2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5dfce305-c520-4a71-9094-47c702de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:26:15.000Z",
|
|
|
|
"modified": "2019-12-20T15:26:15.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5dfce305-c520-4a71-9094-47c702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:26:15.000Z",
|
|
|
|
"modified": "2019-12-20T15:26:15.000Z",
|
|
|
|
"name": "OSINT - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking",
|
|
|
|
"published": "2019-12-20T15:26:26Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
|
|
|
|
"url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
|
|
|
|
"indicator--5dfce36c-7cbc-46d0-896f-8bb502de0b81",
|
|
|
|
"indicator--5dfce36c-ba98-465b-84b9-8bb502de0b81",
|
|
|
|
"indicator--5dfce36c-478c-4cd0-8a28-8bb502de0b81",
|
|
|
|
"indicator--5dfce36c-2118-4510-90a4-8bb502de0b81",
|
|
|
|
"indicator--5dfce36c-6728-4ac9-aa75-8bb502de0b81",
|
|
|
|
"indicator--5dfce36c-80f0-4c21-99d5-8bb502de0b81",
|
|
|
|
"indicator--5dfce36c-d5f4-42b3-be96-8bb502de0b81",
|
|
|
|
"indicator--5dfce36c-01b4-46b5-ad90-8bb502de0b81",
|
|
|
|
"indicator--5dfce36d-f82c-4402-91d8-8bb502de0b81",
|
|
|
|
"indicator--5dfce36d-a700-44a4-a66e-8bb502de0b81",
|
|
|
|
"indicator--5dfce5c9-85d4-411c-9374-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-38f8-47e2-a063-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-3ce4-4157-8ab1-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-da10-4a2b-b7f2-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-b084-4b29-8b05-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-9d58-4ccf-90fd-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-6d9c-472f-a1cf-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-e0b4-451b-bb30-8ba102de0b81",
|
|
|
|
"indicator--5dfce5c9-ce2c-4e36-a19e-8ba102de0b81",
|
|
|
|
"indicator--7c234dae-875e-49ec-adb2-43a8033db0e0",
|
|
|
|
"x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34",
|
|
|
|
"indicator--69638f44-509c-45ab-80fc-97514283b206",
|
|
|
|
"x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d",
|
|
|
|
"indicator--bf7c8c32-31da-4197-998f-95a2eda8b415",
|
|
|
|
"x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12",
|
|
|
|
"indicator--94aaa7da-30e3-49e8-93a2-379fea74854b",
|
|
|
|
"x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f",
|
|
|
|
"indicator--71982da2-49c2-49f4-95eb-e45f05d9f424",
|
|
|
|
"x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67",
|
|
|
|
"indicator--3b6714ab-d534-449f-8eae-856904fe477b",
|
|
|
|
"x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae",
|
|
|
|
"indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
|
|
|
|
"x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b",
|
|
|
|
"indicator--ea68f105-92dd-4589-ac6b-19c493f351cc",
|
|
|
|
"x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53",
|
|
|
|
"indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
|
|
|
|
"x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--a7e7c057-c9ab-497a-ab4d-2e4cd5f3abe3",
|
|
|
|
"relationship--4ae5bb93-a924-43c7-a6ee-e9c7aa572429",
|
|
|
|
"relationship--f2843a3f-ccad-4de8-b562-de627a3c6902",
|
|
|
|
"relationship--0d5b2f57-8639-4544-b76d-f175a8473049",
|
|
|
|
"relationship--e694ab26-62d7-4278-8beb-0c569294197c",
|
|
|
|
"relationship--435d0c47-d169-4b66-8622-9b9f2b9dc77b",
|
|
|
|
"relationship--4546518b-d59b-4600-aa9c-ed9cd8284005",
|
|
|
|
"relationship--f319d388-e37a-4b85-9ef4-b6831979ea40",
|
|
|
|
"relationship--a053f405-e1c2-454e-9bb6-b2b5f3062726"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:threat-actor=\"TA505\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:05:01.000Z",
|
|
|
|
"modified": "2019-12-20T15:05:01.000Z",
|
|
|
|
"first_observed": "2019-12-20T15:05:01Z",
|
|
|
|
"last_observed": "2019-12-20T15:05:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
|
|
|
|
"value": "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-7cbc-46d0-896f-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "WinDef Download URL",
|
|
|
|
"pattern": "[url:value = 'http://96.9.211.157/sdf4r3r3/WinDef.msi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-ba98-465b-84b9-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "Predator C2",
|
|
|
|
"pattern": "[url:value = 'https://soul-fly.xyz/api/gate.get']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-478c-4cd0-8a28-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "LDR_5622 URL1",
|
|
|
|
"pattern": "[url:value = 'https://artrolife.club/fhj37f34fdd/file1.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-2118-4510-90a4-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "LDR_5622 URL2",
|
|
|
|
"pattern": "[url:value = 'http://supremeconnect.xyz/fdfg83574gd/file2.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-6728-4ac9-aa75-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "Team Viewer Panel",
|
|
|
|
"pattern": "[url:value = 'http://0926tv.xyz/mystt34834ujf37data/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-80f0-4c21-99d5-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "ServHelper NetSupport",
|
|
|
|
"pattern": "[url:value = 'http://gabardine.xyz/log.txt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-d5f4-42b3-be96-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "ServHelper NetSupport",
|
|
|
|
"pattern": "[url:value = 'http://kuarela.xyz/1.txt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36c-01b4-46b5-ad90-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:20.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:20.000Z",
|
|
|
|
"description": "ServHelper NetSupport",
|
|
|
|
"pattern": "[url:value = 'http://foxlnklnk.xyz/pf1.txt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36d-f82c-4402-91d8-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:21.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:21.000Z",
|
|
|
|
"description": "ServHelper NetSupport",
|
|
|
|
"pattern": "[url:value = 'http://cafafafa.xyz/pf1.txt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce36d-a700-44a4-a66e-8bb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:06:21.000Z",
|
|
|
|
"modified": "2019-12-20T15:06:21.000Z",
|
|
|
|
"description": "ServHelper NetSupport",
|
|
|
|
"pattern": "[url:value = 'http://letitbe.icu/2.txt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:06:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-85d4-411c-9374-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9aa1b6bb7d53b008b6529b4a2f6bfada']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-38f8-47e2-a063-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a2e77ee41f4d4d3e8814d07d26ec5be3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-3ce4-4157-8ab1-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '77f46b13d858f83c3ce5bdc6ffbc8a95']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-da10-4a2b-b7f2-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'de70f256b9fd194f6844d7aa81b17b4e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-b084-4b29-8b05-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6954cee9db2533337e4425aceacc547b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-9d58-4ccf-90fd-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a606d454b408b99aa9fc7ad774951621']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-6d9c-472f-a1cf-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '92cc85c53e169b330fd8686d35259261']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-e0b4-451b-bb30-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a511410d5889fca07a0dd0a8c84d6c8a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5dfce5c9-ce2c-4e36-a19e-8ba102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:25.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c3c226ec03f393103b9df764df50f0bc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7c234dae-875e-49ec-adb2-43a8033db0e0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:42.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:42.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'de70f256b9fd194f6844d7aa81b17b4e' AND file:hashes.SHA1 = '8c14b7bc7d0f132b4a00062ebc84eca98074eb06' AND file:hashes.SHA256 = 'ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:42.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:42.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-01T14:13:53",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a5271e19-09e7-404f-9171-76cd45767dfc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2/analysis/1569939233/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "61098a77-079f-4c1c-8c07-2e426ff525e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "42/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "5d708598-582e-4e90-b781-495f5bef2a27"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--69638f44-509c-45ab-80fc-97514283b206",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:42.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:42.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a511410d5889fca07a0dd0a8c84d6c8a' AND file:hashes.SHA1 = 'c470685e7f2b4c1c1ff5a544824becef1f81c0de' AND file:hashes.SHA256 = '1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:43.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:43.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-12-03T04:36:27",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "948e4fae-219b-42ce-8ba9-44a92f8a3ae7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a/analysis/1575347787/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ac8f3242-6e1d-468d-8fc0-a841bdcec64d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1b012b4e-a10b-4681-9094-735f8272c584"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--bf7c8c32-31da-4197-998f-95a2eda8b415",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:43.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9aa1b6bb7d53b008b6529b4a2f6bfada' AND file:hashes.SHA1 = 'e764a66692df3ecbfae0660a1d1e567be20e034d' AND file:hashes.SHA256 = 'd83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:43.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:43.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-11-15T10:55:08",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "dfe11c11-1352-4103-89f1-ecac42bf7a8b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/d83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2/analysis/1573815308/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "536eee81-3ea3-4fb6-a0db-389783a109f2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "26/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c3ef49b9-4ed9-43b6-a1cd-cc2163ffd434"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--94aaa7da-30e3-49e8-93a2-379fea74854b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:43.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c3c226ec03f393103b9df764df50f0bc' AND file:hashes.SHA1 = '177f891063569d82f85fc931a5254f0c5acbee9f' AND file:hashes.SHA256 = 'c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:43.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:43.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-26T19:39:42",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e6c3486c-c499-4a99-b7b7-b2f48f92ee34"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0/analysis/1569526782/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "461ef55a-d9a5-4fb0-8e0b-1a04e2903a0f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "10/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "671ac72d-aad7-426c-aa5d-0dabfe885696"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--71982da2-49c2-49f4-95eb-e45f05d9f424",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:44.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:44.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6954cee9db2533337e4425aceacc547b' AND file:hashes.SHA1 = 'da3973333643735f740f832ebb914faedc3385fa' AND file:hashes.SHA256 = '70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:44.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:44.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-03T06:11:45",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7d9d833a-6c37-41f1-9a3b-687e60b43784"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72/analysis/1570083105/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "b13d1871-894a-46c6-a401-61de32ac5d85"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "da84ee46-40da-4f54-8200-940c0eb3cde2"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--3b6714ab-d534-449f-8eae-856904fe477b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:44.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:44.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a2e77ee41f4d4d3e8814d07d26ec5be3' AND file:hashes.SHA1 = 'e07292223d53785c61e4d4e33126e71d69527cbd' AND file:hashes.SHA256 = '1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:44.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:44.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-12-03T04:36:19",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2dccaf5f-a350-4c18-94b1-aaf6f4bd97ff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb/analysis/1575347779/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "22ba39fc-e09e-4737-9e98-a71026bbbc33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "38/63",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "7cd33bde-eca9-40b1-a030-151bf7acbab8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:44.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:44.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '77f46b13d858f83c3ce5bdc6ffbc8a95' AND file:hashes.SHA1 = 'd08b44e8aed3aa013827d5aeef901fed360c57fb' AND file:hashes.SHA256 = '97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:44.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:44.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-27T17:09:02",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "998f01f8-1c0f-4c68-9923-148dd4525864"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf/analysis/1569604142/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "537c2145-8681-4e28-8c31-9ba67d642300"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "25/59",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e8cb3e8f-e0c7-473f-a527-6e3e712a9a67"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ea68f105-92dd-4589-ac6b-19c493f351cc",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:45.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '92cc85c53e169b330fd8686d35259261' AND file:hashes.SHA1 = '4d30c482886f3369731914f6db4100e84fa8cf27' AND file:hashes.SHA256 = 'ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:45.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-12-14T05:52:55",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d5d1c38a-ccc9-491d-812e-a5b0f06223ee"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248/analysis/1576302775/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e3f4fa91-809b-4420-8245-bf5f47417265"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "53/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "4a882389-39f1-47d2-b8fe-01c261f76fbf"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:45.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:45.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a606d454b408b99aa9fc7ad774951621' AND file:hashes.SHA1 = '5963233ae8e9382178169a2efe236598dfc7466c' AND file:hashes.SHA256 = 'c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-12-20T15:16:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-20T15:16:45.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:45.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-10-07T10:31:06",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9d29948f-941b-4229-8319-2e1d7912082f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715/analysis/1570444266/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "57bade74-adee-47a2-acb1-283f69e39be2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "4/56",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1cfe29e5-5c2b-48e3-b459-750ed560cd08"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--a7e7c057-c9ab-497a-ab4d-2e4cd5f3abe3",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--7c234dae-875e-49ec-adb2-43a8033db0e0",
|
|
|
|
"target_ref": "x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--4ae5bb93-a924-43c7-a6ee-e9c7aa572429",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--69638f44-509c-45ab-80fc-97514283b206",
|
|
|
|
"target_ref": "x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--f2843a3f-ccad-4de8-b562-de627a3c6902",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--bf7c8c32-31da-4197-998f-95a2eda8b415",
|
|
|
|
"target_ref": "x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--0d5b2f57-8639-4544-b76d-f175a8473049",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--94aaa7da-30e3-49e8-93a2-379fea74854b",
|
|
|
|
"target_ref": "x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--e694ab26-62d7-4278-8beb-0c569294197c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--71982da2-49c2-49f4-95eb-e45f05d9f424",
|
|
|
|
"target_ref": "x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--435d0c47-d169-4b66-8622-9b9f2b9dc77b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--3b6714ab-d534-449f-8eae-856904fe477b",
|
|
|
|
"target_ref": "x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--4546518b-d59b-4600-aa9c-ed9cd8284005",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
|
|
|
|
"target_ref": "x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--f319d388-e37a-4b85-9ef4-b6831979ea40",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--ea68f105-92dd-4589-ac6b-19c493f351cc",
|
|
|
|
"target_ref": "x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--a053f405-e1c2-454e-9bb6-b2b5f3062726",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-20T15:16:47.000Z",
|
|
|
|
"modified": "2019-12-20T15:16:47.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
|
|
|
|
"target_ref": "x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|