:09.000Z" ,
"modified" : "2018-07-31T18:59:09.000Z" ,
"first_observed" : "2018-07-31T18:59:09Z" ,
"last_observed" : "2018-07-31T18:59:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"name" : "joe.png" ,
"content_ref" : "artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B P k A A A O g C A I A A A D A n T T n A A C A A E l E Q V R 42 u z d B 1 Q U 1 / 4 H 8 J n t s E v v V a S s A i I 2 s G J v J F Y U e 401 s T 0 1 x m g S S z S J R p + J v h g 1 J k a N E j V 2 j b 0 X w E Z R B O l I E 2 m 7 l O 0 7 O / 8 T 5 r 39E1 Q k C r L A 93 M 4 n N 3 Z O 3 f u 3 N m d n d / e O / d y a J o m A A A A A A A A o C H Q a D R y u R z 18 F I k S Z a W l j o 7 O x M E w U J 1 A A A A A A A A Q C O D W B c A A A A A A A A Q 6 w I A A A A A A A A g 1 g U A A A A A A A B A r A s A A A A A A A A 1 c j c 6 I T Y + p c r C B w 8 T H z x M Z B 6 f u 3 q n S F L 64 o o R 9 + M y s p 7 V f E M R 9 + P i n q Q Z y F 6 / t v C I d Q E A A A A A A B o w m q Z J g q w m g Y u j L Z / H f c m K x D + b l o c m D G g S n 9 c W H r E u A A A A A A B A Y + b b o r l I a K R / q l J r d D r d S 1 P q d D q 1 W v P G G 3 r V 6 u p X b L H 6 z a k 1 L 1 m r m s J X w c G B B w A A A A A A a M S u 3 o 5 q 0 8 r L w s x E W l r + K C G t X C Z n s V g u j r a V 20 W 1 W i o u M S 0 v v 5 i m a S M B 37 d F c x s r 85 p v 4 l W r l 8 s U s f E p p W U y N p v l 0 c x J W l r u 7 G B j Z 2 N Z z e Z u 3 n k o 9 n B J z c g p K S 0 n S d L N x a G l p y t B E N U U H r E u A A A A A A B A I 6 R S q y X S s s p L N B o t l / v f c E + p U u s q R D 1 K E g m N 2 v i 2 J g g i 7 k l a a Z n M 0 c 6 a S R O X m F 5 W L u / U 3 p f P 46 Z n P o t 6 l N Q t 0E9 o b F T D A r x 0 d W M j Q X R c k r G R o I 2 v p 0 5 H P 0 x I L Z c p H G y t q t + c S q V K S M r w b d H c 0 t w 0 J 6 / g c W K 6 g 62 l i c i 4 m s I j 1 g U A A A A A A G i E C o t L C o t L q i y 0 t b a o / P R Z f p F G o 23 j 68 W r i I H 9 f T 1 v R M Y y L y m U q m f P C 7 s E + J m Z C A m C 8 B G 7 F U t L c 54 V i j 1 c a r L 1 V 61 u b i Z S K F U d 2 / k y W 2 z V 0 j 383 q O a b M 7 B z o p p 5 n V 1 s n u S k q l Q q c v l i l c V H r E u A A A A A A B A 4 + R g Z 93 G 17 P y E v 0 g z H r l 5 Q o z E y H v f 429 x k Y C A Z / H P C 4 r l x M E k Z t X + O x 5 I b O E p u l y u a K G W 3 / V 6 h w O 29 h I o N + i m Y m Q x W L V Z H M m Q m P 9 Y 3 b F K t U U H r E u A E D j R 1 G U T q f 7 Z y M q A l S L J E k 2 m 81 c m g A A Q I N G E z R J / m 24 Z v 3 p n a J 0 L B Z L H 0 k S B O F o Z 21 k x K / x F c j L V 5 f J l F W + Q Z j t v 3 Z z L D a r 5 o V H r A s A 0 J h p t V q N R o M o F + q C R q P 564 q E x 0 P E C w D Q o B k b C X L y C n U 6 H X M + 12 o p h V L F v G R k x N f p d C 5 O t j z u f 6 c m y i + U v L b h V O 9 V q 9 M 0 L c 9 R 0 v R / w 1 S l S k 1 R u j f b X D W F f x V 8 a Q E A N G w 0 T S u V S g S 6 U K d 0 O h 3 z N k N V A A A 0 X M z o x 0 l p W X S F h O Q M / e Q 9 Z i Z C k d A 4 L i G N W V J U X B L 1 K I l 62 d Q + K r V G I i 2 r / F f N 6 j Z W F g R N p z 3 N Z a 5 Y k l I z / + n m a l L 4 V 0 G 7 L g B A w w 50 V S o V c 9 J H b U B d Y 35 S 4 f F 4 q A o A g I a I z + O 2 a t E 8 L j E 9 K y e f I A i R 0 E g / z Q 9 J k v 4 + H l G P k q 7 c e s D l c p U q l Z e 7 s 4 W Z y Y u Z 5 B d K 8 g s l l Z c M 6 B n I Y r F e t b q f j 2 f s 4 + S n 2 X k 0 Q d j b W P J 4 X B a L V f P N 1 a T w r 0 L i 8 g g A o O F S q V Q U R a E e 4 J 0 h S Z L L 5 X I 4 + K 0 c A K D e a D Q a u V z + 5 h c P a k 1 J a T m X y z E 3 F V W 5 A 1 a n 0 0 m k Z Z R O Z 2 o i r H k H 5 m p W 1 + l 0 G i 3 F T I 0 r 4 H F N R M Y X b 9 w L b O v D h L V v s L l q C q //niotLXV2dka7LgBAA8aMRIV6gHeJpmmNRsNms196hQEAAIaPz+NWmYtIj8ViWVmavXHOL66uUKpvRMZ0bOdjV7HFtMxcNpvNzDP0ZpurpvAvKQ8ONgBAA9VE7tE9e/asewUfH59ly5ZVeXXnzp1z5sypST41T7lr1y4fHx8bG5vRo0dLJJLazbxxQG8CAACoCaGxQOzucj/2ya07D6+FR6dl5LT29nhnIx2iXRcAoEGiabqJNOqqVCoOh3Pt2rXs7Ow+ffpMnjw5u8LQoUMtLCwUCoVUKj158iSLxRo0aJBGozl16lRhYeGAAQMePXrk4+Pj7u5++PDhrl27+vv729jYEATx4MGDmJiYrl27tmzZMi4urqSkpLi4ePDgwczmbt68uWzZssOHD4vF4vnz569evXr69OlMmoEDB+ozl0gkMpksOzvb0dExKCioSjEa/XtPo9GgGzMAANSEh5uTi5OdTKbgcNlCI8G7HNKfvWrVKhwAAIAGR1ehKezpkydPjhw5olQqr1y5IhQKuVzuli1bBALB8uXLp0+f/uDBg99//10kEn355ZeBgYEHKlAUtXbtWjabHRUV5efnN3DgwI8//vjPP/+8ePEii8WaPn26s7PzokWLevToceHChc8++ywtLW3ChAnM5n788UcXF5d58+aVlZV16tQpKCjo+PHjTJrs7Gx95iwW69NPP7WwsFi5cqWPj09xcXHlYri5uTXug8LctYuPIQBAfVGr1Q2otGw2y0jA5/O47+D+F5IkVSqVqakp2nUBABqqJjWyIJvNdnJyMjIyCg8PP3z4sLm5uU6ny8rKevz4MUEQXbt2/fe//x0XF/f06dOxY8fSNH3nzp3c3NzQ0NAZM2b4+/v37dvX3Py/QzUePXp09uzZn3zyiUwmO3r0qLm5eevWrY8fP67fllKpZFosf/nll/379zs7O/fr149Jk5aWps+cIIg+ffps2rSJx+OdOXNGLBZXLgbefgAAUKdfi2w2G7eTvBbu1wUAAENnamo6Z86c+fPnkySpVCp79eo1bdq077//nmk+ZUJT5qfipUuXSiSSf/3rXwRBdO7cmaKobdu2hYaG6rMyMjKSSqUEQUgkEmNjY4IgrKysKm8rKCjozJkzmZmZn3/+ub43MpOmcuYEQTD5FBcXi0SiKsUAAACoU8bGxvjGeS206wIAgKHLzMw0NTXl8Xjdu3efPHny0qVLT58+bWVlNWXKlCopXVxcTpw4ER8fT1GUVCoNDQ3dtm3be++9p08wZ86coUOH3rhxo7i4+Ouvv96/f3+VHEaMGHH16lV/f38zM7Nu3bq9KnOlUpmSktKxY8dnz55dvnz57NmzOEwAAPDOsFgskUikUqm0Wi0mZXgVzK8LANAgabXaJjIO84tKSkqKiorc3d1ffImm6YyMDBcXl2pGTlIqldnZ2c2aNavmjlOJRKJSqezt7XU6nX4UjcqZr1ixoqio6LPPPjMzMxMKhU3wKDCt4gBN55Qrk8lQDwANIL7F/LoAANBwmVV41Tdc8+bNq19dIBB4enpWn8bC4r9z91UeLrJy5q6urubm5o6OjjgcAAAABhr3ol0XAKAhasrtumAI0K4LTe2Ui3ZdgIYR31Zq18XYVAAAAAAAANDYINYFAAAAAAAAxLoAAAAAAAAAiHUBAAAAAAAAEOsCAAAAAAAAvDnMOQQA0AilpaVpNJrS0lJzc3MvLy9UCAAAACDWBQCABu+rr77S6XQ0TVMU5e7uvmrVKpqmK08VW4/Ky8uFQiFJkmVlZSYmJgRBKBQKIyMj5lWZTCYUCvUvAQAAACDWBQCAvxk5cmRwcHC7du26deuWmJg4d+7cei/SiRMnnj59KpVKrayseDyeRCIJDQ1dtGjR4cOH2Wz27t27KYpSKpXMS5988gkOIgAYpi1btsTGxvr4+CxevNgAi3fx4sUDBw44ODisXbsWBwuaLNyvCwDQmCkUCi6X269fP0MIdAmCuHnzJkmSffr0yczMnDZtWmpqqoODg6+vL0EQ8fHx5eXlBEHoX8LhAwCDlZ+fn5GRkZeXZ5jFKysry8jIyMnJwZECxLoAANAIff311/3791+yZMn58+e3bNliCEWSy+WzZ88+ffr05MmTN23aRFGUQCAwNjYmCGL9+vWlpaXXrl2bNGkS8xKOIAAAALwx9GEGAGiEfvnllypLBgwYYAgF69ixY1hYGI/He/DggZWVVatWrfQv7dq1Kycn59y5c1FRUVVeAgBoWHQ63fHjx69cuSKRSFxcXAYNGtStWzf9qxcvXjx27Fh5eXmfPn3EYvGBAwfc3NwWLlxY/YoLFy7U6XSTJ0+OrGBsbNyrV6/Q0FD9WAxnzpw5dep
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b644a64-8644-4576-a851-41b7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T12:28:20.000Z" ,
"modified" : "2018-08-03T12:28:20.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'dd89d33e275e99e288e4c50bdafbb4584a9565189491af0a66f8a506eaf53859']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T12:28:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--440c258f-8bb9-488f-9ba4-11d2d4a0c491" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T19:00:18.000Z" ,
"modified" : "2018-07-31T19:00:18.000Z" ,
"pattern" : "[file:hashes.MD5 = '56c52e6a3dede484b44d1dbfed8a92f0' AND file:hashes.SHA1 = '505bd0f307da1efe9785044fa7dfbe655da231a5' AND file:hashes.SHA256 = '9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T19:00:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--28410a9f-3d9e-4e02-ab8a-9ad909a615fd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T19:00:17.000Z" ,
"modified" : "2018-07-31T19:00:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-29T07:48:40" ,
"category" : "Other" ,
"uuid" : "5c2b8366-1836-4e0c-8a19-501a98245585"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368/analysis/1532850520/" ,
"category" : "External analysis" ,
"uuid" : "cbe263b6-e9d2-4432-a74f-ed814315b04f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/65" ,
"category" : "Other" ,
"uuid" : "a4e00129-18fa-483c-a624-c460ecf18ec2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--28ff01c4-0217-4836-a385-3e490837c712" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T19:00:21.000Z" ,
"modified" : "2018-07-31T19:00:21.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd64161db327f4ec91d458a00293c62b0' AND file:hashes.SHA1 = '364570ca28e004bed1d9d4e5853befd77b88465f' AND file:hashes.SHA256 = '42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T19:00:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--dbc74363-ad91-41ec-9380-a91ae88b02e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T19:00:20.000Z" ,
"modified" : "2018-07-31T19:00:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-23T15:44:31" ,
"category" : "Other" ,
"uuid" : "aca159f6-9481-42db-a2c2-42ac503fa261"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed/analysis/1532360671/" ,
"category" : "External analysis" ,
"uuid" : "19e1bc6e-a9ea-4bbb-bfac-e27af4df4921"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/60" ,
"category" : "Other" ,
"uuid" : "9a0e8dc2-5f70-4f8f-9279-116ae36d69de"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--341880ea-3069-4d12-bd1e-9e855ee3edb7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T19:00:24.000Z" ,
"modified" : "2018-07-31T19:00:24.000Z" ,
"pattern" : "[file:hashes.MD5 = '62944e26b36b1dcace429ae26ba66164' AND file:hashes.SHA1 = '2616da1697f7c764ee7fb558887a6a3279861fac' AND file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-31T19:00:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--97460a0b-9f53-4f2d-afa1-b3eccf30fd47" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-31T19:00:22.000Z" ,
"modified" : "2018-07-31T19:00:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-24T09:20:59" ,
"category" : "Other" ,
"uuid" : "01d43de5-edc2-4275-a5b2-b42e76b5544d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68/analysis/1532424059/" ,
"category" : "External analysis" ,
"uuid" : "8835b84d-dad7-4cbc-afde-ed46122a4768"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/67" ,
"category" : "Other" ,
"uuid" : "fe6851a5-9f11-4ce3-9725-7b452118a065"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fa30-d240-4632-b970-4eb802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:33:52.000Z" ,
"modified" : "2018-08-02T12:33:52.000Z" ,
"pattern" : "[file:hashes.SHA256 = '597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486' AND file:name = '59.rtf' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:33:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fa56-9f74-4086-b0f6-48f002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:34:30.000Z" ,
"modified" : "2018-08-02T12:34:30.000Z" ,
"pattern" : "[file:hashes.SHA256 = '11f38b6a69978dad95c9b1479db9a8729ca57329855998bd41befc364657d654' AND file:name = 'RasTls.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:34:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fa78-2388-4104-80f1-4b6a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:35:04.000Z" ,
"modified" : "2018-08-02T12:35:04.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68' AND file:name = 'RasTls.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:35:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fa99-c394-40ff-8bca-447402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:35:37.000Z" ,
"modified" : "2018-08-02T12:35:37.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253' AND file:name = 'b7.rtf' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:35:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fab3-512c-40ac-bd39-45c802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:36:03.000Z" ,
"modified" : "2018-08-02T12:36:03.000Z" ,
"pattern" : "[file:hashes.SHA256 = '77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2' AND file:name = 'spoolsver.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:36:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fad4-270c-4ffc-8aff-4ee002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:36:36.000Z" ,
"modified" : "2018-08-02T12:36:36.000Z" ,
"pattern" : "[file:hashes.SHA256 = '9fba998ab2c1b7fec39da9817b27768ba7892c0613c4be7c525989161981d2e2' AND file:name = 'vsodscpl.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:36:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fafd-f4b0-409c-aba6-4ae602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:37:17.000Z" ,
"modified" : "2018-08-02T12:37:17.000Z" ,
"pattern" : "[file:hashes.SHA256 = '9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0' AND file:name = '9d.rtf' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:37:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fb15-ba10-4e32-ba11-49ba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:37:41.000Z" ,
"modified" : "2018-08-02T12:37:41.000Z" ,
"pattern" : "[file:hashes.SHA256 = '087d8bee1db61273a7cd533d52b63265d3a8a8b897526d7849c48bcdba4b22ec' AND file:name = 'RasTls.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:37:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b62fb36-9314-4c86-b3eb-484202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:14.000Z" ,
"modified" : "2018-08-02T12:38:14.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68' AND file:name = 'RasTls.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:38:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f2b65487-b330-43d5-b152-9d8e7ab9fa86" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:33.000Z" ,
"modified" : "2018-08-02T12:38:33.000Z" ,
"pattern" : "[file:hashes.MD5 = '88d667cc01c4d8ee32e9de116f3bfdeb' AND file:hashes.SHA1 = '5ca26b6eae6bdf038c4ec61b174a3825bcde95fd' AND file:hashes.SHA256 = '597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:38:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--081c7113-f184-47ac-bcc8-85e42c98a503" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:31.000Z" ,
"modified" : "2018-08-02T12:38:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-23T13:07:30" ,
"category" : "Other" ,
"uuid" : "30ab8a9f-fae7-49f2-a665-8b44627f1b16"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486/analysis/1532351250/" ,
"category" : "External analysis" ,
"uuid" : "89a4f45a-ff7c-4db1-a3a2-3336464ca4ec"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/59" ,
"category" : "Other" ,
"uuid" : "c3d87ac0-c1c7-45bc-97cc-c3798f16b5d2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--22279826-2833-439c-831b-2d754ad300e5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:35.000Z" ,
"modified" : "2018-08-02T12:38:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '9c7297f032b5c1cfbc2d819815f72f80' AND file:hashes.SHA1 = 'f2bad341629f6e4397158e5a66a94e5f5aea5d48' AND file:hashes.SHA256 = 'b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:38:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c45609ff-9cc7-4d9c-8647-8b500b1b3379" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:33.000Z" ,
"modified" : "2018-08-02T12:38:33.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-24T01:00:29" ,
"category" : "Other" ,
"uuid" : "b1241a90-9dc5-437c-abd3-f3355401c57a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253/analysis/1532394029/" ,
"category" : "External analysis" ,
"uuid" : "ae05b8e6-8d3d-441f-ab3e-877be4a23ad1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/59" ,
"category" : "Other" ,
"uuid" : "8e84a1a9-3b35-484e-99c2-c66b03b21fdc"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--db3fbbf0-53b2-43de-8b00-e1950b22026b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:37.000Z" ,
"modified" : "2018-08-02T12:38:37.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bd19302a58133803622e119080a5ceda' AND file:hashes.SHA1 = '2c0b6a27dd227d18b312c4a42b3e3fbc233ae996' AND file:hashes.SHA256 = '77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:38:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--08289608-6e5c-4d58-8899-6e53368135e8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:36.000Z" ,
"modified" : "2018-08-02T12:38:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-06-20T08:14:35" ,
"category" : "Other" ,
"uuid" : "24e8ba59-3a65-464c-b611-840d0d554777"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2/analysis/1529482475/" ,
"category" : "External analysis" ,
"uuid" : "d9548805-42a2-4119-b35b-0d979e8c0c52"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/68" ,
"category" : "Other" ,
"uuid" : "daff5ae1-4274-45e3-a522-141a42c8ab50"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--13d8c40b-9f39-424e-b9fa-369a41b15415" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:40.000Z" ,
"modified" : "2018-08-02T12:38:40.000Z" ,
"pattern" : "[file:hashes.MD5 = '9ca6d45643f89bf233f08b7d74910346' AND file:hashes.SHA1 = '16163b8182d5d55a75f87c10eacb9240fa2de9af' AND file:hashes.SHA256 = '9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-02T12:38:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--74e8e845-1d59-4a37-8932-1132e84831e4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-02T12:38:38.000Z" ,
"modified" : "2018-08-02T12:38:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-01T16:48:13" ,
"category" : "Other" ,
"uuid" : "8efd1b93-8d49-46f4-8b29-c8cc33fcdf7c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0/analysis/1533142093/" ,
"category" : "External analysis" ,
"uuid" : "95843f4e-383d-4bf4-8f8c-9ce96cc1819e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/59" ,
"category" : "Other" ,
"uuid" : "bdb347e0-ded3-4f72-8360-06865baf1f77"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--36cfb3ee-aadf-4eec-ac35-b9abb16c50bd" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-31T19:00:23.000Z" ,
"modified" : "2018-07-31T19:00:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--440c258f-8bb9-488f-9ba4-11d2d4a0c491" ,
"target_ref" : "x-misp-object--28410a9f-3d9e-4e02-ab8a-9ad909a615fd"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--663bbaab-3196-4a9d-944d-542908e32e99" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-31T19:00:23.000Z" ,
"modified" : "2018-07-31T19:00:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--28ff01c4-0217-4836-a385-3e490837c712" ,
"target_ref" : "x-misp-object--dbc74363-ad91-41ec-9380-a91ae88b02e0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--e7de324b-b273-48b3-906c-59436c942d7d" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-31T19:00:24.000Z" ,
"modified" : "2018-07-31T19:00:24.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--341880ea-3069-4d12-bd1e-9e855ee3edb7" ,
"target_ref" : "x-misp-object--97460a0b-9f53-4f2d-afa1-b3eccf30fd47"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--18767bab-e94c-450e-9d68-31e4725693df" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-02T12:38:39.000Z" ,
"modified" : "2018-08-02T12:38:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f2b65487-b330-43d5-b152-9d8e7ab9fa86" ,
"target_ref" : "x-misp-object--081c7113-f184-47ac-bcc8-85e42c98a503"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--dc049e7e-3467-4915-b216-8ff5bf5cb0c3" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-02T12:38:39.000Z" ,
"modified" : "2018-08-02T12:38:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--22279826-2833-439c-831b-2d754ad300e5" ,
"target_ref" : "x-misp-object--c45609ff-9cc7-4d9c-8647-8b500b1b3379"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--1e77f79c-40d9-409e-8280-960eab0c133f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-02T12:38:39.000Z" ,
"modified" : "2018-08-02T12:38:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--db3fbbf0-53b2-43de-8b00-e1950b22026b" ,
"target_ref" : "x-misp-object--08289608-6e5c-4d58-8899-6e53368135e8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--39263550-e751-45c4-b66a-0941d6f58961" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-02T12:38:39.000Z" ,
"modified" : "2018-08-02T12:38:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--13d8c40b-9f39-424e-b9fa-369a41b15415" ,
"target_ref" : "x-misp-object--74e8e845-1d59-4a37-8932-1132e84831e4"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
