2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5cccb246-0da0-4c93-a463-61fe0a016219",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2020-12-09T14:45:39.000Z",
|
|
|
|
"modified": "2020-12-09T14:45:39.000Z",
|
|
|
|
"name": "ESET",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5cccb246-0da0-4c93-a463-61fe0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2020-12-09T14:45:39.000Z",
|
|
|
|
"modified": "2020-12-09T14:45:39.000Z",
|
|
|
|
"name": "ESET Turla LightNeuron Research",
|
|
|
|
"published": "2019-05-10T08:38:22Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--6f5800ff-87e0-46fc-adac-807018e9d07f",
|
|
|
|
"file--6f5800ff-87e0-46fc-adac-807018e9d07f",
|
|
|
|
"observed-data--64d9f4ac-632e-458b-af36-a2e6e1d2bd57",
|
|
|
|
"file--64d9f4ac-632e-458b-af36-a2e6e1d2bd57",
|
|
|
|
"observed-data--90bcabcb-b2fb-4e73-a1a1-88f8a9e186df",
|
|
|
|
"file--90bcabcb-b2fb-4e73-a1a1-88f8a9e186df",
|
|
|
|
"observed-data--4f4bdd4d-f0c4-4761-bed8-711f1b3b7744",
|
|
|
|
"file--4f4bdd4d-f0c4-4761-bed8-711f1b3b7744",
|
|
|
|
"observed-data--25408199-95da-448d-a95f-a222dc7ba162",
|
|
|
|
"file--25408199-95da-448d-a95f-a222dc7ba162",
|
|
|
|
"observed-data--66fa127c-7625-441a-b0ab-bc0b72403ca8",
|
|
|
|
"file--66fa127c-7625-441a-b0ab-bc0b72403ca8",
|
|
|
|
"x-misp-attribute--5df144ba-2702-4d5b-9070-a089c28fe905",
|
|
|
|
"observed-data--4440b265-2377-474c-83f1-8c8f24348f57",
|
|
|
|
"file--4440b265-2377-474c-83f1-8c8f24348f57",
|
|
|
|
"observed-data--17417300-6cef-4720-8772-b90887ce8cb9",
|
|
|
|
"file--17417300-6cef-4720-8772-b90887ce8cb9",
|
|
|
|
"observed-data--24645bfe-0e15-4c57-806e-27b6dacb18e8",
|
|
|
|
"file--24645bfe-0e15-4c57-806e-27b6dacb18e8",
|
|
|
|
"x-misp-attribute--22e9a8ca-f758-440b-befe-f5cec1d249d0",
|
|
|
|
"observed-data--eea9d060-4ae7-41f8-ac22-a4a0c15a31b5",
|
|
|
|
"file--eea9d060-4ae7-41f8-ac22-a4a0c15a31b5",
|
|
|
|
"observed-data--09c6ef7c-ff1a-4b86-9d87-74b859bfbfae",
|
|
|
|
"file--09c6ef7c-ff1a-4b86-9d87-74b859bfbfae",
|
|
|
|
"observed-data--6af7a8c3-f17d-43fb-8c10-1602910bc038",
|
|
|
|
"file--6af7a8c3-f17d-43fb-8c10-1602910bc038",
|
|
|
|
"observed-data--edfdb3f9-c762-46d9-8597-29cc5f1fa50e",
|
|
|
|
"file--edfdb3f9-c762-46d9-8597-29cc5f1fa50e",
|
|
|
|
"observed-data--7111a10b-7725-4579-96b6-cf01f779b816",
|
|
|
|
"file--7111a10b-7725-4579-96b6-cf01f779b816",
|
|
|
|
"observed-data--0b557f56-389f-4c44-abf0-1d464922eb01",
|
|
|
|
"file--0b557f56-389f-4c44-abf0-1d464922eb01",
|
|
|
|
"observed-data--606aa8cc-8fe7-4a35-8755-7804c04a19d3",
|
|
|
|
"file--606aa8cc-8fe7-4a35-8755-7804c04a19d3",
|
|
|
|
"observed-data--d8cc496a-4c78-4d26-8ded-e605b7f65179",
|
|
|
|
"file--d8cc496a-4c78-4d26-8ded-e605b7f65179",
|
|
|
|
"observed-data--60abe762-ba0e-46a0-86a9-d9de3a6ef85e",
|
|
|
|
"file--60abe762-ba0e-46a0-86a9-d9de3a6ef85e",
|
|
|
|
"observed-data--21bf9cf9-356b-44cd-9b40-534f3d26ace6",
|
|
|
|
"file--21bf9cf9-356b-44cd-9b40-534f3d26ace6",
|
|
|
|
"observed-data--1ce77aca-09f7-4e3b-b249-444b349dd34c",
|
|
|
|
"file--1ce77aca-09f7-4e3b-b249-444b349dd34c",
|
|
|
|
"observed-data--efc3fcdc-9987-43a4-82b3-c6b51f28e9f4",
|
|
|
|
"file--efc3fcdc-9987-43a4-82b3-c6b51f28e9f4",
|
|
|
|
"observed-data--5cccb302-f18c-4e72-9744-65540a016219",
|
|
|
|
"file--5cccb302-f18c-4e72-9744-65540a016219",
|
|
|
|
"observed-data--5cccb30f-1b18-476d-9558-5d380a016219",
|
|
|
|
"file--5cccb30f-1b18-476d-9558-5d380a016219",
|
|
|
|
"observed-data--5cccb32b-8110-48f1-a6a8-65560a016219",
|
|
|
|
"file--5cccb32b-8110-48f1-a6a8-65560a016219",
|
|
|
|
"observed-data--5cccb441-3720-468d-88a1-5d3a0a016219",
|
|
|
|
"file--5cccb441-3720-468d-88a1-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-1e60-443e-919e-5d3a0a016219",
|
|
|
|
"file--5cccb441-1e60-443e-919e-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-f920-4f2e-95bf-5d3a0a016219",
|
|
|
|
"file--5cccb441-f920-4f2e-95bf-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-cff8-4af7-b7ad-5d3a0a016219",
|
|
|
|
"file--5cccb441-cff8-4af7-b7ad-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-9730-46ba-ac64-5d3a0a016219",
|
|
|
|
"file--5cccb441-9730-46ba-ac64-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-5ae4-450a-9e04-5d3a0a016219",
|
|
|
|
"file--5cccb441-5ae4-450a-9e04-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-253c-4882-85f1-5d3a0a016219",
|
|
|
|
"file--5cccb441-253c-4882-85f1-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-f7c8-4e1c-bfc9-5d3a0a016219",
|
|
|
|
"file--5cccb441-f7c8-4e1c-bfc9-5d3a0a016219",
|
|
|
|
"observed-data--5cccb441-b8c0-4633-904e-5d3a0a016219",
|
|
|
|
"file--5cccb441-b8c0-4633-904e-5d3a0a016219",
|
|
|
|
"observed-data--5cccb8c1-67d4-43c3-b904-65540a016219",
|
|
|
|
"url--5cccb8c1-67d4-43c3-b904-65540a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:threat-actor=\"Turla Group\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"PowerShell - T1086\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Valid Accounts - T1078\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Collection - T1119\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Configuration Discovery - T1016\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Exfiltration - T1020\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encrypted - T1022\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Local System - T1005\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Email Collection - T1114\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Obfuscation - T1001\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scheduled Transfer - T1029\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Cryptographic Protocol - T1032\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--6f5800ff-87e0-46fc-adac-807018e9d07f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:49.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:49.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:49Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--6f5800ff-87e0-46fc-adac-807018e9d07f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--6f5800ff-87e0-46fc-adac-807018e9d07f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "9ed3438587e25073c17e82958010a3aa"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--64d9f4ac-632e-458b-af36-a2e6e1d2bd57",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:46.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:46.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:46Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:46Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--64d9f4ac-632e-458b-af36-a2e6e1d2bd57"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--64d9f4ac-632e-458b-af36-a2e6e1d2bd57",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "3c851e239fbf67a03e0dae8f63eee702b330db6c"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--90bcabcb-b2fb-4e73-a1a1-88f8a9e186df",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:43.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:43.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:43Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--90bcabcb-b2fb-4e73-a1a1-88f8a9e186df"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--90bcabcb-b2fb-4e73-a1a1-88f8a9e186df",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "fec68a0fea0019c878c8a348976c0ec0b8ecf6e7c63fe99afabfff2b7e6d4b11"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--4f4bdd4d-f0c4-4761-bed8-711f1b3b7744",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:33.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:33.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:33Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--4f4bdd4d-f0c4-4761-bed8-711f1b3b7744"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--4f4bdd4d-f0c4-4761-bed8-711f1b3b7744",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "2b14f9f3c758a2cf842a61aca6a3455d"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--25408199-95da-448d-a95f-a222dc7ba162",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:22.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:22.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:22Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:22Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--25408199-95da-448d-a95f-a222dc7ba162"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--25408199-95da-448d-a95f-a222dc7ba162",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "f9d52bb5a30b42fc2d1763be586cee8a57424732"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--66fa127c-7625-441a-b0ab-bc0b72403ca8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:16.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:16.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:16Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:16Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--66fa127c-7625-441a-b0ab-bc0b72403ca8"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--66fa127c-7625-441a-b0ab-bc0b72403ca8",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "25facbc4265ca90f0508e77e97e1e6fcc7e46f6cca316b251b06d41232f6360c"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5df144ba-2702-4d5b-9070-a089c28fe905",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:29:30.000Z",
|
|
|
|
"modified": "2019-05-03T21:29:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Antivirus detection\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Antivirus detection",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "MSIL/Turla.A"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--4440b265-2377-474c-83f1-8c8f24348f57",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:13.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:13.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:13Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--4440b265-2377-474c-83f1-8c8f24348f57"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--4440b265-2377-474c-83f1-8c8f24348f57",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "5924eac8af1f3e3f1f825998bc59c062"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--17417300-6cef-4720-8772-b90887ce8cb9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:09.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:09.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:09Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:09Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--17417300-6cef-4720-8772-b90887ce8cb9"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--17417300-6cef-4720-8772-b90887ce8cb9",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "0a9f10925af42df94925d07112f303d57392c908"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--24645bfe-0e15-4c57-806e-27b6dacb18e8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:07.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:07.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:07Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:07Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--24645bfe-0e15-4c57-806e-27b6dacb18e8"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--24645bfe-0e15-4c57-806e-27b6dacb18e8",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "88c90c2b123a357423ab3241624cba49d57122ee3b8ff4130504090c174bb09d"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--22e9a8ca-f758-440b-befe-f5cec1d249d0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:29:36.000Z",
|
|
|
|
"modified": "2019-05-03T21:29:36.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"Antivirus detection\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Antivirus detection",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Win64/Turla.CC"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--eea9d060-4ae7-41f8-ac22-a4a0c15a31b5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--eea9d060-4ae7-41f8-ac22-a4a0c15a31b5"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--eea9d060-4ae7-41f8-ac22-a4a0c15a31b5",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "c86e40e1fd2bd477a7f0cfed63fbca4a"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--09c6ef7c-ff1a-4b86-9d87-74b859bfbfae",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:33:04.000Z",
|
|
|
|
"modified": "2019-05-03T21:33:04.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:33:04Z",
|
|
|
|
"last_observed": "2019-05-03T21:33:04Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--09c6ef7c-ff1a-4b86-9d87-74b859bfbfae"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--09c6ef7c-ff1a-4b86-9d87-74b859bfbfae",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "76ee1802a6c920cbeb3a1053a4ec03c71b7e46f8"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--6af7a8c3-f17d-43fb-8c10-1602910bc038",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:32:40.000Z",
|
|
|
|
"modified": "2019-05-03T21:32:40.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:32:40Z",
|
|
|
|
"last_observed": "2019-05-03T21:32:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--6af7a8c3-f17d-43fb-8c10-1602910bc038"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--6af7a8c3-f17d-43fb-8c10-1602910bc038",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "92af9451d6809e035246869e53a56e1717224b28e8e96af4d80573264435d524"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--edfdb3f9-c762-46d9-8597-29cc5f1fa50e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:32:03.000Z",
|
|
|
|
"modified": "2019-05-03T21:32:03.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:32:03Z",
|
|
|
|
"last_observed": "2019-05-03T21:32:03Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--edfdb3f9-c762-46d9-8597-29cc5f1fa50e"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--edfdb3f9-c762-46d9-8597-29cc5f1fa50e",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "7519b8c8ed36ec0840112bf9581717a3"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--7111a10b-7725-4579-96b6-cf01f779b816",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:32:00.000Z",
|
|
|
|
"modified": "2019-05-03T21:32:00.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:32:00Z",
|
|
|
|
"last_observed": "2019-05-03T21:32:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--7111a10b-7725-4579-96b6-cf01f779b816"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--7111a10b-7725-4579-96b6-cf01f779b816",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "c1ff6804fdb8656ab08928d187837d28060a552f"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--0b557f56-389f-4c44-abf0-1d464922eb01",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:57.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:57.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:57Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:57Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--0b557f56-389f-4c44-abf0-1d464922eb01"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--0b557f56-389f-4c44-abf0-1d464922eb01",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "c730d1af146bc420a1dfbbc647e53133a95cc87e9e519f37a01a413410e16498"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--606aa8cc-8fe7-4a35-8755-7804c04a19d3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:53.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:53.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:53Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:53Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--606aa8cc-8fe7-4a35-8755-7804c04a19d3"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--606aa8cc-8fe7-4a35-8755-7804c04a19d3",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "32d92f9c125816c5ffd407577ad3ccc2"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--d8cc496a-4c78-4d26-8ded-e605b7f65179",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:50.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:50.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:50Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--d8cc496a-4c78-4d26-8ded-e605b7f65179"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--d8cc496a-4c78-4d26-8ded-e605b7f65179",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "ff28b53b55bc77a5b4626f9db856e67ac598c787"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--60abe762-ba0e-46a0-86a9-d9de3a6ef85e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:47.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:47.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:47Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:47Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--60abe762-ba0e-46a0-86a9-d9de3a6ef85e"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--60abe762-ba0e-46a0-86a9-d9de3a6ef85e",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "d01745a8f454fbf173c8b410f279a84fd3b2dace379c1d67ba9b40c9813b200d"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--21bf9cf9-356b-44cd-9b40-534f3d26ace6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:42.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:42.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:42Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--21bf9cf9-356b-44cd-9b40-534f3d26ace6"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--21bf9cf9-356b-44cd-9b40-534f3d26ace6",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "e1fdde61d9db9d6875994e4a412987f7"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--1ce77aca-09f7-4e3b-b249-444b349dd34c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:37.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:37.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:37Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--1ce77aca-09f7-4e3b-b249-444b349dd34c"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--1ce77aca-09f7-4e3b-b249-444b349dd34c",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "556674f08ecca84d19a8a756e3457dbf6aff4a1c"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--efc3fcdc-9987-43a4-82b3-c6b51f28e9f4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:34.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:34.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:34Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--efc3fcdc-9987-43a4-82b3-c6b51f28e9f4"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--efc3fcdc-9987-43a4-82b3-c6b51f28e9f4",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "ce01c8087368b7938175b217e9d4e2b50bbd3007d6f9b786d9b86a38a1acbc85"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb302-f18c-4e72-9744-65540a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:30:42.000Z",
|
|
|
|
"modified": "2019-05-03T21:30:42.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:30:42Z",
|
|
|
|
"last_observed": "2019-05-03T21:30:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb302-f18c-4e72-9744-65540a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb302-f18c-4e72-9744-65540a016219",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-1": "a4d1a34fe5effd90ccb6897679586ddc07fbc5cd"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb30f-1b18-476d-9558-5d380a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:30:55.000Z",
|
|
|
|
"modified": "2019-05-03T21:30:55.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:30:55Z",
|
|
|
|
"last_observed": "2019-05-03T21:30:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb30f-1b18-476d-9558-5d380a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb30f-1b18-476d-9558-5d380a016219",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "55319464e46e2c31d22b39b46d5477fb"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb32b-8110-48f1-a6a8-65560a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:31:23.000Z",
|
|
|
|
"modified": "2019-05-03T21:31:23.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:31:23Z",
|
|
|
|
"last_observed": "2019-05-03T21:31:23Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb32b-8110-48f1-a6a8-65560a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb32b-8110-48f1-a6a8-65560a016219",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "14f530e16e8c6dbac02f1bde53594f01b7edab9c45c4c371a3093120276ffaf1"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-3720-468d-88a1-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:13.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:13.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:13Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-3720-468d-88a1-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-3720-468d-88a1-5d3a0a016219",
|
|
|
|
"name": "%tmp%\\winmail.dat"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-1e60-443e-919e-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-1e60-443e-919e-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-1e60-443e-919e-5d3a0a016219",
|
|
|
|
"name": "%WINDIR%\\ServiceProfiles\\NetworkService\\appdata\\Local\\Temp\\msmocf.xml"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-f920-4f2e-95bf-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-f920-4f2e-95bf-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-f920-4f2e-95bf-5d3a0a016219",
|
|
|
|
"name": "%WINDIR%\\ServiceProfiles\\NetworkService\\appdata\\Local\\Temp\\msmodl.dat"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-cff8-4af7-b7ad-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-cff8-4af7-b7ad-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-cff8-4af7-b7ad-5d3a0a016219",
|
|
|
|
"name": "Windows\\814ad43-58ab-2cd3-3e68-b82a8f402fd0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-9730-46ba-ac64-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-9730-46ba-ac64-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-9730-46ba-ac64-5d3a0a016219",
|
|
|
|
"name": "Windows\\42cf8a1-6e20-8c24-d35f-82c46d8b70ba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-5ae4-450a-9e04-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-5ae4-450a-9e04-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-5ae4-450a-9e04-5d3a0a016219",
|
|
|
|
"name": "%WINDIR%\\serviceprofiles\\networkservice\\appdata\\Roaming\\Microsoft\\"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-253c-4882-85f1-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-253c-4882-85f1-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-253c-4882-85f1-5d3a0a016219",
|
|
|
|
"name": "Windows\\36b1f4a-82b9-eb06-7c1e-90b4b2d5c27d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-f7c8-4e1c-bfc9-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-f7c8-4e1c-bfc9-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-f7c8-4e1c-bfc9-5d3a0a016219",
|
|
|
|
"name": "%WINDIR%\\ServiceProfiles\\NetworkService\\AppData\\Roaming\\Microsoft\\thumbcache_idx.db"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb441-b8c0-4633-904e-5d3a0a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:36:01.000Z",
|
|
|
|
"modified": "2019-05-03T21:36:01.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"last_observed": "2019-05-03T21:36:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5cccb441-b8c0-4633-904e-5d3a0a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Artifacts dropped\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5cccb441-b8c0-4633-904e-5d3a0a016219",
|
|
|
|
"name": "%WINDIR%\\ServiceProfiles\\NetworkService\\AppData\\Roaming\\Microsoft\\Windows\\thumbcache_32.db"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cccb8c1-67d4-43c3-b904-65540a016219",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
|
|
|
|
"created": "2019-05-03T21:55:13.000Z",
|
|
|
|
"modified": "2019-05-03T21:55:13.000Z",
|
|
|
|
"first_observed": "2019-05-03T21:55:13Z",
|
|
|
|
"last_observed": "2019-05-03T21:55:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cccb8c1-67d4-43c3-b904-65540a016219"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cccb8c1-67d4-43c3-b904-65540a016219",
|
|
|
|
"value": "https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|