2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b43ce0c-47e8-476c-97d6-f56402de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:08.000Z" ,
"modified" : "2018-07-10T06:56:08.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b43ce0c-47e8-476c-97d6-f56402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:08.000Z" ,
"modified" : "2018-07-10T06:56:08.000Z" ,
"name" : "OSINT - APT Attack In the Middle East: The Big Bang" ,
"published" : "2018-07-10T07:10:59Z" ,
"object_refs" : [
"observed-data--5b43ce1c-edb4-491d-95c5-43fd02de0b81" ,
"url--5b43ce1c-edb4-491d-95c5-43fd02de0b81" ,
"indicator--5b43ce38-f8ec-46cf-a6e1-4c6502de0b81" ,
"indicator--5b43ce39-f540-4bca-96c8-472d02de0b81" ,
"indicator--5b43ce39-cb38-4f9d-85b0-420802de0b81" ,
"indicator--5b43ce3a-9dbc-485b-9b5b-483902de0b81" ,
"indicator--5b43ce3a-4c8c-4399-b52e-429e02de0b81" ,
"indicator--5b43ce3b-e330-4f8c-9fcd-4d4e02de0b81" ,
"indicator--5b43ce3b-b098-4156-9bb1-489002de0b81" ,
"indicator--5b43ce3b-a5bc-4932-9030-43d902de0b81" ,
"indicator--5b43ce3c-3a70-4e79-a245-404402de0b81" ,
"indicator--5b43ce3c-447c-4bcc-a5d7-452402de0b81" ,
"indicator--5b43ce3d-bcb0-4078-9fb7-486c02de0b81" ,
"indicator--5b43ce3d-8b4c-4b04-b52f-485602de0b81" ,
"indicator--5b43ce3e-5608-466a-962a-408902de0b81" ,
"x-misp-attribute--5b4454b3-ec70-438e-b9e3-4d7d950d210f" ,
"indicator--5f89b9d8-fb5e-455c-8d75-74f4ded612c2" ,
"x-misp-object--6ac23322-10a0-43c4-9004-c2c0991b2fb2" ,
"indicator--67b678dd-a046-4e24-bfee-0003c0b29ec8" ,
"x-misp-object--13a19efc-0f75-4608-a95b-b689504221ea" ,
"indicator--e84f13a0-0878-494a-b532-2946d911523e" ,
"x-misp-object--59ee6b52-0b6b-4f05-861c-ea6ded4e92f8" ,
"indicator--5c62dfe6-83e5-470f-9fb9-37872d575e76" ,
"x-misp-object--d7518f97-54c8-44e2-9bf8-db42b1a973c3" ,
"indicator--9468ee5c-a526-4bba-92a5-0ca6ffda79e4" ,
"x-misp-object--e694ba51-5a6f-4130-acf4-6b9dab32543a" ,
2023-05-19 09:05:37 +00:00
"relationship--1d5f1197-2943-4af1-872b-4352a0509fcd" ,
"relationship--3fa2c74e-65f3-43e0-b7d7-741064c90bf8" ,
"relationship--b5718612-b95a-4fde-8f7c-9cd32588ea06" ,
"relationship--be29eeb7-c9d3-42dc-9f9d-281db9633795" ,
"relationship--2e36ce96-a9ec-4f23-985d-b2eab1a11b3c"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Screen Capture - T1113\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Information Repositories - T1213\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:threat-actor=\"The Big Bang\"" ,
"osint:lifetime=\"perpetual\"" ,
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b43ce1c-edb4-491d-95c5-43fd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"first_observed" : "2018-07-10T06:56:05Z" ,
"last_observed" : "2018-07-10T06:56:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b43ce1c-edb4-491d-95c5-43fd02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b43ce1c-edb4-491d-95c5-43fd02de0b81" ,
"value" : "https://research.checkpoint.com/apt-attack-middle-east-big-bang/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce38-f8ec-46cf-a6e1-4c6502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'a210ac6ea0406d81fa5682e86997be25c73e9d1b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce39-f540-4bca-96c8-472d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[file:hashes.SHA1 = '994ebbe444183e0d67b13f91d75b0f9bcfb011db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce39-cb38-4f9d-85b0-420802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[file:hashes.SHA1 = '74ea60b4e269817168e107bdccc42b3a1193c1e6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3a-9dbc-485b-9b5b-483902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[file:hashes.SHA1 = '511bec782be41e85a013cbea95725d5807e3c2f2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3a-4c8c-4399-b52e-429e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[file:hashes.SHA1 = '9e093a5b34c4e5dea59e374b409173565dc3b05b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3b-e330-4f8c-9fcd-4d4e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'lindamullins.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3b-b098-4156-9bb1-489002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'spgbotup.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3b-a5bc-4932-9030-43d902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'namyyeatop.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3c-3a70-4e79-a245-404402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'namybotter.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3c-447c-4bcc-a5d7-452402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'sanjynono.website']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3d-bcb0-4078-9fb7-486c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'exvsnomy.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3d-8b4c-4b04-b52f-485602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'ezofiezo.website']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b43ce3e-5608-466a-962a-408902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"pattern" : "[domain-name:value = 'hitmesanjjoy.pro']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-10T06:56:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b4454b3-ec70-438e-b9e3-4d7d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-10T06:56:05.000Z" ,
"modified" : "2018-07-10T06:56:05.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Over the last few weeks, the Check Point Threat Intelligence Team discovered the comeback of an APT surveillance attack against institutions across the Middle East, specifically the Palestinian Authority.\r\n\r\nThe attack begins with a phishing email sent to targets that includes an attachment of a self-extracting archive containing two files: a Word document and a malicious executable. Posing to be from the Palestinian Political and National Guidance Commission, the Word document serves as a decoy, distracting victims while the malware is installed in the background.\r\n\r\nThe malware has several modules, some of which are:\r\n\r\n Taking a screenshot of the infected machine and sending it to the C&C server.\r\n Sending a list of documents with file extensions including .doc, .odt, .xls, .ppt, .pdf and more.\r\n Logging details about the system.\r\n Rebooting the system.\r\n Self-destructing the executable.\r\n\r\nWhile it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additional modules and/or malware from the Command and Control server. This then is a surveillance attack in progress and has been dubbed \u00e2\u20ac\u02dcBig Bang\u00e2\u20ac\u2122 due to the attacker\u00e2\u20ac\u2122s fondness for the \u00e2\u20ac\u02dcBig Bang Theory\u00e2\u20ac\u2122 TV show, after which some of the malware\u00e2\u20ac\u2122s modules are named.\r\n\r\nA previous campaign of this APT group was uncovered by Talos in June 2017, and since then very little of this operation was seen in the wild. The Big Bang campaign described below incorporates improved capabilities and offensive infrastructure, and seems to be even more targeted."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5f89b9d8-fb5e-455c-8d75-74f4ded612c2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:10:57.000Z" ,
"modified" : "2018-07-09T21:10:57.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a3dc31c456508df7dfac8349eb0d2b65' AND file:hashes.SHA1 = '74ea60b4e269817168e107bdccc42b3a1193c1e6' AND file:hashes.SHA256 = '63a73cf005eb328f3c7e99f0d28da65980d9620b66d8c41939f6db023418c864']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-09T21:10:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6ac23322-10a0-43c4-9004-c2c0991b2fb2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:10:55.000Z" ,
"modified" : "2018-07-09T21:10:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-09T20:54:06" ,
"category" : "Other" ,
"uuid" : "d8dba617-c8c4-466d-99b9-0bc760fc64f6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/63a73cf005eb328f3c7e99f0d28da65980d9620b66d8c41939f6db023418c864/analysis/1531169646/" ,
"category" : "External analysis" ,
"uuid" : "32da8334-bef5-4dd2-9c11-4bde99a3e834"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/58" ,
"category" : "Other" ,
"uuid" : "f06cc6f8-9d16-4237-9edf-f22bffa514f1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--67b678dd-a046-4e24-bfee-0003c0b29ec8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:10:59.000Z" ,
"modified" : "2018-07-09T21:10:59.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fd8c8ae6a261b0e88df06236c5b70be6' AND file:hashes.SHA1 = '511bec782be41e85a013cbea95725d5807e3c2f2' AND file:hashes.SHA256 = 'ac6462e9e26362f711783b9874d46fefce198c4c3ca947a5d4df7842a6c51224']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-09T21:10:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--13a19efc-0f75-4608-a95b-b689504221ea" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:10:58.000Z" ,
"modified" : "2018-07-09T21:10:58.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-09T10:06:12" ,
"category" : "Other" ,
"uuid" : "f6c73d92-dd22-4ecd-b81d-82dce73c212d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ac6462e9e26362f711783b9874d46fefce198c4c3ca947a5d4df7842a6c51224/analysis/1531130772/" ,
"category" : "External analysis" ,
"uuid" : "8f99dadd-67ca-4199-97e6-19277a85fcfb"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/67" ,
"category" : "Other" ,
"uuid" : "db260972-06f4-4105-8732-a2a5e05b2b36"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e84f13a0-0878-494a-b532-2946d911523e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:11:02.000Z" ,
"modified" : "2018-07-09T21:11:02.000Z" ,
"pattern" : "[file:hashes.MD5 = '18864d22331fc6503641f128226aaea8' AND file:hashes.SHA1 = '994ebbe444183e0d67b13f91d75b0f9bcfb011db' AND file:hashes.SHA256 = 'e1f52ea30d25289f7a4a5c9d15be97c8a4dfe10eb68ac9d031edcc7275c23dbc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-09T21:11:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--59ee6b52-0b6b-4f05-861c-ea6ded4e92f8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:11:00.000Z" ,
"modified" : "2018-07-09T21:11:00.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-09T10:06:11" ,
"category" : "Other" ,
"uuid" : "30bf9981-32fa-4aeb-b1a4-0f98d2e5f0c3"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e1f52ea30d25289f7a4a5c9d15be97c8a4dfe10eb68ac9d031edcc7275c23dbc/analysis/1531130771/" ,
"category" : "External analysis" ,
"uuid" : "7130664a-5360-49d3-b551-c9dddafd4c17"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/68" ,
"category" : "Other" ,
"uuid" : "a2025a9a-ca8a-48a6-a3a4-a3118ec625f3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c62dfe6-83e5-470f-9fb9-37872d575e76" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:11:04.000Z" ,
"modified" : "2018-07-09T21:11:04.000Z" ,
"pattern" : "[file:hashes.MD5 = '81881a0841deaa0ef1ea92c51d8c8845' AND file:hashes.SHA1 = '9e093a5b34c4e5dea59e374b409173565dc3b05b' AND file:hashes.SHA256 = '4db68522600f2d8aabd255e2da999a9d9c9f1f18491cfce9dadf2296269a172b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-09T21:11:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d7518f97-54c8-44e2-9bf8-db42b1a973c3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:11:03.000Z" ,
"modified" : "2018-07-09T21:11:03.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-09T20:34:31" ,
"category" : "Other" ,
"uuid" : "cd137230-b3bb-4d53-b429-a0ccd6981c67"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4db68522600f2d8aabd255e2da999a9d9c9f1f18491cfce9dadf2296269a172b/analysis/1531168471/" ,
"category" : "External analysis" ,
"uuid" : "b23e43db-c16a-4207-962e-3c2d632da209"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/67" ,
"category" : "Other" ,
"uuid" : "89eed594-20f3-4eff-a527-7b02e13a4eae"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9468ee5c-a526-4bba-92a5-0ca6ffda79e4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:11:06.000Z" ,
"modified" : "2018-07-09T21:11:06.000Z" ,
"pattern" : "[file:hashes.MD5 = '2f8face85084bea8adacac36ee2f641f' AND file:hashes.SHA1 = 'a210ac6ea0406d81fa5682e86997be25c73e9d1b' AND file:hashes.SHA256 = '0ed777075d67d00720021e4703bde809900f4715ccf0a2d4383e285801dca5ba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-07-09T21:11:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e694ba51-5a6f-4130-acf4-6b9dab32543a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-09T21:11:05.000Z" ,
"modified" : "2018-07-09T21:11:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-09T10:08:43" ,
"category" : "Other" ,
"uuid" : "d0f2ac63-e02e-4edb-beb2-73acd376f9ae"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0ed777075d67d00720021e4703bde809900f4715ccf0a2d4383e285801dca5ba/analysis/1531130923/" ,
"category" : "External analysis" ,
"uuid" : "ea7e49cd-c2d2-4b91-bcb8-e57fd9782019"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/67" ,
"category" : "Other" ,
"uuid" : "2ce142ab-e375-46a2-bd2d-8118b5ce9054"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--1d5f1197-2943-4af1-872b-4352a0509fcd" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-09T21:11:06.000Z" ,
"modified" : "2018-07-09T21:11:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5f89b9d8-fb5e-455c-8d75-74f4ded612c2" ,
"target_ref" : "x-misp-object--6ac23322-10a0-43c4-9004-c2c0991b2fb2"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--3fa2c74e-65f3-43e0-b7d7-741064c90bf8" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-09T21:11:06.000Z" ,
"modified" : "2018-07-09T21:11:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--67b678dd-a046-4e24-bfee-0003c0b29ec8" ,
"target_ref" : "x-misp-object--13a19efc-0f75-4608-a95b-b689504221ea"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--b5718612-b95a-4fde-8f7c-9cd32588ea06" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-09T21:11:07.000Z" ,
"modified" : "2018-07-09T21:11:07.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--e84f13a0-0878-494a-b532-2946d911523e" ,
"target_ref" : "x-misp-object--59ee6b52-0b6b-4f05-861c-ea6ded4e92f8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--be29eeb7-c9d3-42dc-9f9d-281db9633795" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-09T21:11:07.000Z" ,
"modified" : "2018-07-09T21:11:07.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c62dfe6-83e5-470f-9fb9-37872d575e76" ,
"target_ref" : "x-misp-object--d7518f97-54c8-44e2-9bf8-db42b1a973c3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--2e36ce96-a9ec-4f23-985d-b2eab1a11b3c" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-09T21:11:07.000Z" ,
"modified" : "2018-07-09T21:11:07.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9468ee5c-a526-4bba-92a5-0ca6ffda79e4" ,
"target_ref" : "x-misp-object--e694ba51-5a6f-4130-acf4-6b9dab32543a"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}