misp-circl-feed/feeds/circl/misp/5aec6eea-74a4-43f9-8910-498d950d210f.json

955 lines
41 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5aec6eea-74a4-43f9-8910-498d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:35:57.000Z",
"modified": "2018-05-08T12:35:57.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5aec6eea-74a4-43f9-8910-498d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:35:57.000Z",
"modified": "2018-05-08T12:35:57.000Z",
"name": "OSINT - Lojack Becomes a Double-Agent",
"published": "2018-05-08T12:36:18Z",
"object_refs": [
"observed-data--5aec6ef5-5a7c-4347-831f-74f2950d210f",
"url--5aec6ef5-5a7c-4347-831f-74f2950d210f",
"x-misp-attribute--5af00b50-fc10-4c75-9377-4bbd950d210f",
"indicator--5af00d25-a910-4e88-a867-426e950d210f",
"indicator--5af00d93-a6b4-4b8f-9fb1-43ca950d210f",
"indicator--5af00d94-ffd8-4907-918e-4383950d210f",
"indicator--5af00d94-6300-43dd-ba35-4b40950d210f",
"indicator--5af00d94-9d14-48f9-8270-47f7950d210f",
"indicator--5af00d95-e6a8-4e88-96c9-419c950d210f",
"indicator--5af00d95-7908-4212-8d24-4172950d210f",
"indicator--5af00d96-edac-43fa-be4f-4e88950d210f",
"indicator--5af00d96-5b48-4c5b-9e1d-4883950d210f",
"indicator--5af01102-533c-4841-929e-47b9950d210f",
"observed-data--5af01180-185c-49e1-9d78-4cb0950d210f",
"file--5af01180-185c-49e1-9d78-4cb0950d210f",
"observed-data--5af01180-6ba0-4139-922a-4e95950d210f",
"file--5af01180-6ba0-4139-922a-4e95950d210f",
"indicator--5af015d7-9b54-4085-9086-4b65950d210f",
"observed-data--5af1995f-cdb4-416c-a13f-48fd950d210f",
"url--5af1995f-cdb4-416c-a13f-48fd950d210f",
"indicator--74089204-8a39-410d-b274-c63a7c6edd93",
"x-misp-object--9c973c81-cfc7-45f9-895d-ce12cb73e25f",
"indicator--c24f479b-83fb-41c6-8f0d-8ccf53b431c1",
"x-misp-object--2f9fccfb-465f-406c-aeef-3e329a966f34",
"indicator--dd0cab48-6f62-4bd6-b10a-18200635fb54",
"x-misp-object--c01bde93-91b5-4cfe-82f2-35da847471b9",
"indicator--5eda63ae-1893-42e5-846a-e9995000bde9",
"x-misp-object--669adb50-5e7d-4c8d-8510-38a08aea3ba7",
"indicator--41d7368a-bbcc-4b09-8db4-959a210b2e52",
"x-misp-object--14781af2-cede-4e8a-b613-76a5eb9bd981",
"indicator--e7b0d6ff-7062-460a-baaa-2f1387ae9eda",
"x-misp-object--e8a84d77-4552-4789-9fff-c5b4d1f21c0b",
"indicator--f8bd20cd-39f4-4edd-b539-348389f5df61",
"x-misp-object--1015a558-4051-4d03-9a34-a0c9448ee953",
2023-12-14 13:47:04 +00:00
"relationship--9f162ccf-2ef1-4a81-8933-0f7fa953711c",
"relationship--798f00bc-a765-4c00-aadc-eee89833f8c6",
"relationship--ed181e18-7abd-4ffb-8b30-2e8e95c9fe66",
"relationship--87e081bb-cad1-4ea2-b9d1-fb44702de1ed",
"relationship--9e10ae9e-c120-4c6d-bf40-5c189dceae13",
"relationship--72061549-42f5-4397-a683-5fa8537dfb8b",
"relationship--de604b76-20ee-45c0-830c-fc3c55288bfe"
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aec6ef5-5a7c-4347-831f-74f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:16.000Z",
"modified": "2018-05-08T06:57:16.000Z",
"first_observed": "2018-05-08T06:57:16Z",
"last_observed": "2018-05-08T06:57:16Z",
"number_observed": 1,
"object_refs": [
"url--5aec6ef5-5a7c-4347-831f-74f2950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aec6ef5-5a7c-4347-831f-74f2950d210f",
"value": "https://asert.arbornetworks.com/lojack-becomes-a-double-agent/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5af00b50-fc10-4c75-9377-4bbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:17.000Z",
"modified": "2018-05-08T06:57:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. They also target industries that do business with such organizations, such as defense contractors. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d25-a910-4e88-a867-426e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-07T08:24:05.000Z",
"modified": "2018-05-07T08:24:05.000Z",
"pattern": "[file:hashes.MD5 = 'cf45ec807321d12f8df35fa434591460']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-07T08:24:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d93-a6b4-4b8f-9fb1-43ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-07T08:25:55.000Z",
"modified": "2018-05-07T08:25:55.000Z",
"pattern": "[file:hashes.MD5 = 'f1df1a795eb784f7bfc3ba9a7e3b00ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-07T08:25:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d94-ffd8-4907-918e-4383950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:17.000Z",
"modified": "2018-05-08T06:57:17.000Z",
"description": "Rogue C2 Servers",
"pattern": "[domain-name:value = 'sysanalyticweb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d94-6300-43dd-ba35-4b40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-07T08:25:56.000Z",
"modified": "2018-05-07T08:25:56.000Z",
"pattern": "[file:hashes.MD5 = '6eaa1ff5f33df3169c209f98cc5012d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-07T08:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d94-9d14-48f9-8270-47f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-07T08:25:56.000Z",
"modified": "2018-05-07T08:25:56.000Z",
"pattern": "[file:hashes.MD5 = 'f3c6e16f0dd2b0e55a7dad365c3877d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-07T08:25:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d95-e6a8-4e88-96c9-419c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:18.000Z",
"modified": "2018-05-08T06:57:18.000Z",
"description": "Rogue C2 Servers",
"pattern": "[domain-name:value = 'elaxo.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d95-7908-4212-8d24-4172950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:18.000Z",
"modified": "2018-05-08T06:57:18.000Z",
"description": "Rogue C2 Servers",
"pattern": "[domain-name:value = 'ikmtrust.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d96-edac-43fa-be4f-4e88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-07T08:25:58.000Z",
"modified": "2018-05-07T08:25:58.000Z",
"pattern": "[file:hashes.MD5 = 'f391556d9f89499fa8ee757cb3472710']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-07T08:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af00d96-5b48-4c5b-9e1d-4883950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:19.000Z",
"modified": "2018-05-08T06:57:19.000Z",
"description": "Rogue C2 Servers",
"pattern": "[domain-name:value = 'lxwo.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af01102-533c-4841-929e-47b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:19.000Z",
"modified": "2018-05-08T06:57:19.000Z",
"pattern": "[domain-name:value = 'search.namequery.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af01180-185c-49e1-9d78-4cb0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-07T08:42:40.000Z",
"modified": "2018-05-07T08:42:40.000Z",
"first_observed": "2018-05-07T08:42:40Z",
"last_observed": "2018-05-07T08:42:40Z",
"number_observed": 1,
"object_refs": [
"file--5af01180-185c-49e1-9d78-4cb0950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5af01180-185c-49e1-9d78-4cb0950d210f",
"hashes": {
"MD5": "e78e3b0171b189074d2539c7baaa0719"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af01180-6ba0-4139-922a-4e95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-07T08:42:40.000Z",
"modified": "2018-05-07T08:42:40.000Z",
"first_observed": "2018-05-07T08:42:40Z",
"last_observed": "2018-05-07T08:42:40Z",
"number_observed": 1,
"object_refs": [
"file--5af01180-6ba0-4139-922a-4e95950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5af01180-6ba0-4139-922a-4e95950d210f",
"hashes": {
"MD5": "ac1a85d3ca1b6265cad4ed41b696f9b7"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af015d7-9b54-4085-9086-4b65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:19.000Z",
"modified": "2018-05-08T06:57:19.000Z",
"pattern": "[rule ComputraceAgent\r\n{\r\n meta:\r\n description = \"Absolute Computrace Agent Executable\"\r\n thread_level = 3\r\n in_the_wild = true\r\n strings:\r\n $a = {D1 E0 F5 8B 4D 0C 83 D1 00 8B EC FF 33 83 C3 04}\r\n $mz = {4d 5a}\r\n $b1 = {72 70 63 6E 65 74 70 2E 65 78 65 00 72 70 63 6E 65 74 70 00}\r\n $b2 = {54 61 67 49 64 00}\r\n condition:\r\n ($mz at 0 ) and ($a or ($b1 and $b2))\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af1995f-cdb4-416c-a13f-48fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:34:39.000Z",
"modified": "2018-05-08T12:34:39.000Z",
"first_observed": "2018-05-08T12:34:39Z",
"last_observed": "2018-05-08T12:34:39Z",
"number_observed": 1,
"object_refs": [
"url--5af1995f-cdb4-416c-a13f-48fd950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5af1995f-cdb4-416c-a13f-48fd950d210f",
"value": "https://www.blackhat.com/docs/us-14/materials/us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--74089204-8a39-410d-b274-c63a7c6edd93",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:23.000Z",
"modified": "2018-05-08T06:57:23.000Z",
"pattern": "[file:hashes.MD5 = 'f391556d9f89499fa8ee757cb3472710' AND file:hashes.SHA1 = '2529f6eda28d54490119d2123d22da56783c704f' AND file:hashes.SHA256 = '060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9c973c81-cfc7-45f9-895d-ce12cb73e25f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:21.000Z",
"modified": "2018-05-08T06:57:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-07T19:19:38",
"category": "Other",
"uuid": "5af14a51-af7c-4242-938c-4a6502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/66",
"category": "Other",
"uuid": "5af14a52-a9ac-44c6-a47c-45bd02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843/analysis/1525720778/",
"category": "External analysis",
"uuid": "5af14a52-4f74-4dc9-bc66-476e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c24f479b-83fb-41c6-8f0d-8ccf53b431c1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:25.000Z",
"modified": "2018-05-08T06:57:25.000Z",
"pattern": "[file:hashes.MD5 = '6eaa1ff5f33df3169c209f98cc5012d0' AND file:hashes.SHA1 = '10d571d66d3ab7b9ddf6a850cb9b8e38b07623c0' AND file:hashes.SHA256 = '27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2f9fccfb-465f-406c-aeef-3e329a966f34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:23.000Z",
"modified": "2018-05-08T06:57:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-07T19:19:25",
"category": "Other",
"uuid": "5af14a53-4c14-41f6-a7e4-40d402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/66",
"category": "Other",
"uuid": "5af14a54-aea0-4d40-b51d-4b0a02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9/analysis/1525720765/",
"category": "External analysis",
"uuid": "5af14a54-2e64-444f-995b-477d02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dd0cab48-6f62-4bd6-b10a-18200635fb54",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:27.000Z",
"modified": "2018-05-08T06:57:27.000Z",
"pattern": "[file:hashes.MD5 = 'cf45ec807321d12f8df35fa434591460' AND file:hashes.SHA1 = 'ddaa06a4021baf980a08caea899f2904609410b9' AND file:hashes.SHA256 = '0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c01bde93-91b5-4cfe-82f2-35da847471b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:26.000Z",
"modified": "2018-05-08T06:57:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-07T19:19:42",
"category": "Other",
"uuid": "5af14a56-0e3c-4e31-986e-412d02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/66",
"category": "Other",
"uuid": "5af14a56-5194-443a-9a91-40e202de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201/analysis/1525720782/",
"category": "External analysis",
"uuid": "5af14a56-8afc-4bf6-ada7-45e802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5eda63ae-1893-42e5-846a-e9995000bde9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:30.000Z",
"modified": "2018-05-08T06:57:30.000Z",
"pattern": "[file:hashes.MD5 = 'f1df1a795eb784f7bfc3ba9a7e3b00ac' AND file:hashes.SHA1 = '1470995de2278ae79646d524e7c311dad29aee17' AND file:hashes.SHA256 = 'e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--669adb50-5e7d-4c8d-8510-38a08aea3ba7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:28.000Z",
"modified": "2018-05-08T06:57:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-07T19:19:47",
"category": "Other",
"uuid": "5af14a58-552c-4cec-a7b2-4cb802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/65",
"category": "Other",
"uuid": "5af14a59-2cc0-4f38-a25d-447602de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200/analysis/1525720787/",
"category": "External analysis",
"uuid": "5af14a59-8ae8-48a9-9ffa-4fcd02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--41d7368a-bbcc-4b09-8db4-959a210b2e52",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:32.000Z",
"modified": "2018-05-08T06:57:32.000Z",
"pattern": "[file:hashes.MD5 = 'e78e3b0171b189074d2539c7baaa0719' AND file:hashes.SHA1 = '5f45bf0f57aa1f7c9d676740989b58cbffaf0ceb' AND file:hashes.SHA256 = '998aa45b4cd6ca30610c3f7dc1603c2c1feb49b0e2d968d29f64f1658f4d40d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--14781af2-cede-4e8a-b613-76a5eb9bd981",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:30.000Z",
"modified": "2018-05-08T06:57:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-07T10:10:04",
"category": "Other",
"comment": "Clean samples",
"uuid": "5af14a5b-431c-4912-8b73-4f4a02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/66",
"category": "Other",
"comment": "Clean samples",
"uuid": "5af14a5b-1414-4b04-837f-467d02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/998aa45b4cd6ca30610c3f7dc1603c2c1feb49b0e2d968d29f64f1658f4d40d5/analysis/1525687804/",
"category": "External analysis",
"comment": "Clean samples",
"uuid": "5af14a5b-f6e8-4eee-8b26-407b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e7b0d6ff-7062-460a-baaa-2f1387ae9eda",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:34.000Z",
"modified": "2018-05-08T06:57:34.000Z",
"pattern": "[file:hashes.MD5 = 'f3c6e16f0dd2b0e55a7dad365c3877d4' AND file:hashes.SHA1 = '397d97e278110a48bd2cb11bb5632b99a9100dbd' AND file:hashes.SHA256 = 'fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e8a84d77-4552-4789-9fff-c5b4d1f21c0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:33.000Z",
"modified": "2018-05-08T06:57:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-07T19:19:32",
"category": "Other",
"uuid": "5af14a5d-f2e8-40ca-8c36-4c1f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/66",
"category": "Other",
"uuid": "5af14a5d-144c-4b96-995e-4be302de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27/analysis/1525720772/",
"category": "External analysis",
"uuid": "5af14a5d-e504-4fec-a7e5-4ca802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f8bd20cd-39f4-4edd-b539-348389f5df61",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:37.000Z",
"modified": "2018-05-08T06:57:37.000Z",
"pattern": "[file:hashes.MD5 = 'ac1a85d3ca1b6265cad4ed41b696f9b7' AND file:hashes.SHA1 = '8ff7b74efffadb3a102ed0ec614c918526d0ea6b' AND file:hashes.SHA256 = '32d8c36c829be1cdbed56201a0e663227fe74d479f1732a7974fb50fdf09c02e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T06:57:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1015a558-4051-4d03-9a34-a0c9448ee953",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T06:57:35.000Z",
"modified": "2018-05-08T06:57:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-07T01:42:42",
"category": "Other",
"comment": "Clean samples",
"uuid": "5af14a60-7864-4f9e-9808-499c02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "8/65",
"category": "Other",
"comment": "Clean samples",
"uuid": "5af14a60-6228-4a34-aaf8-48bc02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/32d8c36c829be1cdbed56201a0e663227fe74d479f1732a7974fb50fdf09c02e/analysis/1525657362/",
"category": "External analysis",
"comment": "Clean samples",
"uuid": "5af14a60-3b6c-4561-aba5-47b102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--9f162ccf-2ef1-4a81-8933-0f7fa953711c",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T06:57:37.000Z",
"modified": "2018-05-08T06:57:37.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--74089204-8a39-410d-b274-c63a7c6edd93",
"target_ref": "x-misp-object--9c973c81-cfc7-45f9-895d-ce12cb73e25f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--798f00bc-a765-4c00-aadc-eee89833f8c6",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T06:57:37.000Z",
"modified": "2018-05-08T06:57:37.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--c24f479b-83fb-41c6-8f0d-8ccf53b431c1",
"target_ref": "x-misp-object--2f9fccfb-465f-406c-aeef-3e329a966f34"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--ed181e18-7abd-4ffb-8b30-2e8e95c9fe66",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T06:57:37.000Z",
"modified": "2018-05-08T06:57:37.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--dd0cab48-6f62-4bd6-b10a-18200635fb54",
"target_ref": "x-misp-object--c01bde93-91b5-4cfe-82f2-35da847471b9"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--87e081bb-cad1-4ea2-b9d1-fb44702de1ed",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T06:57:37.000Z",
"modified": "2018-05-08T06:57:37.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--5eda63ae-1893-42e5-846a-e9995000bde9",
"target_ref": "x-misp-object--669adb50-5e7d-4c8d-8510-38a08aea3ba7"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--9e10ae9e-c120-4c6d-bf40-5c189dceae13",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T06:57:37.000Z",
"modified": "2018-05-08T06:57:37.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--41d7368a-bbcc-4b09-8db4-959a210b2e52",
"target_ref": "x-misp-object--14781af2-cede-4e8a-b613-76a5eb9bd981"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--72061549-42f5-4397-a683-5fa8537dfb8b",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T06:57:38.000Z",
"modified": "2018-05-08T06:57:38.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--e7b0d6ff-7062-460a-baaa-2f1387ae9eda",
"target_ref": "x-misp-object--e8a84d77-4552-4789-9fff-c5b4d1f21c0b"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--de604b76-20ee-45c0-830c-fc3c55288bfe",
2023-06-14 17:31:25 +00:00
"created": "2018-05-08T06:57:38.000Z",
"modified": "2018-05-08T06:57:38.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--f8bd20cd-39f4-4edd-b539-348389f5df61",
"target_ref": "x-misp-object--1015a558-4051-4d03-9a34-a0c9448ee953"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}