2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5c463bd0-63bc-41f1-91dc-622168f8e8cf",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2021-05-24T09:53:13.000Z",
|
|
|
|
"modified": "2021-05-24T09:53:13.000Z",
|
|
|
|
"name": "VK-Intel",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5c463bd0-63bc-41f1-91dc-622168f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2021-05-24T09:53:13.000Z",
|
|
|
|
"modified": "2021-05-24T09:53:13.000Z",
|
|
|
|
"name": "2019-01-21: APT28 Autoit Zebrocy Progression",
|
|
|
|
"published": "2021-05-26T09:07:29Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5c463bd0-a7c8-4670-8a27-622168f8e8cf",
|
|
|
|
"indicator--5c463bd0-2174-48b9-bfe3-622168f8e8cf",
|
|
|
|
"indicator--5c463c0a-0f30-4502-9cf3-79aa68f8e8cf",
|
|
|
|
"indicator--5c463c0a-de14-441b-8ec9-79aa68f8e8cf",
|
|
|
|
"indicator--5c463c0a-eb38-4d29-9bf5-79aa68f8e8cf",
|
|
|
|
"indicator--5c463c55-d144-426e-a69c-622168f8e8cf",
|
|
|
|
"indicator--5c463c55-ee08-441f-bd1a-622168f8e8cf",
|
|
|
|
"indicator--5c463c55-d868-4e4b-9235-622168f8e8cf",
|
|
|
|
"x-misp-attribute--5c47f9d7-5f30-4893-a12d-1cfe68f8e8cf",
|
|
|
|
"indicator--5c49639e-7110-4d64-8050-631968f8e8cf",
|
|
|
|
"indicator--5c4963d0-3650-436c-b82e-631868f8e8cf",
|
|
|
|
"x-misp-attribute--5c5c8b3e-49cc-4e88-9a48-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b3e-fcc8-4845-8bcd-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b3e-b370-4841-863a-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b3e-807c-4433-93b2-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b3f-6948-461b-bd88-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b3f-f40c-409c-bb03-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b3f-3110-4eed-af28-0ff9354b4518",
|
|
|
|
"observed-data--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
|
|
|
|
"file--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b40-e5a0-453c-80a6-0ff9354b4518",
|
|
|
|
"observed-data--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
|
|
|
|
"file--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b40-4604-4e08-a5b0-0ff9354b4518",
|
|
|
|
"observed-data--5c5c8b40-0508-4724-9882-0ff9354b4518",
|
|
|
|
"file--5c5c8b40-0508-4724-9882-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b40-d5bc-4e51-8a0f-0ff9354b4518",
|
|
|
|
"x-misp-attribute--5c5c8b41-8ee0-4dd4-af84-0ff9354b4518",
|
|
|
|
"observed-data--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
|
|
|
|
"file--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
|
|
|
|
"indicator--b800728f-5a34-4730-a91b-f138e14c98c7",
|
|
|
|
"x-misp-object--99c1af3e-6e2a-4e7e-ae0d-785719b629de",
|
|
|
|
"indicator--d89b9e2c-fbdb-4504-858e-2cac4f989268",
|
|
|
|
"x-misp-object--4b15b1fa-1951-422f-8212-1f96c5f99af3",
|
|
|
|
"indicator--14b16764-ddf9-4007-b47e-3aef5cc6f36a",
|
|
|
|
"x-misp-object--587de82f-4aae-4200-b88f-a8d0fcfc24ed",
|
|
|
|
"indicator--63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
|
|
|
|
"x-misp-object--80a7973b-8573-413c-a2be-73b4062f2654",
|
|
|
|
"indicator--18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
|
|
|
|
"x-misp-object--ad488ad1-01c8-4a0e-80ee-a7f7257b1f13",
|
2023-12-14 13:47:04 +00:00
|
|
|
"relationship--c50847ea-e896-4287-9c77-a0f9e979080e",
|
|
|
|
"relationship--ae00ad7c-7f6e-46dc-93e1-7be45c3ba3da",
|
|
|
|
"relationship--63b11fa3-7200-472e-8f1b-b9cd81fac5cb",
|
|
|
|
"relationship--88bc9f9e-4684-4b65-8f3e-d780f1ba7b80",
|
|
|
|
"relationship--01972b8d-97a2-4963-868e-894399776c1f"
|
2023-06-14 17:31:25 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"Actor: APT28",
|
|
|
|
"Autoit",
|
|
|
|
"Actor: Sofacy",
|
|
|
|
"Downloader",
|
|
|
|
"Malware: Zebrocy",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys / Start Folder - T1060\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation - T1047\"",
|
|
|
|
"misp-galaxy:threat-actor=\"Sofacy\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463bd0-a7c8-4670-8a27-622168f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-21T21:39:41.000Z",
|
|
|
|
"modified": "2019-01-21T21:39:41.000Z",
|
|
|
|
"description": "APT28 Zebrocy Autoit Samples",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd6751b148461e0f863548be84020b879']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-21T21:39:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463bd0-2174-48b9-bfe3-622168f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-22T04:49:50.000Z",
|
|
|
|
"modified": "2019-01-22T04:49:50.000Z",
|
|
|
|
"description": "APT28 Zebrocy Autoit C2 AS9009 M247, GB @m247.com",
|
|
|
|
"pattern": "[url:value = 'http://194.187.249.126']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-22T04:49:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "External analysis"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463c0a-0f30-4502-9cf3-79aa68f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-21T21:39:22.000Z",
|
|
|
|
"modified": "2019-01-21T21:39:22.000Z",
|
|
|
|
"description": "APT28 Zebrocy Autoit Samples",
|
|
|
|
"pattern": "[file:hashes.MD5 = '311f24eb2dda26c26f572c727a25503b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-21T21:39:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463c0a-de14-441b-8ec9-79aa68f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-21T21:39:22.000Z",
|
|
|
|
"modified": "2019-01-21T21:39:22.000Z",
|
|
|
|
"description": "APT28 Zebrocy Autoit Samples",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7b1974e61795e84b6aacf33571320c2a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-21T21:39:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463c0a-eb38-4d29-9bf5-79aa68f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-21T21:39:22.000Z",
|
|
|
|
"modified": "2019-01-21T21:39:22.000Z",
|
|
|
|
"description": "APT28 Zebrocy Autoit Samples",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c2e1f2cf18ca987ebb3e8f4c09a4ef7e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-21T21:39:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463c55-d144-426e-a69c-622168f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-22T04:47:32.000Z",
|
|
|
|
"modified": "2019-01-22T04:47:32.000Z",
|
|
|
|
"description": "APT28 Zebrocy C2 AS201011 NETZBETRIEB-GMBH, DE @core-backbone.com",
|
|
|
|
"pattern": "[url:value = 'http://80.255.6.5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-22T04:47:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463c55-ee08-441f-bd1a-622168f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-22T04:47:55.000Z",
|
|
|
|
"modified": "2019-01-22T04:47:55.000Z",
|
|
|
|
"description": "APT28 Zebrocy C2 AS49544 I3DNET, NL Qhoster",
|
|
|
|
"pattern": "[url:value = 'http://220.158.216.127']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-22T04:47:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c463c55-d868-4e4b-9235-622168f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-22T04:46:58.000Z",
|
|
|
|
"modified": "2019-01-22T04:46:58.000Z",
|
|
|
|
"description": "APT28 Zebrocy C2 AS29073 QUASINETWORKS, NL @libertyvps.net",
|
|
|
|
"pattern": "[url:value = 'https://145.249.106.198/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-22T04:46:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c47f9d7-5f30-4893-a12d-1cfe68f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-23T05:21:27.000Z",
|
|
|
|
"modified": "2019-01-23T05:21:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"threat-actor\"",
|
|
|
|
"misp:category=\"Attribution\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Attribution",
|
|
|
|
"x_misp_type": "threat-actor",
|
|
|
|
"x_misp_value": "APT28"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c49639e-7110-4d64-8050-631968f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T07:05:02.000Z",
|
|
|
|
"modified": "2019-01-24T07:05:02.000Z",
|
|
|
|
"description": "Zebrocy AutoIt Jan 16, 2019",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ec57bb4980ea0190f4ad05d0ea9c9447']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-24T07:05:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5c4963d0-3650-436c-b82e-631868f8e8cf",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T07:05:52.000Z",
|
|
|
|
"modified": "2019-01-24T07:05:52.000Z",
|
|
|
|
"description": "Zebrocy January 16, 2019 URL",
|
|
|
|
"pattern": "[url:value = 'http://185.236.203.53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-24T07:05:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b3e-49cc-4e88-9a48-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:51:47.000Z",
|
|
|
|
"modified": "2019-02-07T19:51:47.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Other\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Other",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "virus (suspicious);AVG;"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b3e-fcc8-4845-8bcd-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:53:10.000Z",
|
|
|
|
"modified": "2019-02-07T19:53:10.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Other\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Other",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "PUA.Win.Packer.AcprotectUltraprotect-1;ClamAV;"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b3e-b370-4841-863a-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:51:40.000Z",
|
|
|
|
"modified": "2019-02-07T19:51:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Other\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Other",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Win32/Spy.Autoit.EK trojan;ESETnod32;"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b3e-807c-4433-93b2-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:53:20.000Z",
|
|
|
|
"modified": "2019-02-07T19:53:20.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Other\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Other",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "W32/Autoit.EK!tr.spy;Fortinet;"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b3f-6948-461b-bd88-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:49:55.000Z",
|
|
|
|
"modified": "2019-02-07T19:49:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"size-in-bytes\"",
|
|
|
|
"misp:category=\"Other\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Other",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "size-in-bytes",
|
|
|
|
"x_misp_value": "1150976"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b3f-f40c-409c-bb03-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:52:23.000Z",
|
|
|
|
"modified": "2019-02-07T19:52:23.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Payload type\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Payload type",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "9ea0c70001000000f1c6cd0033000000f1c6ce00ae000000f1c6cf003200000009788300090000000978930025000000000001001402000066eed8004d00000066eecd000200000066eec90001000000000097000100000066eecc0001000000;0;"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b3f-3110-4eed-af28-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:53:05.000Z",
|
|
|
|
"modified": "2019-02-07T19:53:05.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Payload type\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Payload type",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "VC8 -> Microsoft Corporation"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:49:34.000Z",
|
|
|
|
"modified": "2019-02-07T19:49:34.000Z",
|
|
|
|
"first_observed": "2019-02-07T19:49:34Z",
|
|
|
|
"last_observed": "2019-02-07T19:49:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b40-e5a0-453c-80a6-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:49:29.000Z",
|
|
|
|
"modified": "2019-02-07T19:49:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Payload delivery",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "MS certificate checker 3.3.12.0 12.5.34.0 Certificate verify checker Certificate verify checker"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:48:51.000Z",
|
|
|
|
"modified": "2019-02-07T19:48:51.000Z",
|
|
|
|
"first_observed": "2019-02-07T19:48:51Z",
|
|
|
|
"last_observed": "2019-02-07T19:48:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5c5c8b40-94cc-4c28-ad64-0ff9354b4518"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"imphash\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5c5c8b40-94cc-4c28-ad64-0ff9354b4518",
|
|
|
|
"hashes": {
|
|
|
|
"IMPHASH": "c1d258acab237961164a925272293413"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b40-4604-4e08-a5b0-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:49:21.000Z",
|
|
|
|
"modified": "2019-02-07T19:49:21.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Other\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Other",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "%WINDIR%\\temp\\Invoice-59947267.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c5c8b40-0508-4724-9882-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:49:13.000Z",
|
|
|
|
"modified": "2019-02-07T19:49:13.000Z",
|
|
|
|
"first_observed": "2019-02-07T19:49:13Z",
|
|
|
|
"last_observed": "2019-02-07T19:49:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5c5c8b40-0508-4724-9882-0ff9354b4518"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5c5c8b40-0508-4724-9882-0ff9354b4518",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "ce3b60fbad031c9bd5a10779cc8beb185035d407"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b40-d5bc-4e51-8a0f-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:48:58.000Z",
|
|
|
|
"modified": "2019-02-07T19:48:58.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Attribution\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Attribution",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "LANG_ENGLISH/SUBLANG_ENGLISH_UK"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5c5c8b41-8ee0-4dd4-af84-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:48:42.000Z",
|
|
|
|
"modified": "2019-02-07T19:48:42.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"datetime\"",
|
|
|
|
"misp:category=\"Other\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Other",
|
|
|
|
"x_misp_comment": "7b1974e61795e84b6aacf33571320c2a: Enriched",
|
|
|
|
"x_misp_type": "datetime",
|
|
|
|
"x_misp_value": "2018-03-02T01:31:48"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-02-07T19:48:31.000Z",
|
|
|
|
"modified": "2019-02-07T19:48:31.000Z",
|
|
|
|
"first_observed": "2019-02-07T19:48:31Z",
|
|
|
|
"last_observed": "2019-02-07T19:48:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"pehash\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5c5c8b41-ff7c-4eef-82f2-0ff9354b4518",
|
|
|
|
"hashes": {
|
|
|
|
"PEHASH": "791574aad9b238c5093e3c83a5db553ef45b01f1"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b800728f-5a34-4730-a91b-f138e14c98c7",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:08.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd6751b148461e0f863548be84020b879' AND file:hashes.SHA1 = 'bab1d2c668e597d19f9ee9395944c1ce0f34f279' AND file:hashes.SHA256 = '1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-24T21:38:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--99c1af3e-6e2a-4e7e-ae0d-785719b629de",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:09.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:09.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-01-24T11:36:53",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2fe07c1b-96ab-4f81-987a-8db6f28c9942"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27/analysis/1548329813/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5b56cfbc-246d-4782-b0bf-8fe1c528f788"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "43/69",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "792b941e-1e36-488a-bc89-bfd79ada3391"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d89b9e2c-fbdb-4504-858e-2cac4f989268",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:09.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:09.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c2e1f2cf18ca987ebb3e8f4c09a4ef7e' AND file:hashes.SHA1 = 'e757ea599a1d6f1d06d90589d7f19dd1c1bf8b7b' AND file:hashes.SHA256 = '5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-24T21:38:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--4b15b1fa-1951-422f-8212-1f96c5f99af3",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:09.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:09.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-10-25T17:04:30",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6da72563-3cc7-4780-a07e-55ff265b9308"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db/analysis/1540487070/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "71f1982a-d31f-42ea-8e9f-ef485841b836"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "40/65",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3ec5fc33-7d0b-4ae9-a429-670577bea696"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--14b16764-ddf9-4007-b47e-3aef5cc6f36a",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:09.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:09.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ec57bb4980ea0190f4ad05d0ea9c9447' AND file:hashes.SHA1 = '6b300486d17d07a02365d32b673cd6638bd384f3' AND file:hashes.SHA256 = 'e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-24T21:38:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--587de82f-4aae-4200-b88f-a8d0fcfc24ed",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:10.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:10.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-01-23T17:12:32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5a292dc8-ad4d-40ac-8462-bc25b6767fb9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d/analysis/1548263552/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "8c6e54b1-8393-4723-9851-47466fe07a81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "34/70",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0028b781-c4c6-4957-846f-b9a97cd4afe9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:10.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '311f24eb2dda26c26f572c727a25503b' AND file:hashes.SHA1 = '74e12fbcac14b2f1b2d83cabb057f8e059c95d68' AND file:hashes.SHA256 = '01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-24T21:38:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--80a7973b-8573-413c-a2be-73b4062f2654",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:10.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:10.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-11-06T17:34:50",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fc0041a5-dc4f-4fcf-a5b6-6a9fcb978a7f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889/analysis/1541525690/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "3640584d-273d-4d8f-8976-37156c0a0593"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "33/67",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "89221de2-e8a5-433e-93aa-ee73006ae663"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:10.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7b1974e61795e84b6aacf33571320c2a' AND file:hashes.SHA1 = 'ce3b60fbad031c9bd5a10779cc8beb185035d407' AND file:hashes.SHA256 = '121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-01-24T21:38:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ad488ad1-01c8-4a0e-80ee-a7f7257b1f13",
|
|
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
|
|
"created": "2019-01-24T21:38:10.000Z",
|
|
|
|
"modified": "2019-01-24T21:38:10.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-01-12T06:28:05",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ea4f7140-d3c9-46cb-8d71-627dc47ee8e1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999/analysis/1547274485/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "3897fb76-7663-4961-8bc6-27bd0f697402"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "47/69",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d7b594d5-8ae7-4c4e-bb62-9d0a9f402523"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--c50847ea-e896-4287-9c77-a0f9e979080e",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:53:13.000Z",
|
|
|
|
"modified": "2021-05-24T09:53:13.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--b800728f-5a34-4730-a91b-f138e14c98c7",
|
|
|
|
"target_ref": "x-misp-object--99c1af3e-6e2a-4e7e-ae0d-785719b629de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--ae00ad7c-7f6e-46dc-93e1-7be45c3ba3da",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:53:13.000Z",
|
|
|
|
"modified": "2021-05-24T09:53:13.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--d89b9e2c-fbdb-4504-858e-2cac4f989268",
|
|
|
|
"target_ref": "x-misp-object--4b15b1fa-1951-422f-8212-1f96c5f99af3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--63b11fa3-7200-472e-8f1b-b9cd81fac5cb",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:53:13.000Z",
|
|
|
|
"modified": "2021-05-24T09:53:13.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--14b16764-ddf9-4007-b47e-3aef5cc6f36a",
|
|
|
|
"target_ref": "x-misp-object--587de82f-4aae-4200-b88f-a8d0fcfc24ed"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--88bc9f9e-4684-4b65-8f3e-d780f1ba7b80",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:53:13.000Z",
|
|
|
|
"modified": "2021-05-24T09:53:13.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--63b96bc9-33bc-4ac2-b26b-077bf4180ab3",
|
|
|
|
"target_ref": "x-misp-object--80a7973b-8573-413c-a2be-73b4062f2654"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--01972b8d-97a2-4963-868e-894399776c1f",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:53:13.000Z",
|
|
|
|
"modified": "2021-05-24T09:53:13.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--18ba115d-3fa8-4ea6-b0aa-b84d71f314c5",
|
|
|
|
"target_ref": "x-misp-object--ad488ad1-01c8-4a0e-80ee-a7f7257b1f13"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|