2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5cbf6a0e-bfa4-458c-9b40-416a02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:53:18.000Z" ,
"modified" : "2019-04-23T19:53:18.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5cbf6a0e-bfa4-458c-9b40-416a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:53:18.000Z" ,
"modified" : "2019-04-23T19:53:18.000Z" ,
"name" : "OSINT - FINTEAM: Trojanized TeamViewer Against Government Targets" ,
"published" : "2019-04-23T19:53:39Z" ,
"object_refs" : [
"x-misp-attribute--5cbf6a30-2d74-406a-bf99-47c702de0b81" ,
"observed-data--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81" ,
"url--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81" ,
"observed-data--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81" ,
"file--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81" ,
"artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81" ,
"indicator--5cbf6b93-a6f4-4209-8988-464202de0b81" ,
"indicator--5cbf6b93-d258-45f6-98f7-4d7402de0b81" ,
"indicator--5cbf6b93-8084-4076-ae2f-4a0302de0b81" ,
"indicator--5cbf6b93-a7ec-4978-8a41-45cf02de0b81" ,
"indicator--5cbf6b93-8134-4e33-a650-442902de0b81" ,
"indicator--5cbf6b93-2ad4-442c-a2e9-4f4802de0b81" ,
"indicator--5cbf6b93-0bec-4fce-9d79-4b2902de0b81" ,
"indicator--5cbf6b93-6384-4770-b866-4ba202de0b81" ,
"indicator--5cbf6b93-255c-43ca-b72d-4de402de0b81" ,
"indicator--5cbf6b93-088c-4d83-9c6d-480f02de0b81" ,
"indicator--5cbf6ba6-9694-417a-aaec-43d402de0b81" ,
"indicator--5cbf6ba6-07d0-4fe2-89b3-416902de0b81" ,
"indicator--5cbf6bb9-24bc-42bd-9f62-461702de0b81" ,
"indicator--5cbf6bb9-81a8-4146-a75d-4cdb02de0b81" ,
"indicator--5cbf6bb9-9fb0-4ed7-bf1f-419f02de0b81" ,
"indicator--5cbf6bb9-56bc-4939-b104-4a2402de0b81" ,
"indicator--5cbf6bb9-fae4-40e3-8c27-43d902de0b81" ,
"indicator--5cbf6bb9-d18c-41ee-a107-4a4002de0b81" ,
"indicator--5cbf6bb9-963c-49d3-85d9-42fc02de0b81" ,
"indicator--5cbf6bb9-fe58-4761-8fc5-497d02de0b81" ,
"indicator--5cbf6bd1-c00c-4b4e-a3d0-456d02de0b81" ,
"x-misp-attribute--5cbf6c46-0a70-4531-a13f-46a602de0b81" ,
"x-misp-attribute--5cbf6c66-ffe0-4a8c-9824-47fe02de0b81" ,
"x-misp-attribute--5cbf6c8b-a614-4dd5-8ac6-4f0302de0b81" ,
"indicator--5cbf6b2c-3ab8-4c16-8a67-489a02de0b81" ,
"indicator--844728a6-db55-4b98-aac5-2958c52b5690" ,
"x-misp-object--d91efdf2-3005-4924-922f-9ce8b309d20d" ,
"indicator--dd76b439-cce9-4957-9a55-13d1eb572e3b" ,
"x-misp-object--b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4" ,
"indicator--4a680b06-e200-4a0c-83d3-89b373ef8503" ,
"x-misp-object--5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e" ,
"indicator--a98ac785-a670-485e-8de9-81be78a84acd" ,
"x-misp-object--b0818f5a-42aa-495c-a1c5-b486770e1093" ,
"indicator--72399b1b-24f0-4118-96a3-5ad99ec976bb" ,
"x-misp-object--d2fb9c7b-488e-4065-8473-56f9fea46380" ,
"indicator--b806bdf8-c5e7-45f9-8e37-444ee7c09c2d" ,
"x-misp-object--61f76b3b-866f-4009-82f3-60fb8d0d8324" ,
"indicator--01581d8a-6268-4e99-963b-a4b8dae4f91b" ,
"x-misp-object--81f1f4ef-811f-4d46-8ade-0ab42c570b53" ,
"indicator--9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a" ,
"x-misp-object--01589ece-7e55-4ff5-8089-0e3c79e3bc60" ,
"indicator--df884a16-5a27-4416-99db-3e9912ebca78" ,
"x-misp-object--3b6a92d0-719d-4a15-a595-3074f0540e6c" ,
"indicator--9e33914c-3535-460f-9164-a5708f650474" ,
"x-misp-object--069666d4-4b61-4682-b4a8-15e1157809b1" ,
"indicator--a8cbfe77-303e-4ed5-a426-8eef04f8c90f" ,
"x-misp-object--ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617" ,
2023-05-19 09:05:37 +00:00
"relationship--7644b8eb-9160-4e46-8c4e-4fa7aa6b1754" ,
"relationship--c79b84c0-048b-4b39-ba51-0564db57b187" ,
"relationship--03820ea0-2fdb-4ac0-b764-71ff8d5929ad" ,
"relationship--46876d38-6711-4436-9e03-ccc788b77316" ,
"relationship--8362025e-c35e-476b-a313-911b3f8c35da" ,
"relationship--20daa1eb-ae3a-4743-9fa8-83c8f553bd2e" ,
"relationship--4ac60630-57c5-49a9-8010-c6cba0703df1" ,
"relationship--9de74d1d-f05e-4699-8346-d67f258b7c20" ,
"relationship--19a36dab-a7dc-47c0-a784-b1fb44214345" ,
"relationship--5c2d8921-cba2-4616-8aa5-f3b7875659cd" ,
"relationship--3934229c-f16a-485c-b411-6d33b59710e8"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"" ,
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"" ,
"misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5cbf6a30-2d74-406a-bf99-47c702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:40:32.000Z" ,
"modified" : "2019-04-23T19:40:32.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer.\r\n\r\nBy investigating the entire infection chain and attack infrastructure, we were able to track previous operations that share many characteristics with this attack\u00e2\u20ac\u2122s inner workings. We also came across an online avatar of a Russian speaking hacker, who seems to be in charge of the tools developed and used in this attack.\r\n\r\nIn this article, we will discuss the infection chain, those targeted, the tools used and a possible attribution to one of the hackers behind the attack."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:40:46.000Z" ,
"modified" : "2019-04-23T19:40:46.000Z" ,
"first_observed" : "2019-04-23T19:40:46Z" ,
"last_observed" : "2019-04-23T19:40:46Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5cbf6a3e-d13c-4103-b9f1-4e1202de0b81" ,
"value" : "https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:45:44.000Z" ,
"modified" : "2019-04-23T19:45:44.000Z" ,
"first_observed" : "2019-04-23T19:45:44Z" ,
"last_observed" : "2019-04-23T19:45:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81" ,
"artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81" ,
"name" : "fig2-2.png" ,
"content_ref" : "artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5cbf6b68-94b8-4d3d-ab5f-465b02de0b81" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B Q M A A A L u C A Y A A A A a O g C I A A A A B G d B T U E A A L G P C / x h B Q A A A A l w S F l z A A A h 1 Q A A I d U B B J y 0 n Q A A / 7 J J R E F U e F 7 s n Q e Y X F X 9 s P 8 W U E A E p S r d B h Z A y o e o i F g Q B R F Q p E k R B B E E B Z U m n d B 7753 Q Q g 299 x p C E w i 9 J J A e W h I S I O V 8 + 56 d M 9 y 9 u T O 7 s z u 7 M 7 v 7 v s / z e 5 K d u X 3 O L e e 9 v 3 P O / w U R E R E R E R E R E R H p F y g D R U R E R E R E R E R E + g n K Q B E R E R E R E R E R k X 6 C M l B E R E R E R E R E R K S f o A w U E R E R E R E R E R H p J y g D R U R E R E R E R E R E + g n K Q B E R E R E R E R E R k X 6 C M l B E R E R E R E R E R K S f o A w U E R E R E R E R E R H p J / R r G T h i x I h w z z 339 J k Y M m R I m D h x Y m n v R E R E R E R E R E R E 2 t J v Z e A H H 3 w Q t t 566 / D p T 386 / N ///V+fiEUWWSScccYZcd9ERERERERERETy9FsZ+PDDD4c555yzUKr15vjGN74RBg0aVNpLERERERERERGRT+i3MpAMuiTQPvvZz4bvfve7YcMNNwwbbbRRr4l11lknzDvvvG1kIPGd73wn3H///aU9FRERERERERERaaXfysDjjjuuLM/IEPznP/8ZXnzxxfD666/3mrj77rujxMyKwBSrrbZaePLJJ0t7KyIiIiIiIiIiogyMMddcc4X99tsvfPTRR6VvewcvvfRSWGGFFdpIwBSzzTZbWHfddcPLL79cmlpERERERERERPo7ysCW6IsykJhjjjnClltuGd58880wc+bM0lwiIiIiIiIiItJfUQa2RF+VgcTcc88dm0CPHj1aISgiIiIiIiIi0s9RBrZEX5aBxAILLBAOPvjgMGHChNKcIiIiIiIiIiLSH1EGtkRfl4HE4osvHk477bQwadKk0twiIiIiIiIiItLfUAa2RH+QgcTSSy8dLr300l63nyIiIiIiIiIiUh+UgS3RX2Qgseyyy4bbbruttAQREREREREREelPKANboj/JwE996lNhpZVWCsOGDSstRURERERERERE+gvKwJboTzKQ+PSnPx1+85vfhDfffLO0JBERERERERER6Q8oA1uiv8lA4nOf+1zYdNNNw+jRo8PMmTNLSxQRERERERERkb6MMrAl+qMMJL7whS+EnXfeOYwZM6a0RBERERERERER6csoA1uiv8pAYsEFFwwDBgwIEyZMKC1VRERERERERET6KsrAlujPMpBYYoklwsknnxzee++90pJFRERERERERKQvogxsif4uA4llllkmXHzxxWHKlCmlpYuIiIiIiIiISF9DGdgSysD/C5/61Kfism699dYwbdq00hpERERERERERKQvoQxsCWVga3zmM58JP/jBD8JTTz1VWoOIiIiIiIiIiPQllIEtoQz8JBCCP/vZz8L48eNLaxERERERERERkb6CMrAllIFt49Of/nTYeOONw8SJE0trEhERERERERGRvoAysCV6qwx8+eWXw8orr9xG5NUrFlhggXDDDTeU1iQiIiIiIiIiIn0BZWBLVJKBDKRB9t1jjz0Whg4d2ql4/PHHw5NPPtmleOKJJwqXff3114dVVlmljcSrV3zpS18KF1xwQelIiIiIiIiIiIhIX0AZ2BKVZODbb78d/v73v4eNNtoobL/99uGvf/1rTbHddtuF9dZbL/zwhz/sUvzmN78J22yzzSzL/8tf/hK/QwgWBYOBLLvssuGrX/1qWHXVVcPaa68dpy+KtdZaKyy66KKxibAyUERERERERESkb6IMrCIDR48eHdZff/1w+OGHh3vvvTfcc889NcXNN98cttxyy/J6OhOf+tSn4oAe11xzTeE67r///vDAAw8UxoMPPhjOPffcsOGGG4aLLroovPjii+GFF16YJfj8mWeeCX/4wx/CbLPNFterDBQRERERERER6XsoA1uimgzcZJNNwo033lj6pDYYgGPfffctr6czgQxkMI8xY8aUllobNHEmq/Guu+4qfVLM1KlTY/bh7LPPHterDBQRERERERER6XsoA1uiPRnY2YE0mkUG0qRYGSgiIiIiIiIiIsrAllAGKgNFRERERERERPoDysCWUAYqA0VERERERERE+gPKwJaoJgMZSfiyyy6LIwtPmDChphg+fHjYbbfdyuvpTCADGcTk+eefL1xHtWCbkYDbbrutMlBERERERERERJSBRDUZuPbaa4fNNtssHHzwweHAAw+sKVjmGmusEeacc84w33zzdSq++MUvhmWXXTbsvvvu4aCDDipcT6UYMGBA2GGHHcI666wTRx6uhjJQRERERERERKTvowysIgNpmotIQ5Ide+yx4ZhjjqkpDj300CgTiRNOOKHmOP7448N2220XfvjDH4b999+/cB3txS677BJ+97vfKQNFREREREREREQZWE0Gpj4Db7zxxtIntfH+++9HIUhGX2eYPn16uO6668L2228fRo4cWfq0NuwzUEREREREREREEsrADsjAzg4gUg8ZOHjwYGWgiIiIiIiIiIjUBWWgMjCiDBQRERERERER6fsoA5WBEWWgiIiIiIiIiEjfRxnYARl4/fXXhxkzZkQ5V0u8++674ZBDDokysOj79uLjjz8O1157bZR5b775Zs3bwPRDhgxRBoqIiIiIiIiISEQZ2I4MXG+99cKAAQPCHXfcEW655ZaaAom49dZbhy233DLcfPPNnQpGEWY04ssuuyzceuuthdNUCqY/9dRTw8Ybbxzuvvvu0l4VowwUEREREREREen7KAOryMAxY8aENddcM6yxxhrhz3/+c5R6tcSf/vSnsNxyy4XPfe5z4Ytf/GKnYs4554yCbu655y78vr1g/pVXXjncd999pb0qRhkoIiIiIiIiItL3UQZWkYFkBv7xj38Ml1xySRg/fnwYO3ZsTfHGG2+Ef/3rX+X1NCqUgSIiIiIiIiIiAsrAluiuAUQmTpwY9t133/J6GhXKQBERERERERERAWVgSygDlYEiIiIiIiIiIv0BZWBLKAOVgSIiIiIiIiIi/QFlYEsoA5WBIiIiIiIiIiL9AWVgS7Q3gAhS7K233qo5XnzxxbDrrruW19OoUAaKiIiIiIiIiAgoA1uikgwcM2ZMWHPNNcPqq68eNt9887DZZpvVFGQVLrfccmH++ecPSy+9dM3xrW99KyyyyCJhnnnmCV//+tcLp2kvllhiifDjH/843HvvvaW9KkYZKCIiIiIiIiLS91EGVpGBZAaut9564cADDwy33HJLuOmmm2qKq6++Ovz5z3+Occcdd9Qct912WxgwYED47W9/GwYNGlQ4TXtx+umnRyl59913l/aqGGWgiIiIiIiIiEjfRxnYjgxEpN14442lT2rj/fffD4cddlgUep1h+vTp4brrrgt/+9vfwqhRo0qf1sbQoUPD9ttvH+66667SJ8UoA0VERERERERE+j7KwA7IwM4OIIIMPPTQQ8NBBx1U+qQ2kIGDBw+OMm/kyJGlT2vjscceC3/961+VgSIiIiIiIiIiogxUBrZSJAPPPfHU8P5VD4QJh11mGD0Th18W3jnlujDlgefCzCltz0cRERERERER6TrKQGVgpEgGnnP0iWHCMVeGtzY+xDB6LEZudlgY889Tw5SHhpVKp4iIiIiIiIjUC2VgOzJw4403jv328V2tMWHChHDwwQeHAw44oPD79mLKlClxEJLtttsuDB8+vHCa9uLhhx9WBhq9LzY5JLw/6L4w86NppRIqIiIiIiIiIvVAGVhFBo4ZMyZssMEGUZIdeeSRcTCQWgIRyEjAa6+9duH3HYmtt946/OQnPwn77LNPOPzwwwunqRRMv8suu4Q//OEP4b777ivtVTHKQKPZ4v1L7gozP/y4VEJFREREREREpB4oA6vIwMmTJ4czzjgj/Oc//wm77bZbp2LPPfeMUfRdR2KPPfYIe+21V9h9990Lv+9InHjiieH1118v7VUxlfsMvL+4bzfDqHOM3PJIZaCIiIiIiIhIN6MMrCID+xNFMtDRhKUnGf2PU5WBIiIiIiIiIt2MMlAZGFEGSqNRBoqIiIiIiIh
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-a6f4-4209-8988-464202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = '013e87b874477fcad54ada4fa0a274a2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-d258-45f6-98f7-4d7402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = '799ab035023b655506c0d565996579b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-8084-4076-ae2f-4a0302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = 'e1167cb7f3735d4edec5f7219cea64ef']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-a7ec-4978-8a41-45cf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = '6cc0218d2b93a243721b088f177d8e8f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-8134-4e33-a650-442902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = 'aad0d93a570e6230f843dcdf20041e1e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-2ad4-442c-a2e9-4f4802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = '1e741ebc08af09edc69f017e170b9852']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-0bec-4fce-9d79-4b2902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = 'c6ae889f3bee42cc19a728ba66fa3d99']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-6384-4770-b866-4ba202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = '1675cdec4c0ff49993a1fcbdfad85e56']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-255c-43ca-b72d-4de402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = '72de32fa52cc2fab2b0584c26657820f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b93-088c-4d83-9c6d-480f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:27.000Z" ,
"modified" : "2019-04-23T19:46:27.000Z" ,
"description" : "DLL" ,
"pattern" : "[file:hashes.MD5 = '44038b936667f6ce2333af80086f877f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6ba6-9694-417a-aaec-43d402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:46.000Z" ,
"modified" : "2019-04-23T19:46:46.000Z" ,
"description" : "Document" ,
"pattern" : "[file:hashes.MD5 = '4acf624ad87609d476180ecc4c96c355']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6ba6-07d0-4fe2-89b3-416902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:46:46.000Z" ,
"modified" : "2019-04-23T19:46:46.000Z" ,
"description" : "Document" ,
"pattern" : "[file:hashes.MD5 = '4dbe9dbfb53438d9ce410535355cd973']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:46:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-24bc-42bd-9f62-461702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = '1c-ru.net/check/license']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-81a8-4146-a75d-4cdb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = 'intersys32.com/3307/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-9fb0-4ed7-bf1f-419f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = '146.0.72.180/3307/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-56bc-4939-b104-4a2402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = '146.0.72.180/newcpanel_gate/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-fae4-40e3-8c27-43d902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = '185.70.186.145/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-d18c-41ee-a107-4a4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = '185.70.186.145/index.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-963c-49d3-85d9-42fc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = '193.109.69.5/3307/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bb9-fe58-4761-8fc5-497d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:05.000Z" ,
"modified" : "2019-04-23T19:47:05.000Z" ,
"description" : "C&C" ,
"pattern" : "[url:value = '193.109.69.5/9125/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:47:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6bd1-c00c-4b4e-a3d0-456d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:47:29.000Z" ,
"modified" : "2019-04-23T19:47:29.000Z" ,
"pattern" : "[rule \"TeamViwer_backdoor\"\r\n{\r\n\r\nmeta:\r\ndate = \"2019-04-14\"\r\ndescription = \"Detects malicious TeamViewer DLLs\"\r\n\r\nstrings:\r\n\r\n// PostMessageW hook function\r\n$x1 = {55 8b ec 8b 45 0c 3d 12 01 00 00 75 05 83 c8 ff eb 12 8b 55 14 52 8b 55 10 52 50 8b 45 08 50 e8}\r\n\r\ncondition:\r\nuint16(0) == 0x5a4d and $x1\r\n}]" ,
"pattern_type" : "yara" ,
"valid_from" : "2019-04-23T19:47:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5cbf6c46-0a70-4531-a13f-46a602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:49:26.000Z" ,
"modified" : "2019-04-23T19:49:26.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "Banks being targeted on compromised system" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "bankofamerica.com,pacwestbancorp.com,alipay.com,cbbank.com,firstrepublic.com,chase.com\r\ncitibank.com,bankamerica.com,wellsfargo.com,citicorp.com,pncbank.com,us.hsbc.com,bnymellon.com\r\nusbank.com,suntrust.com,statestreet.com,capitalone.com,bbt.com,tdbank.com,rbs.com,regions.com\r\n53.com,ingdirect.com,keybank.com,ntrs.com,www4.bmo.com,usa.bnpparibas.com,mufg.jp,aibgroup.com\r\ncomerica.com,zionsbank.com,mibank.com,bbvabancomerusa.com,huntington.com,bank.etrade.com,synovus.com\r\nbancopopular.com,navyfcu.org,schwab.com,rbcbankusa.com,colonialbank.com,hudsoncitysavingsbank.com,db.com\r\npeoples.com,ncsecu.org,associatedbank.com,bankofoklahoma.com,mynycb.com,firsthorizon.com,firstcitizens.com\r\nastoriafederal.com,firstbankpr.com,commercebank.com,cnb.com,websterbank.com,fbopcorporation.com\r\nfrostbank.com,guarantygroup.com,amtrust.com,nypbt.com,wbpr.com,fult.com,penfed.org,tcfbank.com,lehman.com\r\nbancorpsouthonline.com,valleynationalbank.com,thesouthgroup.com,whitneybank.com,susquehanna.net,citizensonline.com\r\nucbh.com,raymondjames.com,firstbanks.com,wilmingtontrust.com,bankunited.com,thirdfederal.com,wintrustfinancial.com\r\nsterlingsavingsbank.com,boh.com,arvest.com,eastwestbank.com,efirstbank.com,theprivatebank.com,flagstar.com\r\nbecu.org,umb.com,firstmerit.com,corusbank.com,svb.com,prosperitybanktx.com,washingtonfederal.com\r\nucbi.com,metlife.com,ibc.com,cathaybank.com,trustmark.com,centralbancompany.com,umpquabank.com\r\npcbancorp.com,schoolsfirstfcu.org,mbfinancial.com,natpennbank.com,fnbcorporation.com,fnfg.com,golden1.com\r\nhancockbank.com,firstcitizensonline.com,ubsi-wv.com,firstmidwest.com,oldnational.com,ottobremer.org\r\nfirstinterstatebank.com,northwestsavingsbank.com,easternbank.com,suncoastfcu.org,santander.com\r\neverbank.com,bostonprivate.com,firstfedca.com,english.leumi.co.il,aacreditunion.org,rabobank.com\r\nparknationalbank.com,provbank.com,alliantcreditunion.org,capitolbancorp.com,newalliancebank.com\r\njohnsonbank.com,doralbank.com,fcfbank.com,pinnaclebancorp.net,providentnj.com,oceanbank.com\r\nssfcu.org,capfed.com,iberiabank.com,sdccu.com,americafirst.com,hncbank.com,bfcfinancial.com\r\namcore.com,nbtbank.com,centralpacificbank.com,banksterling.com,bannerbank.com,firstmerchants.com,communitybankna.com\r\nhsbc.com,rbs.co.uk,bankofinternet.com,ally.com,bankofindia.co.in,boi.com.sg,unionbankofindia.co.in,bankofindia.uk.com\r\nunionbankonline.co.in,hdfcbank.com,axisbank.com,icicibank.com,paypal.com,pnm.com,wmtransfer.com,skrill.com,neteller.com\r\npayeer.com,westernunion.com,payoneer.com,capitalone.com,moneygram.com,payza.com"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5cbf6c66-ffe0-4a8c-9824-47fe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:49:58.000Z" ,
"modified" : "2019-04-23T19:49:58.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "Bitcoin market targeted on compromised system" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "blockchain.info,cryptonator.com,bitpay.com,bitcoinpay.com,binance.com,bitfinex.com,okex.com\r\nhuobi.pro,bitflyer.jp,bitstamp.net,kraken.com,zb.com,upbit.com,bithumb.com,bittrex.com,bitflyer.jp\r\netherdelta.com,hitbtc.com,poloniex.com,coinone.co.kr,wex.nz,gate.io,exmo.com,exmo.me,yobit.net\r\nkorbit.co.kr,kucoin.com,livecoin.net,cex.io,c-cex.com,localbitcoins.net,localbitcoins.com,luno.com\r\nallcoin.com,anxpro.com,big.one,mercatox.com,therocktrading.com,okcoin.com,bleutrade.com,exchange.btcc.com\r\nbitkonan.com,coinbase.com,bitgo.com,greenaddress.it,strongcoin.com,xapo.com\r\nelectrum.org,etherscan.io,myetherwallet.com,bitcoin.com"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5cbf6c8b-a614-4dd5-8ac6-4f0302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:50:35.000Z" ,
"modified" : "2019-04-23T19:50:35.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "Online services targeted on the compromised system" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "ebay,amazon,wish.com,aliexpress,flipkart.com,rakuten.com,walmart.com\r\ntarget.com,bestbuy.com,banggood.com,tinydeal.com,dx.com,zalando,jd.com\r\njd.id,gearbest.com,lightinthebox.com,miniinthebox.co"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cbf6b2c-3ab8-4c16-8a67-489a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:44:44.000Z" ,
"modified" : "2019-04-23T19:44:44.000Z" ,
"description" : "The infection flow starts with an XLSM document with malicious macros, which is sent to potential victims via e-mail under the subject \u00e2\u20ac\u0153Military Financing Program\u00e2\u20ac\u009d" ,
"pattern" : "[file:hashes.SHA256 = 'efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12' AND file:name = 'Military Financing.xlsm' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:44:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--844728a6-db55-4b98-aac5-2958c52b5690" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:07.000Z" ,
"modified" : "2019-04-23T19:51:07.000Z" ,
"pattern" : "[file:hashes.MD5 = '1e741ebc08af09edc69f017e170b9852' AND file:hashes.SHA1 = '6f7dfdcfd999c965f5f55fa96a62760f2e1821a7' AND file:hashes.SHA256 = '68f543331aee74b8da5cb4351ef46d8102e912e44f9bd602a1d6a945e65492a8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d91efdf2-3005-4924-922f-9ce8b309d20d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:08.000Z" ,
"modified" : "2019-04-23T19:51:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:40:32" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "a18a10e1-06c4-4742-a841-0e35bcbea718"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/68f543331aee74b8da5cb4351ef46d8102e912e44f9bd602a1d6a945e65492a8/analysis/1556041232/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "e355a052-de28-4864-b4a2-0c24c0bf27bc"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/70" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "909412c3-6e16-4f57-b98c-9f05c1b8c0b1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dd76b439-cce9-4957-9a55-13d1eb572e3b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:08.000Z" ,
"modified" : "2019-04-23T19:51:08.000Z" ,
"pattern" : "[file:hashes.MD5 = '4dbe9dbfb53438d9ce410535355cd973' AND file:hashes.SHA1 = '816b013c8be6e5708690645964b5d442c085041e' AND file:hashes.SHA256 = 'efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:08.000Z" ,
"modified" : "2019-04-23T19:51:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T16:49:44" ,
"category" : "Other" ,
"comment" : "Document" ,
"uuid" : "3bfc3de0-329e-4230-829c-c56c374958ee"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12/analysis/1556038184/" ,
"category" : "Payload delivery" ,
"comment" : "Document" ,
"uuid" : "83b49148-89fd-4982-93c8-5e7ec843185c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/61" ,
"category" : "Payload delivery" ,
"comment" : "Document" ,
"uuid" : "cbf9f8ae-f2ca-4ff8-a460-49bfdcd363c3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4a680b06-e200-4a0c-83d3-89b373ef8503" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:08.000Z" ,
"modified" : "2019-04-23T19:51:08.000Z" ,
"pattern" : "[file:hashes.MD5 = '799ab035023b655506c0d565996579b5' AND file:hashes.SHA1 = '43cd68e741a2207579c0f5ab4d34acd9cd9f703c' AND file:hashes.SHA256 = '41f749bdca8c2abed3e1c8c520b6734b819e241af370eb5921fbecaa514171fe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:08.000Z" ,
"modified" : "2019-04-23T19:51:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:39:46" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "46d396cd-68ca-4399-a81c-dcd6930b4aba"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/41f749bdca8c2abed3e1c8c520b6734b819e241af370eb5921fbecaa514171fe/analysis/1556041186/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "e07569c2-f663-4d58-b6ef-2784f32c276b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "34/67" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "922e99b9-ec3d-4853-8af1-b74221421dd9"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a98ac785-a670-485e-8de9-81be78a84acd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:08.000Z" ,
"modified" : "2019-04-23T19:51:08.000Z" ,
"pattern" : "[file:hashes.MD5 = '72de32fa52cc2fab2b0584c26657820f' AND file:hashes.SHA1 = 'cf7909caccc91004cbbb0289835c0bb0fb4b58d2' AND file:hashes.SHA256 = '3fd738d510d3f503a871d30c05a4ecda11fb7d1c63a628cdbfcc4164a8d867f4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b0818f5a-42aa-495c-a1c5-b486770e1093" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:39:45" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "d3fd8a5b-69b3-49b1-921f-8e96b2c8c8ad"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/3fd738d510d3f503a871d30c05a4ecda11fb7d1c63a628cdbfcc4164a8d867f4/analysis/1556041185/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "30298f00-f942-4a01-b6f7-f542f878c1ac"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/66" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "b171c6bf-8fcb-4272-8ba9-3dda7f6cf09f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--72399b1b-24f0-4118-96a3-5ad99ec976bb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '1675cdec4c0ff49993a1fcbdfad85e56' AND file:hashes.SHA1 = '376f8936258a0c6a2f29bbf9b2a55d9d7282d348' AND file:hashes.SHA256 = 'a3d0d9b1b830fcb48f312634b2ec045e2859f051a9c415a37cd5ba30b70c1224']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d2fb9c7b-488e-4065-8473-56f9fea46380" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:41:42" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "86c39be1-a7e5-40c5-919d-3ae8b35c8720"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a3d0d9b1b830fcb48f312634b2ec045e2859f051a9c415a37cd5ba30b70c1224/analysis/1556041302/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "1c870542-6483-47cf-839a-2e1f51f8eda5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "35/66" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "8d1105be-f922-4d67-8c93-a66c6e003a48"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b806bdf8-c5e7-45f9-8e37-444ee7c09c2d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '013e87b874477fcad54ada4fa0a274a2' AND file:hashes.SHA1 = '32a175ba416fec7f85c405abd58384a7f40225da' AND file:hashes.SHA256 = 'b4b5f7d0778c7954461536bca8943d3f87a7808bc33632ca899660b0f62f43aa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--61f76b3b-866f-4009-82f3-60fb8d0d8324" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:38:52" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "ab449183-8ddc-49c7-a89a-8c520ff95a37"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b4b5f7d0778c7954461536bca8943d3f87a7808bc33632ca899660b0f62f43aa/analysis/1556041132/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "f5c45e4a-99af-4f0e-b570-3173f5b0dd8e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/69" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "82e67755-f1b0-46a1-b464-255c94526f04"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--01581d8a-6268-4e99-963b-a4b8dae4f91b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e1167cb7f3735d4edec5f7219cea64ef' AND file:hashes.SHA1 = '9b32cbdba2f3f40f2072dbeb61b345c910e45b39' AND file:hashes.SHA256 = 'b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--81f1f4ef-811f-4d46-8ade-0ab42c570b53" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:38:49" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "51869580-7688-4e93-820b-a649004b6b92"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17/analysis/1556041129/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "7604ebdf-694b-4ec7-8ae1-20e92f6005f6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/64" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "5cda701c-25d6-4e02-b737-b5d75e6c2ebb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c6ae889f3bee42cc19a728ba66fa3d99' AND file:hashes.SHA1 = '18cb6155efbfa3311b919ae8e10fbf35680466a8' AND file:hashes.SHA256 = '8fbeaabbe09e9e2c97c49e5d9352001df044e7ce277f35d4a617add07216da07']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--01589ece-7e55-4ff5-8089-0e3c79e3bc60" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:41:19" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "7f532053-8e61-436f-80e6-642db2580516"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8fbeaabbe09e9e2c97c49e5d9352001df044e7ce277f35d4a617add07216da07/analysis/1556041279/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "ffff54f9-ea34-4088-b94a-f2cd438010d2"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "12/66" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "77a783e8-0442-4a8c-a48a-06ee3e5afd7d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--df884a16-5a27-4416-99db-3e9912ebca78" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:09.000Z" ,
"modified" : "2019-04-23T19:51:09.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aad0d93a570e6230f843dcdf20041e1e' AND file:hashes.SHA1 = '57fe83b6465e52198bd76b8b987601f716009033' AND file:hashes.SHA256 = '4e676f83ebb765ee3d2215b9e957b966947049fcffc251c2b2f97121a19ef4fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3b6a92d0-719d-4a15-a595-3074f0540e6c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:39:59" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "e233f21b-719a-474c-8b07-e588aa3d2788"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4e676f83ebb765ee3d2215b9e957b966947049fcffc251c2b2f97121a19ef4fc/analysis/1556041199/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "13cd1ac1-419f-4846-9315-77dd39ebb887"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/67" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "0584b8de-b7e3-45d9-a5b2-44c1699e1b0c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e33914c-3535-460f-9164-a5708f650474" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '44038b936667f6ce2333af80086f877f' AND file:hashes.SHA1 = '60dfcc9c2c6ec97538981dd38196607382256693' AND file:hashes.SHA256 = '9f262e3f57d8dbb1778b8eff2e82165719dd2cf85ce2f292c87d7080d085d0fa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--069666d4-4b61-4682-b4a8-15e1157809b1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:41:36" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "17ed0452-d09e-4583-8eb6-5be41a9ea4a8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9f262e3f57d8dbb1778b8eff2e82165719dd2cf85ce2f292c87d7080d085d0fa/analysis/1556041296/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "57085397-af38-489e-8aae-a67fbc224e25"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/69" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "8f91b43d-3ce6-4ed3-aa2f-e748a318b36c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a8cbfe77-303e-4ed5-a426-8eef04f8c90f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '6cc0218d2b93a243721b088f177d8e8f' AND file:hashes.SHA1 = '16115abc3b3ea066abcdabe64b5165b90a516cb6' AND file:hashes.SHA256 = 'fa7aab5d6e62cd1d9d5c92d793cbd3f570d9d4c3c6b1744a25382e93c679f570']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-23T19:51:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-23T17:39:57" ,
"category" : "Other" ,
"comment" : "DLL" ,
"uuid" : "b02cfccf-7452-456d-b25a-434217cc59d6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fa7aab5d6e62cd1d9d5c92d793cbd3f570d9d4c3c6b1744a25382e93c679f570/analysis/1556041197/" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "958325a3-46fe-4e63-8980-03632c66f874"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/65" ,
"category" : "Payload delivery" ,
"comment" : "DLL" ,
"uuid" : "dcce3632-fdb9-40fd-86e6-856e9e34ea19"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--7644b8eb-9160-4e46-8c4e-4fa7aa6b1754" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--844728a6-db55-4b98-aac5-2958c52b5690" ,
"target_ref" : "x-misp-object--d91efdf2-3005-4924-922f-9ce8b309d20d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--c79b84c0-048b-4b39-ba51-0564db57b187" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--dd76b439-cce9-4957-9a55-13d1eb572e3b" ,
"target_ref" : "x-misp-object--b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--03820ea0-2fdb-4ac0-b764-71ff8d5929ad" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--4a680b06-e200-4a0c-83d3-89b373ef8503" ,
"target_ref" : "x-misp-object--5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--46876d38-6711-4436-9e03-ccc788b77316" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a98ac785-a670-485e-8de9-81be78a84acd" ,
"target_ref" : "x-misp-object--b0818f5a-42aa-495c-a1c5-b486770e1093"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--8362025e-c35e-476b-a313-911b3f8c35da" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--72399b1b-24f0-4118-96a3-5ad99ec976bb" ,
"target_ref" : "x-misp-object--d2fb9c7b-488e-4065-8473-56f9fea46380"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--20daa1eb-ae3a-4743-9fa8-83c8f553bd2e" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b806bdf8-c5e7-45f9-8e37-444ee7c09c2d" ,
"target_ref" : "x-misp-object--61f76b3b-866f-4009-82f3-60fb8d0d8324"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--4ac60630-57c5-49a9-8010-c6cba0703df1" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--01581d8a-6268-4e99-963b-a4b8dae4f91b" ,
"target_ref" : "x-misp-object--81f1f4ef-811f-4d46-8ade-0ab42c570b53"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--9de74d1d-f05e-4699-8346-d67f258b7c20" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:10.000Z" ,
"modified" : "2019-04-23T19:51:10.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a" ,
"target_ref" : "x-misp-object--01589ece-7e55-4ff5-8089-0e3c79e3bc60"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--19a36dab-a7dc-47c0-a784-b1fb44214345" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:11.000Z" ,
"modified" : "2019-04-23T19:51:11.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--df884a16-5a27-4416-99db-3e9912ebca78" ,
"target_ref" : "x-misp-object--3b6a92d0-719d-4a15-a595-3074f0540e6c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--5c2d8921-cba2-4616-8aa5-f3b7875659cd" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:11.000Z" ,
"modified" : "2019-04-23T19:51:11.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9e33914c-3535-460f-9164-a5708f650474" ,
"target_ref" : "x-misp-object--069666d4-4b61-4682-b4a8-15e1157809b1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--3934229c-f16a-485c-b411-6d33b59710e8" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-23T19:51:11.000Z" ,
"modified" : "2019-04-23T19:51:11.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a8cbfe77-303e-4ed5-a426-8eef04f8c90f" ,
"target_ref" : "x-misp-object--ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}