2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--0165e5d7-51e6-4c2e-a382-1dd1e706f7bb" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T09:33:28.000Z" ,
"modified" : "2021-03-12T09:33:28.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--0165e5d7-51e6-4c2e-a382-1dd1e706f7bb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T09:33:28.000Z" ,
"modified" : "2021-03-12T09:33:28.000Z" ,
"name" : "OSINT - DearCry ransomware (abusing Exchange Server)" ,
"published" : "2021-03-12T09:34:22Z" ,
"object_refs" : [
"observed-data--2bc0505c-6566-416f-9f4b-2a689d78edb8" ,
"windows-registry-key--2bc0505c-6566-416f-9f4b-2a689d78edb8" ,
"indicator--eebfaac3-846d-4883-a01e-706600c5aab2" ,
"indicator--a6e83ff7-f43c-400a-9f85-6f856e537ff2" ,
"indicator--33d7df07-f728-435d-a4c9-c6dc3bfc58a6" ,
"indicator--659fb6ca-6a34-42ae-a798-554150d716dd" ,
"indicator--b785388f-7f42-4382-97ab-f5bb8e586793" ,
"indicator--1bf257cf-b1f9-457b-a1d5-ffc08402fe9f" ,
"indicator--385ab9dd-f6f1-435c-a94c-796f27a3475f" ,
"indicator--ea27a275-6569-4c5c-89ff-2ba423b7ac22" ,
"indicator--70785d0d-f6b8-471f-9c3d-a4ee4ae7511c" ,
"indicator--f9dccc8f-cb0c-43b6-9ff2-fff4711aace3" ,
"indicator--b8e0ffb1-7c06-4b51-8f4d-e6d32df77fb4" ,
"indicator--b3f915e3-c214-4f6b-8e5e-0129044c6bab" ,
"indicator--8a3d4a95-0ede-4778-91c3-e25d87b6ff88" ,
"indicator--1fd1f2ff-d962-438a-a263-639317387e0b" ,
"indicator--49c945e7-bda4-4dbe-97fa-49c5d9bc244f" ,
"indicator--e7b12b41-978f-44a0-94aa-f55ed363999c" ,
"indicator--487375ca-a928-4e80-a1d4-01a7a2bddb38" ,
"indicator--4b7f848c-acaf-44c3-878c-3e49aecf8b2e" ,
"indicator--ec2dd593-27fe-42aa-a23d-e603c8d4ca0d" ,
"indicator--baa0ad8b-693e-4e5f-b539-3754c9fdedf6" ,
"indicator--02ae1c30-289a-4d98-8336-d9d18d6afa51" ,
"indicator--4ca3f931-8ea7-4de3-bd4a-98047b0d9324" ,
"indicator--42011bba-0ed6-4c7b-b31e-ad3d49df36a5" ,
"indicator--590576c4-12cf-4306-a9e4-c5182a85a245" ,
"indicator--bc1997bb-17e3-4bfb-833b-1b274e2a82cb" ,
"indicator--5e91ee04-575a-4615-b6fd-53ad330d644f" ,
"indicator--0e8c43b8-bd08-4b5b-8aaf-19b0a8d92d22" ,
"indicator--0043684b-9df2-4546-8f05-ef32aac85874" ,
"indicator--334f2ae3-8046-4b5b-9ff2-0c19fa8a4b48" ,
"indicator--0365e572-3f31-4bc9-aede-e30469650995" ,
"indicator--72a56236-6e66-4b46-855b-223aeb029f5b" ,
"indicator--a720a45a-cc2b-4e27-9e06-224f5dd76644" ,
"indicator--6a5beae0-0706-480e-9340-b5cb8672e518" ,
"indicator--43df033b-306b-4455-bfaf-74eb97a2ceb8" ,
"indicator--819aa63f-c38b-4f23-a333-01eab7b6cd40" ,
"indicator--2f1d3fa9-b509-4417-b456-d56c5e1639d0" ,
"x-misp-object--c917ee01-9118-4758-8b0e-a540ac4c5c88" ,
"indicator--c54f901a-2381-43a4-bb4f-42d1f09a1e4a" ,
"x-misp-object--846c7daa-dc4a-4990-9b33-a914529c88f8" ,
"indicator--56459f25-ccd4-4b89-91de-773056bab60f" ,
"x-misp-object--525e04d3-3258-4f44-85b5-74e76f4ed55e" ,
"indicator--fe33598b-e5ff-4af5-ae8b-47fed4de0d4e" ,
"x-misp-object--d8bfca0a-f8de-45ed-9a5f-eb88fefe808b" ,
2023-12-14 13:47:04 +00:00
"relationship--4d9f53d4-2958-456f-b557-e541c2a916ad" ,
"relationship--3aaa542b-95ed-4769-aab8-f60e6085c752" ,
"relationship--3f496aa8-7098-4854-a3d2-39e2a31cb048"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"" ,
"misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"" ,
"estimative-language:likelihood-probability=\"very-likely\"" ,
"estimative-language:confidence-in-analytic-judgment=\"high\"" ,
"admiralty-scale:source-reliability=\"b\"" ,
"admiralty-scale:information-credibility=\"2\"" ,
"osint:source-type=\"microblog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--2bc0505c-6566-416f-9f4b-2a689d78edb8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"first_observed" : "2021-03-12T08:45:48Z" ,
"last_observed" : "2021-03-12T08:45:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--2bc0505c-6566-416f-9f4b-2a689d78edb8"
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Persistence mechanism\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--2bc0505c-6566-416f-9f4b-2a689d78edb8" ,
"key" : "Files\\Microsoft\\Exchange"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--eebfaac3-846d-4883-a01e-706600c5aab2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\logout.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a6e83ff7-f43c-400a-9f85-6f856e537ff2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\one.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--33d7df07-f728-435d-a4c9-c6dc3bfc58a6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\one1.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--659fb6ca-6a34-42ae-a798-554150d716dd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\shel.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b785388f-7f42-4382-97ab-f5bb8e586793" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\shel2.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1bf257cf-b1f9-457b-a1d5-ffc08402fe9f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\shel90.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--385ab9dd-f6f1-435c-a94c-796f27a3475f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\a.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ea27a275-6569-4c5c-89ff-2ba423b7ac22" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\default.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--70785d0d-f6b8-471f-9c3d-a4ee4ae7511c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\shell.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f9dccc8f-cb0c-43b6-9ff2-fff4711aace3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\Server.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b8e0ffb1-7c06-4b51-8f4d-e6d32df77fb4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\aspnet_client.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b3f915e3-c214-4f6b-8e5e-0129044c6bab" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\aspnet_iisstart.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8a3d4a95-0ede-4778-91c3-e25d87b6ff88" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\aspnet_pages.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1fd1f2ff-d962-438a-a263-639317387e0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\aspnet_www.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--49c945e7-bda4-4dbe-97fa-49c5d9bc244f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\default1.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e7b12b41-978f-44a0-94aa-f55ed363999c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\errorcheck.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--487375ca-a928-4e80-a1d4-01a7a2bddb38" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\iispage.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4b7f848c-acaf-44c3-878c-3e49aecf8b2e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\s.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ec2dd593-27fe-42aa-a23d-e603c8d4ca0d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\session.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--baa0ad8b-693e-4e5f-b539-3754c9fdedf6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:48.000Z" ,
"modified" : "2021-03-12T08:45:48.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\system_web\\\\log.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--02ae1c30-289a-4d98-8336-d9d18d6afa51" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\xclkmcfldfi948398430fdjkfdkj.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4ca3f931-8ea7-4de3-bd4a-98047b0d9324" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\xx.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--42011bba-0ed6-4c7b-b31e-ad3d49df36a5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\discover.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--590576c4-12cf-4306-a9e4-c5182a85a245" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\HttpProxy.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bc1997bb-17e3-4bfb-833b-1b274e2a82cb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\OutlookEN.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e91ee04-575a-4615-b6fd-53ad330d644f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\supp0rt.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0e8c43b8-bd08-4b5b-8aaf-19b0a8d92d22" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\OAB\\\\log.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0043684b-9df2-4546-8f05-ef32aac85874" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\log.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--334f2ae3-8046-4b5b-9ff2-0c19fa8a4b48" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\logg.aspx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0365e572-3f31-4bc9-aede-e30469650995" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\Current\\\\google.log']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--72a56236-6e66-4b46-855b-223aeb029f5b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'C:\\\\inetpub\\\\wwwroot\\\\aspnet_client\\\\google.log']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a720a45a-cc2b-4e27-9e06-224f5dd76644" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = 'Server\\\\V15\\\\FrontEnd\\\\HttpProxy\\\\owa\\\\auth\\\\google.log']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6a5beae0-0706-480e-9340-b5cb8672e518" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:name = '\\\\%PUBLIC\\\\%\\\\opera\\\\opera_browser.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--43df033b-306b-4455-bfaf-74eb97a2ceb8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--819aa63f-c38b-4f23-a333-01eab7b6cd40" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2f1d3fa9-b509-4417-b456-d56c5e1639d0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:45:49.000Z" ,
"modified" : "2021-03-12T08:45:49.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:45:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c917ee01-9118-4758-8b0e-a540ac4c5c88" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:47:37.000Z" ,
"modified" : "2021-03-12T08:47:37.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "archive" ,
"value" : "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.csv" ,
"category" : "External analysis" ,
"uuid" : "547e8ead-a5cf-45e7-87fb-1657fccf4e13"
} ,
{
"type" : "link" ,
"object_relation" : "archive" ,
"value" : "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json" ,
"category" : "External analysis" ,
"uuid" : "e77e3518-e613-4893-8ea0-4f2a5e3566fd"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "b7d9750f-a60e-41a3-b01b-d86f27e78ac4"
} ,
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "We've updated our IoC feed to include hashes for #DearCry ransomware\r\n\r\nAccess the feed here:\r\n\r\nJSON: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/MSTICIoCs-ExchangeServerVulnerabilitiesDisclosedMarch2021.json\r\n\r\nCSV: https://raw.githubusercontent.com/Azure/Azure-Se" ,
"category" : "Other" ,
"uuid" : "aebf2aec-c108-4ef9-80b4-e94ab02602f8"
} ,
{
"type" : "text" ,
"object_relation" : "state" ,
"value" : "Informative" ,
"category" : "Other" ,
"uuid" : "8e666a82-666c-4062-997b-403895a09b30"
} ,
{
"type" : "text" ,
"object_relation" : "verified-username" ,
"value" : "Unverified" ,
"category" : "Other" ,
"uuid" : "36991467-d111-449f-97de-dfddcb130938"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c54f901a-2381-43a4-bb4f-42d1f09a1e4a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:48:08.000Z" ,
"modified" : "2021-03-12T08:48:08.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cdda3913408c4c46a6c575421485fa5b' AND file:hashes.SHA1 = '56eec7392297e7301159094d7e461a696fe5b90f' AND file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:48:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--846c7daa-dc4a-4990-9b33-a914529c88f8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:48:08.000Z" ,
"modified" : "2021-03-12T08:48:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-12T08:23:23+00:00" ,
"category" : "Other" ,
"uuid" : "89392aa6-f741-4651-ac58-9087c6d9f1f4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6/detection/f-e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6-1615537403" ,
"category" : "Payload delivery" ,
"uuid" : "1660120c-4d4b-4e7d-b972-6c02945cec53"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/68" ,
"category" : "Payload delivery" ,
"uuid" : "67ad0ceb-473a-4604-ad34-529e4ef137bd"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56459f25-ccd4-4b89-91de-773056bab60f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:48:09.000Z" ,
"modified" : "2021-03-12T08:48:09.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c6eeb14485d93f4e30fb79f3a57518fc' AND file:hashes.SHA1 = 'b7d99521348d319f57d2b2ba7045295fc99cf6a7' AND file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:48:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--525e04d3-3258-4f44-85b5-74e76f4ed55e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:48:09.000Z" ,
"modified" : "2021-03-12T08:48:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-12T08:28:27+00:00" ,
"category" : "Other" ,
"uuid" : "27892d2b-fe0a-4efd-9610-45e9d64ab4bf"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede/detection/f-feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede-1615537707" ,
"category" : "Payload delivery" ,
"uuid" : "08e03713-7e15-4afb-af95-c621caa6b004"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "34/67" ,
"category" : "Payload delivery" ,
"uuid" : "0a7a9678-69db-4d38-84ee-f3a8187afd88"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fe33598b-e5ff-4af5-ae8b-47fed4de0d4e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:48:09.000Z" ,
"modified" : "2021-03-12T08:48:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '0e55ead3b8fd305d9a54f78c7b56741a' AND file:hashes.SHA1 = 'f7b084e581a8dcea450c2652f8058d93797413c3' AND file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-12T08:48:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d8bfca0a-f8de-45ed-9a5f-eb88fefe808b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-12T08:48:09.000Z" ,
"modified" : "2021-03-12T08:48:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-12T08:28:47+00:00" ,
"category" : "Other" ,
"uuid" : "352701e7-8d7b-4934-9a8f-e72fc25966a3"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff/detection/f-2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff-1615537727" ,
"category" : "Payload delivery" ,
"uuid" : "e061d577-1ad8-4024-be7b-f65a599e48ae"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/69" ,
"category" : "Payload delivery" ,
"uuid" : "1ae336dd-7832-408c-8237-6b7c5a50e451"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--4d9f53d4-2958-456f-b557-e541c2a916ad" ,
2023-06-14 17:31:25 +00:00
"created" : "2021-03-12T08:48:09.000Z" ,
"modified" : "2021-03-12T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--c54f901a-2381-43a4-bb4f-42d1f09a1e4a" ,
"target_ref" : "x-misp-object--846c7daa-dc4a-4990-9b33-a914529c88f8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--3aaa542b-95ed-4769-aab8-f60e6085c752" ,
2023-06-14 17:31:25 +00:00
"created" : "2021-03-12T08:48:09.000Z" ,
"modified" : "2021-03-12T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--56459f25-ccd4-4b89-91de-773056bab60f" ,
"target_ref" : "x-misp-object--525e04d3-3258-4f44-85b5-74e76f4ed55e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--3f496aa8-7098-4854-a3d2-39e2a31cb048" ,
2023-06-14 17:31:25 +00:00
"created" : "2021-03-12T08:48:09.000Z" ,
"modified" : "2021-03-12T08:48:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--fe33598b-e5ff-4af5-ae8b-47fed4de0d4e" ,
"target_ref" : "x-misp-object--d8bfca0a-f8de-45ed-9a5f-eb88fefe808b"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}