misp-circl-feed/feeds/circl/stix-2.1/5ca71f6e-3ee8-4013-8a5f-4171950d210f.json

1518 lines
61 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5ca71f6e-3ee8-4013-8a5f-4171950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:35:09.000Z",
"modified": "2019-04-05T09:35:09.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5ca71f6e-3ee8-4013-8a5f-4171950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:35:09.000Z",
"modified": "2019-04-05T09:35:09.000Z",
"name": "OSINT - Hancitor domains",
"published": "2019-04-05T09:35:35Z",
"object_refs": [
"indicator--5ca71f7e-9ee8-46d7-876c-43f8950d210f",
"indicator--5ca71f7e-49f8-436e-94ea-4271950d210f",
"indicator--5ca71f7e-8424-41b8-b3f0-4fc3950d210f",
"indicator--5ca71f7e-8610-4d25-aedf-470c950d210f",
"indicator--5ca71f7e-6ab0-4eaa-8394-4143950d210f",
"indicator--5ca71f7e-5b08-4b83-a414-4857950d210f",
"indicator--5ca71f7e-60dc-43e6-ae2c-40e3950d210f",
"indicator--5ca71f7e-6ee4-4114-aa73-405d950d210f",
"indicator--5ca71f7e-819c-4fcd-bafb-4e48950d210f",
"observed-data--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
"url--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
"indicator--5ca71fc6-31a8-47dd-9438-4eca950d210f",
"observed-data--5ca71fd4-6f4c-4308-b155-43ad950d210f",
"url--5ca71fd4-6f4c-4308-b155-43ad950d210f",
"indicator--5ca71ff4-3d48-45c7-a8b8-4fb4950d210f",
"indicator--5ca71ff4-6f28-42e2-93a5-42e2950d210f",
"indicator--5ca71ff4-3cf8-47c8-a0ae-42e3950d210f",
"indicator--5ca71ff4-897c-4fec-a67a-4995950d210f",
"indicator--5ca71ff4-6c24-4b82-b3a4-4fb3950d210f",
"indicator--5ca71ff4-c398-428a-832a-40ee950d210f",
"indicator--5ca71ff4-a468-4343-955f-43a8950d210f",
"indicator--5ca71ff4-c24c-4980-b531-4d60950d210f",
"indicator--5ca71ff4-a408-4d73-881c-49b0950d210f",
"indicator--5ca71ff4-5eb4-449d-9dc5-47c0950d210f",
"indicator--5ca71ff4-0ce0-46a9-9c91-4418950d210f",
"indicator--5ca71ff4-dd08-4b6d-b87b-41b8950d210f",
"indicator--5ca71ff4-50dc-4492-9c0b-4bea950d210f",
"indicator--5ca71ff4-fa34-41ff-8589-4498950d210f",
"indicator--5ca71ff4-12d0-45ae-ad8a-475e950d210f",
"indicator--5ca71ff4-7aa4-4a5e-9624-41f4950d210f",
"indicator--5ca71ff4-7a90-41df-851d-4fcc950d210f",
"indicator--5ca71ff4-d3f0-423b-8f17-46b7950d210f",
"indicator--5ca71ff4-3c28-4e02-8f66-4924950d210f",
"indicator--5ca7202f-dbd8-4688-aaf0-4b5b950d210f",
"indicator--5ca7202f-8998-40c2-bffe-4fc1950d210f",
"indicator--5ca7202f-abc8-4d0d-83f3-4e48950d210f",
"indicator--5ca7202f-36cc-48d7-842b-4110950d210f",
"indicator--5ca7202f-6028-4be3-8860-4c1b950d210f",
"indicator--5ca72044-a8e4-4826-911b-4db4950d210f",
"indicator--5ca72044-f204-4bbd-bf2d-44f0950d210f",
"indicator--5ca72044-b694-4954-8f8f-440d950d210f",
"indicator--5ca7205d-36c8-4e0e-b9a4-4e58950d210f",
"indicator--5ca7205d-3048-48d0-b84c-4a1f950d210f",
"indicator--5ca7205e-02a4-48e7-adc1-41e2950d210f",
"indicator--5ca72077-9948-4c74-925f-41b4950d210f",
"indicator--5ca72077-fa84-4f4b-a2fc-45f5950d210f",
"indicator--5ca72077-4e6c-4ce6-b099-42c8950d210f",
"indicator--5ca720b7-3efc-4aa3-a353-469e950d210f",
"indicator--5ca720b7-da8c-4f34-a17a-42b7950d210f",
"indicator--5ca720b7-59d0-40df-a12b-43bc950d210f",
"indicator--57006ea3-e098-42f6-bc80-d8dc9f528163",
"x-misp-object--5b58b896-f411-4245-bbf9-f4167ef0b196",
"indicator--c2f1de55-f845-4031-9db5-cba3044f0629",
"x-misp-object--0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9",
"indicator--4c230799-c01d-4d15-a8d2-81341766f9f3",
"x-misp-object--b65c2419-c4c9-4768-8909-471c0999ae7a",
"x-misp-object--5ca720f9-ac20-44b5-a4b9-4f71950d210f",
2024-04-05 12:15:17 +00:00
"relationship--b17151b3-696f-4d8d-be3a-b50b270565ea",
"relationship--d8c00aa1-284d-4e55-9ac5-0b2e1cdd8ac4",
"relationship--09dff95b-8bed-4af3-8d02-0bcf884f06e6"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"Hancitor\"",
"misp-galaxy:tool=\"Hancitor\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"estimative-language:likelihood-probability=\"very-likely\"",
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-9ee8-46d7-876c-43f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'alldogspoop.co']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-49f8-436e-94ea-4271950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'alldogspoop.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-8424-41b8-b3f0-4fc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'alldogspoop.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-8610-4d25-aedf-470c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'alldogspoop.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-6ab0-4eaa-8394-4143950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'alldogspoop.mobi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-5b08-4b83-a414-4857950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'alldogspoop.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-60dc-43e6-ae2c-40e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'cherryhillpooperscoopers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-6ee4-4114-aa73-405d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'pooperscooperfranchise.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71f7e-819c-4fcd-bafb-4e48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:26.000Z",
"modified": "2019-04-05T09:27:26.000Z",
"pattern": "[domain-name:value = 'shopalldogspoop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:27:43.000Z",
"modified": "2019-04-05T09:27:43.000Z",
"first_observed": "2019-04-05T09:27:43Z",
"last_observed": "2019-04-05T09:27:43Z",
"number_observed": 1,
"object_refs": [
"url--5ca71f8f-756c-4a81-b8bb-4cd7950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5ca71f8f-756c-4a81-b8bb-4cd7950d210f",
"value": "https://ghostbin.com/paste/27b9a/raw"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71fc6-31a8-47dd-9438-4eca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:28:38.000Z",
"modified": "2019-04-05T09:28:38.000Z",
"pattern": "[email-message:from_ref.value = 'docusign@buyapetfranchise.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:28:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ca71fd4-6f4c-4308-b155-43ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:28:52.000Z",
"modified": "2019-04-05T09:28:52.000Z",
"first_observed": "2019-04-05T09:28:52Z",
"last_observed": "2019-04-05T09:28:52Z",
"number_observed": 1,
"object_refs": [
"url--5ca71fd4-6f4c-4308-b155-43ad950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5ca71fd4-6f4c-4308-b155-43ad950d210f",
"value": "https://pastebin.com/PV2uGMye"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-3d48-45c7-a8b8-4fb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://automotivedreamteam.com/v.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-6f28-42e2-93a5-42e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://ecsn.biz/includes/domit/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-3cf8-47c8-a0ae-42e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://ecsn.biz/includes/domit/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-897c-4fec-a67a-4995950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://ecsn.biz/includes/domit/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-6c24-4b82-b3a4-4fb3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://inazel.es/modules/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-c398-428a-832a-40ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://inazel.es/modules/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-a468-4343-955f-43a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://inazel.es/modules/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-c24c-4980-b531-4d60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://nal.com.ua/components/com_registration/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-a408-4d73-881c-49b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://nal.com.ua/components/com_registration/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-5eb4-449d-9dc5-47c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://nal.com.ua/components/com_registration/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-0ce0-46a9-9c91-4418950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://orik.hu/mambots/editors/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-dd08-4b6d-b87b-41b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://orik.hu/mambots/editors/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-50dc-4492-9c0b-4bea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://orik.hu/mambots/editors/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-fa34-41ff-8589-4498950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://scanelectric.ro/wp-content/plugins/thememove-core/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-12d0-45ae-ad8a-475e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://scanelectric.ro/wp-content/plugins/thememove-core/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-7aa4-4a5e-9624-41f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://scanelectric.ro/wp-content/plugins/thememove-core/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-7a90-41df-851d-4fcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://syrtaki-santorini.gr/modules/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-d3f0-423b-8f17-46b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://syrtaki-santorini.gr/modules/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca71ff4-3c28-4e02-8f66-4924950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:29:24.000Z",
"modified": "2019-04-05T09:29:24.000Z",
"description": "additional dl",
"pattern": "[url:value = 'http://syrtaki-santorini.gr/modules/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:29:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7202f-dbd8-4688-aaf0-4b5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:23.000Z",
"modified": "2019-04-05T09:30:23.000Z",
"description": "1.dll",
"pattern": "[file:hashes.SHA256 = '671b416bfb21522d6ba30b05d8fc04732c8737a5ca35fa531563175fb0815395']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7202f-8998-40c2-bffe-4fc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:23.000Z",
"modified": "2019-04-05T09:30:23.000Z",
"description": "2.exe",
"pattern": "[file:hashes.SHA256 = '8189564580b804ed65d51990a109ac59bc88fd77518ab415363b5bbd8adc3aa2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7202f-abc8-4d0d-83f3-4e48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:23.000Z",
"modified": "2019-04-05T09:30:23.000Z",
"description": "3.exe",
"pattern": "[file:hashes.SHA256 = '06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7202f-36cc-48d7-842b-4110950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:23.000Z",
"modified": "2019-04-05T09:30:23.000Z",
"description": "invoice_653780.doc",
"pattern": "[file:hashes.SHA256 = 'ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7202f-6028-4be3-8860-4c1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:23.000Z",
"modified": "2019-04-05T09:30:23.000Z",
"description": "v.exe",
"pattern": "[file:hashes.SHA256 = 'd3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca72044-a8e4-4826-911b-4db4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:44.000Z",
"modified": "2019-04-05T09:30:44.000Z",
"description": "hancitor c2",
"pattern": "[url:value = 'http://duloperes.com/4/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca72044-f204-4bbd-bf2d-44f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:44.000Z",
"modified": "2019-04-05T09:30:44.000Z",
"description": "hancitor c2",
"pattern": "[url:value = 'http://reflyhepone.ru/4/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca72044-b694-4954-8f8f-440d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:30:44.000Z",
"modified": "2019-04-05T09:30:44.000Z",
"description": "hancitor c2",
"pattern": "[url:value = 'http://gogotwitof.ru/4/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:30:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7205d-36c8-4e0e-b9a4-4e58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:31:09.000Z",
"modified": "2019-04-05T09:31:09.000Z",
"description": "pony c2",
"pattern": "[url:value = 'http://duloperes.com/mlu/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:31:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7205d-3048-48d0-b84c-4a1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:31:09.000Z",
"modified": "2019-04-05T09:31:09.000Z",
"description": "pony c2",
"pattern": "[url:value = 'http://reflyhepone.ru/mlu/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:31:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca7205e-02a4-48e7-adc1-41e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:31:10.000Z",
"modified": "2019-04-05T09:31:10.000Z",
"description": "pony c2",
"pattern": "[url:value = 'http://gogotwitof.ru/mlu/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:31:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca72077-9948-4c74-925f-41b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:31:35.000Z",
"modified": "2019-04-05T09:31:35.000Z",
"description": "evilpony",
"pattern": "[url:value = 'http://duloperes.com/d2/about.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:31:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca72077-fa84-4f4b-a2fc-45f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:31:35.000Z",
"modified": "2019-04-05T09:31:35.000Z",
"description": "evilpony",
"pattern": "[url:value = 'http://reflyhepone.ru/d2/about.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:31:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca72077-4e6c-4ce6-b099-42c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:31:35.000Z",
"modified": "2019-04-05T09:31:35.000Z",
"description": "evilpony",
"pattern": "[url:value = 'http://gogotwitof.ru/d2/about.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:31:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca720b7-3efc-4aa3-a353-469e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:39.000Z",
"modified": "2019-04-05T09:32:39.000Z",
"description": "C2",
"pattern": "[url:value = 'beetfeetlife.bit/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca720b7-da8c-4f34-a17a-42b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:39.000Z",
"modified": "2019-04-05T09:32:39.000Z",
"description": "C2",
"pattern": "[url:value = 'api.sorna.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ca720b7-59d0-40df-a12b-43bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:39.000Z",
"modified": "2019-04-05T09:32:39.000Z",
"description": "C2",
"pattern": "[url:value = 'supp.rivier.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57006ea3-e098-42f6-bc80-d8dc9f528163",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:04.000Z",
"modified": "2019-04-05T09:32:04.000Z",
"pattern": "[file:hashes.MD5 = 'f2b701d43a43315105d649612b27a2ea' AND file:hashes.SHA1 = '9166f0899cdcf7480b1ec5fb925da7641f3c300d' AND file:hashes.SHA256 = 'd3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:32:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b58b896-f411-4245-bbf9-f4167ef0b196",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-05T00:20:54",
"category": "Other",
"comment": "v.exe",
"uuid": "250e1e72-6769-4161-8f73-85fd3ed3b50a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed/analysis/1554423654/",
"category": "Payload delivery",
"comment": "v.exe",
"uuid": "f0953128-f125-4295-818d-aada175e115d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/72",
"category": "Payload delivery",
"comment": "v.exe",
"uuid": "36c6e6cb-f39c-4eef-a7c4-c5416ba9b23a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2f1de55-f845-4031-9db5-cba3044f0629",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"pattern": "[file:hashes.MD5 = 'f38c97514e2baafc41081d5f22024fef' AND file:hashes.SHA1 = 'fa741dca980f1b073baf52be08dadb1c996503ea' AND file:hashes.SHA256 = 'ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:32:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04T17:22:55",
"category": "Other",
"comment": "invoice_653780.doc",
"uuid": "25244f20-40eb-490f-a2f3-24cecb60cbb5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e/analysis/1554398575/",
"category": "Payload delivery",
"comment": "invoice_653780.doc",
"uuid": "50c7cb21-e7a5-4fd9-832f-e95a94f9a442"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "16/58",
"category": "Payload delivery",
"comment": "invoice_653780.doc",
"uuid": "e70d2e54-672a-478b-9d8a-4f8938664484"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4c230799-c01d-4d15-a8d2-81341766f9f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"pattern": "[file:hashes.MD5 = '32ea156c017d71b87cd00718cdae0eda' AND file:hashes.SHA1 = 'fd9c5ed4f1e0224d864d28f2061c1e0a817a5feb' AND file:hashes.SHA256 = '06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-04-05T09:32:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b65c2419-c4c9-4768-8909-471c0999ae7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-04T23:40:59",
"category": "Other",
"comment": "3.exe",
"uuid": "43eabc0f-d9e1-4f86-bdef-c88350fa2462"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94/analysis/1554421259/",
"category": "Payload delivery",
"comment": "3.exe",
"uuid": "2cb647c1-3f38-4f11-81cd-70bc19a49cdc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "18/67",
"category": "Payload delivery",
"comment": "3.exe",
"uuid": "6b6bae47-34ac-4d01-a63e-ed24557188c7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5ca720f9-ac20-44b5-a4b9-4f71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-04-05T09:33:45.000Z",
"modified": "2019-04-05T09:33:45.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "Hancitor campaign started a bit ago. Using these crappy domains for delivery links:\r\nhttps://ghostbin.com/paste/27b9a/raw",
"category": "Other",
"uuid": "5ca720f9-f634-4c04-bd1c-42ee950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5ca720f9-29cc-4c05-b28f-4356950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://twitter.com/mesa_matt/status/1113866153108148224",
"category": "Network activity",
"to_ids": true,
"uuid": "5ca720f9-c600-4ee1-abcd-4ae0950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "mesa_matt",
"category": "Other",
"uuid": "5ca720f9-2f10-4658-9bbc-4392950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--b17151b3-696f-4d8d-be3a-b50b270565ea",
2023-04-21 14:44:17 +00:00
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--57006ea3-e098-42f6-bc80-d8dc9f528163",
"target_ref": "x-misp-object--5b58b896-f411-4245-bbf9-f4167ef0b196"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--d8c00aa1-284d-4e55-9ac5-0b2e1cdd8ac4",
2023-04-21 14:44:17 +00:00
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c2f1de55-f845-4031-9db5-cba3044f0629",
"target_ref": "x-misp-object--0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--09dff95b-8bed-4af3-8d02-0bcf884f06e6",
2023-04-21 14:44:17 +00:00
"created": "2019-04-05T09:32:05.000Z",
"modified": "2019-04-05T09:32:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4c230799-c01d-4d15-a8d2-81341766f9f3",
"target_ref": "x-misp-object--b65c2419-c4c9-4768-8909-471c0999ae7a"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}