2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--174f7375-c811-4c4a-81e0-1d41582f340d" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:58:38.000Z" ,
"modified" : "2021-03-26T11:58:38.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--174f7375-c811-4c4a-81e0-1d41582f340d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:58:38.000Z" ,
"modified" : "2021-03-26T11:58:38.000Z" ,
"name" : "OSINT - Analyzing attacks taking advantage of the Exchange Server vulnerabilities" ,
"published" : "2021-03-26T11:59:57Z" ,
"object_refs" : [
"indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3" ,
"indicator--0507d917-2bfd-418a-9c91-65edfe6df45f" ,
"indicator--27883473-9495-4bdc-84e1-8898c13d1f52" ,
"indicator--222418c5-b7f1-494e-9044-bfb11f195703" ,
"indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad" ,
"indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c" ,
"indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd" ,
"indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c" ,
"indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5" ,
"indicator--90d44c63-36d4-4adb-94ae-477475eeba3e" ,
"indicator--ca05457f-042b-4300-9c5e-52a335f989ef" ,
"indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335" ,
"indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9" ,
"indicator--e50aa7c3-ae00-4429-91d7-7962db057e92" ,
"indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41" ,
"indicator--53c5263a-7e99-412a-83ca-bed51b063a7c" ,
"indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6" ,
"indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed" ,
"indicator--ec22d510-f3af-4807-b40d-0e9a84073347" ,
"indicator--5b9913c1-e277-4947-a05d-52a3528c82ad" ,
"indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359" ,
"indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc" ,
"indicator--e8ef454d-3103-4a3c-9660-115baf72420d" ,
"indicator--58eddb96-5c84-408e-9a47-11034fd78da8" ,
"indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4" ,
"indicator--d3143632-5173-4516-9327-8e22f0deb6e6" ,
"indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2" ,
"indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b" ,
"indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada" ,
"indicator--eecf9939-d3d5-443a-ade5-374142e5bef8" ,
"indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec" ,
"indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c" ,
"indicator--e2526249-0422-4096-8b1e-7c189aea6270" ,
"indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8" ,
"indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d" ,
"indicator--741ebe5a-d450-44ba-989d-98b2164a8591" ,
"indicator--debe77bb-8d18-4911-9726-a46c85d44795" ,
"indicator--a011b404-9097-48e4-a602-1372b238d3b3" ,
"indicator--3b0ce211-02ae-466d-9390-cf91f7c73014" ,
"indicator--493ab996-5d1b-4bcf-932d-2305a6541f26" ,
"indicator--a7e87b24-f989-402d-8673-d8741bc08184" ,
"indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965" ,
"indicator--94aecbb8-5189-4e6e-9356-0172dcc89638" ,
"indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed" ,
"indicator--fe58049f-d796-48a7-b572-0256fb1c719f" ,
"indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53" ,
"indicator--e26ca02c-6819-4602-bbb8-ce6534aed660" ,
"indicator--411617df-f081-4b02-92fa-6374ee8b0f59" ,
"x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d" ,
"x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809" ,
"x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37" ,
"x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7" ,
"x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4" ,
"x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36" ,
"x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0" ,
"x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134" ,
"x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3" ,
"x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af" ,
"x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc" ,
"x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3" ,
"x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20" ,
"x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a" ,
"x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb" ,
"indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac" ,
"x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8" ,
"indicator--a195cd72-0b3b-4c16-a185-1dbba192b089" ,
"x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91" ,
"indicator--9e5710ce-d800-4726-b66b-0a2f6568a769" ,
"x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09" ,
"indicator--98476378-a729-4dc9-8381-460968f44e41" ,
"x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba" ,
"indicator--16eab987-8119-482e-81ca-637d7ab2027a" ,
"x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7" ,
"indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a" ,
"x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530" ,
"indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90" ,
"x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44" ,
"indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe" ,
"x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769" ,
"indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5" ,
"x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda" ,
"indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881" ,
"x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98" ,
"indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016" ,
"x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d" ,
"indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48" ,
"x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4" ,
"indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427" ,
"x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d" ,
"indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e" ,
"x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3" ,
"indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c" ,
"x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28" ,
"indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7" ,
"x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f" ,
"indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d" ,
"x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac" ,
"indicator--5b361066-2b82-4c80-b4ae-690998433d3c" ,
"x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996" ,
"indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67" ,
"x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5" ,
"indicator--606c37d3-7072-49e9-ba9a-f091642c58b6" ,
"x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c" ,
"indicator--833d3f3f-8273-4951-b714-6706bc1347d0" ,
"x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8" ,
"indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e" ,
"x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930" ,
"indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de" ,
"x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66" ,
"indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3" ,
"x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d" ,
"indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8" ,
"x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777" ,
"indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04" ,
"x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9" ,
"indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230" ,
"x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59" ,
"indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643" ,
"x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532" ,
"indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461" ,
"x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd" ,
"indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247" ,
"x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d" ,
"indicator--0737e5f5-f011-41ba-aa2d-17120ee75143" ,
"x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548" ,
"indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026" ,
"x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b" ,
"indicator--bcb634ef-c629-450c-a194-3197dcac08bf" ,
"x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7" ,
"indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6" ,
"x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c" ,
"indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd" ,
"x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a" ,
"indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5" ,
"x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078" ,
"x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325" ,
"x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67" ,
"x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95" ,
2023-05-19 09:05:37 +00:00
"relationship--43a950cb-1bb8-40bd-a204-4cde580974d5" ,
"relationship--5a01d4fc-57e0-4ba1-9447-3b60c42fb83c" ,
"relationship--a8cc8f22-76fb-431c-b52a-eb3515cf52db" ,
"relationship--89bf463a-999b-403b-aa13-864b704ba7f6" ,
"relationship--2a410043-12b4-456d-86d9-355ce51a31ec" ,
"relationship--b5b1bb59-399d-4cdb-ba7f-197b0ea896f1" ,
"relationship--e299987f-9ff6-4212-9845-130d2939eb11" ,
"relationship--79434fe6-f62f-4d3e-b0e2-5ceb044f98b2" ,
"relationship--d7fb1bd3-0a36-40b6-9595-8ff3609a8ee0" ,
"relationship--a6230a74-5c68-449b-aadb-41882045a6d7" ,
"relationship--2b26995f-ce4a-45b9-8f73-6abcaeabdf01" ,
"relationship--66e06e3c-1811-40fe-9f14-9916eb2e6e87" ,
"relationship--7ee3cb92-0cf1-4872-b6ce-44eae660c3e4" ,
"relationship--0c5fa2a6-8cf0-40fb-8d86-46b8fbe8da17" ,
"relationship--fb9292dc-aa09-4a00-b498-aede954a61cf" ,
"relationship--2e48ca8b-f30e-4f09-97a8-d66fad88efa8" ,
"relationship--a493d94b-9c0c-4700-a270-79c66395be6d" ,
"relationship--8ca13854-8de7-4d2b-8074-7e9391179061" ,
"relationship--f0014a5d-49da-4bd1-b9cf-805d343574bb" ,
"relationship--d53255e4-06e1-4a0a-bd82-baea1f812c24" ,
"relationship--06833a38-689b-407b-90a7-411e3448fd4f" ,
"relationship--3553142a-9731-4a2b-95cd-e5066ad5c7e5" ,
"relationship--f6254861-3661-45a2-a820-df8d347aac04" ,
"relationship--85414105-7725-4735-b79f-75de45e6d65d" ,
"relationship--0bc22e28-78fd-466a-98e7-86cad0f1b947" ,
"relationship--f5b31d97-2ced-450e-9ac5-5fbac2fafc91" ,
"relationship--b4aabc6c-3753-4d1e-9b1e-5bcd9c0c1606" ,
"relationship--64ed90b1-0c8e-42ae-95fc-878d5574c4c5" ,
"relationship--440643fd-453c-4b74-8fea-516c71c078ff" ,
"relationship--4dd97cc4-b221-455b-bc39-61b8647e0748" ,
"relationship--480714e0-7e37-4d09-9074-a3b09c0883bb" ,
"relationship--0ba9cd1d-3735-4be7-a28b-bbc684b0008b" ,
"relationship--130036cf-2d13-41c2-8b3e-7dff6a3fe45b" ,
"relationship--85765a66-f598-449b-9f8e-a503c67a985e" ,
"relationship--7ab7051d-b914-4908-bfd0-15cda14beb50" ,
"relationship--f7bb3f6f-6aaa-45d4-b5a4-d6f903c23e77" ,
"relationship--3ae7d8f1-49ab-4550-84b6-18e8f5219d6e" ,
"relationship--65a1db8d-63ce-4d7f-a019-0d4c6df1509b" ,
"relationship--225b3158-a223-47e9-9b5d-841ea0c38815"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:50:34.000Z" ,
"modified" : "2021-03-26T10:50:34.000Z" ,
"description" : "Domains abused by Lemon Duck:" ,
"pattern" : "[domain-name:value = 'down.sqlnetcat.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:50:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:50:34.000Z" ,
"modified" : "2021-03-26T10:50:34.000Z" ,
"description" : "Domains abused by Lemon Duck:" ,
"pattern" : "[domain-name:value = 't.sqlnetcat.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:50:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--27883473-9495-4bdc-84e1-8898c13d1f52" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:50:34.000Z" ,
"modified" : "2021-03-26T10:50:34.000Z" ,
"description" : "Domains abused by Lemon Duck:" ,
"pattern" : "[domain-name:value = 't.netcatkit.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:50:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--222418c5-b7f1-494e-9044-bfb11f195703" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:07.000Z" ,
"modified" : "2021-03-26T10:51:07.000Z" ,
"description" : "Pydomer DGA network indicators:" ,
"pattern" : "[url:value = 'uiiuui.com/search/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fb9b415d-0c5f-4bc2-a966-8f2de3e6b5ad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:07.000Z" ,
"modified" : "2021-03-26T10:51:07.000Z" ,
"description" : "Pydomer DGA network indicators:" ,
"pattern" : "[url:value = 'yuuuuu43.com/vpn-service/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d3418d73-07c0-4c8e-887e-1c0ef132491c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:07.000Z" ,
"modified" : "2021-03-26T10:51:07.000Z" ,
"description" : "Pydomer DGA network indicators:" ,
"pattern" : "[url:value = 'yuuuuu44.com/vpn-service/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--30133a6e-5b42-4d43-b14e-14c0ce5c48fd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:07.000Z" ,
"modified" : "2021-03-26T10:51:07.000Z" ,
"description" : "Pydomer DGA network indicators:" ,
"pattern" : "[url:value = 'yuuuuu46.com/search/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1b11e7b2-b5d3-49ce-a2e4-67b4b733805c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:33.000Z" ,
"modified" : "2021-03-26T10:51:33.000Z" ,
"description" : "Pydomer associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--09c6e13b-9ee3-4d11-91c7-2934ce6214a5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:34.000Z" ,
"modified" : "2021-03-26T10:51:34.000Z" ,
"description" : "Pydomer associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--90d44c63-36d4-4adb-94ae-477475eeba3e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:34.000Z" ,
"modified" : "2021-03-26T10:51:34.000Z" ,
"description" : "Pydomer associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ca05457f-042b-4300-9c5e-52a335f989ef" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:34.000Z" ,
"modified" : "2021-03-26T10:51:34.000Z" ,
"description" : "Pydomer associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6a2ad2ef-58be-4303-b7cf-41a1caaab335" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:34.000Z" ,
"modified" : "2021-03-26T10:51:34.000Z" ,
"description" : "Pydomer associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6a380c0c-1f8f-4f16-92c7-631f398034e9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:34.000Z" ,
"modified" : "2021-03-26T10:51:34.000Z" ,
"description" : "Pydomer associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e50aa7c3-ae00-4429-91d7-7962db057e92" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:34.000Z" ,
"modified" : "2021-03-26T10:51:34.000Z" ,
"description" : "Pydomer associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ac9bd59-8ee3-44c0-a842-128312afcb41" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--53c5263a-7e99-412a-83ca-bed51b063a7c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1c8b9c11-d832-4d3a-aa72-6f20a40e9ce6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--eb98ccd1-b6c2-459f-877c-6fc9cb5682ed" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ec22d510-f3af-4807-b40d-0e9a84073347" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9913c1-e277-4947-a05d-52a3528c82ad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a1f758e0-7568-4ed1-ab37-a8ee02e22359" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a7c061b6-8737-4833-9bfb-7dc7a9877edc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e8ef454d-3103-4a3c-9660-115baf72420d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58eddb96-5c84-408e-9a47-11034fd78da8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2d57e2fe-cd02-4ccf-b1fd-d14398c8cff4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d3143632-5173-4516-9327-8e22f0deb6e6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9eefe9a8-57b4-4af0-9e46-a5ecc756d2a2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1eb9c95a-aca6-4e17-95d8-85eb5580f05b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--151610f0-2fb7-46d6-b3e1-b3b627878ada" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--eecf9939-d3d5-443a-ade5-374142e5bef8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:51:49.000Z" ,
"modified" : "2021-03-26T10:51:49.000Z" ,
"description" : "Lemon Duck associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--637ef6c0-1d6c-4a0e-97a7-8c29d3a272ec" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fecb1042-b6de-46ee-b3b8-e9b2a7d2e30c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e2526249-0422-4096-8b1e-7c189aea6270" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7f7b791d-774d-4852-9456-2e5cbb6f47f8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = '904fbea2cd68383f32c5bc630d2227601dc52f94790fe7a6a7b6d44bfd904ff3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1f505bb0-aa2c-41c5-bce0-b30cc941a94d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--741ebe5a-d450-44ba-989d-98b2164a8591" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--debe77bb-8d18-4911-9726-a46c85d44795" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a011b404-9097-48e4-a602-1372b238d3b3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:14.000Z" ,
"modified" : "2021-03-26T10:52:14.000Z" ,
"description" : "DoejoCrypt associated hashes" ,
"pattern" : "[file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3b0ce211-02ae-466d-9390-cf91f7c73014" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--493ab996-5d1b-4bcf-932d-2305a6541f26" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = '2f0bc81c2ea269643cae307239124d1b6479847867b1adfe9ae712a1d5ef135e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a7e87b24-f989-402d-8673-d8741bc08184" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = '4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fd66b672-274f-4bd0-9de6-04b1d46fd965" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--94aecbb8-5189-4e6e-9356-0172dcc89638" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = '65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--140c1e65-1d74-4e0f-9306-0690d7c91fed" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = '811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fe58049f-d796-48a7-b572-0256fb1c719f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--68db0c1e-4c28-43a4-96db-e85fe0dc2e53" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e26ca02c-6819-4602-bbb8-ce6534aed660" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--411617df-f081-4b02-92fa-6374ee8b0f59" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:52:35.000Z" ,
"modified" : "2021-03-26T10:52:35.000Z" ,
"description" : "file hashes for some of the web shells observed during attacks" ,
"pattern" : "[file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T10:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--9749a54a-4be5-4059-acbf-033d614dee7d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Behavior:Win32/Exmann"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--a4071d67-2ea4-49d1-9c9b-0ee81234d809" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Behavior:Win32/IISExchgSpawnEMS"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--0178d543-9d09-4643-b5b6-ef0d2ea32e37" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Exploit:ASP/CVE-2021-27065"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--3e1c27bd-054d-4e1c-a7f6-b1d0aae91db7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Exploit:Script/Exmann"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--77f83632-b74c-4bfd-a23d-c1cf3221bbf4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan:Win32/IISExchgSpawnCMD"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--3d8a57d8-98ae-427a-ab43-ff07a8971b36" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Behavior:Win32/IISExchgDropWebshellBackdoor:JS/Webshell"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--eb8743cd-6e7e-40b3-a6c6-b6270ad1dba0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Backdoor:PHP/Chopper"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--59e6151f-accb-40b8-b1a4-884ec8c14134" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Backdoor:ASP/Chopper"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--669a2dc2-269d-4a5d-8025-21151208a7d3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Backdoor:MSIL/Chopper"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--b0de41c7-ec23-491d-a31f-3dce62abf9af" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan:JS/Chopper"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--a09f91d6-2103-422c-bf5b-6451f4a1acdc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan:Win32/Chopper"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--1315cf20-b279-490f-aded-5ae5c53ba9d3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Behavior:Win32/WebShellTerminal"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--368c532e-2cfb-4946-b88f-8c0fea358d20" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan:PowerShell/LemonDuck"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--7a16683b-3e4a-49dc-941f-13299d77d90a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:53:22.000Z" ,
"modified" : "2021-03-26T10:53:22.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan:Win32/LemonDuck"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c96a5a0f-a2d4-4072-8eb2-e85fdf0632fb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T10:50:13.000Z" ,
"modified" : "2021-03-26T10:50:13.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/" ,
"category" : "External analysis" ,
"uuid" : "a0b6693c-59ff-4826-bb18-bf10284c3ac8"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "The first known attacks leveraging the Exchange Server vulnerabilities were by the nation-state actor HAFNIUM, which we detailed in this blog. In the three weeks after the Exchange server vulnerabilities were disclosed and the security updates were released, Microsoft saw numerous other attackers adopting the exploit into their toolkits. Attackers are known to rapidly work to reverse engineer patches and develop exploits. In the case of a remote code execution (RCE) vulnerability, the rewards are high for attackers who can gain access before an organization patches, as patching a system does not necessarily remove the access of the attacker." ,
"category" : "Other" ,
"uuid" : "9d33109c-e0e3-480d-9e5d-451d5200837b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '1e746f685711c3595bee0585c12f0527' AND file:hashes.SHA1 = '16154da1fa113cd1db105900fcc07b427002ffc3' AND file:hashes.SHA256 = '737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-23T04:27:01+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "2c14bc86-d2e7-421f-97fd-0111b11444ca"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4/detection/f-737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4-1616473621" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "16ade091-6021-4ba4-8743-5cb033d138d2"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "4be959d2-a3b2-423d-8071-9e27a3c5051c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c6eeb14485d93f4e30fb79f3a57518fc' AND file:hashes.SHA1 = 'b7d99521348d319f57d2b2ba7045295fc99cf6a7' AND file:hashes.SHA256 = 'feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-22T07:29:43+00:00" ,
"category" : "Other" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "869695b6-6123-41ec-b764-34b73b34cd86"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede/detection/f-feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede-1616398183" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "fe0b5dbb-63a9-42e7-9492-c8c45a3a86fd"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "54/69" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "f3726946-77f5-4753-a2cf-839b5a52ff81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '0e55ead3b8fd305d9a54f78c7b56741a' AND file:hashes.SHA1 = 'f7b084e581a8dcea450c2652f8058d93797413c3' AND file:hashes.SHA256 = '2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T17:09:24+00:00" ,
"category" : "Other" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "e07381f9-9bee-4e66-894f-f2bbc781f4e8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff/detection/f-2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff-1616692164" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "12e6d6a8-5382-49d6-a882-1c49a4fef03d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/69" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "3c8c05fb-53d5-4c0b-b55c-15c4b5e6867f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--98476378-a729-4dc9-8381-460968f44e41" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b2511bc215734adbdc43af963bdedb2c' AND file:hashes.SHA1 = 'b50cea98ed2a0704d076eaa4b6f1f2195ee86f5d' AND file:hashes.SHA256 = 'a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-02-18T08:41:32+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "d22cd8fe-d76c-48a3-9887-b9d52c902884"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85/detection/f-a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85-1613637692" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "c4d928fd-0a39-4333-a5c1-c949bed6ea2a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "d065c60f-6b99-488a-82c9-5283e1929633"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--16eab987-8119-482e-81ca-637d7ab2027a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a7e571312e05d547936aab18f0b30fbf' AND file:hashes.SHA1 = 'e0d643e759b2adf736b451aff9afa92811ab8a99' AND file:hashes.SHA256 = '027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-22T04:07:46+00:00" ,
"category" : "Other" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "6c62d0c4-7948-4777-b360-0e0ca1f00c15"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27/detection/f-027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27-1616386066" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "c37add88-56ce-4830-b5b2-6e4956834b7b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "50/69" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "d37f4ba9-848b-4f9c-8aa7-a859dbddf418"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'faa5f4def7e037324f5f87239ddead2d' AND file:hashes.SHA1 = '00eb93b35a629ecbefca468fa5614c159b3becb9' AND file:hashes.SHA256 = '910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-26T06:32:11+00:00" ,
"category" : "Other" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "779a7676-e85a-4eb5-b611-cf5015c61f2d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db/detection/f-910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db-1616740331" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "950b8e9d-341b-4f62-a28a-8f494f11e2e9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/71" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "1281a4ee-9000-485e-849a-eccb2e395abf"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c914cd653e0e3dedc050e182b04d0877' AND file:hashes.SHA1 = 'dcb9118569388375b855e965a587440f069e68c9' AND file:hashes.SHA256 = 'dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-23T04:27:02+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "ca8b61d9-7a2a-4f5e-ae87-83791af7778d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd/detection/f-dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd-1616473622" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "079d2673-59d0-4e8f-8fd8-a4551bf99f39"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "c9c9fe50-c187-4197-8af0-2caa64bf3880"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e294d6f427c64f77b5b61bb7b17dd12c' AND file:hashes.SHA1 = 'ccdae3ada854cc441106ec52c12823439bab6cba' AND file:hashes.SHA256 = '9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-09T04:36:07+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "fd566086-2351-4fcb-bb21-66e09063e930"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719/detection/f-9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719-1615264567" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "3038f774-92f5-4d00-8ce4-d0052950c231"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "7238d3f9-a1aa-4050-916a-faef0506f0c7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:35.000Z" ,
"modified" : "2021-03-26T11:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '7778e6a03a9bee17640353d3a11bb0b7' AND file:hashes.SHA1 = '119e1bca56f4d920ef6e2aa54c6f34534aba1182' AND file:hashes.SHA256 = '69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-15T04:27:09+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "ffde5223-08ca-47d2-85f6-90f96f98f06d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e/detection/f-69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e-1615782429" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "97356146-dfa8-4890-873a-55fa6db1a654"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/58" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "4d39fabd-788a-412c-ad6b-cdbe0c6a5e8b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = '9f05994819a3d8c1a3769352c7c39d1d' AND file:hashes.SHA1 = 'eb2457196e04dfdd54f70bd32ed02ae854d45bc0' AND file:hashes.SHA256 = '10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-17T12:54:53+00:00" ,
"category" : "Other" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "4fcee4c5-8cc1-46bb-a02a-8aa51d1d80fa"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da/detection/f-10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da-1615985693" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "e04b13ea-7938-4f04-a85b-33cb3b46d734"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/68" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "d60fa16f-0465-4515-8225-9dfded930054"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = '96c2f4acef5807b54ded4e0dae6ed79d' AND file:hashes.SHA1 = '3e93999954ce080a4dc2875638745a92c539bd50' AND file:hashes.SHA256 = 'c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-26T10:43:42+00:00" ,
"category" : "Other" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "bf40e2d4-3f17-4de7-ba22-f2b175920607"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908/detection/f-c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908-1616755422" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "05e6b33a-5599-4596-a3e3-0ba912d7e913"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/71" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "45af6b9a-9266-4a2d-bcd7-2482ed300deb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fe15fc6341baad2a111462854f96a2bc' AND file:hashes.SHA1 = '90cd4f920d48c05fd3cad8275223f596c6388cbd' AND file:hashes.SHA256 = 'a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-18T12:35:49+00:00" ,
"category" : "Other" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "3e9b9f18-cf79-4cba-bf36-dd3aca92a364"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a/detection/f-a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90a-1616070949" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "ce113efe-ce5c-4923-96f1-4af810a2ee65"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/59" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "ef51397f-7aea-4f59-ba77-0ad6496a261a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aef2ae9b36989bab8818696de5ccd5e7' AND file:hashes.SHA1 = 'f985022d7705d1ec575a1eef4ee32506d8b82871' AND file:hashes.SHA256 = '201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-26T03:50:32+00:00" ,
"category" : "Other" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "12757096-d165-4389-af0f-6d799d73e476"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41/detection/f-201e4e9910dcdc8c4ffad84b60b328978db8848d265c0b9ba8473cf65dcd0c41-1616730632" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "51934ad8-7c30-46c7-97a0-81f699bb9b23"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/58" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "13724e64-8624-4872-a693-ca8ecd923611"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a5f6b6e95ef8a26081259813ca18e17b' AND file:hashes.SHA1 = '242bc043057bb12e27a9fe4db20d6bdb953cbc11' AND file:hashes.SHA256 = '866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T06:49:59+00:00" ,
"category" : "Other" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "e9085519-41c1-4fa7-8276-2e2cbb45ca85"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc/detection/f-866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc-1616654999" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "117b374e-1ab8-43b8-ade5-3bf3c701b3b1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/70" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "4266730a-eb89-4cad-9fa8-c5848d9bc3b9"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aa2efe290df3c38c26c70b1f40f69812' AND file:hashes.SHA1 = 'f6013bcaaa4f2df7c05ed2777bf845e844666297' AND file:hashes.SHA256 = 'a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T09:30:16+00:00" ,
"category" : "Other" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "10c72310-3b26-4d22-9637-4f083d7abcbd"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287/detection/f-a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287-1616664616" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "33363245-a8b5-454e-a858-568492e1a9be"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/69" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "9588211c-a3d0-4083-967b-115f56cd2415"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aaed26520f0d31b13e8adf80a4e9effd' AND file:hashes.SHA1 = '2c5a683e8119345faf98fb0bb5f31a8cbfe0537e' AND file:hashes.SHA256 = '56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-03T14:02:35+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "3691a68a-97e7-40d1-96d5-279bdbb823fe"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c/detection/f-56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c-1607004155" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "db2973a4-4243-4bfb-a292-dc59b7d221a6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/59" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "ee1570f1-abde-4958-ade7-c8937a7d2524"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'efcab2b28307300ee2c918b41f32cf91' AND file:hashes.SHA1 = 'bba0ad4f924e240f60e9a4a57e0d63c948023a6d' AND file:hashes.SHA256 = '9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-06T08:14:53+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "50c88681-8d74-4a69-b928-5795c7d17555"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd/detection/f-9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd-1607242493" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "69adb5ac-d9c3-448e-b037-855ef18f6276"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "442afd97-0df6-4e62-9930-0590d97ff0a3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b361066-2b82-4c80-b4ae-690998433d3c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'db49b6f1f379122685be9553c5cc0f37' AND file:hashes.SHA1 = '45788a5c0c0d97d9bed9c0e6115eca1edbad8ba6' AND file:hashes.SHA256 = 'd8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-01-07T03:05:17+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "3de97867-9c81-4932-bf7a-a014dd32cb61"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09/detection/f-d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09-1609988717" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "6cee7b26-43d0-4d2c-b152-8cba5b80813a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/61" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "463b5e6d-e62f-45eb-a630-83e80c2e3c51"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b4b1c0f3183e3c3982f66d31690facaf' AND file:hashes.SHA1 = '0e0d4c62550e0cd384e29699e708ea23faa45306' AND file:hashes.SHA256 = 'fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:36.000Z" ,
"modified" : "2021-03-26T11:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-15T04:27:09+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "7127659c-1f05-4542-9463-c60b3caa7361"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0/detection/f-fbeefca700f84373509fd729579ad7ea0dabdfe25848f44b2fbf61bf7f909df0-1615782429" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "4fcd49cf-96d4-49de-b561-ba64e807bd8d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/59" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "fa4661b2-e1d8-4463-ba67-240b1caec5b5"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '4271c75235072f7ee56f4ce16bd4d853' AND file:hashes.SHA1 = 'd184b29929d7f1aafba350d2782ec9dd87d1237d' AND file:hashes.SHA256 = 'bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-23T17:43:54+00:00" ,
"category" : "Other" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "c311092c-9fd7-4b98-9331-5b30137dfefe"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748/detection/f-bf53b637683f9cbf92b0dd6c97742787adfbc12497811d458177fdeeae9ec748-1616521434" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "e2500eff-8ca7-43e8-8204-7fe8ac52b6a1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "10/63" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "fe2dafe7-37c1-47ae-8f67-04193fd9e19c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--833d3f3f-8273-4951-b714-6706bc1347d0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '6be28a4523984698e7154671f73361bf' AND file:hashes.SHA1 = 'b974375ef0f6dcb6ce30558df2ed8570bf1ad642' AND file:hashes.SHA256 = 'fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T17:11:43+00:00" ,
"category" : "Other" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "a3e60ca7-e125-48d8-8980-e78a84afffc6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65/detection/f-fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65-1616692303" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "6e9e247d-ebe2-4145-a351-ab4d0d4700ff"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/69" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "d97605b6-c63f-49f0-8adf-68ec73a1f598"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '5544ba9ad1b56101b5d52b5270421d4a' AND file:hashes.SHA1 = 'fc6f5ce56166d9b4516ba207f3a653b722e1a8df' AND file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T17:44:24+00:00" ,
"category" : "Other" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "8b7429ee-e68e-4bdf-8f49-639d1eb15d28"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1/detection/f-511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1-1616694264" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "0626fc1d-da91-4406-9f0d-e47bb57f4380"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "34/58" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "a92b2542-caa5-45b9-b6a9-bb2ee1daf6e7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '4b3039cf227c611c45d2242d1228a121' AND file:hashes.SHA1 = '0ba9a76f55aaa495670d74d21850d0155ff5d6a5' AND file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T09:08:41+00:00" ,
"category" : "Other" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "0c197ea2-c1df-4351-a387-bd4be90f2662"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0/detection/f-b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0-1616663321" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "182062ff-0869-47fb-ab25-9a1ab1e4757a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/59" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "b8a7520c-49cf-4bea-a8ed-d8418350286d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f8b604ca7aa304a479f2461d1b74e795' AND file:hashes.SHA1 = '0539c6df68e9ef15cbfa1f07daca8fd759fef874' AND file:hashes.SHA256 = 'b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T09:28:40+00:00" ,
"category" : "Other" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "3415562e-3531-4526-ab5a-18e148b88458"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f/detection/f-b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f-1616664520" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "be3f7eea-6ce4-4649-a2cf-04a4e6dc38cf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/68" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "a472f375-7e35-41c7-a008-50bf3c58b73b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '20e8e55625f68ed42a793d76d359a858' AND file:hashes.SHA1 = '7b7a1653030fd3ad4464b7f09d9ac401a5f691c9' AND file:hashes.SHA256 = 'c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T07:25:00+00:00" ,
"category" : "Other" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "5fe7cddd-dc1e-49bd-b2a6-7863f6e2b18c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a/detection/f-c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a-1616657100" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "f0850dc7-1cfe-46ae-9180-7b25675af3cb"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/70" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "6c4d92c4-d849-4e24-849c-59d7ff0c9958"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '36d1edc364161e1446e015a8feec84c8' AND file:hashes.SHA1 = '995d12119b2ef37bcbbe097d0e520853ef1eb599' AND file:hashes.SHA256 = '3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-23T04:30:17+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "87f05b33-46ac-40a5-92ee-1b1de0a3bea9"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec/detection/f-3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec-1616473817" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "24684a9d-9f35-4c32-b640-31095c647fbf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "ca52efdb-5859-45cf-bc11-070769185f0c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = '8ccd905c0bbf09e76d19ea5de1455cb3' AND file:hashes.SHA1 = '9129fa215f3a35daa0179681c4c0177c5ff731ce' AND file:hashes.SHA256 = '7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T12:22:04+00:00" ,
"category" : "Other" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "969ff01a-1fce-44e1-bcc1-9606b11364ef"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382/detection/f-7e07b6addf2f0d26eb17f4a1be1cba11ca8779b0677cedc30dbebef77ccba382-1616674924" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "afea2cd9-f8e1-407b-8673-320db908bf88"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/68" ,
"category" : "Payload delivery" ,
"comment" : "Pydomer associated hashes" ,
"uuid" : "1e6bf9ec-f1e3-48d0-bc25-33ac307ed723"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f2e22df5e284587dc36f8041129af391' AND file:hashes.SHA1 = '6c9ec01e105f92727d6acee24a0db0f3ee54b02c' AND file:hashes.SHA256 = 'dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:37.000Z" ,
"modified" : "2021-03-26T11:04:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-18T14:34:53+00:00" ,
"category" : "Other" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "501b4cb9-9c77-42cf-bc67-a853dd21d69c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d/detection/f-dd29e8d47dde124c7d14e614e03ccaab3ecaa50e0a0bef985ed59e98928bc13d-1616078093" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "e50b4719-fbbe-4a2a-bf98-bede02cd0947"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "8/56" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "b5eabe27-cb81-4090-ae50-2548281d3124"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '321df9000c3de177ad6b5544c621c73c' AND file:hashes.SHA1 = 'e273fdfe22553b5ab45c4775e66ae685ad9d9421' AND file:hashes.SHA256 = 'f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-23T04:33:43+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "5a7f6b6e-5620-42bc-8093-23ae31786bb5"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f/detection/f-f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f-1616474023" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "337fcab4-164c-4aa3-b464-50c420934d87"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "eebcb1d2-65a5-460c-be66-42b15829d872"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '8a047f4917d75bb0bb6659e41569a9b7' AND file:hashes.SHA1 = '388ac00a76db82a0ac2434d1b4fb7420bab1a403' AND file:hashes.SHA256 = 'f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-01-13T04:56:42+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "7796fe41-cc68-488c-866a-72803ef21625"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501/detection/f-f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501-1610513802" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "29441525-7fa9-4f94-90b5-65ec62e47f84"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "8691f11a-d438-464a-a9c5-c28d06e4cc91"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '4ef04cba6bec2c3a164b9b755efbeb1c' AND file:hashes.SHA1 = '49644cbbb9d234bd4f7a47ed596c8bbfefd39065' AND file:hashes.SHA256 = '8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-23T11:33:56+00:00" ,
"category" : "Other" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "02d6ff72-f9d1-4dda-b6b2-22b21f911cf1"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc/detection/f-8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfc-1616499236" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "33a391d1-534c-43d3-8b89-440a8966be9c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/59" ,
"category" : "Payload delivery" ,
"comment" : "file hashes for some of the web shells observed during attacks" ,
"uuid" : "b412fd3b-24c9-407c-8550-b7a8c4ab8e66"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '9e1545e5fe21f6d11c7151b7625b4dc2' AND file:hashes.SHA1 = 'b5c4b59a8073730e4001154f104c6e58fa0d69da' AND file:hashes.SHA256 = 'db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-01-15T23:37:13+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "1cedb96f-3b85-4286-abb6-bc4bd0135f90"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd/detection/f-db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd-1610753833" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "d5654fb2-f319-4492-b673-b2a46bf4e397"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "0b9df251-54d1-4c39-81c0-d1ae7dfc74b6"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bcb634ef-c629-450c-a194-3197dcac08bf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '3a9ff0529a0d9f0ddb3567d5e1faf1a0' AND file:hashes.SHA1 = '113ea510f7bda4da632e44f53743a158eae9d4f5' AND file:hashes.SHA256 = '893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-15T04:23:56+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "cc1a7dae-41f5-44c2-8276-80e1ae5c6a55"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e/detection/f-893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e-1615782236" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "06399175-7fa7-4c9e-80e9-659eda1fdeb0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/58" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "c0d6686a-49c6-41f8-b9c6-b8682d1d7820"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cdda3913408c4c46a6c575421485fa5b' AND file:hashes.SHA1 = '56eec7392297e7301159094d7e461a696fe5b90f' AND file:hashes.SHA256 = 'e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-25T17:09:58+00:00" ,
"category" : "Other" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "31a7ec95-06dd-45f2-b5c5-f697e268ff8d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6/detection/f-e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6-1616692198" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "70e4338c-3c35-46e4-89d0-31adb709c954"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "56/69" ,
"category" : "Payload delivery" ,
"comment" : "DoejoCrypt associated hashes" ,
"uuid" : "622b1cbc-1cfa-45e4-876b-54850e42821c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '0fa1e6af698aa1bac8a404bc39073165' AND file:hashes.SHA1 = '183d1c960d56b6b2c8d0e7a8d1133b2c1a68ab4f' AND file:hashes.SHA256 = '4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2021-03-17T06:38:46+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "77367d54-61d6-4838-8653-c88b6742386d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9/detection/f-4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9-1615963126" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "018861d0-77ec-4363-a736-166eb6cbfd14"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/60" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "66b6fa85-808c-4517-b5a2-0eebea469065"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:38.000Z" ,
"modified" : "2021-03-26T11:04:38.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a54b9ccaaf2f66bc9492e2c574fe9be4' AND file:hashes.SHA1 = '60ef117443b1c8a07fd83ed9c44912a24b07539e' AND file:hashes.SHA256 = '0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-26T11:04:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-04T10:59:17+00:00" ,
"category" : "Other" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "e3e47dbc-e35d-4bb4-865a-da00c5ce450b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc/detection/f-0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc-1607079557" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "df30a638-4dc5-4215-ae5c-bca49563c24f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/59" ,
"category" : "Payload delivery" ,
"comment" : "Lemon Duck associated hashes" ,
"uuid" : "edd55caf-4550-435b-b94f-3b3c858ade5d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:57:05.000Z" ,
"modified" : "2021-03-26T11:57:05.000Z" ,
"labels" : [
"misp:name=\"passive-dns\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "rdata" ,
"value" : "down.eatuo.com." ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com" ,
"uuid" : "0bddeafa-7a6c-400d-9d17-c7aa61e801e8"
} ,
{
"type" : "counter" ,
"object_relation" : "count" ,
"value" : "6928" ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com" ,
"uuid" : "d3a9ba89-5715-47c2-aaf3-112bd25dfdea"
} ,
{
"type" : "text" ,
"object_relation" : "rrname" ,
"value" : "down.sqlnetcat.com." ,
"category" : "Network activity" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com" ,
"uuid" : "b9a5a870-8263-458d-a835-e59abaf32391"
} ,
{
"type" : "text" ,
"object_relation" : "rrtype" ,
"value" : "CNAME" ,
"category" : "Network activity" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com" ,
"uuid" : "743087e5-0cea-4a21-9235-1ddca94dcd29"
} ,
{
"type" : "text" ,
"object_relation" : "bailiwick" ,
"value" : "sqlnetcat.com." ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: down.sqlnetcat.com" ,
"uuid" : "f04a1396-21bb-4c5d-8d34-ad6dd4238355"
}
] ,
"x_misp_comment" : "down.sqlnetcat.com: enriched via the farsight_passivedns module." ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "passive-dns"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:57:11.000Z" ,
"modified" : "2021-03-26T11:57:11.000Z" ,
"labels" : [
"misp:name=\"passive-dns\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "rdata" ,
"value" : "cvc.7766.org." ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com" ,
"uuid" : "2571e00a-31e2-44ab-bbf1-fb729c1bd1d9"
} ,
{
"type" : "counter" ,
"object_relation" : "count" ,
"value" : "5851" ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com" ,
"uuid" : "459889b7-6a66-4e7f-81f8-b61a79b90bb9"
} ,
{
"type" : "text" ,
"object_relation" : "rrname" ,
"value" : "t.sqlnetcat.com." ,
"category" : "Network activity" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com" ,
"uuid" : "4eaea8f2-4d8d-466b-83ac-129b7bde1e93"
} ,
{
"type" : "text" ,
"object_relation" : "rrtype" ,
"value" : "CNAME" ,
"category" : "Network activity" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com" ,
"uuid" : "88047db8-d719-43a1-ab87-1f975c0d78ec"
} ,
{
"type" : "text" ,
"object_relation" : "bailiwick" ,
"value" : "sqlnetcat.com." ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.sqlnetcat.com" ,
"uuid" : "2b366322-44f6-456e-8e5c-b74974416de2"
}
] ,
"x_misp_comment" : "t.sqlnetcat.com: enriched via the farsight_passivedns module." ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "passive-dns"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-26T11:57:13.000Z" ,
"modified" : "2021-03-26T11:57:13.000Z" ,
"labels" : [
"misp:name=\"passive-dns\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "rdata" ,
"value" : "cvc.7766.org." ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com" ,
"uuid" : "ca77ccb5-20fe-4fd7-9fe3-af3a7808a75e"
} ,
{
"type" : "counter" ,
"object_relation" : "count" ,
"value" : "8442" ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com" ,
"uuid" : "73584055-6503-49ff-b62b-4d9fb61c4bfa"
} ,
{
"type" : "text" ,
"object_relation" : "rrname" ,
"value" : "t.netcatkit.com." ,
"category" : "Network activity" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com" ,
"uuid" : "0c57824d-8a0a-4bb7-b2bc-baccdb26f000"
} ,
{
"type" : "text" ,
"object_relation" : "rrtype" ,
"value" : "CNAME" ,
"category" : "Network activity" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com" ,
"uuid" : "ce08cee5-ee8f-4c0e-aae6-1dfca662707b"
} ,
{
"type" : "text" ,
"object_relation" : "bailiwick" ,
"value" : "netcatkit.com." ,
"category" : "Other" ,
"comment" : "Result from an rrset lookup on DNSDB about the hostname: t.netcatkit.com" ,
"uuid" : "d2ec7460-18fc-49f2-b6f9-5be19664dcdd"
}
] ,
"x_misp_comment" : "t.netcatkit.com: enriched via the farsight_passivedns module." ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "passive-dns"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--43a950cb-1bb8-40bd-a204-4cde580974d5" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c1324e4-da6a-4392-9f78-9c6f497a56ac" ,
"target_ref" : "x-misp-object--f8791d29-bcbb-43ba-8b31-371d281757a8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--5a01d4fc-57e0-4ba1-9447-3b60c42fb83c" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a195cd72-0b3b-4c16-a185-1dbba192b089" ,
"target_ref" : "x-misp-object--58d36f16-09f7-4ff6-a4eb-d771e9a0ac91"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--a8cc8f22-76fb-431c-b52a-eb3515cf52db" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9e5710ce-d800-4726-b66b-0a2f6568a769" ,
"target_ref" : "x-misp-object--85a7f022-e867-4bba-9f60-572f10e9ab09"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--89bf463a-999b-403b-aa13-864b704ba7f6" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--98476378-a729-4dc9-8381-460968f44e41" ,
"target_ref" : "x-misp-object--ed01adb0-7935-4acc-944a-3be3b2e9a6ba"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--2a410043-12b4-456d-86d9-355ce51a31ec" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--16eab987-8119-482e-81ca-637d7ab2027a" ,
"target_ref" : "x-misp-object--b7849f75-6ff1-4c9b-864e-cc8932dbc2b7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--b5b1bb59-399d-4cdb-ba7f-197b0ea896f1" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--684ab1ab-994d-4245-851c-ef8bf31ecf0a" ,
"target_ref" : "x-misp-object--aea3278c-3824-4f96-bc2f-6e38d8709530"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--e299987f-9ff6-4212-9845-130d2939eb11" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1004ee8d-26bb-4973-908a-e29a9d26ba90" ,
"target_ref" : "x-misp-object--0ce9950f-81f9-4d2c-b28e-a87d2e61ad44"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--79434fe6-f62f-4d3e-b0e2-5ceb044f98b2" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0afc4005-8a2c-4238-b974-17f9eaaf1abe" ,
"target_ref" : "x-misp-object--765e5f0d-99b2-4dd8-a53b-09a1050eb769"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--d7fb1bd3-0a36-40b6-9595-8ff3609a8ee0" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1eef1450-95b2-4f02-9fe0-679b4daa21b5" ,
"target_ref" : "x-misp-object--05c62c41-284d-45fd-935b-dd3dd959eeda"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--a6230a74-5c68-449b-aadb-41882045a6d7" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7f25639e-80d5-478f-8daf-f4fb76bc9881" ,
"target_ref" : "x-misp-object--95d67997-6f0c-478c-977d-362d30cc8f98"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--2b26995f-ce4a-45b9-8f73-6abcaeabdf01" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--da78b3bd-a286-47ca-abe8-be8b9dabe016" ,
"target_ref" : "x-misp-object--8b6d1dc2-9dfb-47a4-84e0-0be59cf32f5d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--66e06e3c-1811-40fe-9f14-9916eb2e6e87" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--823fb96f-f21b-4fc9-bd0b-3b8a95635f48" ,
"target_ref" : "x-misp-object--26a182ac-3493-4ea4-bfae-c1921a1a7dc4"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--7ee3cb92-0cf1-4872-b6ce-44eae660c3e4" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:39.000Z" ,
"modified" : "2021-03-26T11:04:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6fd128cd-2a9d-407f-9c31-54eb6cbdc427" ,
"target_ref" : "x-misp-object--3c697682-5a8a-4d1c-8cfc-8c64aabe226d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--0c5fa2a6-8cf0-40fb-8d86-46b8fbe8da17" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9e421a7c-0c63-4d01-a5d1-c1a9e033114e" ,
"target_ref" : "x-misp-object--8fa3df06-0c22-438d-a3fc-700d32e0a9a3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--fb9292dc-aa09-4a00-b498-aede954a61cf" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--2c46c27a-354d-42e7-b5be-3dd8a5b06c5c" ,
"target_ref" : "x-misp-object--a528334c-62cf-42b0-a6dc-3f7d3cbcbc28"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--2e48ca8b-f30e-4f09-97a8-d66fad88efa8" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--4a2d5efc-ae3f-4fc7-91f4-f6bda3e321b7" ,
"target_ref" : "x-misp-object--e9c28a40-0154-4e1b-8466-f5e58326910f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--a493d94b-9c0c-4700-a270-79c66395be6d" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b027bf1e-1eed-4043-82f7-53ea4ac6537d" ,
"target_ref" : "x-misp-object--95e0a63b-bdab-4cb0-8f1a-d13825af20ac"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--8ca13854-8de7-4d2b-8074-7e9391179061" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5b361066-2b82-4c80-b4ae-690998433d3c" ,
"target_ref" : "x-misp-object--19a03f3c-f5cf-4d7b-91ce-0a64f148c996"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--f0014a5d-49da-4bd1-b9cf-805d343574bb" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cec9ab1b-4f09-409d-a4a8-08c1b0f08a67" ,
"target_ref" : "x-misp-object--6edfb384-06fe-45b9-aae5-0fcce4c8cbb5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--d53255e4-06e1-4a0a-bd82-baea1f812c24" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--606c37d3-7072-49e9-ba9a-f091642c58b6" ,
"target_ref" : "x-misp-object--bb54eee9-dba0-4f63-923c-66c696cca73c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--06833a38-689b-407b-90a7-411e3448fd4f" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--833d3f3f-8273-4951-b714-6706bc1347d0" ,
"target_ref" : "x-misp-object--6f0ad91d-0c15-4f01-ba3f-a15cbd48b6a8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--3553142a-9731-4a2b-95cd-e5066ad5c7e5" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c8d6ed6d-f0aa-47b6-8065-4ff64c44f84e" ,
"target_ref" : "x-misp-object--9d8eaadf-241c-44f3-881f-e1eca0fb8930"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--f6254861-3661-45a2-a820-df8d347aac04" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--e9848d4d-51a5-4495-a5e7-5f4eb22d65de" ,
"target_ref" : "x-misp-object--f39954b4-1c19-4fa5-b0f9-82346bc77b66"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--85414105-7725-4735-b79f-75de45e6d65d" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b7d9a669-06f5-4327-9db0-dc1c4bac34d3" ,
"target_ref" : "x-misp-object--8411ca42-9757-4c57-9a19-df38d572db9d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--0bc22e28-78fd-466a-98e7-86cad0f1b947" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--10dc6fd6-69a1-441d-9ec0-b2b8042645f8" ,
"target_ref" : "x-misp-object--f44ca745-607f-49ac-9dec-697a3b79a777"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--f5b31d97-2ced-450e-9ac5-5fbac2fafc91" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ec87de38-6059-474d-8c30-ca86b5fcbf04" ,
"target_ref" : "x-misp-object--e3ba17ec-4c02-44c4-a995-6b9aec19a3d9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--b4aabc6c-3753-4d1e-9b1e-5bcd9c0c1606" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--76ad3172-9d1b-4f7c-98c2-fd2d596c6230" ,
"target_ref" : "x-misp-object--b0723db5-d97e-40e9-bf23-af388906ec59"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--64ed90b1-0c8e-42ae-95fc-878d5574c4c5" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ac1f3911-ed5d-4bfa-b66b-ab5dbd3a3643" ,
"target_ref" : "x-misp-object--5c09a38f-67c4-4893-94ce-dc4be8805532"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--440643fd-453c-4b74-8fea-516c71c078ff" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f6ffeb66-f913-4ca9-b06a-e970a0662461" ,
"target_ref" : "x-misp-object--9fac7d5a-3e37-4fad-9d0f-e4f8032858dd"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--4dd97cc4-b221-455b-bc39-61b8647e0748" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cb71cee8-5c22-47e4-9983-045ccd5d4247" ,
"target_ref" : "x-misp-object--9d7c47c1-a44d-41e2-8d4b-86fe9230480d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--480714e0-7e37-4d09-9074-a3b09c0883bb" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:40.000Z" ,
"modified" : "2021-03-26T11:04:40.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0737e5f5-f011-41ba-aa2d-17120ee75143" ,
"target_ref" : "x-misp-object--6cedfe74-4a3e-467c-8c7b-b77096d91548"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--0ba9cd1d-3735-4be7-a28b-bbc684b0008b" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:41.000Z" ,
"modified" : "2021-03-26T11:04:41.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--683f8f38-5b8a-43a9-bf1c-0ddacb515026" ,
"target_ref" : "x-misp-object--a9888d4c-c487-4210-a1bf-5d61b925881b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--130036cf-2d13-41c2-8b3e-7dff6a3fe45b" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:41.000Z" ,
"modified" : "2021-03-26T11:04:41.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--bcb634ef-c629-450c-a194-3197dcac08bf" ,
"target_ref" : "x-misp-object--2c95845e-1117-4e6b-8a9b-7749a7ced7c7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--85765a66-f598-449b-9f8e-a503c67a985e" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:41.000Z" ,
"modified" : "2021-03-26T11:04:41.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7f7d67ca-ce09-4e6b-a5d2-f85caddf61a6" ,
"target_ref" : "x-misp-object--a5904b21-912d-4cff-b24a-4d743a6f890c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--7ab7051d-b914-4908-bfd0-15cda14beb50" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:41.000Z" ,
"modified" : "2021-03-26T11:04:41.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--957a32d8-3998-442b-9d7b-d6e338bcf6bd" ,
"target_ref" : "x-misp-object--73e98549-dbf0-4b91-bde1-90b475eb2a3a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--f7bb3f6f-6aaa-45d4-b5a4-d6f903c23e77" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:04:41.000Z" ,
"modified" : "2021-03-26T11:04:41.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--e170a06d-f86e-49d4-be62-e263f4ac31b5" ,
"target_ref" : "x-misp-object--4e19d71d-f21c-4af9-b179-538df8759078"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--3ae7d8f1-49ab-4550-84b6-18e8f5219d6e" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:57:10.000Z" ,
"modified" : "2021-03-26T11:57:10.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "x-misp-object--582d3eb2-516a-46f3-92a9-717dfcac5325" ,
"target_ref" : "indicator--fa803eb4-4247-4e1e-9c9b-aa3308d2d9f3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--65a1db8d-63ce-4d7f-a019-0d4c6df1509b" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:57:11.000Z" ,
"modified" : "2021-03-26T11:57:11.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "x-misp-object--99391dd6-a586-481c-a586-bbd508b34b67" ,
"target_ref" : "indicator--0507d917-2bfd-418a-9c91-65edfe6df45f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--225b3158-a223-47e9-9b5d-841ea0c38815" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-03-26T11:57:13.000Z" ,
"modified" : "2021-03-26T11:57:13.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "x-misp-object--b9f8ea05-6c6c-4f30-89dd-ad1c3062fc95" ,
"target_ref" : "indicator--27883473-9495-4bdc-84e1-8898c13d1f52"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}