2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5ad8687b-0e10-4a8b-a157-46a5950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T09:24:28.000Z" ,
"modified" : "2018-04-20T09:24:28.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5ad8687b-0e10-4a8b-a157-46a5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T09:24:28.000Z" ,
"modified" : "2018-04-20T09:24:28.000Z" ,
"name" : "OSINT - Minecraft & CS:GO Ransomware Strive For Media Attention" ,
"published" : "2018-04-20T09:24:57Z" ,
"object_refs" : [
"x-misp-attribute--5ad868b9-05a0-409f-aaf2-4110950d210f" ,
"observed-data--5ad868ce-8c0c-4b3d-916f-4b3a950d210f" ,
"url--5ad868ce-8c0c-4b3d-916f-4b3a950d210f" ,
"indicator--5ad86f63-f1fc-4a32-83a0-4dca950d210f" ,
"indicator--5ad86f63-2108-48fe-b9e7-43f9950d210f" ,
"indicator--5ad86f64-b564-4c00-85cc-4dfd950d210f" ,
"indicator--5ad86f64-fc44-4b3b-a336-4cbe950d210f" ,
"indicator--5ad86f64-23f0-4c89-968d-4a5d950d210f" ,
"indicator--5ad86f65-6368-4e41-b1fc-48fe950d210f" ,
"indicator--5ad86f65-1b08-43a9-9ca7-4f38950d210f" ,
"indicator--5ad86f66-3284-4cc5-80b6-4439950d210f" ,
"indicator--5ad86f66-91dc-4309-9120-4b38950d210f" ,
"indicator--5ad86f66-3e08-4f0f-936e-4a5a950d210f" ,
"indicator--5ad86f67-396c-4119-bcb2-410e950d210f" ,
"indicator--5ad88e9f-33b0-4b74-aac2-43f5950d210f" ,
"indicator--5ad88ea0-3314-4010-9ec5-4d11950d210f" ,
"indicator--5ad88ea0-9b64-4f3e-a6fa-45f1950d210f" ,
"indicator--5ad88ea1-54b4-4f10-b8d6-40ff950d210f" ,
"indicator--5ad88ea1-eabc-4645-b601-4004950d210f" ,
"indicator--5ad88ea1-e2e0-469f-97c0-459c950d210f" ,
"indicator--5ad88ea2-ccf4-408d-9165-4764950d210f" ,
"indicator--5c068f51-98b0-41b5-9283-405ee2b3b925" ,
"x-misp-object--c6a6aeb5-b99d-45f8-8fb0-d976fbb1f042" ,
"indicator--10c705b3-d4f3-452c-93dc-5bc59442a998" ,
"x-misp-object--aac961aa-0223-4b62-b4c8-73897daae8ca" ,
"indicator--60f76829-9936-4142-a59e-7b34e7a9b589" ,
"x-misp-object--3bcf1646-118a-4a10-887e-8f67b74b13a9" ,
"indicator--d8193b44-4c37-42dc-a781-38911be1f9b4" ,
"x-misp-object--eae89772-f98c-4e8e-9553-2810722a1a8a" ,
"indicator--b3620101-dede-4da2-b764-631cba764181" ,
"x-misp-object--4d6c4637-3d9c-405b-beb1-224b76f66a2b" ,
"indicator--dfffc826-de9b-49f9-9226-6713fc609e9c" ,
"x-misp-object--1c78eb45-dc62-4133-b6f6-48ce4d413310" ,
"indicator--a1304fbf-effe-4dba-8079-d36e83309bbe" ,
"x-misp-object--2282c2a4-c392-4bb5-812b-37f190a31d74" ,
"indicator--567b469c-842b-40fb-920c-7b00907d152c" ,
"x-misp-object--d2f06703-93c5-403b-9ed3-343697e0afce" ,
"indicator--621aa925-21c5-4af2-9662-34e39af166e1" ,
"x-misp-object--d2dd4055-f2d0-41d0-8fc2-5908a2c57440" ,
"indicator--ab8e7b4d-6a43-4541-9137-1047487442c4" ,
"x-misp-object--eddeea42-18be-42e6-af0c-56e837e340d6" ,
"indicator--d0f56c1f-46a2-4785-a6b9-036af2137965" ,
"x-misp-object--65dfb489-e7b8-46ec-bdfc-bc81ae647ecf" ,
"indicator--125e1526-6c4a-4132-89fc-43f804dc2b3c" ,
"x-misp-object--92328dc6-bc9c-448d-9e18-360245039d36" ,
"indicator--f06d18a5-283a-4569-b155-745555ccf928" ,
"x-misp-object--c97f4a7d-0f77-4bea-b158-7c109a9393e2" ,
"indicator--1a00f5cc-f1a5-454c-8516-a3766b937b2b" ,
"x-misp-object--da95275d-d7d1-462d-8980-33f697b19bbe" ,
"indicator--0aface86-1943-4c64-a734-a952a0d6036c" ,
"x-misp-object--104199ea-ec1a-4326-b864-aff6b87aa26e" ,
"indicator--a6cd51d1-09ed-4782-b4db-45f24256138e" ,
"x-misp-object--69ca0eea-cc1c-4a23-8300-480a977aed37" ,
"indicator--c4e43c42-c47a-48c2-b8f4-a0157937d9e9" ,
"x-misp-object--c453e757-2896-4eab-9833-df10e4e7ac2c" ,
"indicator--350c1ce9-8596-4b4c-a799-a4472dbf9bcf" ,
"x-misp-object--5c00102e-ec27-48d2-ba97-afaa284cac9a" ,
2023-12-14 13:47:04 +00:00
"relationship--e5e99d0e-d358-468b-8758-e9c16f653bec" ,
"relationship--bf3f7b7a-fc34-4640-8d8a-4c5e8c26c1e2" ,
"relationship--d099429f-369f-47e9-8611-cd8a103a3c19" ,
"relationship--5ac77614-81de-4a08-8a51-cc636524a63b" ,
"relationship--3e4b552e-8f1a-4281-9588-26efd86ef067" ,
"relationship--5e6aae14-a06c-4927-b3d5-e881bd73367c" ,
"relationship--f29b8489-719d-4b13-aa5a-ecb059f9dd58" ,
"relationship--cb6f4262-4847-41d7-970a-413ed84b23b2" ,
"relationship--d9f775f5-6a1e-4e35-8b9b-992da5475448" ,
"relationship--a967368f-8616-43b8-bb1c-e6b2b40dd3cb" ,
"relationship--3f200c48-285d-4fc1-a562-a8569a3449b8" ,
"relationship--1dffd2d1-2ab3-4a47-a661-487ca2a7f2be" ,
"relationship--105d861f-ea52-4432-9713-36d2f6f96044" ,
"relationship--571985b4-9276-47b7-ae59-01bcc73a6dc9" ,
"relationship--96483060-ea0a-498b-9724-b9c698909497" ,
"relationship--1d67a076-4944-41fa-b5fa-405973950a50" ,
"relationship--0ff81a48-5d6e-46d2-a52c-f33580ba5876" ,
"relationship--308e19dc-250d-4cb4-b065-60fabd694490"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:ransomware=\"CSGO Ransomware\"" ,
"misp-galaxy:ransomware=\"MC Ransomware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5ad868b9-05a0-409f-aaf2-4110950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:26.000Z" ,
"modified" : "2018-04-20T08:46:26.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "When ransomware developers achieve huge media buzz like we saw with the PUBG Ransomware, it is not surprising to see other developers creating copycats. This is the case with two new in-development ransomware programs, if we can even call them that, for both Minecraft and Counter-Strike: Global Offensive (CS: GO)."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5ad868ce-8c0c-4b3d-916f-4b3a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:26.000Z" ,
"modified" : "2018-04-20T08:46:26.000Z" ,
"first_observed" : "2018-04-20T08:46:26Z" ,
"last_observed" : "2018-04-20T08:46:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5ad868ce-8c0c-4b3d-916f-4b3a950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5ad868ce-8c0c-4b3d-916f-4b3a950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/minecraft-and-cs-go-ransomware-strive-for-media-attention/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f63-f1fc-4a32-83a0-4dca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:51.000Z" ,
"modified" : "2018-04-19T10:28:51.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC" ,
"pattern" : "[file:hashes.SHA256 = '2d1eb5797b8fbcbea8462b470da343ba95d545808d83f71b8763e1daf7648b14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f63-2108-48fe-b9e7-43f9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:51.000Z" ,
"modified" : "2018-04-19T10:28:51.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"pattern" : "[file:hashes.SHA256 = '92311f839fbc21568323a3ec53c9c16d6febcf593c301c3263e453c62c1a4913']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f64-b564-4c00-85cc-4dfd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:52.000Z" ,
"modified" : "2018-04-19T10:28:52.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"pattern" : "[file:hashes.SHA256 = '6cdacbc0c3a6c2aca98210bd16b76d2bf2740c8c67606f62203592f290fac76e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f64-fc44-4b3b-a336-4cbe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:52.000Z" ,
"modified" : "2018-04-19T10:28:52.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC" ,
"pattern" : "[file:hashes.SHA256 = '1c565d978f3fe2b259af7d06cdb3651afee200a580a04b2b6fb856a4d986306b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f64-23f0-4c89-968d-4a5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:52.000Z" ,
"modified" : "2018-04-19T10:28:52.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC" ,
"pattern" : "[file:hashes.SHA256 = '2b9a684946c626f525f96b45c00514d6523821fa5031fc2042ef21d0069ebdbb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f65-6368-4e41-b1fc-48fe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:53.000Z" ,
"modified" : "2018-04-19T10:28:53.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC" ,
"pattern" : "[file:hashes.SHA256 = '066231686b4634081736ef2f51e83cc69cc01db203967a88f7ff7d9fa84984f8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f65-1b08-43a9-9ca7-4f38950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:53.000Z" ,
"modified" : "2018-04-19T10:28:53.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC" ,
"pattern" : "[file:hashes.SHA256 = '68eadde62a0c5baa44484194f62fc80ec5e27b8581f3219fecc0ccb92c4c4d75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f66-3284-4cc5-80b6-4439950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:54.000Z" ,
"modified" : "2018-04-19T10:28:54.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC" ,
"pattern" : "[file:hashes.SHA256 = '3b02d16e71307f5b80d45ba04610be6c12e7a523ccb704f8a2478a213a15e86b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f66-91dc-4309-9120-4b38950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:54.000Z" ,
"modified" : "2018-04-19T10:28:54.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC" ,
"pattern" : "[file:hashes.SHA256 = 'e5d8e5e967ca27c012e15f8a675feddeaa189176cb0e237f99fdbbb9a4bad6c3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f66-3e08-4f0f-936e-4a5a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:54.000Z" ,
"modified" : "2018-04-19T10:28:54.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC" ,
"pattern" : "[file:hashes.SHA256 = '72d103eb07d8d8b9fb4a1cbb12b20716936b97574d688631956dc7becabbd784']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad86f67-396c-4119-bcb2-410e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T10:28:55.000Z" ,
"modified" : "2018-04-19T10:28:55.000Z" ,
"description" : "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC" ,
"pattern" : "[file:hashes.SHA256 = '1ec96281a57a01a6415662f44a9b96a2f00488beae12c5c730cfa96b63abd42c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T10:28:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad88e9f-33b0-4b74-aac2-43f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T12:42:07.000Z" ,
"modified" : "2018-04-19T12:42:07.000Z" ,
"description" : "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC" ,
"pattern" : "[file:hashes.SHA256 = '8bc877003404b1bd51bc1d614c5c3f27151633b06c43c5fba73f61ef7fc88dfa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T12:42:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad88ea0-3314-4010-9ec5-4d11950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T12:42:08.000Z" ,
"modified" : "2018-04-19T12:42:08.000Z" ,
"description" : "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC" ,
"pattern" : "[file:hashes.SHA256 = '8522f0a546fe566529f48b67c8d92d5cab82fe67471249097b3b0b095fe1a154']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T12:42:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad88ea0-9b64-4f3e-a6fa-45f1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T12:42:08.000Z" ,
"modified" : "2018-04-19T12:42:08.000Z" ,
"description" : "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC" ,
"pattern" : "[file:hashes.SHA256 = '7d8929ef41ecfa871779c8a41028d3339023472b6845263d1324703551675668']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T12:42:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad88ea1-54b4-4f10-b8d6-40ff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T12:42:09.000Z" ,
"modified" : "2018-04-19T12:42:09.000Z" ,
"description" : "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC" ,
"pattern" : "[file:hashes.SHA256 = 'e8b3dc551d14fc9ed2da1405b34cec5ba17abf7b1bd60266501cd6c903163050']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T12:42:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad88ea1-eabc-4645-b601-4004950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T12:42:09.000Z" ,
"modified" : "2018-04-19T12:42:09.000Z" ,
"description" : "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC" ,
"pattern" : "[file:hashes.SHA256 = '40b851137f18e50c182c3a303ac97005a75edc6e470434e14535255c7a34aec6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T12:42:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad88ea1-e2e0-469f-97c0-459c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T12:42:09.000Z" ,
"modified" : "2018-04-19T12:42:09.000Z" ,
"description" : "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC" ,
"pattern" : "[file:hashes.SHA256 = '658708957da960774321d1272443f78992de56ce66a739a990944267200465e9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T12:42:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ad88ea2-ccf4-408d-9165-4764950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-19T12:42:10.000Z" ,
"modified" : "2018-04-19T12:42:10.000Z" ,
"description" : "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC" ,
"pattern" : "[file:hashes.SHA256 = '7119237f48aadb9a87389b2252fbd28fa69384a91a49c8d14f3900311ce84d1b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-19T12:42:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c068f51-98b0-41b5-9283-405ee2b3b925" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:30.000Z" ,
"modified" : "2018-04-20T08:46:30.000Z" ,
"pattern" : "[file:hashes.MD5 = '8c8f54175f37f008d0aa8e7a8b8003b4' AND file:hashes.SHA1 = '6bde9f61d89a15336d26adb29208ba3b550c7377' AND file:hashes.SHA256 = '3b02d16e71307f5b80d45ba04610be6c12e7a523ccb704f8a2478a213a15e86b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c6a6aeb5-b99d-45f8-8fb0-d976fbb1f042" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:28.000Z" ,
"modified" : "2018-04-20T08:46:28.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:18:27" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC" ,
"uuid" : "5ad9a8e4-bcd0-4509-9bd1-4fe402de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/3b02d16e71307f5b80d45ba04610be6c12e7a523ccb704f8a2478a213a15e86b/analysis/1524197907/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC" ,
"uuid" : "5ad9a8e5-3eb8-4899-a7fb-4da302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:45:41 UTC" ,
"uuid" : "5ad9a8e5-2164-418c-8f7b-481e02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--10c705b3-d4f3-452c-93dc-5bc59442a998" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:32.000Z" ,
"modified" : "2018-04-20T08:46:32.000Z" ,
"pattern" : "[file:hashes.MD5 = '9689a763ceee30174d657a51584c469f' AND file:hashes.SHA1 = 'f127f9a99015bec0a369f31fe18e7e1f0d17c18d' AND file:hashes.SHA256 = '92311f839fbc21568323a3ec53c9c16d6febcf593c301c3263e453c62c1a4913']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aac961aa-0223-4b62-b4c8-73897daae8ca" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:30.000Z" ,
"modified" : "2018-04-20T08:46:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:11:30" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"uuid" : "5ad9a8e7-6678-459a-8c91-4a1602de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/92311f839fbc21568323a3ec53c9c16d6febcf593c301c3263e453c62c1a4913/analysis/1524197490/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"uuid" : "5ad9a8e7-53e4-40d6-a90e-4bd702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"uuid" : "5ad9a8e8-24e4-45b6-adaf-4bec02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--60f76829-9936-4142-a59e-7b34e7a9b589" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:35.000Z" ,
"modified" : "2018-04-20T08:46:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '66abec932921f330810c38a5e4cf744d' AND file:hashes.SHA1 = 'd5a8eee6e7cac0ba883bbd0bccb2addc7c3a74dc' AND file:hashes.SHA256 = '8bc877003404b1bd51bc1d614c5c3f27151633b06c43c5fba73f61ef7fc88dfa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3bcf1646-118a-4a10-887e-8f67b74b13a9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:33.000Z" ,
"modified" : "2018-04-20T08:46:33.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-19T14:56:36" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC" ,
"uuid" : "5ad9a8e9-3b48-416b-8d62-409002de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8bc877003404b1bd51bc1d614c5c3f27151633b06c43c5fba73f61ef7fc88dfa/analysis/1524149796/" ,
"category" : "External analysis" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC" ,
"uuid" : "5ad9a8ea-8ac8-4499-be0a-45dc02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/67" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:45:33 UTC" ,
"uuid" : "5ad9a8ea-b7c0-404e-ac05-42e502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d8193b44-4c37-42dc-a781-38911be1f9b4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:37.000Z" ,
"modified" : "2018-04-20T08:46:37.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd7d4f252aee7133627a5520371eaf24f' AND file:hashes.SHA1 = 'a87a6abef722681462a583b80a9d623720ed1ede' AND file:hashes.SHA256 = '066231686b4634081736ef2f51e83cc69cc01db203967a88f7ff7d9fa84984f8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--eae89772-f98c-4e8e-9553-2810722a1a8a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:36.000Z" ,
"modified" : "2018-04-20T08:46:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:15:33" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC" ,
"uuid" : "5ad9a8ec-7d58-4ae4-8164-4ac702de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/066231686b4634081736ef2f51e83cc69cc01db203967a88f7ff7d9fa84984f8/analysis/1524197733/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC" ,
"uuid" : "5ad9a8ec-f830-498b-81b7-47cb02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:44:49 UTC" ,
"uuid" : "5ad9a8ed-63ec-4ae5-affc-4c1d02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b3620101-dede-4da2-b764-631cba764181" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:40.000Z" ,
"modified" : "2018-04-20T08:46:40.000Z" ,
"pattern" : "[file:hashes.MD5 = '31bc3110a85a06cd3ec5cc752a3226d8' AND file:hashes.SHA1 = '0bbd726919081b5ba30e64735545148c4f07244c' AND file:hashes.SHA256 = 'e8b3dc551d14fc9ed2da1405b34cec5ba17abf7b1bd60266501cd6c903163050']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4d6c4637-3d9c-405b-beb1-224b76f66a2b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:38.000Z" ,
"modified" : "2018-04-20T08:46:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-19T14:43:52" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC" ,
"uuid" : "5ad9a8ee-daec-4190-9c10-43f202de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e8b3dc551d14fc9ed2da1405b34cec5ba17abf7b1bd60266501cd6c903163050/analysis/1524149032/" ,
"category" : "External analysis" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC" ,
"uuid" : "5ad9a8ef-f724-4707-af84-482102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/67" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:35:00 UTC" ,
"uuid" : "5ad9a8ef-e044-4363-acf4-4b2d02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dfffc826-de9b-49f9-9226-6713fc609e9c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:42.000Z" ,
"modified" : "2018-04-20T08:46:42.000Z" ,
"pattern" : "[file:hashes.MD5 = '7e40e941425e40ae464d6b7cc7f0d88b' AND file:hashes.SHA1 = '0f6ed7985d84f0dd7f1b1ed911a52e9867544394' AND file:hashes.SHA256 = '7d8929ef41ecfa871779c8a41028d3339023472b6845263d1324703551675668']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1c78eb45-dc62-4133-b6f6-48ce4d413310" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:40.000Z" ,
"modified" : "2018-04-20T08:46:40.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-19T14:37:29" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC" ,
"uuid" : "5ad9a8f0-998c-49cb-ac8d-41ed02de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7d8929ef41ecfa871779c8a41028d3339023472b6845263d1324703551675668/analysis/1524148649/" ,
"category" : "External analysis" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC" ,
"uuid" : "5ad9a8f1-67a0-42b2-a814-4dc402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "19/67" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:35:01 UTC" ,
"uuid" : "5ad9a8f1-8b74-4cca-9a34-48d702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a1304fbf-effe-4dba-8079-d36e83309bbe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:44.000Z" ,
"modified" : "2018-04-20T08:46:44.000Z" ,
"pattern" : "[file:hashes.MD5 = '19504eb1c5d21d896d7e217f66031b7b' AND file:hashes.SHA1 = '90cb4ef44cfd9b381e4260724d8ec5129ea5d603' AND file:hashes.SHA256 = '8522f0a546fe566529f48b67c8d92d5cab82fe67471249097b3b0b095fe1a154']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2282c2a4-c392-4bb5-812b-37f190a31d74" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:43.000Z" ,
"modified" : "2018-04-20T08:46:43.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-19T15:37:10" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC" ,
"uuid" : "5ad9a8f3-1f68-4b59-bf46-499c02de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8522f0a546fe566529f48b67c8d92d5cab82fe67471249097b3b0b095fe1a154/analysis/1524152230/" ,
"category" : "External analysis" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC" ,
"uuid" : "5ad9a8f3-700c-4cf0-b692-497302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/67" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:45:23 UTC" ,
"uuid" : "5ad9a8f4-6a88-4db2-899c-4beb02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--567b469c-842b-40fb-920c-7b00907d152c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:47.000Z" ,
"modified" : "2018-04-20T08:46:47.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c6450b034f94c70126bf5d135133234f' AND file:hashes.SHA1 = 'a82f870563600f1e62cb793a9189318d5edd6c15' AND file:hashes.SHA256 = '7119237f48aadb9a87389b2252fbd28fa69384a91a49c8d14f3900311ce84d1b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d2f06703-93c5-403b-9ed3-343697e0afce" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:45.000Z" ,
"modified" : "2018-04-20T08:46:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T06:01:59" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC" ,
"uuid" : "5ad9a8f5-25c0-45b4-aa44-455702de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7119237f48aadb9a87389b2252fbd28fa69384a91a49c8d14f3900311ce84d1b/analysis/1524204119/" ,
"category" : "External analysis" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC" ,
"uuid" : "5ad9a8f5-c280-4878-8ea4-4afe02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/68" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:23:28 UTC" ,
"uuid" : "5ad9a8f6-5c8c-4c49-8fa3-4da502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--621aa925-21c5-4af2-9662-34e39af166e1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:49.000Z" ,
"modified" : "2018-04-20T08:46:49.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f72d5d5106d60376963dc7fcbb29e1e8' AND file:hashes.SHA1 = '8adb72ed65ffdb6994a08d52802be84e8362aa6a' AND file:hashes.SHA256 = '68eadde62a0c5baa44484194f62fc80ec5e27b8581f3219fecc0ccb92c4c4d75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d2dd4055-f2d0-41d0-8fc2-5908a2c57440" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:48.000Z" ,
"modified" : "2018-04-20T08:46:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:18:15" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC" ,
"uuid" : "5ad9a8f8-3ee8-4450-9e33-4a8502de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/68eadde62a0c5baa44484194f62fc80ec5e27b8581f3219fecc0ccb92c4c4d75/analysis/1524197895/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC" ,
"uuid" : "5ad9a8f8-0644-49f0-bf1c-425f02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:46:00 UTC" ,
"uuid" : "5ad9a8f8-354c-4681-8fd8-4fea02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ab8e7b4d-6a43-4541-9137-1047487442c4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:51.000Z" ,
"modified" : "2018-04-20T08:46:51.000Z" ,
"pattern" : "[file:hashes.MD5 = '36a341d6a7b9be36066762f3532df573' AND file:hashes.SHA1 = '88e266b976c0212dae3c2c577f14df1b883f53c4' AND file:hashes.SHA256 = '6cdacbc0c3a6c2aca98210bd16b76d2bf2740c8c67606f62203592f290fac76e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--eddeea42-18be-42e6-af0c-56e837e340d6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:50.000Z" ,
"modified" : "2018-04-20T08:46:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:12:50" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"uuid" : "5ad9a8fa-7b14-48c6-acdd-4bb502de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6cdacbc0c3a6c2aca98210bd16b76d2bf2740c8c67606f62203592f290fac76e/analysis/1524197570/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"uuid" : "5ad9a8fa-de50-4181-8f24-425c02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:09 UTC" ,
"uuid" : "5ad9a8fb-2254-4291-9e9e-442b02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d0f56c1f-46a2-4785-a6b9-036af2137965" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:54.000Z" ,
"modified" : "2018-04-20T08:46:54.000Z" ,
"pattern" : "[file:hashes.MD5 = '79a4eb4f496a236aae76d711b73ab2d8' AND file:hashes.SHA1 = '6afbe3826c9721a4a352cfd980d2942731d41787' AND file:hashes.SHA256 = '1ec96281a57a01a6415662f44a9b96a2f00488beae12c5c730cfa96b63abd42c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--65dfb489-e7b8-46ec-bdfc-bc81ae647ecf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:52.000Z" ,
"modified" : "2018-04-20T08:46:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T06:01:55" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC" ,
"uuid" : "5ad9a8fc-c7d4-4430-94c8-4b4202de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1ec96281a57a01a6415662f44a9b96a2f00488beae12c5c730cfa96b63abd42c/analysis/1524204115/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC" ,
"uuid" : "5ad9a8fc-1074-4724-a060-422602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:18 UTC" ,
"uuid" : "5ad9a8fd-17a0-4e66-bc2f-4f5302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--125e1526-6c4a-4132-89fc-43f804dc2b3c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:56.000Z" ,
"modified" : "2018-04-20T08:46:56.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c83bebaf7f005a84a05d4a9be7baecf9' AND file:hashes.SHA1 = '170197b724a867f51ad9138cdbfea9728e916d7d' AND file:hashes.SHA256 = '658708957da960774321d1272443f78992de56ce66a739a990944267200465e9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--92328dc6-bc9c-448d-9e18-360245039d36" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:54.000Z" ,
"modified" : "2018-04-20T08:46:54.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-19T14:32:16" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC" ,
"uuid" : "5ad9a8fe-21a4-4412-9c69-44f202de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/658708957da960774321d1272443f78992de56ce66a739a990944267200465e9/analysis/1524148336/" ,
"category" : "External analysis" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC" ,
"uuid" : "5ad9a8ff-c534-4cba-961f-4db502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/67" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:29:15 UTC" ,
"uuid" : "5ad9a8ff-ad30-448f-a04c-4f7702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f06d18a5-283a-4569-b155-745555ccf928" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:58.000Z" ,
"modified" : "2018-04-20T08:46:58.000Z" ,
"pattern" : "[file:hashes.MD5 = '4753075e5c1f696327c9bc357827613f' AND file:hashes.SHA1 = 'db9984145d65cf30cd105897bced5e444995da7d' AND file:hashes.SHA256 = '2b9a684946c626f525f96b45c00514d6523821fa5031fc2042ef21d0069ebdbb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:46:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c97f4a7d-0f77-4bea-b158-7c109a9393e2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:56.000Z" ,
"modified" : "2018-04-20T08:46:56.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:14:41" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC" ,
"uuid" : "5ad9a901-afc4-4461-8c60-47f302de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2b9a684946c626f525f96b45c00514d6523821fa5031fc2042ef21d0069ebdbb/analysis/1524197681/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC" ,
"uuid" : "5ad9a901-fcac-48af-9490-452902de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:49:44 UTC" ,
"uuid" : "5ad9a902-2e68-4253-8229-475e02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1a00f5cc-f1a5-454c-8516-a3766b937b2b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:01.000Z" ,
"modified" : "2018-04-20T08:47:01.000Z" ,
"pattern" : "[file:hashes.MD5 = '11ad8a33f89c0f6488a26ae8f01a31d7' AND file:hashes.SHA1 = 'b931e3a4f21d8d96fba1e73fa148f062457e30c7' AND file:hashes.SHA256 = '40b851137f18e50c182c3a303ac97005a75edc6e470434e14535255c7a34aec6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:47:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--da95275d-d7d1-462d-8980-33f697b19bbe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:46:59.000Z" ,
"modified" : "2018-04-20T08:46:59.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-19T15:38:40" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC" ,
"uuid" : "5ad9a903-e380-413a-8969-4d9702de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/40b851137f18e50c182c3a303ac97005a75edc6e470434e14535255c7a34aec6/analysis/1524152320/" ,
"category" : "External analysis" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC" ,
"uuid" : "5ad9a903-c12c-4e9b-8def-4f1e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "19/67" ,
"category" : "Other" ,
"comment" : "CSGO Ransomware Hashes - 2018-04-17 08:34:55 UTC" ,
"uuid" : "5ad9a904-c0ec-4303-8d68-4f9a02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0aface86-1943-4c64-a734-a952a0d6036c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:03.000Z" ,
"modified" : "2018-04-20T08:47:03.000Z" ,
"pattern" : "[file:hashes.MD5 = '4297dec3ddaa8fdbf0f2351bc8b445bd' AND file:hashes.SHA1 = 'ec48566ffe54edda57ca7b32a065855bc2f87471' AND file:hashes.SHA256 = 'e5d8e5e967ca27c012e15f8a675feddeaa189176cb0e237f99fdbbb9a4bad6c3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:47:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--104199ea-ec1a-4326-b864-aff6b87aa26e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:01.000Z" ,
"modified" : "2018-04-20T08:47:01.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:21:02" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC" ,
"uuid" : "5ad9a905-8ef0-4da6-a289-4ce802de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e5d8e5e967ca27c012e15f8a675feddeaa189176cb0e237f99fdbbb9a4bad6c3/analysis/1524198062/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC" ,
"uuid" : "5ad9a906-6a70-4c58-9fee-4f8e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:23 UTC" ,
"uuid" : "5ad9a906-fb84-4cc8-a79e-446202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a6cd51d1-09ed-4782-b4db-45f24256138e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:05.000Z" ,
"modified" : "2018-04-20T08:47:05.000Z" ,
"pattern" : "[file:hashes.MD5 = '9f964893e51c95cb83ac2ff8287dd84e' AND file:hashes.SHA1 = '2befbde3349898e346aeab38b2c49f09b4a7ae59' AND file:hashes.SHA256 = '1c565d978f3fe2b259af7d06cdb3651afee200a580a04b2b6fb856a4d986306b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--69ca0eea-cc1c-4a23-8300-480a977aed37" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:03.000Z" ,
"modified" : "2018-04-20T08:47:03.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:13:02" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC" ,
"uuid" : "5ad9a908-b6d4-4c8d-ad1c-488e02de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1c565d978f3fe2b259af7d06cdb3651afee200a580a04b2b6fb856a4d986306b/analysis/1524197582/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC" ,
"uuid" : "5ad9a908-0244-4da1-a6d4-436602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-16 09:54:34 UTC" ,
"uuid" : "5ad9a908-ae74-4199-9790-46d902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c4e43c42-c47a-48c2-b8f4-a0157937d9e9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:07.000Z" ,
"modified" : "2018-04-20T08:47:07.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cd2c72de1f36265124292031b20859df' AND file:hashes.SHA1 = '8f3a472cc818a054d71c7a4e2d40bbe0c112286d' AND file:hashes.SHA256 = '2d1eb5797b8fbcbea8462b470da343ba95d545808d83f71b8763e1daf7648b14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:47:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c453e757-2896-4eab-9833-df10e4e7ac2c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:06.000Z" ,
"modified" : "2018-04-20T08:47:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:11:13" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC" ,
"uuid" : "5ad9a90a-9024-49ce-b31c-46c002de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2d1eb5797b8fbcbea8462b470da343ba95d545808d83f71b8763e1daf7648b14/analysis/1524197473/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC" ,
"uuid" : "5ad9a90a-b280-44a4-8be3-49a802de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/68" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 12:02:21 UTC" ,
"uuid" : "5ad9a90b-dae0-4d09-bfc4-486902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--350c1ce9-8596-4b4c-a799-a4472dbf9bcf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
"pattern" : "[file:hashes.MD5 = 'dac78ca4ceb78391d08578c3d166da48' AND file:hashes.SHA1 = 'db81a47d3fa39a92987ef65c3510788b3ed140cb' AND file:hashes.SHA256 = '72d103eb07d8d8b9fb4a1cbb12b20716936b97574d688631956dc7becabbd784']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-20T08:47:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c00102e-ec27-48d2-ba97-afaa284cac9a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-20T08:47:08.000Z" ,
"modified" : "2018-04-20T08:47:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-20T04:21:19" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC" ,
"uuid" : "5ad9a90d-c554-4cbb-a1b7-44d302de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/72d103eb07d8d8b9fb4a1cbb12b20716936b97574d688631956dc7becabbd784/analysis/1524198079/" ,
"category" : "External analysis" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC" ,
"uuid" : "5ad9a90d-21cc-4ace-8a87-405502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/67" ,
"category" : "Other" ,
"comment" : "MC Ransomware Hashes - 2018-04-17 07:40:21 UTC" ,
"uuid" : "5ad9a90d-a100-4a29-bcb4-484802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--e5e99d0e-d358-468b-8758-e9c16f653bec" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:09.000Z" ,
"modified" : "2018-04-20T08:47:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5c068f51-98b0-41b5-9283-405ee2b3b925" ,
"target_ref" : "x-misp-object--c6a6aeb5-b99d-45f8-8fb0-d976fbb1f042"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--bf3f7b7a-fc34-4640-8d8a-4c5e8c26c1e2" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:09.000Z" ,
"modified" : "2018-04-20T08:47:09.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--10c705b3-d4f3-452c-93dc-5bc59442a998" ,
"target_ref" : "x-misp-object--aac961aa-0223-4b62-b4c8-73897daae8ca"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--d099429f-369f-47e9-8611-cd8a103a3c19" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--60f76829-9936-4142-a59e-7b34e7a9b589" ,
"target_ref" : "x-misp-object--3bcf1646-118a-4a10-887e-8f67b74b13a9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--5ac77614-81de-4a08-8a51-cc636524a63b" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--d8193b44-4c37-42dc-a781-38911be1f9b4" ,
"target_ref" : "x-misp-object--eae89772-f98c-4e8e-9553-2810722a1a8a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--3e4b552e-8f1a-4281-9588-26efd86ef067" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--b3620101-dede-4da2-b764-631cba764181" ,
"target_ref" : "x-misp-object--4d6c4637-3d9c-405b-beb1-224b76f66a2b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--5e6aae14-a06c-4927-b3d5-e881bd73367c" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--dfffc826-de9b-49f9-9226-6713fc609e9c" ,
"target_ref" : "x-misp-object--1c78eb45-dc62-4133-b6f6-48ce4d413310"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--f29b8489-719d-4b13-aa5a-ecb059f9dd58" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--a1304fbf-effe-4dba-8079-d36e83309bbe" ,
"target_ref" : "x-misp-object--2282c2a4-c392-4bb5-812b-37f190a31d74"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--cb6f4262-4847-41d7-970a-413ed84b23b2" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--567b469c-842b-40fb-920c-7b00907d152c" ,
"target_ref" : "x-misp-object--d2f06703-93c5-403b-9ed3-343697e0afce"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--d9f775f5-6a1e-4e35-8b9b-992da5475448" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--621aa925-21c5-4af2-9662-34e39af166e1" ,
"target_ref" : "x-misp-object--d2dd4055-f2d0-41d0-8fc2-5908a2c57440"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--a967368f-8616-43b8-bb1c-e6b2b40dd3cb" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--ab8e7b4d-6a43-4541-9137-1047487442c4" ,
"target_ref" : "x-misp-object--eddeea42-18be-42e6-af0c-56e837e340d6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--3f200c48-285d-4fc1-a562-a8569a3449b8" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--d0f56c1f-46a2-4785-a6b9-036af2137965" ,
"target_ref" : "x-misp-object--65dfb489-e7b8-46ec-bdfc-bc81ae647ecf"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--1dffd2d1-2ab3-4a47-a661-487ca2a7f2be" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--125e1526-6c4a-4132-89fc-43f804dc2b3c" ,
"target_ref" : "x-misp-object--92328dc6-bc9c-448d-9e18-360245039d36"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--105d861f-ea52-4432-9713-36d2f6f96044" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--f06d18a5-283a-4569-b155-745555ccf928" ,
"target_ref" : "x-misp-object--c97f4a7d-0f77-4bea-b158-7c109a9393e2"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--571985b4-9276-47b7-ae59-01bcc73a6dc9" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--1a00f5cc-f1a5-454c-8516-a3766b937b2b" ,
"target_ref" : "x-misp-object--da95275d-d7d1-462d-8980-33f697b19bbe"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--96483060-ea0a-498b-9724-b9c698909497" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--0aface86-1943-4c64-a734-a952a0d6036c" ,
"target_ref" : "x-misp-object--104199ea-ec1a-4326-b864-aff6b87aa26e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--1d67a076-4944-41fa-b5fa-405973950a50" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--a6cd51d1-09ed-4782-b4db-45f24256138e" ,
"target_ref" : "x-misp-object--69ca0eea-cc1c-4a23-8300-480a977aed37"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--0ff81a48-5d6e-46d2-a52c-f33580ba5876" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:10.000Z" ,
"modified" : "2018-04-20T08:47:10.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--c4e43c42-c47a-48c2-b8f4-a0157937d9e9" ,
"target_ref" : "x-misp-object--c453e757-2896-4eab-9833-df10e4e7ac2c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--308e19dc-250d-4cb4-b065-60fabd694490" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-04-20T08:47:11.000Z" ,
"modified" : "2018-04-20T08:47:11.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--350c1ce9-8596-4b4c-a799-a4472dbf9bcf" ,
"target_ref" : "x-misp-object--5c00102e-ec27-48d2-ba97-afaa284cac9a"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
