adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5dc3249f-6ebc-44fd-b78d-448d02de0b81.json

749 lines
33 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5dc3249f-6ebc-44fd-b78d-448d02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T20:00:02.000Z",
"modified": "2019-11-06T20:00:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5dc3249f-6ebc-44fd-b78d-448d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T20:00:02.000Z",
"modified": "2019-11-06T20:00:02.000Z",
"name": "OSINT - BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0",
"published": "2019-11-06T20:02:52Z",
"object_refs": [
"indicator--5dc324da-8930-4832-84ae-428102de0b81",
"indicator--5dc324da-3aa8-4672-a5c8-461502de0b81",
"indicator--5dc324da-4734-4603-be54-44eb02de0b81",
"indicator--5dc324da-7284-4a03-880f-4c9d02de0b81",
"indicator--5dc324da-eef0-4d5e-bc21-4c5402de0b81",
"indicator--5dc324da-7f9c-4659-abea-402a02de0b81",
"x-misp-attribute--5dc32571-aa74-4179-8f74-42bc02de0b81",
"indicator--5dc325b9-7018-496a-b223-4b7602de0b81",
"indicator--5dc325b9-a748-403f-abcc-428c02de0b81",
"observed-data--5dc325e5-6214-4a8f-bf43-441102de0b81",
"url--5dc325e5-6214-4a8f-bf43-441102de0b81",
"indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1",
"indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317",
"indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91",
"indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568",
"indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad",
"indicator--25d7c94e-5aad-4634-878d-15010c84f0aa",
"x-misp-object--f10bc385-bc29-4069-8374-abc49782561a",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"relationship--5ca6e4cf-350e-4637-925b-0f6d57be3e7a",
"relationship--4f496a71-1d26-41d2-8c80-0015691efaea",
"relationship--706d94e1-7508-48c1-9125-d8d8a061d315",
"relationship--9af7e40d-65e8-4e31-89a3-643079da4b4d",
"relationship--0f867571-fa7a-45f8-9f50-101e02475f73",
"relationship--a864a935-a589-4347-8eeb-7f4e38fadb48"
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"Dridex\"",
"misp-galaxy:malpedia=\"FriedEx\"",
"misp-galaxy:ransomware=\"Bitpaymer\"",
"misp-galaxy:threat-actor=\"INDRIK SPIDER\"",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-8930-4832-84ae-428102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '51d8618ec86159327e883615ad8989c7638172cf801f65ab0367e5b2e6af596a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-3aa8-4672-a5c8-461502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = 'd4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-4734-4603-be54-44eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-7284-4a03-880f-4c9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = 'bfb7e62ba4ad5975e68a1beefb045cb72e056911fd7a8b070a15029dfcbbefe1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-eef0-4d5e-bc21-4c5402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = 'bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc324da-7f9c-4659-abea-402a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:54:02.000Z",
"modified": "2019-11-06T19:54:02.000Z",
"description": "Encrypted PE Files Embedded in DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:54:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5dc32571-aa74-4179-8f74-42bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:56:33.000Z",
"modified": "2019-11-06T19:56:33.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "CrowdStrike\u00c2\u00ae Intelligence has identified a new ransomware variant identifying itself as BitPaymer. This new variant was behind a series of ransomware campaigns beginning in June 2019, including attacks against the City of Edcouch, Texas and the Chilean Ministry of Agriculture. \r\n\r\nWe have dubbed this new ransomware DoppelPaymer because it shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER. However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of INDRIK SPIDER have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc325b9-7018-496a-b223-4b7602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:57:45.000Z",
"modified": "2019-11-06T19:57:45.000Z",
"description": "DoppelPaymer",
"pattern": "[file:hashes.SHA256 = '801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:57:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc325b9-a748-403f-abcc-428c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:57:45.000Z",
"modified": "2019-11-06T19:57:45.000Z",
"description": "Dridex 2.0",
"pattern": "[file:hashes.SHA256 = '813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:57:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5dc325e5-6214-4a8f-bf43-441102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:58:29.000Z",
"modified": "2019-11-06T19:58:29.000Z",
"first_observed": "2019-11-06T19:58:29Z",
"last_observed": "2019-11-06T19:58:29Z",
"number_observed": 1,
"object_refs": [
"url--5dc325e5-6214-4a8f-bf43-441102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5dc325e5-6214-4a8f-bf43-441102de0b81",
"value": "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:15.000Z",
"modified": "2019-11-06T19:59:15.000Z",
"pattern": "[file:hashes.MD5 = '1b5c3c458e31bede55145d0644e88d75' AND file:hashes.SHA1 = 'a21c84c6bf2e21d69fa06daaf19b4cc34b589347' AND file:hashes.SHA256 = '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:15.000Z",
"modified": "2019-11-06T19:59:15.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-05T13:32:39",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "590eabf8-daae-48fa-93f7-a6881b74188d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4/analysis/1572960759/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "7de0a36e-6553-4bca-b8f3-2496fa7c6ae6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "15/71",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "28dc293f-7fb7-49e5-9c3e-8bee49d6f3b2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:15.000Z",
"modified": "2019-11-06T19:59:15.000Z",
"pattern": "[file:hashes.MD5 = '68f9b52895f4d34e74112f3129b3b00d' AND file:hashes.SHA1 = 'c5e2018bf7c0f314fed4fd7fe7e69fa2e648359e' AND file:hashes.SHA256 = 'd4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:16.000Z",
"modified": "2019-11-06T19:59:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-05T15:07:41",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "2d422e88-d201-4694-bbd7-866a38115bf8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f/analysis/1572966461/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "3e29cdd3-6698-46ac-a2e0-37658066a1a7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/71",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "4d55f6ac-dcd5-4ac6-8eca-d33081e4708a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:16.000Z",
"modified": "2019-11-06T19:59:16.000Z",
"pattern": "[file:hashes.MD5 = '6365fe1d37545c71cbe2719ac7831bdd' AND file:hashes.SHA1 = '9356d660cebd2604ec4e72967f44678741331d5a' AND file:hashes.SHA256 = '0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:17.000Z",
"modified": "2019-11-06T19:59:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-04T12:24:35",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "2087010a-da8e-4132-b113-308e02d41f06"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc/analysis/1572870275/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "d1cd1211-5d23-4442-94c1-6973a0b3e6cf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "14/70",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "72338110-8f9a-4c07-ab93-d926bbe4fe0e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:17.000Z",
"modified": "2019-11-06T19:59:17.000Z",
"pattern": "[file:hashes.MD5 = '47bc14f741779c3a7450adeeb66bb7e8' AND file:hashes.SHA1 = '980842b405d6df5385503044e102ad4a5d8b8573' AND file:hashes.SHA256 = '813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:17.000Z",
"modified": "2019-11-06T19:59:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-04T12:37:45",
"category": "Other",
"comment": "Dridex 2.0",
"uuid": "4bd2567e-f3c3-4af6-8878-5cebbb3ee30f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a/analysis/1572871065/",
"category": "Payload delivery",
"comment": "Dridex 2.0",
"uuid": "f70fc547-6175-4e7d-aa3c-09fdcae120b9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/69",
"category": "Payload delivery",
"comment": "Dridex 2.0",
"uuid": "094fb53d-08d6-44e0-9a00-ca0890f5175d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"pattern": "[file:hashes.MD5 = '9141d1d189afc2e300121e71a211c925' AND file:hashes.SHA1 = 'ee5ac27425616878a932516000c04dedbde5b715' AND file:hashes.SHA256 = '801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-04T23:59:41",
"category": "Other",
"comment": "DoppelPaymer",
"uuid": "0bb87c96-21b6-4b12-997c-d8e329e3678d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b/analysis/1572911981/",
"category": "Payload delivery",
"comment": "DoppelPaymer",
"uuid": "556bfa2e-6a6d-405a-a050-051f2ba65972"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "54/68",
"category": "Payload delivery",
"comment": "DoppelPaymer",
"uuid": "26ceb39d-61ca-4f10-a6d9-d565989705e2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25d7c94e-5aad-4634-878d-15010c84f0aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"pattern": "[file:hashes.MD5 = 'b365af317ae730a67c936f21432b9c71' AND file:hashes.SHA1 = 'a0bdfac3ce1880b32ff9b696458327ce352e3b1d' AND file:hashes.SHA256 = 'bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-06T19:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f10bc385-bc29-4069-8374-abc49782561a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-05T08:08:47",
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "35be71bd-7536-4d04-8ef0-608d868fe3ce"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4/analysis/1572941327/",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "5d316b72-97a1-4935-bf13-366b77f8c6fd"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/71",
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"uuid": "1d009b4d-d054-4cbe-bef2-6d8b6d5e9112"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--5ca6e4cf-350e-4637-925b-0f6d57be3e7a",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2019-11-06T19:59:18.000Z",
"modified": "2019-11-06T19:59:18.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"target_ref": "x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--4f496a71-1d26-41d2-8c80-0015691efaea",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"target_ref": "x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--706d94e1-7508-48c1-9125-d8d8a061d315",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"target_ref": "x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--9af7e40d-65e8-4e31-89a3-643079da4b4d",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"target_ref": "x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--0f867571-fa7a-45f8-9f50-101e02475f73",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2019-11-06T19:59:19.000Z",
"modified": "2019-11-06T19:59:19.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"target_ref": "x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--a864a935-a589-4347-8eeb-7f4e38fadb48",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2019-11-06T19:59:20.000Z",
"modified": "2019-11-06T19:59:20.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--25d7c94e-5aad-4634-878d-15010c84f0aa",
"target_ref": "x-misp-object--f10bc385-bc29-4069-8374-abc49782561a"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink