misp-circl-feed/feeds/circl/misp/5a69fdaf-0350-429a-b961-062f02de0b81.json

698 lines
2.4 MiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5a69fdaf-0350-429a-b961-062f02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-26T03:01:26.000Z",
"modified": "2018-01-26T03:01:26.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a69fdaf-0350-429a-b961-062f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-26T03:01:26.000Z",
"modified": "2018-01-26T03:01:26.000Z",
"name": "OSINT - RTF files for Hancitor utilize exploit for CVE-2017-11882",
"published": "2018-02-16T08:52:15Z",
"object_refs": [
"observed-data--5a69fdbc-171c-4a58-906e-062f02de0b81",
"url--5a69fdbc-171c-4a58-906e-062f02de0b81",
"x-misp-attribute--5a69fdcd-f7cc-48c4-8293-485602de0b81",
"observed-data--5a69fe51-9a00-4f72-929f-4fde02de0b81",
"file--5a69fe51-9a00-4f72-929f-4fde02de0b81",
"artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81",
"vulnerability--5a69fe81-cbb0-45e5-819f-063302de0b81",
"indicator--5a69febe-be34-4b88-8334-032c02de0b81",
"indicator--5a69fff2-f0d8-494a-bd10-411e02de0b81",
"indicator--5a69fff2-1f78-461d-a2f1-4dbd02de0b81",
"indicator--5a69fff3-3f20-4e0d-bde1-43b502de0b81",
"indicator--5a69fff3-7390-42d5-a6d6-4a1d02de0b81",
"indicator--5a69fff4-8e84-4696-b451-4ca402de0b81",
"indicator--5a69fff4-133c-4d88-8181-495602de0b81",
"indicator--5a69fff5-f430-4def-9cbe-459902de0b81",
"observed-data--5a6a017f-25c4-4a22-83f7-032c02de0b81",
"file--5a6a017f-25c4-4a22-83f7-032c02de0b81",
"artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81",
"observed-data--5a6a018f-5418-4a92-b282-446502de0b81",
"file--5a6a018f-5418-4a92-b282-446502de0b81",
"artifact--5a6a018f-5418-4a92-b282-446502de0b81",
"indicator--81094cbe-8289-4cb0-9a8b-87878aee444b",
"x-misp-object--1d635d3a-b3f0-426b-a2bc-9e4e23aee183",
"indicator--5bc79f93-8d40-4dbb-90e0-ae79c6a3a0fe",
"x-misp-object--9992e4e0-7cb8-4a20-94d3-59fdc388f9a8",
"indicator--b9ff84f5-2a18-417e-b486-d8ed3980d8c6",
"x-misp-object--89a56b37-1e0e-4b89-9ece-2f720ffdb8e8",
"indicator--baa167f7-1035-40c1-9754-d076ef5e23fc",
"x-misp-object--60e1fd7b-6daf-46b7-920c-6e50b9093afb",
2023-12-14 13:47:04 +00:00
"relationship--259f0515-c951-4bd0-96d9-7321f11d3ad3",
"relationship--32dbcc16-da96-44f0-8f5a-ce4f552bdb2d",
"relationship--d588165e-44b0-4443-a851-b38ed9484921",
"relationship--a987abe0-3de8-4447-bfb5-c3ec6888cbd1"
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"Hancitor\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a69fdbc-171c-4a58-906e-062f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:43.000Z",
"modified": "2018-01-25T16:05:43.000Z",
"first_observed": "2018-01-25T16:05:43Z",
"last_observed": "2018-01-25T16:05:43Z",
"number_observed": 1,
"object_refs": [
"url--5a69fdbc-171c-4a58-906e-062f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a69fdbc-171c-4a58-906e-062f02de0b81",
"value": "https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a69fdcd-f7cc-48c4-8293-485602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:43.000Z",
"modified": "2018-01-25T16:05:43.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Malicious spam (malspam) pushing Hancitor malware (also known as Chanitor or Tordal) has been somewhat quiet since its last wave of 2017 on December 21st. During the holidays, Hancitor took a break. And in the first three weeks of 2018, I only saw one wave of Hancitor malspam that occurred on Wednesday 2018-01-10.\r\n\r\nBut on Tuesday 2018-01-23, we saw a new wave of Hancitor malspam. This time, links in the emails returned an RTF file that exploits CVE-2017-11882.\r\n\r\nAs usual, these waves of malspam are most often caught by spam filters, so few people will actually see the messages. And best security practices can easily prevent these infections from happening.\r\n\r\nBut we continue to see this malspam, so today's diary examines the infection traffic in my lab environment."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a69fe51-9a00-4f72-929f-4fde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:43.000Z",
"modified": "2018-01-25T16:05:43.000Z",
"first_observed": "2018-01-25T16:05:43Z",
"last_observed": "2018-01-25T16:05:43Z",
"number_observed": 1,
"object_refs": [
"file--5a69fe51-9a00-4f72-929f-4fde02de0b81",
"artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5a69fe51-9a00-4f72-929f-4fde02de0b81",
"name": "2018-01-23-hancitor-malspam-image-01.jpg",
"content_ref": "artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81",
"payload_bin": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBARXhpZgAATU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAACbaADAAQAAAABAAAB1QAAAAD/7QA4UGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAAA4QklNBCUAAAAAABDUHYzZjwCyBOmACZjs+EJ+/+IPQElDQ19QUk9GSUxFAAEBAAAPMGFwcGwCEAAAbW50clJHQiBYWVogB+EABQAFAAkAHgAoYWNzcEFQUEwAAAAAQVBQTAAAAAAAAAAAAAAAAAAAAAAAAPbWAAEAAAAA0y1hcHBsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARZGVzYwAAAVAAAABiZHNjbQAAAbQAAAQYY3BydAAABcwAAAAjd3RwdAAABfAAAAAUclhZWgAABgQAAAAUZ1hZWgAABhgAAAAUYlhZWgAABiwAAAAUclRSQwAABkAAAAgMYWFyZwAADkwAAAAgdmNndAAADmwAAAAwbmRpbgAADpwAAAA+Y2hhZAAADtwAAAAsbW1vZAAADwgAAAAoYlRSQwAABkAAAAgMZ1RSQwAABkAAAAgMYWFiZwAADkwAAAAgYWFnZwAADkwAAAAgZGVzYwAAAAAAAAAIRGlzcGxheQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1sdWMAAAAAAAAAIgAAAAxockhSAAAAFAAAAahrb0tSAAAADAAAAbxuYk5PAAAAEgAAAchpZAAAAAAAEgAAAdpodUhVAAAAFAAAAexjc0NaAAAAFgAAAgBkYURLAAAAHAAAAhZ1a1VBAAAAHAAAAjJhcgAAAAAAFAAAAk5pdElUAAAAFAAAAmJyb1JPAAAAEgAAAnZubE5MAAAAFgAAAohoZUlMAAAAFgAAAp5lc0VTAAAAEgAAAnZmaUZJAAAAEAAAArR6aFRXAAAADAAAAsR2aVZOAAAADgAAAtBza1NLAAAAFgAAAt56aENOAAAADAAAAsRydVJVAAAAJAAAAvRmckZSAAAAFgAAAxhtcwAAAAAAEgAAAy5jYUVTAAAAGAAAA0B0aFRIAAAADAAAA1hlc1hMAAAAEgAAAnZkZURFAAAAEAAAA2RlblVTAAAAEgAAA3RwdEJSAAAAGAAAA4ZwbFBMAAAAEgAAA55lbEdSAAAAIgAAA7BzdlNFAAAAEAAAA9J0clRSAAAAFAAAA+JqYUpQAAAADAAAA/ZwdFBUAAAAFgAABAIATABDAEQAIAB1ACAAYgBvAGoAac7st+wAIABMAEMARABGAGEAcgBnAGUALQBMAEMARABMAEMARAAgAFcAYQByAG4AYQBTAHoA7QBuAGUAcwAgAEwAQwBEAEIAYQByAGUAdgBuAP0AIABMAEMARABMAEMARAAtAGYAYQByAHYAZQBzAGsA5gByAG0EGgQ+BDsETAQ+BEAEPgQyBDgEOQAgAEwAQwBEIA8ATABDAEQAIAZFBkQGSAZGBikATABDAEQAIABjAG8AbABvAHIAaQBMAEMARAAgAGMAbwBsAG8AcgBLAGwAZQB1AHIAZQBuAC0ATABDAEQgDwBMAEMARAAgBeYF0QXiBdUF4AXZAFYA5AByAGkALQBMAEMARF9pgnIAIABMAEMARABMAEMARAAgAE0A4AB1AEYAYQByAGUAYgBuAP0AIABMAEMARAQmBDIENQRCBD0EPgQ5ACAEFgQaAC0ENAQ4BEEEPwQ7BDUEOQBMAEMARAAgAGMAbwB1AGwAZQB1AHIAVwBhAHIAbgBhACAATABDAEQATABDAEQAIABlAG4AIABjAG8AbABvAHIATABDAEQAIA4qDjUARgBhAHIAYgAtAEwAQwBEAEMAbwBsAG8AcgAgAEwAQwBEAEwAQwBEACAAQwBvAGwAbwByAGkAZABvAEsAbwBsAG8AcgAgAEwAQwBEA4gDswPHA8EDyQO8A7cAIAO/A7gDzAO9A7cAIABMAEMARABGAOQAcgBnAC0ATABDAEQAUgBlAG4AawBsAGkAIABMAEMARDCrMOkw/ABMAEMARABMAEMARAAgAGEAIABDAG8AcgBlAHN0ZXh0AAAAAENvcHlyaWdodCBBcHBsZSBJbmMuLCAyMDE3AABYWVogAAAAAAAA8xYAAQAAAAEWylhZWiAAAAAAAABxwAAAOYoAAAFnWFlaIAAAAAAAAGEjAAC55gAAE/ZYWVogAAAAAAAAI/IAAAyQAAC90GN1cnYAAAAAAAAEAAAAAAUACgAPABQAGQAeACMAKAAtADIANgA7AEAARQBKAE8AVABZAF4AYwBoAG0AcgB3AHwAgQCGAIsAkACVAJoAnwCjAKgArQCyALcAvADBAMYAywDQANUA2wDgAOUA6wDwAPYA+wEBAQcBDQETARkBHwElASsBMgE4AT4BRQFMAVIBWQFgAWcBbgF1AXwBgwGLAZIBmgGhAakBsQG5AcEByQHRAdkB4QHpAfIB+gIDAgwCFAIdAiYCLwI4AkECSwJUAl0CZwJxAnoChAKOApgCogKsArYCwQLLAtUC4ALrAvUDAAMLAxYDIQMtAzgDQwNPA1oDZgNyA34DigOWA6IDrgO6A8cD0wPgA+wD+QQGBBMEIAQtBDsESARVBGMEcQR+BIwEmgSoBLYExATTBOEE8AT+BQ0FHAUrBToFSQVYBWcFdwWGBZYFpgW1BcUF1QXlBfYGBgYWBicGNwZIBlkGagZ7BowGnQavBsAG0QbjBvUHBwcZBysHPQdPB2EHdAeGB5kHrAe/B9IH5Qf4CAsIHwgyCEYIWghuCIIIlgiqCL4I0gjnCPsJEAklCToJTwlkCXkJjwmkCboJzwnlCfsKEQonCj0KVApqCoEKmAquCsUK3ArzCwsLIgs5C1ELaQuAC5gLsAvIC+EL+QwSDCoMQwxcDHUMjgynDMAM2QzzDQ0NJg1ADVoNdA2ODakNww3eDfgOEw4uDkkOZA5/DpsOtg7SDu4PCQ8lD0EPXg96D5YPsw/PD+wQCRAmEEMQYRB+EJsQuRDXEPURExExEU8RbRGMEaoRyRHoEgcSJhJFEmQShBKjEsMS4xMDEyMTQxNjE4MTpBPFE+UUBhQnFEkUahSLFK0UzhTwFRIVNBVWFXgVmxW9FeAWAxYmFkkWbBaPFrIW1hb6Fx0XQRdlF4kXrhfSF/cYGxhAGGUYihivGNUY+hkgGUUZaxmRGbcZ3RoEGioaURp3Gp4axRrsGxQbOxtjG4obshvaHAIcKhxSHHscoxzMHPUdHh1HHXAdmR3DHeweFh5AHmoelB6+HukfEx8+H2kflB+/H+ogFSBBIGwgmCDEIPAhHCFIIXUhoSHOIfsiJyJVIoIiryLdIwojOCNmI5QjwiPwJB8kTSR8JKsk2iUJJTglaCWXJccl9yYnJlcmhya3JugnGCdJJ3onqyfcKA0oPyhxKKIo1CkGKTgpaymdKdAqAio1KmgqmyrPKwIrNitpK50r0SwFLDksbiyiLNctDC1BLXYtqy3hLhYuTC6CLrcu7i8kL1ovkS/HL/4wNTBsMKQw2zESMUoxgjG6MfIyKjJjMpsy1DMNM0YzfzO4M/E0KzRlNJ402DUTNU01hzXCNf02NzZyNq426TckN2A3nDfXOBQ4UDiMOMg5BTlCOX85vDn5OjY6dDqyOu87LTtrO6o76DwnPGU8pDzjPSI9YT2hPeA+ID5gPqA+4D8hP2E/oj/iQCNAZECmQOdBKUFqQaxB7kIwQnJCtUL3QzpDfUPARANER0SKRM5FEkVVRZpF3kYiRmdGq0bwRzVHe0fASAVIS0iRSNdJHUljSalJ8Eo3Sn1KxEsMS1NLmkviTCpMcky6TQJNSk2TTdxOJU5uTrdPAE9JT5NP3VAnUHFQu1EGUVBRm1HmUjFSfFLHUxNTX1OqU/ZUQlSPVNtVKFV1VcJWD1ZcVqlW91dEV5JX4FgvWH1
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5a69fe81-cbb0-45e5-819f-063302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:44.000Z",
"modified": "2018-01-25T16:05:44.000Z",
"name": "CVE-2017-11882",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2017-11882"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69febe-be34-4b88-8334-032c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:44.000Z",
"modified": "2018-01-25T16:05:44.000Z",
"description": "The Hancitor binary was encoded as a base64 string in script returned from ofthi.com. (compromised machine)",
"pattern": "[domain-name:value = 'ofthi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69fff2-f0d8-494a-bd10-411e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:04:02.000Z",
"modified": "2018-01-25T16:04:02.000Z",
"pattern": "[file:hashes.SHA256 = '6dcbf652b96a7aea16d0c2e72186173d9345f722c9592e62820bcfe477b2b297']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69fff2-1f78-461d-a2f1-4dbd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:45.000Z",
"modified": "2018-01-25T16:05:45.000Z",
"pattern": "[file:name = 'fax_518506.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69fff3-3f20-4e0d-bde1-43b502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:04:03.000Z",
"modified": "2018-01-25T16:04:03.000Z",
"pattern": "[file:hashes.SHA256 = '2c506742267dd9d41dc62f2614f6306458da185230fb46cb467c98a8f48317a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:04:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69fff3-7390-42d5-a6d6-4a1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:45.000Z",
"modified": "2018-01-25T16:05:45.000Z",
"pattern": "[url:value = 'http://ofthi.com/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69fff4-8e84-4696-b451-4ca402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:04:04.000Z",
"modified": "2018-01-25T16:04:04.000Z",
"pattern": "[file:hashes.SHA256 = '8418887655f69ab5a61915bad2af633462760b128d38f53911da020d70e4862e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69fff4-133c-4d88-8181-495602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:04:04.000Z",
"modified": "2018-01-25T16:04:04.000Z",
"pattern": "[file:hashes.SHA256 = '42b02d621696ec33e9140fedcf8b48695059595f9469dbf28daf4667ac0d214f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69fff5-f430-4def-9cbe-459902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:46.000Z",
"modified": "2018-01-25T16:05:46.000Z",
"pattern": "[url:value = 'http://yoyostudy.com.au/62a.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a6a017f-25c4-4a22-83f7-032c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:10:39.000Z",
"modified": "2018-01-25T16:10:39.000Z",
"first_observed": "2018-01-25T16:10:39Z",
"last_observed": "2018-01-25T16:10:39Z",
"number_observed": 1,
"object_refs": [
"file--5a6a017f-25c4-4a22-83f7-032c02de0b81",
"artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5a6a017f-25c4-4a22-83f7-032c02de0b81",
"name": "2018-01-23-Hancitor-infection-malware-and-artifacts.zip",
"content_ref": "artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81",
"payload_bin": "UEsDBBQACQAIAEJRN0w5FKTdGiMAAD+xAAAtABwAMjAxOC0wMS0yMy1IYW5jaXRvci1SVEYtc2FtcGxlLWZheF81MTg1MDYuZG9jVVQJAANcXmdaEeFnWnV4CwABBBfpmSIEYC93C3U46ykJ9ctVWwaIKJ9sbCmTZWy+f/JEY38JFe2U+l1jUy9Ivu2ScfxijSBanXLCR8cu1/MLyECXQKP/oCHdr7hLoPOTxs+VKfudVi4blLZhs5hV0QGmPHMwDFcQorc/3nRUHmtdLWbzb/Tw4Xj4sX1YTXRLZmWrM/zACdYngLY13YTWt/UKteTJokhJxe0zCMMtq0Q6WSESwRRjgVizlYY5fsqZXiBzyFRnbp41t1J1odYR4Zqd96n3eOtPBTSbRVI1zRK6GhTMXNpmqBlYCLK5jvv0BsoP9I5GTAV9t+GovqSDFCy1OFCheYVEl4y/JNkE2WX34kzpYua/m7ioj2Oqv1DP+zuKuIQAcDF5lLaMksDGIfGL74GvUI6DMnMt0ij1yMmqOkqGqKQitvHtwYCojkGyB+ShR+j4sTM+7giRMJMUTcWqEDKl7RTJaaYkCRdUuW7MF9clHrUbNirRfCUDfQBmrHT5xLQXQxaBDpySDAzvpjGXGoPO4faCwUfoR8y9y+JDE9qt2ym9cZhvz+D9MLNT3jMGTJm5G4z21KstvwnF7iKyeh4MDh6+gn8fB08LPvw3hymFG21RxArLCBHa5Fs1WS3X6puFAWNMTLb8gY39PeRYKs7uQDQD9kmO++e13Kq5V5N0c0L8MJ6Y3fhIycLl6wRRaiaeMe3M6qGPDHFV1A51fv5VCoaoMQ6T2uJe9pIM9EDMw0FY3gBUHq3VT340C46cf0wSJdsrMDwS6qPZ6ZsrE5dr62YCQq9u4qFxVQs2/Y+wvhPc17EDa3GCzAFr39fOFIYMTv5/Njck5aRTnTuMVDFgjWaPDMUDAnkPNrUmIHvy61Jx5fN4nxrP9bnqwe9i2ATx+PzzQ5QUfpKmmIPpLtpl5+Gc0xvQ2I6U6+w+eUkMGiVwyvrRb2HU2PAT73Jn84GmOg3gUNUDTNBXgkMDm/El9WwaZlFACNvT4I9Wd6mAIIiMcNqKX2/rpu2yFZI1HFF7hsJ+SSgqgsXWkf8dOjizzlgnCyu6hQbOfsg3CjPpl6neyFHHwuke/tsu+Q8aIuf8wSCRVRvcM1AuCK4hSZHaMPCNNL+jWKlv2wMW8rqo1Zwse3Crm1chvSHSR4CCcH0NbcMcrliwYwi7E5kki6t6pYlZ+AONWbz51Fha8Vyz5KGpHdIIqMLv7yZ3kMpzW8mJh9rkj7+MbCpa0ibNk/MJZqEq4ybzWDnGP/kGcdFeeZlfQvaqU7d+S8O/RXvZ403uFXeVtnzxwFCik370lMgr6XpFfhARxNWnNsTrfs6JuzH+IBp1RdGDaSl9OOOlFoHDsqB2IWUn0+qQYOL/u2h9uDngoXkURzgiKNOJGTNBL0ckuZ6eF9J+U6gP7dlU+ftv+BgvSkr0eBGuKnWfQD4iDWGEcxUTyd4YmGlY9LAjLw1HYWlFopmaLnwwGG3os64r/6O/3zHfaXTdc7CGDvcFahAeK2bMjHnvL7dLCV8MfE4p3jD+zCHHJm9TENkPB0bKa6BZNGoqIw0zIXxBBupu/a4By4kTD25TeXcBQE1rEgJHzs7W+nED6UfTu2H4yuqpWy5Y460162O6VbNFh94PG30XlgE8mhCZic7rb2MDWPAvB1syruX5JqNvggZcrP5plGL+gZ7NmoayT6ie5krQQgZsrxhXzF5lhRbkYOBWdm9v6lcfMJwDkNIomhvxUUzk8YeYu0ElK15vnucY7YHpaAIwMxs0pmcEz2oft+3ZXXeLokYCIWoOK1du7Ni2mrEjf0TJ7wltaPgrdCgN7LV2zXs2XbYjAVBbpSkyKYdKl5fAJcy1pd5w5ye3lBA5rttfdPQ0tkrWJqMiyH5inZzcYhYga4dn59guyMdKkfV2g2oEpK0/ffcdj+tOWcjr6SkkywxjzT+NwwKCfIs/+N0d/My5jGafqdWZ7Q5ufed+oQMD8koL3lG5Ahu+aBqtlqY9/FPiJP+SE275pS+3TKIu8Pr3MWupddeU93c9a94yn+exVfvjr/+hgCbR0kF3F1Kprxn3kb4URtXs7jY52PtBk/rv2NZXKXQ5oHjF5rMluF0Swdfgv4dblHNCZ2fW8c6cni8qgR6zMtKzaRrbmY3TEgBwBtsBUYsHvDYDG5QnzS0Vm+hxvdHX+BZmzRYkqnPOL4Ix5/GCWigMce6cNB/AkUhdT0AXJKLxXoFOKcI0VHgNJGdOOyPv20hMQQ169eQCMAsSgSmzV9l/QswVlw/bQeOEy6U5MksSP4IRGiD1RlP2KjjXF0z0R04Mu0bJWDMKtZFIG6Ng+HjpuScx1JBUm+gTPuH34wndH09VMKx0lwWfcEtQzgCOew3O3uZePVtUAJERuZbRujDcUK2JOy/NKSkcM6BUUTX/mLK+i/PB906kn9Rfe1wHnt05NDcrETbHRRQi+zVPUYSzTZ8X7/meJ+tbSjYFzc6DY6aJ+LfSnW1nfjkMFZGVoWUsBKrsYGgjD1uqFaSFGVGYG0MVweDuiHifYK8CO0kPTkA+Lecvlp+/EKIVeoYAGHNTKvei5Z2KCq8jOLsjyOSmLKuvty2VxXgRiq+CbxRoJ8P3U+W6rUrYNKaoVWbEOFZBqphGJ0nIICcff8QzKfhAEhIkOx7x+qKfSkWSWjtwOjHtytccQecGbvpR02DwD/3q8dMdj8yibnS1ZBmNBx+ftru4YsL6RW111HJjGQszYVCXuwA8nwHoPILOh5PYpJau0VsAy1BesAA1DVf5TyQxzAPYNrHxvk4tS6v7eCY7RAgkWitcTARc9BfMtNhrm2zpiNCNxjdMqPrqj2PNGg53P2k+TIYimHgYvrScGtWB3dZ7wsXf0guGgjvnDJXknEwAudIdBS2VRGXEePEDDG8ib33XdQtiBnY9yQx7hDQC2oIfahYDEVFK7c3o0ScSL4jMqBvnh40zc9FlXHNejbNxHOBCkEE/OlFEQHsG+eQaM5IsjNroaBwrQ5mJ5hebITxgtFRvl/8G260SjYDQ4VUNjUk8Ct7QjHfaC6k2WCwh+sXCmeTFfYtHuVTAn9sQ0NajSUra5YMkw9rr9dsCOPeXKdEwD0lNBOkitDgLpLxIQ8rW4C/tgX1DIBzU8QNCyGlIGzgBzHXcTX6Hv+P/e2QDoaUCWT9s11x1PRibkuDMgyQtaV2DvJwDbowULLzHijPWpbCWcW7NmTRkb6hq+LbEKEjANX/ZiibdFGGhC4W6LSWpYWmpHGsMCRMznqHlTlCnBL/bskvaOL+cKLRRIYffNe+M2FFlBdG8TEjuW8+d2tUS1wVEWuQ1yekvHSggiJK+TrnbzPrrP7QSuN98gUmxD/u1I0aik4aajxCEIXWp1EFah8PMlwHdmb5YoGSUsZBI6cdPNAHGIR+QN28DK4vySIbvr2wUFTgAPedDrgt0Av7bL3v7DaLHaJKUgyIEo63a7Bqq4lxA83Ar28zg8lOMiqYO/FSa1Or5ITdrpf6gGMbskr+qoEnIb43B486V/YzhB3OP/TcKwvkVpEwvUhtk4M4xvzU3pm3l7b66LW8pf6EIrD4nPHmXPTO8M/4Z6gZx1D37Zmz7OfX1G8iHjEDIIOLKcHxZW9lrlSPJjPW2Sip+zI6LGXC8W/+Jd8BpPd3k3uzAw0lPYBRc0NbioYYS+8LbGv8bOf9wDVtKBTXComikqW6Y9Ahgg4JojfMLHvsoxZm4C58V8Xni028yBy4ciRm4rFwujqxpojilhAEp1wuIcSWSM5yZp8Y97lI1J5+njZY9MD5grVE1wkoIphnJ8D/38nU7pFJ3tm36ofzNmekAN9xfbeqka7MSv4NGSwb2nn8wpp0I+VtNxqPlL1gtzOA3v4EMIsX/8yKJWxjku+amRCicpCjRSNZq07Nw4sD38QRIITJAxv7zGkx8gOkvd9nPD9O4Tg+XV+kTb8HsP7XV8u3sPu4lKyaMOvYWyKG
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a6a018f-5418-4a92-b282-446502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:10:55.000Z",
"modified": "2018-01-25T16:10:55.000Z",
"first_observed": "2018-01-25T16:10:55Z",
"last_observed": "2018-01-25T16:10:55Z",
"number_observed": 1,
"object_refs": [
"file--5a6a018f-5418-4a92-b282-446502de0b81",
"artifact--5a6a018f-5418-4a92-b282-446502de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5a6a018f-5418-4a92-b282-446502de0b81",
"name": "2018-01-23-Hancitor-malspam-30-emails.txt.zip",
"content_ref": "artifact--5a6a018f-5418-4a92-b282-446502de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5a6a018f-5418-4a92-b282-446502de0b81",
"payload_bin": "UEsDBBQACQAIAPSCN0y+UgtwQg8AAHV3AQApABwAMjAxOC0wMS0yMy1IYW5jaXRvci1tYWxzcGFtLTMwLWVtYWlscy50eHRVVAkAA+u1Z1rr32dadXgLAAEEF+mZIgRgL3cLdkM2RpBGFFvCP44+bc9GZfXJkoxJ7FKmgtTaa6vTRxNJ9XFpG9fEt4iFPpjcCLGkL8RnYyJa1iLUB2maQ0STOFMMHGchJgfxGEsb2jIQahl2TSdgx4+jjirgFP+0TtnzBmjAg5taSQNh/YMOQXs31CkwXIYQ+hYACsU43VRbpiiurNOl+gO1BVpVqXVp7vR/zuv3iaUai1km41WmrWheoSFtYP/uFV4gqx/GQBGilCtAT/6GEksNRUAAIAhBYGEMD7fS/s012ZLwvvy/V932tc0Ql/UyxJxz1wMn2ydhA1I03QkJhEmds5sX25dUUKa9cB8EPhy53Expw6JJnsyIVkEMQb14BwXrUicovfUJLsWeCIBv7VRbM94VHAgPD/CNZ2XnMWY13f8kgSApR8ETfLlf3Z1kXL2aoFMFK8lajEfAgWK5+7qy/YkKIObn2MOTU0yYuPXPXn2sOuOch0Ts/FxhGuCmC2r3tsoc0mwpNY4nT+c2IJFBgb6B6Ss7pG95qHuHdabad6MZYnWE3g3VTsLvJ7eN4E+fRC9P1mGGzSHRg4B3A7fHaNU/5JUiIIUXkmuvfguBGVOkERpccDKsWuG68SWgug0YQ0lEx2i+5nQS3XmghS8aqfLhFVXDQW7khH6MPVLaMIDPh6aPg27BocaTC7kXrcQEDKg7BkXMP8gFmsQJsfMuLX3GwTZq81EvZXUX+p04n5cNGeSz81dCZW8oAI+4jJwRKgo1R/unjzt4tmpGvQ6itmEfFy1VlsWj7L2rCum+mVWKEOLnPK6lSsgTgb+qacXYCiKKWVqOo6gZdUMw1kGyvqxt9s5qv/bzp2yQoNFPT7Tx98dLNqJxs6f06hpXjFGcAQWsNy4eotrM1pJruCBCh8ITulEb8DQgSvgFGwSaSMp5I0xK9ETHzruf+uv/rY85Lsps3LCB3npYvXkNoOgOVjnv440V/9pFj+z3ymG2vqLf1Dd1B1rwd9VlSs2s6tlrV3XUzUS5X34QCHaw111LsEZOWmFe1cf109quYCFCXsOS2Z1RMP6SckZKHiBK0EiIbrVr3Vqj6OiYgaD7z5GOhL6Qhe7QkwJw/r6AbJLbEFOH4A2QtA3jjr9Rp5Oo6pGoicFTrPyXbTumipcdmDyiXBw6wC5VxUhcQUsCbfv8O/vHb3z55YmubJ3HIHlwtN6njD8H1olAmbo7JsAwfk3PTHaxiJwPb73olfED2a7ZG69fluWNcxv9lF/eOZ6dsE0wv+K8QC7Dw80ARfKe2FKWLgTv5OC95g0cru45d4Y9XLjKTKSoU2gGTlk2ZtAH9oNl3qCrNkzX9YW3+s7MNMqhZcEkeXzWRBh4TTLAwQ4H8YXSZEE6RfdP1erW+K4xFOkzJXZXR7c21WESds/hasUU0tXYCKQHh40beqPmMYaeDSO6gtlIO7YF8GGiI1YgFBa1LXTEGk4KM6ayvKBR65SfD9mj/BJThz3CQjSAxwVWGHseV9bx1cW3N+vwAIWPZIIQ+ZgYyIrah3kZ4/zWAuSGyWF4xJ54CPZk7XKhbuL0Duofwwh1hyrbyR0pr1z0eH/u0H5YiWb3VZSfDv+zSnqpObgTFs0utoojgn/+sCGHq3KmLi/tO7xmQdVf1cFKvhVvKVjlGwDRWnvoqXCKhOH/ROaJ9c6TPQCACLs8iCZD1KGl3JQEX+q/TNbawaRjb+zBx7v9em6PqnmQHmDIFkBESHWGS2Ibh40ogYC9+SaL31a6Ql82whS6fCS/MiA8CAT+ZkM5hiYfP9j9OAq/sGZIwkNl4wYKQlp5JY+ssfTSWNlrNnLTiPOJ9RvfyjhnLWAf3Mfw0s71whTkzmeUSGQ64M002SnRbGoEKe2U6YLExdWfQhh5JfCtf9Cpn2+VtD14swTEZgOtllg4DukBYxLlWup+IZNSI8Qg8sN2WK9N06zuC45ur+UDG/AqdRCpmIPhpq1/zWR+LKtLlSNgB+LYGIrbOcJA51Xq3+RFQuGhFUCwgQROc6afikvqXRf7V8jgSU7ORIqen4psSPrj5e39c0BYz1PyIwYTjnZpJ+mLG140mtQY6F3DrhBQZh/hv4O44DJwqnIIy1+ejwkjMC8X83tVgDabuidbf5ayd2IIWL5GMz5vNLfSzdxKCbVQJYsu8qcNTK0VXl4Rxnsuy98onEmsngTxYh2xQm1k6cOMExtPfhT4GG1g/Io8lTrL3i6RNuW2OMEsjdS5/RkKcqkn9e3+i7Wubz5eF3St7ioUUTgJKAAlDGgLvlxlY3pBV1cCUdWQOmtJaCvapHfxuh8j6TVP8mbLdoIbkHVzAmd9CTOPyizGW+DV0Qn7aUU5gk/bped8DQsSIoRLzxCbfRj9fo6nMdRKDzqBsNwxnIce/ChF7HE5d7kg+JA88hAiiRU+duMvYqhDYhxToVOTU5+lJUlccRKeJIQrnfzWCQlvwfGOOFY9+JmG0W/jMIpnyfuOSy2SZsgSGlVny1j9O5lvBnnkTWH8Fc6d3Pra+3Ru9pjCnuToJ25ydYzpFiUMBbUY5QqBZ/VrVh0qwkxW3tbqhVJWWE4BkcvOJw8gE1Do3uoA1HGeDovM6nUWP4nRz14t8P8IDubxO+IOvBwFJxjen07hc4i8wX3bw3n6DsUgV5QRd9OZlHmuiKarTf5+O9S6I2snoO3duMthNrTA42d5/LAtFdYEl3nvl2nORje+FAnp0mWSeEsvsuIP9qaKcOv65xbTzqh0DQ+CY1GGsW+rpQ2iIezh8UZ5C3/27cDSKpL3iRTWHbR2YSu4HBJWVNGqjwgkpMuD9zQhqKUJ5IEG25pAjV5xexi5bvSwpZsbxheoxHJvl0mw9C6NwNS9MY1OfgLN55Z6CSzJBqrDLcwQDup+qu4yhPHG2/58mwTSoGztKh9STsOnPbwQR8+zGZy8tuUQzohYsbwe/cES+p+q1feBS8wj9X4NDtbmkcZ51LvF8B8/LE/o26PVVvAKgPznDPtIB2ryqq0/X+0W1poMfDV7pTCd/u+ZG9zWSlXu21GBuu41goFBwXd3JblOPyDQyRR6zwdF0sdwvmradRcrZW7AxaBHbv0AxW8Fq5QtpPCiWU1E3WB+VEwYLxCJpolTLqmeqwSLLOx1paVkycClbEZGkKGjuTYtGp3fmFiHL6hWeINxmKFcb4Ix78KJs+DloWUKhYPKcm9GbrTDtxPwzmusle+VtAivxjWWBQpaWK02URxEYbK99c6v3T1IklYpqw4Jj0DxhJcedBzeQBPWNvv/fBWHTyA+Ai8IqwFgD+PytdYNgmUiWEAFOWDZFAzzLt2O98RnxlRL3LfJx6ZB3e9rSIm7SKtbpPDJuIR0bXS/CfRMyo4tdPMmX/kUhaPoh3zV6TaDFjdyDBXsI9WmZ9afZh+fL2ObjBpRWI9d5YojAHJpJSiuAN/6mzww0Nyi99Q24popDX7Y+6E6ehRbVMlpcRGHqRqtvZ8u4R8yU3mkZ3PovfR/ibOzbLMf1xvIgj/xNspY6+G95PLLyLjEeYmQYd0n+3VTL65kUChj4GqXdBHk+RXP2DRvn1KGhXdE3xzgKTf9RSoHlrpW7Pi91xdhmTe+BauFuW+bFbTsk3tl1+Olb4DiMNDOwyl71SPjZKDLCbx11fLEf/WAHhBY/z4wzrcqQEdTBUIADA7mBPHJjZCqDuPCue15yM90GAAYzDxl3vdSjDkULgzHTcRVN+FFrRStMurrezrgllA70Jygmom5oG7UXSfOJ8xZL014xbGdx7E3vIItD44943isFnhPZHsAlbS+pYaL9ZcbjVzvujnbBKkK25y06q2Kj9BDWVyA5n9rnoa/v+b8mIuUWLNXYeNfqqwKNph9uetmVuJlrlY+YqeaOyjh7BR5F2jYsn0tT3W/+eTDRbHgA0Rb3BGBVo4Gfbg5xZF9vR7arZ95Qddpzhh4fcw2c6mijs9
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81094cbe-8289-4cb0-9a8b-87878aee444b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:49.000Z",
"modified": "2018-01-25T16:05:49.000Z",
"pattern": "[file:hashes.MD5 = '773937dec274c21dc962ad3f8d37c08f' AND file:hashes.SHA1 = '71b00ac82d7e6ed48197c21d62bf55ab8e6535d6' AND file:hashes.SHA256 = '2c506742267dd9d41dc62f2614f6306458da185230fb46cb467c98a8f48317a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1d635d3a-b3f0-426b-a2bc-9e4e23aee183",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:48.000Z",
"modified": "2018-01-25T16:05:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2c506742267dd9d41dc62f2614f6306458da185230fb46cb467c98a8f48317a4/analysis/1516839729/",
"category": "External analysis",
"uuid": "5a6a005d-b9f0-489c-a256-4ae502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/64",
"category": "Other",
"uuid": "5a6a005d-da38-436a-9f4f-4ca602de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-25T00:22:09",
"category": "Other",
"uuid": "5a6a005d-8fd8-41c9-8a20-477e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bc79f93-8d40-4dbb-90e0-ae79c6a3a0fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:53.000Z",
"modified": "2018-01-25T16:05:53.000Z",
"pattern": "[file:hashes.MD5 = '17292469799cbbba73122ab21a292ddb' AND file:hashes.SHA1 = '8c3030f403e00e680de749ccdb0628724c5335dd' AND file:hashes.SHA256 = '42b02d621696ec33e9140fedcf8b48695059595f9469dbf28daf4667ac0d214f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9992e4e0-7cb8-4a20-94d3-59fdc388f9a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:52.000Z",
"modified": "2018-01-25T16:05:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/42b02d621696ec33e9140fedcf8b48695059595f9469dbf28daf4667ac0d214f/analysis/1516873074/",
"category": "External analysis",
"uuid": "5a6a0060-7d78-4d2d-bb88-48ac02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/63",
"category": "Other",
"uuid": "5a6a0060-8ac8-48cc-a42e-4fb302de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-25T09:37:54",
"category": "Other",
"uuid": "5a6a0060-8dd0-4563-9c60-4c4f02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9ff84f5-2a18-417e-b486-d8ed3980d8c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:56.000Z",
"modified": "2018-01-25T16:05:56.000Z",
"pattern": "[file:hashes.MD5 = '800edbb09259000697b201ff25d54bd5' AND file:hashes.SHA1 = '09e6215f684b5ea268d55d5fe1c0ccddc4efa685' AND file:hashes.SHA256 = '8418887655f69ab5a61915bad2af633462760b128d38f53911da020d70e4862e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--89a56b37-1e0e-4b89-9ece-2f720ffdb8e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:54.000Z",
"modified": "2018-01-25T16:05:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8418887655f69ab5a61915bad2af633462760b128d38f53911da020d70e4862e/analysis/1516839688/",
"category": "External analysis",
"uuid": "5a6a0062-3c74-4549-b6a1-45fa02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/65",
"category": "Other",
"uuid": "5a6a0063-e8c8-492f-973b-485f02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-25T00:21:28",
"category": "Other",
"uuid": "5a6a0063-8da8-4492-a288-4e4402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--baa167f7-1035-40c1-9754-d076ef5e23fc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:58.000Z",
"modified": "2018-01-25T16:05:58.000Z",
"pattern": "[file:hashes.MD5 = 'f03bea1ab5ce09c23c147f838b4e8b8d' AND file:hashes.SHA1 = '7d7c28b3a679e5763ff1b71b4f0a28394b3b2281' AND file:hashes.SHA256 = '6dcbf652b96a7aea16d0c2e72186173d9345f722c9592e62820bcfe477b2b297']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T16:05:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--60e1fd7b-6daf-46b7-920c-6e50b9093afb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T16:05:57.000Z",
"modified": "2018-01-25T16:05:57.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6dcbf652b96a7aea16d0c2e72186173d9345f722c9592e62820bcfe477b2b297/analysis/1516827505/",
"category": "External analysis",
"uuid": "5a6a0066-480c-4d9f-9543-464102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "20/57",
"category": "Other",
"uuid": "5a6a0066-9090-4157-9e7f-427b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-24T20:58:25",
"category": "Other",
"uuid": "5a6a0066-d318-4dd5-ab16-40c202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--259f0515-c951-4bd0-96d9-7321f11d3ad3",
2023-06-14 17:31:25 +00:00
"created": "2018-02-16T08:52:14.000Z",
"modified": "2018-02-16T08:52:14.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--81094cbe-8289-4cb0-9a8b-87878aee444b",
"target_ref": "x-misp-object--1d635d3a-b3f0-426b-a2bc-9e4e23aee183"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--32dbcc16-da96-44f0-8f5a-ce4f552bdb2d",
2023-06-14 17:31:25 +00:00
"created": "2018-02-16T08:52:14.000Z",
"modified": "2018-02-16T08:52:14.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--5bc79f93-8d40-4dbb-90e0-ae79c6a3a0fe",
"target_ref": "x-misp-object--9992e4e0-7cb8-4a20-94d3-59fdc388f9a8"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--d588165e-44b0-4443-a851-b38ed9484921",
2023-06-14 17:31:25 +00:00
"created": "2018-02-16T08:52:14.000Z",
"modified": "2018-02-16T08:52:14.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--b9ff84f5-2a18-417e-b486-d8ed3980d8c6",
"target_ref": "x-misp-object--89a56b37-1e0e-4b89-9ece-2f720ffdb8e8"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--a987abe0-3de8-4447-bfb5-c3ec6888cbd1",
2023-06-14 17:31:25 +00:00
"created": "2018-02-16T08:52:15.000Z",
"modified": "2018-02-16T08:52:15.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--baa167f7-1035-40c1-9754-d076ef5e23fc",
"target_ref": "x-misp-object--60e1fd7b-6daf-46b7-920c-6e50b9093afb"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}