1294 lines
495 KiB
JSON
1294 lines
495 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5c4adca6-8a80-4096-b289-47eb950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "grouping",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "grouping--5c4adca6-8a80-4096-b289-47eb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"name": "OSINT - Silence group targeting Russian Banks via Malicious CHM",
|
||
|
"context": "suspicious-activity",
|
||
|
"object_refs": [
|
||
|
"observed-data--5c4adea9-100c-42bf-87c9-40d1950d210f",
|
||
|
"url--5c4adea9-100c-42bf-87c9-40d1950d210f",
|
||
|
"x-misp-attribute--5c4adecb-35ac-41fc-ad00-43f5950d210f",
|
||
|
"observed-data--5c4af0ad-c2ec-48eb-9c68-4828950d210f",
|
||
|
"file--5c4af0ad-c2ec-48eb-9c68-4828950d210f",
|
||
|
"artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f",
|
||
|
"observed-data--5c4af6b5-51ec-4123-8655-4e37950d210f",
|
||
|
"file--5c4af6b5-51ec-4123-8655-4e37950d210f",
|
||
|
"artifact--5c4af6b5-51ec-4123-8655-4e37950d210f",
|
||
|
"indicator--5c4af72c-b1f4-405f-98c2-41ff950d210f",
|
||
|
"indicator--5c4b12f7-e344-45a6-a676-032a950d210f",
|
||
|
"x-misp-object--5c4ae48a-3218-4d00-b1b8-4ea7950d210f",
|
||
|
"x-misp-object--5c4ae86b-8dfc-4f6c-91fe-4840950d210f",
|
||
|
"x-misp-object--5c4aebb7-92d4-41a0-bc03-4a72950d210f",
|
||
|
"x-misp-object--5c4aef5b-e930-42d1-960a-4a02950d210f",
|
||
|
"x-misp-object--5c4aef78-5f60-44fa-8461-0477950d210f",
|
||
|
"indicator--5c4af036-b57c-4b44-985c-031b950d210f",
|
||
|
"indicator--5c4af051-b338-4305-8d8d-4f8a950d210f",
|
||
|
"indicator--5c4af596-b560-4a3c-a071-0477950d210f",
|
||
|
"indicator--5c4b0bc7-7f40-45b1-96fe-8be6950d210f",
|
||
|
"indicator--5c4b0bd9-bd80-46d9-b847-8d1a950d210f",
|
||
|
"indicator--5c4b11d4-3980-4c76-ada5-8be5950d210f",
|
||
|
"indicator--5c4b1e9b-f5e8-419a-bf32-cdda950d210f",
|
||
|
"indicator--5c4b1ef4-1b18-411b-acd9-cd55950d210f",
|
||
|
"indicator--5c4b1f04-4284-4f67-a71e-cd47950d210f",
|
||
|
"indicator--5c4b1fcd-b8dc-44aa-95d6-7c49950d210f",
|
||
|
"indicator--5c4b1fdd-42bc-4a17-bd0f-43a0950d210f",
|
||
|
"indicator--5c4b1fee-752c-41b2-bf0c-dc58950d210f",
|
||
|
"indicator--5c4b20df-e2a8-458c-b8b3-4a65950d210f",
|
||
|
"indicator--5c4b20f0-a8e0-401c-8b7e-7c48950d210f",
|
||
|
"indicator--5c4b2103-552c-4757-869f-cd47950d210f",
|
||
|
"indicator--91795e9b-d1f7-4b0d-9d92-5a431928fc67",
|
||
|
"x-misp-object--e43f1762-16e7-491d-a6dd-8ee0c9e9c6fb",
|
||
|
"indicator--698c4d77-fd4f-4218-bb4c-f168514b3290",
|
||
|
"x-misp-object--4dca79f2-944f-4a42-8bc1-87b40e8dea17",
|
||
|
"indicator--2ee04d28-127c-48b5-b8cd-ff204584eb06",
|
||
|
"x-misp-object--2ac1303d-bab9-480b-8106-1372dc9a3f18",
|
||
|
"indicator--dcf6dd23-a9cb-4176-82cd-a1988b844b08",
|
||
|
"x-misp-object--957e75e7-4f8d-4295-af73-93b1a7ac8d5f",
|
||
|
"indicator--b5acf42a-4872-4868-bb13-4103b0302591",
|
||
|
"x-misp-object--12075022-7ba4-4194-9d70-ed925f904ad8",
|
||
|
"indicator--702ffaf3-4607-4b11-9de2-58d0a7dd5c02",
|
||
|
"x-misp-object--ce51d85e-e171-4924-beaf-f0bc4bc44088",
|
||
|
"indicator--b7e34830-062d-4d26-b446-7ae06fa24f0f",
|
||
|
"x-misp-object--4108724c-1ab6-4fb3-9238-7c2de72a12d1",
|
||
|
"relationship--a80c48d1-d1a5-45b7-b9dd-f7427a1e2da5",
|
||
|
"relationship--22847e28-5882-40c8-9f0d-3bec6e498c2f",
|
||
|
"relationship--dc6b8256-ed31-4e9b-878c-c9835e2ab226",
|
||
|
"relationship--2623a545-5582-42ad-9343-bb75e1323689",
|
||
|
"relationship--23bea76e-aa75-4eb2-ab66-d58832a1702d",
|
||
|
"relationship--7733e18d-e9f1-4ea6-8154-ab968c0093e1",
|
||
|
"relationship--17dac2ee-ffb7-4a78-930e-24482747984a",
|
||
|
"relationship--f12fb5b7-503d-499d-99ed-2270cadacfd2",
|
||
|
"relationship--14f9af89-29c5-4173-9f6b-251062727b43",
|
||
|
"relationship--aa1afed9-d2eb-4cfd-be8e-87692d7fb52c"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"workflow:todo=\"add-missing-misp-galaxy-cluster-values\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote File Copy - T1105\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Mshta - T1170\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Masquerading - T1036\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"PowerShell - T1086\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys / Start Folder - T1060\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"",
|
||
|
"workflow:state=\"incomplete\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5c4adea9-100c-42bf-87c9-40d1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T10:02:17.000Z",
|
||
|
"modified": "2019-01-25T10:02:17.000Z",
|
||
|
"first_observed": "2019-01-25T10:02:17Z",
|
||
|
"last_observed": "2019-01-25T10:02:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5c4adea9-100c-42bf-87c9-40d1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5c4adea9-100c-42bf-87c9-40d1950d210f",
|
||
|
"value": "https://reaqta.com/2019/01/silence-group-targeting-russian-banks/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5c4adecb-35ac-41fc-ad00-43f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T10:02:51.000Z",
|
||
|
"modified": "2019-01-25T10:02:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "In November 2018 we followed up on a tweet mentioning a potential malicious code disseminated in CHM (Microsoft Compiled HTML Help). A preliminary analysis caught the attention of our Threat Analysis and Intelligence team as it yielded interesting data that, among other things, shows that the attack campaign was targeting employees from financial entities, specifically in the Russian Federation and the Republic of Belarus. We conclude that the actor behind the attack is Silence group, a relatively new threat actor that\u2019s been operating since mid-2016."
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5c4af0ad-c2ec-48eb-9c68-4828950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T11:19:09.000Z",
|
||
|
"modified": "2019-01-25T11:19:09.000Z",
|
||
|
"first_observed": "2019-01-25T11:19:09Z",
|
||
|
"last_observed": "2019-01-25T11:19:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5c4af0ad-c2ec-48eb-9c68-4828950d210f",
|
||
|
"artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5c4af0ad-c2ec-48eb-9c68-4828950d210f",
|
||
|
"name": "2.png",
|
||
|
"content_ref": "artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5c4af0ad-c2ec-48eb-9c68-4828950d210f",
|
||
|
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAA/0AAAImCAMAAAA2bxoKAAADAFBMVEX///8AAADP/7hot+OgsHRNb4AAAGPU8vmMNAHh1i6ndD4FLFPS2+NiAQAye7XIpnJiAWPU1NX+AgK4//+RzOuNb0hKptccJzMoYmmygIHUu61DNU7Dx8qATjtslLo0AQBaOhw6bKD///+XsMoxImnUZGT9/9rajTbCw8PZuI+20eOBhpxKY3M2Nky1ZADQ5Py2triFt+P+7c03jdoAPJAnYJmIrMoAADStc2lWKh80icp/qbVEW3a1srKLi4v0/P5wcW1glMN7Qy/ZhoLl3bQANIvnOjrc4M1TeqamyvBPVHRli7RLVVfs/P7MVVDy8vLbr3Xs7Ox1nMKPZHz/2Y0AZLRBLSGfn59NS20hW5bk/f6neFWGeHAmLU4wDy54qc/a//+rrq57ZG1AmtChoaG7rp7Cm2v+/gG+5PeNY0YyTnVecnzw5MyrxNRXY6pZQTjg069LQ2nN0NJbhbJ9t/BLSE1wfIL+/dFMZZSisKxTi7z8/PS4k2kfSXAzLiH//7U6TFbc7Px0jKSuUURNY4uQ1v+z2v6HttwQPlafvdC2nIu7jluRXGvT4u/izKmnPjBeBTM+NTszQHN/ShMxGBJoNH1jtf/+5LKpk454XGsVEBJIeKdrPSWeqppkrtlifp+FW0SKdWHq8/qxjGq6zNqCnsphWlTGq4drY27IiUKTk5RHdJGN2rVsnc8xXojgvIRrSUrCxbHlyZFGhLsMR2hrXG1kZGmDVjTD1+hBMDRURStHjcM0Y7JMXH3e7PT89en9tGNefI1knNSDxe86kNs4Q0+yYFgUGSz9/eng0cosKy6jdUsaKUyshGogM2W+vrsyNI2Cf3yqxo7x6NzewKOZxeRkR0xWNkvl8ftRKS62TDBbfbMzUZVrSThJlM2FZFtxg5SnYQKUtbOsjImDU22ug1cpQVR1lrr+8tw0Mzbb3dyz2O7LtJpUfbIMLHnj5OSk0+/037KnnLjw1KufuLiZqYhVovCcwtx9T0qGl6C12o07UnA+W3NihKzYnJpaXHTLN7ekAAAAAXRSTlMAQObYZgAAAAFiS0dEIcRsDRYAAAAJcEhZcwAADsQAAA7EAZUrDhsAACAASURBVHja7L0LWBRXmv+/nV1DhmAYnsifURGxcKG5mYhJK0G6Oyw+IMI0zSgSaUSywHBpBsQ0URs1uF4GWHoCEiFc5PqDDCQScAbUjDTGcWlBh+UBR9wdEyeuCo0TwoP+gHX4+T/n1KWrmm5pFCLoeZ8Hurvq1DmnqvtT73veqvOtf5Bgw/YkRrz1uw1vvbXhVWzz0t4CtuEf8M8Y2xPSvwGwb+N+cY6a+7O1mdgFGyPL7xipfcDkit1tEP+YfmxPSP/v3vr+8kc3k6pnz8i6kx5vmYbN4VlbpnGbYo+ona7OEUtbDVp1tcHFlbekPSaZVGxx8yObVzdg+rE9Kf0bNlxOdBDcnbbZQds0lU0A2wVsYsKftmKDtkJnbxu0935sM9SJFWzTdV63U8xe+qPdhpZ0zshZ8X7SaUOLLbpV/4+0XmNGrl6SWC1wSLR5dTboj8b2Ihix4dWPHIwiHmLEmBPA1PCTCEw8nv3iKdB/FvQb4n+FEfyL/Ysn8U/jn7R+uvR3ZWX9PxMM0H/3rsNH7bMx7o8msL0ItsHmpsAI+ALjZhL/ExObTIJ/Sr//LNA34v5XrDB8BjDk/qekH704uKZRNo4WnJZ13br1Lyy71S2TLYb/ujmLCxsh/YKbNq9i+rE9ob16J9Mg+5Bxh8fxHzI1/7u47BfPL/ZNcf+sAIDZP38u/4B+w3mB+/fRivH7WsrS0PLTssZbt24t1mG+rk6rFcqEWq0ra+HiW7e8If13M+9g+rE9Mf0Xq1nU37QGJiThf2w2DOEfYgr9EybG/Cvennvwm+T/J+0SF//MAFvD+USv+0nw1bWLaJUCkxBpaHm1zHsxZRTosjcJqatEEiWjF5B2Twy/ueqLmH5sM0J/2j/98pe//EnnuICG/zF5eMr9PwZ/yvPvmlfJvhnmfwLQn2T4BDpO0n/zTSItMTHRrYtI+w5+TvqF9zrKFl9Btu73URJCsuezdejT4sXU2sIvZ5X+Awt5wN7agRF5QegH8P/kJz/55U/Ed0n277sKMlmX5NDrnhCKfyr6N0r/Lk7c/2SO/725Cf9j4v/Jub/MACqrevCgK2nj4/Cj17gXWpEWJU0DC9LelKahYg5jMf/2H6T9/Oc/D4cWH2AltQ2IR+9//nNq5X/cSn4S+huWbzAzhX7HY7zjBOHE24IReQHohz/Lsz/5paW15U9+uZ+kP7M0dPekq9oVK2j/TyX/nhz+uTzgf2L8J43+MwPuotf6xD2UuS5A54XzBw/CV7eoobQFCxY8Ai9l0O76LPbx+Q1l/wXtN2NCqyEr4Rj5gbF1nibS3wad+Dt69P+V9385hYYXvmzGpn/zcuj2Dyx8+XXMyPNPf11qqveAvbii2RrST8amFRELBKNcy+TSj5z/49ifeIpM/9zm/zHX/zj8M/Sn0WhFucHPZefL0MFx26ONgucEW60R+gH8qdo9WlsS/8n02/zDVPBvMcH369Pfxvsj/HmsWlsBzx0vxyx/q2k5rz55OfhwfPPyLdxVO5x48I/HW3sYbrQZFf4jXMA7foDchnohqFLw5a2XqMEFXTBvBzznoJPVFqogtRAte/l1tFUTp3ZYxRbyPfo9oyLmvD/C8xZZRRvVS10ZbPr0lxKEhO+91cb+J79s60D0Z95vKUt7N6nCrjrq5k1/QZLwq8xChXvgisxud/d63cjfAP27dGYEfg43c5x9Uy/+GQn/dfQPUbbHjeP79zA5f4b+37DpHxPaal0/rQP4L3si+n9L+n14EgAOvwFSsMHsrzzg+9vQW/LlrxARazpEYNF/mFgFoNm8HGJ6YCHgceHaUop+ehWEE/zB9ShUIAtTC14it/mcfKkgF1oi5utptMmCDP1/BH3VW4haakNb/Z1TO1hPsJpuo04mf6QaQYtXUdST8Qw2g/QTRHQu8Pw/CTxPBv7ClQ7Cm5mFKzMfiLtPCmwrXnsQWDZ+fUXm/fG0M3asvJ9x9ieenP335paZFP6vMIQ/Q/8C+rp+Yj2kfOL8+EH4ej6RWQ7vjJy463MLsv1vjI19mpY2NlaelvbpMt3Cafl+FPgz9G8wg+cD9BYufacNnAHk7zdC3/9bHf2syJ+mfwsBPTH4eB6eQd76K+vEYJObZ87j0d6VLOwEzx+reF7kNtRLLlkqF51bKMduThWkIoFViH4nsiC9ELWEajRQO/X+OHL9qOKF5LmM6hFatQonMY3Sb1dKpG7dWmdl/pOf1JwnE/6Z4n3fyT6K7CrxStv9ANJfXPEosxpE/rJQmyKa/pBJvn9K9oufA78/jexf5jmvMo5NTJQhym+O34Wv7DXwn5ePcIwk/OeUoff6C/7t3xYnm0Y/COphdMyin3r7WwTHFjIDoB/5s7J+lIOH4TRgDZwQYoDvX4UCeIr+tZ8n57XpEoRkYZZ31r1YkqXajPt+GCsg348KHjDk+/Vqn+z7/4jOW5Z0j+gzB/b9Bum3swP0S0HwKbUWu7pSGf892206OtrLkqz3Bf5raULk/ZriigAHvvgPwgV2e0IZ36+X85+e4397Kpvr9E959Q/Q7+aFKNcZeaQA/QL9IRNMvTqMFX777X/8x3/887p14QZt3bp1/wzWM1f8bP7BpEy/pQH639Hl//TpZ13xo+gHTvlnaNnxzfq+H43ZkbdGA3+y8BbWyJx5IahS5LifQps97rdZTnpsclwPTys6+gl63M+qHdJP6I/7qaiF7hHc9gCTY8Bjfy79doh+bVSUtyTdxi1tnPT9sj8JMjPFboLS/H1HoxQ/W+BeLFS4fWrzh7oatxro+8mcvzH4J6aGfz6w//bU9nj/7y+4ueCul4A7TwIeOwfXcYP3UmaO3bu1mGXsu3v/hbX81jphksn0I2cKR/uIfsg7+GvjIeANR/4GjWRtekZtY+qmpA+nsg7Yfhz6wbh/iM/n+9l
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5c4af6b5-51ec-4123-8655-4e37950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T11:44:53.000Z",
|
||
|
"modified": "2019-01-25T11:44:53.000Z",
|
||
|
"first_observed": "2019-01-25T11:44:53Z",
|
||
|
"last_observed": "2019-01-25T11:44:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5c4af6b5-51ec-4123-8655-4e37950d210f",
|
||
|
"artifact--5c4af6b5-51ec-4123-8655-4e37950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5c4af6b5-51ec-4123-8655-4e37950d210f",
|
||
|
"name": "img.png",
|
||
|
"content_ref": "artifact--5c4af6b5-51ec-4123-8655-4e37950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5c4af6b5-51ec-4123-8655-4e37950d210f",
|
||
|
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABEwAAANBCAIAAAB1Wry9AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7P0HoCVHfeYNV+5w4s33TpA0GuUEQiiBhAi2AcvCBuOAw2Kclo/ouPY6gFkb4/g67a5333VYe71ee18bYxxAIEAgkJBQRHHyzJ1084mdKn7/OudKBs2MrQHJEnL91DrTp293dXVVdZ/n6Ur4M3fuQoFAIBAIBAKBQCDwfIFs/hsIBAKBQCAQCAQCzwuCyQkEAoFAIBAIBALPK4LJCQQCgUAgEAgEAs8rgskJBAKBQCAQCAQCzyuCyQkEAoFAIBAIBALPK4LJCQQCgUAgEAgEAs8rgskJBAKBQCAQCAQCzyuCyQkEAoFAIBAIBALPK4LJCQQCgUAgEAgEAs8rgskJBAKBQCAQCAQCzyuCyQkEAoFAIBAIBALPK4LJCQQCgUAgEAgEAs8rgskJBAKBQCAQCAQCzyuCyQkEAoFAIBAIBALPK4LJCQQCgUAgEAgEAs8rnjWTQ5zixAqCCXYYvhKCMbYWxdgwU3ErI6ThE74mxMIW+OtJsSOcc+NgYWW8hTEhrIaQFW9VtOEMolZRyktSt47FCGGtSBzrWNiIaVWMDw8EAoFAIBAIBAJf6+DP3Llrc/VfFzA5GHwHRmBI4BsGl0MYbM9pHbbAF7ArUkq/lTFYT9VgfOCT4PGmsYFPALaA84FPaWsCldbhAkUMuQbKMYTnqBXckiriFheSyXhYYJW0ZJw2zMYovEAgEAgEAoFAIPC1zbNncqwBhzMyJMSMfA44HUoplpkxBowNrIN1gR3A58AWzbwFOhGiNlfA4fianZHDgc+eFQ1mKEFgbJDRsc0JdorVLLc0k8IhR4lJaaYqZolQSFI+DicQCAQCgUAgEAh8TfOsmRzkDFgRQhj8b4xTRsM2sDki4lLKkVvBWvuNYHjgs7KxP+oELFfggkZB+aZ34/ocoE44KTpVOdS0xniEbVlZWvHWfLFSxY1M1KVWsRqmKBPCguXK1MQ4wEAgEAgEAoFAIPA1zbNmcvCovgX+95U64E0s2qzYsWpckwMopay1vnoHY+qGm0d+OVj6v47XN/3NCMmTSaEFRYWLSkMHRbEhoyye2lnrdCVWhM5ErC0zl2UDJ6qknaKThx8IBAKBQCAQCAS+tnj2anJGJsc5rK3BiBDORv1wME3rvV5Pay2EGNfhgGMBtxOPKmpOxBBf2zM2Nt4LUQrhAL2SzDDpik4mTVxrS4S/uNj54tFsSbuLz9h56Xx7WzyM1VGRiIGb6dmpKXNoHGAgEAgEAoFAIBD4muZZMzl2NACaRX50AURoFEXWorIsf/2heGVlpd/vwz7gVcbVOLDzgNXHBz4JrP0OY2D/8Qps/6Yd+qXnz5/VtNWgg4yMOOvbdN01bv3Cyh1HVjcQee2VO1+7FW+nG0NTysnpWq8cBxgIBAKBQCAQCAS+pqFv+aF3bq7+62KM45yDL0EOj4Yc4OBweoP+f38YdxRztWnami9ZY4gSKVommYxhDwZW5cmLw5hyLuKICYEp0daWUhZVdWxlPU3jiZQL4lJiY1RiZBjn552Tytrs3Wvp5w+ZPRv5dIOfzavtw+UBa2zGLBAIBAKBQCAQCHwt86zV5GiMuVMOMYNpRKyrikJM3H+k+JmHJ39wZ/97zlVWlYrWqTMUaY0isCibRz4JZzCJtMsoZcqRCSV62H7fJ4eHzHYhO29/Ue112zVTw4jKypmOmGnjrLTs5kc6f/lg0Yu3pTZ//XUX6+7KTROH6/V6FAtnrDGKjtq9WauNNHEcF7ISQihtwZGN6qCYNdVmBJ4aBJ98dDjnZwk6CVpajC0X4ABdURST0zPLS6vNxoTRm1MGwT7u8SGzgfF6IBAIBAKBQCAQeNYmA33GqXpM9j98/9JHD9M44sJWiqQ1LFFRUK2uvvwFCzOTWsuBNB/6+G1/9+k7wbc8yTmM1wkhlVbgcMqyLIqMU5IkUVUV8KfTQp8CcwpiQdNaDGekBIP1yocDiKFD1l9aIBAIBAKBQCAQODXPW5NT071Ko31Z/W8fGdx5tERJGxtJZIYsiYhIKd+2ZUvSaOWVG0STfMcLOOfgZ8CNwLFjhzMGMwob4U+wnoK9KcFu9BiFzei0FsHxSZdIkJMuYMBizmLBwedo6Wtv6mnNmWByAoFAIBAIBAKBf4HnbXO1fKBW7SRJ6tHg6GVz7Aeunro4Wbd+Up54WOT7i+R/3LH0YNlwcYNQR7n4x1eVlFKE3chIjMat9h2HlDGu0WhUVTUY9ObmZpaOHT127Ji1tigHmxF4apyquRqEv7n25aRx0h90o4hHiZienp2cnseIVaXhka9xGtuwJywZMF4PBAKBQCAQCAQCz1uTszqIcsuZqxgjGvOXzNsfuoxdPInKQVWL2f6Nch/ecs8a+uz9D0VpzTLxx69KvXMYmRywDL7qxjlrNcRQa+msbrebux595Fc+8P4H778XTovZ6VWCncqE+JOeDKcdoUgIXpbF/JZt3/Xdb/6uN70ZEqIMfXICgUAgEAgEAoF/ludtc7WcTdfkBtX90jHt8F3Hzf951BwaRuB5UNW7YJKcH62/7mz6y9/24m89G796NhvbBmC8Ap5hbBukVlEU1ev1Qa/7l3/x5w/efzdChjPidHVaCzL6pMuTdntiIUQTbCuZiYguHz/2f/78zw8dPGiUHMUxEAgEAoFAIBAInJLnrckhyIJL4VGCqiHShUTiM/vz/7PLHZFRIeq94aBJimmzvs0sv/rs+puu3GGt3x8OHNWL+IoRAFYIIUVVgtXhnB8/fhTsDyPYWYmpPa2FMHfSBWF70gUjTYh1xmpZOauPH1ksy1wpNb66QCAQCAQCgUAgcCqetyYnyVbKeC5XTlCJCLa6dJj/zV762cX+Gpmw9RkaN8CtpMTViDG99bGrgQPB2MDneB1gjEVRNLY9VukkToxVyBo/ztnpLFaDXznJAmc76WItUlJTguioDw5jHM5eS5JxrAKBQCAQCAQCgcCp+JoxOZRSY8BoYIeJdQQxgVgsLRkyRqv1mqGlmyoUKWm3T+sT6xsmmiAGzErLuFmqU6zj0iRE6997mP/9AVPSGqqyyFZlMZDOOOEocWCFwL34fjijOhywGg4R8CHIOv8JhicSRVk4TDUkHKHgg8AJpTVBKFgR70wo/IPAI51kORV+LtSTLX5UN38W4iRcrbNOG44LFGpyAoFAIBAIBAKBf4GvGZNDsIvATYC7Id4ZyLJAVsUcvI7z83ZSnsRMMLgeFxG3Y74V8aVYLMOSRCtPfMJGJeWxY8dKKcE/gMeIoogxlpx+DYm1lnM/HptS2ozGRADPozXYn0AgEAgEAoFAIPBs8jVjclSRG1UZVVBnBccUPIXR1kiiS4NoLo3MhylxglOmi9ddf9kffsPsH7167n++duGPXzM//oSvsBHs0Pp6ByHMmPBt0jAFZ2JPMXLbPwMc6+fs1MhZ77GQ8yNEg/0KBAKBQCAQCAQCzy5fMyaHMcopFYwjbCl2UcRHM3JiZwqJI5S0GWOqyMCxlIP1s+pmCy620epLl62kXEA5j4SxlvhO/WBxiLVWalvp024GBjaLRzEmzDoKizaOR5ELJicQCAQCgUAgEHi2+RoyOZwQShitSjXMSzAnxvh5O5O4ppPJI33Doro02hAxOzND+sf6KRrU8LBO4HO8Agts1MpwLqzDSplRizXKOYfPzdM8ZQhBUkpnMUYMFuRn1vEN6QKBQCAQCAQCgcCzy9dOczWHskoWlUGMM54QHhMuykoPpT6wof7i5jv2HVvlabNAkcWElp2kyNIyh884H8IyXofFIscEuBqsrEGEGXAnoy7+p4vFyFn0ghe9+M1v+aHX3vjNUVovi8p9zSRnIBAIBAKBQCDwvOVrRpU7whGJjCNJo2UJ6wwyzBIiEho396+XHVTnzRmJREnr/VLXY4Ho3HhxZBYWWMFsHj4JIQ4MCvWjDkCwvkbIj6Z22jbHaSSS5Nu+7Tve/e4
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4af72c-b1f4-405f-98c2-41ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T13:33:33.000Z",
|
||
|
"modified": "2019-01-25T13:33:33.000Z",
|
||
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '146.0.72.139']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T13:33:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-src\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b12f7-e344-45a6-a676-032a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T13:45:27.000Z",
|
||
|
"modified": "2019-01-25T13:45:27.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.0.72.188']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T13:45:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5c4ae48a-3218-4d00-b1b8-4ea7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T10:41:15.000Z",
|
||
|
"modified": "2019-01-25T10:41:15.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"victim\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "sectors",
|
||
|
"value": "financial services",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c4ae48a-cdc8-4489-a223-4186950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "target-org",
|
||
|
"object_relation": "name",
|
||
|
"value": "Emirates NBD Bank (National Bank of Dubai)",
|
||
|
"category": "Targeting data",
|
||
|
"uuid": "5c4ae48a-c010-474c-84eb-4742950d210f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "one of the largest banking groups in the Middle East in terms of assets. Russia-based office.",
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "victim"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5c4ae86b-8dfc-4f6c-91fe-4840950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T10:46:09.000Z",
|
||
|
"modified": "2019-01-25T10:46:09.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"victim\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "sectors",
|
||
|
"value": "financial services",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c4ae86b-05d8-4544-8b3f-4861950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "target-org",
|
||
|
"object_relation": "name",
|
||
|
"value": "Zapsibkombank (Zapadno-Sibirskiy Kommercheskiy Bank)",
|
||
|
"category": "Targeting data",
|
||
|
"uuid": "5c4ae86b-2570-434a-85b7-4cf3950d210f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "West Siberian Commercial Bank (WSCB). Russia.",
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "victim"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5c4aebb7-92d4-41a0-bc03-4a72950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T10:57:59.000Z",
|
||
|
"modified": "2019-01-25T10:57:59.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"victim\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "sectors",
|
||
|
"value": "financial services",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c4aebb7-5334-4a41-9f1f-4f97950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "target-org",
|
||
|
"object_relation": "name",
|
||
|
"value": "FPB (Finprombank)",
|
||
|
"category": "Targeting data",
|
||
|
"uuid": "5c4aebb7-b398-4a45-a418-4236950d210f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "Russia",
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "victim"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5c4aef5b-e930-42d1-960a-4a02950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T11:13:31.000Z",
|
||
|
"modified": "2019-01-25T11:13:31.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"victim\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "sectors",
|
||
|
"value": "financial services",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c4aef5b-5578-4029-bb3f-4f6c950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "target-org",
|
||
|
"object_relation": "name",
|
||
|
"value": "MSP Bank (\u041c\u0421\u041f \u0411\u0430\u043d\u043a)",
|
||
|
"category": "Targeting data",
|
||
|
"uuid": "5c4aef5b-ba44-472f-8bd1-463e950d210f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "Russian Federation State Bank, focuses on providing financing to small and medium enterprises.",
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "victim"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5c4aef78-5f60-44fa-8461-0477950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T11:14:00.000Z",
|
||
|
"modified": "2019-01-25T11:14:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"victim\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "sectors",
|
||
|
"value": "financial services",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c4aef78-727c-4040-9a99-0477950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "target-org",
|
||
|
"object_relation": "name",
|
||
|
"value": "MT Bank (\u041c\u0422\u0411\u0430\u043d\u043a)",
|
||
|
"category": "Targeting data",
|
||
|
"uuid": "5c4aef78-eaec-4828-a3ca-0477950d210f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "Meridian trade Bank, the only Belarus-based bank entity in the focus of this threat.",
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "victim"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4af036-b57c-4b44-985c-031b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T11:18:20.000Z",
|
||
|
"modified": "2019-01-25T11:18:20.000Z",
|
||
|
"pattern": "[file:name = 'Contract_12112018.Z' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T11:18:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4af051-b338-4305-8d8d-4f8a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T11:17:37.000Z",
|
||
|
"modified": "2019-01-25T11:17:37.000Z",
|
||
|
"pattern": "[file:name = 'Contract_12112018.chm' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T11:17:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4af596-b560-4a3c-a071-0477950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T11:40:06.000Z",
|
||
|
"modified": "2019-01-25T11:40:06.000Z",
|
||
|
"pattern": "[email-message:body = 'Good day!\r\nI, Skurtov Andrei Vladimirovich,\r\nHead of Interbank Operations and\r\nCorrespondent Relations of PJSC \u201cFinServisBank\u201d.\r\n\r\nWe negotiated the opening and maintenance of correspondent accounts in rubles and freely convertible currencies.\r\nI ask you to consider the application as soon as possible to open and maintain accounts.\r\nI attach the archive with the contract. Please fill it in and send it to me.\r\nThank you in advance, waiting for an answer.\r\n\r\nRespectfully,\r\nHead of Interbank Operations and\r\nCorrespondent Relations of PJSC \u201cFinserviceBank\u201d\r\nNizhny Novgorod region, Sarov, Silkin street, 13' AND email-message:from_ref.display_name = 'FinPromBank' AND email-message:body_multipart[0].body_raw_ref.name = 'Contract_12112018.Z' AND email-message:body_multipart[0].content_disposition = 'attachment' AND email-message:x_misp_return_path = 'sleof@fpbank.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T11:40:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"email\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b0bc7-7f40-45b1-96fe-8be6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T13:15:28.000Z",
|
||
|
"modified": "2019-01-25T13:15:28.000Z",
|
||
|
"pattern": "[file:name = 'ejpejp.txt' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T13:15:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b0bd9-bd80-46d9-b847-8d1a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T13:15:05.000Z",
|
||
|
"modified": "2019-01-25T13:15:05.000Z",
|
||
|
"pattern": "[file:name = 'ejpejp.com' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T13:15:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b11d4-3980-4c76-ada5-8be5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T13:51:32.000Z",
|
||
|
"modified": "2019-01-25T13:51:32.000Z",
|
||
|
"pattern": "[file:name = 'INFOCONTENT.TXT' AND file:parent_directory_ref.path = '\\\\%ProgramData\\\\%' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T13:51:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b1e9b-f5e8-419a-bf32-cdda950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:35:07.000Z",
|
||
|
"modified": "2019-01-25T14:35:07.000Z",
|
||
|
"description": "CHM file",
|
||
|
"pattern": "[file:hashes.SHA1 = '20055fc3f1db35b279f15d398914caba11e5ad9d' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:35:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b1ef4-1b18-411b-acd9-cd55950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:36:36.000Z",
|
||
|
"modified": "2019-01-25T14:36:36.000Z",
|
||
|
"description": "CHM file",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd83d27bc15e960dd50ead02f70bd442593e92427' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:36:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b1f04-4284-4f67-a71e-cd47950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:36:52.000Z",
|
||
|
"modified": "2019-01-25T14:36:52.000Z",
|
||
|
"description": "CHM file",
|
||
|
"pattern": "[file:hashes.SHA1 = '2250174b8998a787332c198fc94db4615504d771' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:36:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b1fcd-b8dc-44aa-95d6-7c49950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:40:13.000Z",
|
||
|
"modified": "2019-01-25T14:40:13.000Z",
|
||
|
"description": "CHM file",
|
||
|
"pattern": "[file:hashes.SHA1 = '9d4bbe09a09187756533ee6f5a6c2258f6238773' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:40:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b1fdd-42bc-4a17-bd0f-43a0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:40:29.000Z",
|
||
|
"modified": "2019-01-25T14:40:29.000Z",
|
||
|
"description": "CHM file",
|
||
|
"pattern": "[file:hashes.SHA1 = '26a8cfb5f03eac0807dd4fd80e80dbd39a7fd8a6' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:40:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b1fee-752c-41b2-bf0c-dc58950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:40:46.000Z",
|
||
|
"modified": "2019-01-25T14:40:46.000Z",
|
||
|
"description": "CHM file",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd167b13988aa0b277426489f343a484334a394d0' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:40:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b20df-e2a8-458c-b8b3-4a65950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:44:47.000Z",
|
||
|
"modified": "2019-01-25T14:44:47.000Z",
|
||
|
"description": "Dropped files",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e5cb1be1a22a7bf5816ed16c5644119b51b07837' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:44:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b20f0-a8e0-401c-8b7e-7c48950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:45:04.000Z",
|
||
|
"modified": "2019-01-25T14:45:04.000Z",
|
||
|
"description": "Dropped files",
|
||
|
"pattern": "[file:hashes.SHA1 = '290321c1a00f93cdc55b1a22da629b3fcf192101' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:45:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4b2103-552c-4757-869f-cd47950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T14:45:23.000Z",
|
||
|
"modified": "2019-01-25T14:45:23.000Z",
|
||
|
"description": "Dropped files",
|
||
|
"pattern": "[file:hashes.SHA1 = '2cd620cea310b0edb68e4bb27301b2563191287b' AND file:x_misp_state = 'Malicious']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T14:45:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--91795e9b-d1f7-4b0d-9d92-5a431928fc67",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:38.000Z",
|
||
|
"modified": "2019-01-25T16:01:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '53f4a016a61040273478e1c3c10ff8a3' AND file:hashes.SHA1 = 'e5cb1be1a22a7bf5816ed16c5644119b51b07837' AND file:hashes.SHA256 = '9fb4281bc5994209dced167e4d34bfedf3b8a6f882b1a7c92f30970db5e30548']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T16:01:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e43f1762-16e7-491d-a6dd-8ee0c9e9c6fb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:38.000Z",
|
||
|
"modified": "2019-01-25T16:01:38.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-12-07 13:24:31",
|
||
|
"category": "Other",
|
||
|
"uuid": "f53809a3-be0e-4f6b-8c9d-bfda8522ec11"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/9fb4281bc5994209dced167e4d34bfedf3b8a6f882b1a7c92f30970db5e30548/analysis/1544189071/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "ed0ccbbc-e563-4b25-9217-6411bd2f7504"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "22/57",
|
||
|
"category": "Other",
|
||
|
"uuid": "5d2c28a6-698c-4c20-9d0c-016e32fa34bb"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--698c4d77-fd4f-4218-bb4c-f168514b3290",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:38.000Z",
|
||
|
"modified": "2019-01-25T16:01:38.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '13cc98fcb654ac83cda6d3ec9946fa9b' AND file:hashes.SHA1 = '2cd620cea310b0edb68e4bb27301b2563191287b' AND file:hashes.SHA256 = '0e0729b51709325688f2741e2d5c6b3f547901837d89c203cb8aa2985b5f0018']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T16:01:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--4dca79f2-944f-4a42-8bc1-87b40e8dea17",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-01-23 20:54:21",
|
||
|
"category": "Other",
|
||
|
"uuid": "77b819ec-84d3-48f9-91ee-236be8d0f758"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/0e0729b51709325688f2741e2d5c6b3f547901837d89c203cb8aa2985b5f0018/analysis/1548276861/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "41854ef2-29ba-4d0c-aa6b-0baf74adb060"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "49/71",
|
||
|
"category": "Other",
|
||
|
"uuid": "bb13e8ae-4641-47ed-8541-36561218c89a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2ee04d28-127c-48b5-b8cd-ff204584eb06",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f7e6785e5f6bfeb8ab16a87968b9a172' AND file:hashes.SHA1 = '20055fc3f1db35b279f15d398914caba11e5ad9d' AND file:hashes.SHA256 = '77775f1dbfceb1f1915d2db067a0a8239dab771d41084fc89e9478f3995f2498']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T16:01:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--2ac1303d-bab9-480b-8106-1372dc9a3f18",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-12-03 11:54:16",
|
||
|
"category": "Other",
|
||
|
"uuid": "932eac35-c427-4f28-998f-76cff337dd8f"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/77775f1dbfceb1f1915d2db067a0a8239dab771d41084fc89e9478f3995f2498/analysis/1543838056/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "17aeac8b-bc64-48e5-9e23-a21e362191e7"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "16/57",
|
||
|
"category": "Other",
|
||
|
"uuid": "903b1cdd-a6d1-45ed-86ba-4d186268d0b3"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dcf6dd23-a9cb-4176-82cd-a1988b844b08",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '6f2b56fbf5bd529a6088dbdd85f15b60' AND file:hashes.SHA1 = '9d4bbe09a09187756533ee6f5a6c2258f6238773' AND file:hashes.SHA256 = 'b0f01a994c6b5fe990d34e5f829e224dc47e1de9d0ac973118326dec60d89d08']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T16:01:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--957e75e7-4f8d-4295-af73-93b1a7ac8d5f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-11-15 07:23:18",
|
||
|
"category": "Other",
|
||
|
"uuid": "3b647629-0a52-4283-a497-281acd0a37a6"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/b0f01a994c6b5fe990d34e5f829e224dc47e1de9d0ac973118326dec60d89d08/analysis/1542266598/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "1346e920-b3bd-4e4a-82cb-5884bab7f496"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "0/55",
|
||
|
"category": "Other",
|
||
|
"uuid": "55a25206-f417-4817-bdad-585cbd418422"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b5acf42a-4872-4868-bb13-4103b0302591",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd471212d99478254dafb68a7c62dce6a' AND file:hashes.SHA1 = 'd83d27bc15e960dd50ead02f70bd442593e92427' AND file:hashes.SHA256 = '6806630c8bec6145475e421900f63dec20c2c6fdfe3a6f12b6bfddb8db6bb821']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T16:01:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--12075022-7ba4-4194-9d70-ed925f904ad8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-11-30 15:34:16",
|
||
|
"category": "Other",
|
||
|
"uuid": "daec0d39-6f0c-45aa-a2b7-1cf50f4b659c"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/6806630c8bec6145475e421900f63dec20c2c6fdfe3a6f12b6bfddb8db6bb821/analysis/1543592056/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "bc6845a4-89c9-4d8e-8e49-289b052eb447"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "14/58",
|
||
|
"category": "Other",
|
||
|
"uuid": "16261c23-6879-4425-b18f-94d067275f28"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--702ffaf3-4607-4b11-9de2-58d0a7dd5c02",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:39.000Z",
|
||
|
"modified": "2019-01-25T16:01:39.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '009c457c4456a0d0d3b38627135b6f18' AND file:hashes.SHA1 = 'd167b13988aa0b277426489f343a484334a394d0' AND file:hashes.SHA256 = '00a1397c9c65babe9ccbcab73d09fdf874a35a5783baab60c03c18c761da6458']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T16:01:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--ce51d85e-e171-4924-beaf-f0bc4bc44088",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2019-01-22 02:03:34",
|
||
|
"category": "Other",
|
||
|
"uuid": "33eae96d-2d57-4acf-9229-e9aaa83ff676"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/00a1397c9c65babe9ccbcab73d09fdf874a35a5783baab60c03c18c761da6458/analysis/1548122614/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "71771f26-3472-49c7-9c86-75665beaebfc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "11/58",
|
||
|
"category": "Other",
|
||
|
"uuid": "272cb576-5c3f-4f7e-8517-4b32c3ef5639"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b7e34830-062d-4d26-b446-7ae06fa24f0f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '38303299c65ef84dff0e4212fd5bb3bf' AND file:hashes.SHA1 = '2250174b8998a787332c198fc94db4615504d771' AND file:hashes.SHA256 = '1135813663bf9c747a1cca7312aef97d345d231df5cdeb314cb8606017d26d86']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2019-01-25T16:01:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--4108724c-1ab6-4fb3-9238-7c2de72a12d1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-12-20 21:17:12",
|
||
|
"category": "Other",
|
||
|
"uuid": "e1760209-933d-442a-868e-37ce59fc276c"
|
||
|
},
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/1135813663bf9c747a1cca7312aef97d345d231df5cdeb314cb8606017d26d86/analysis/1545340632/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "269abb93-a286-4283-b69e-3c455b0dcb6a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "12/57",
|
||
|
"category": "Other",
|
||
|
"uuid": "eea224a2-e129-484e-98c7-ee8b9653d59f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a80c48d1-d1a5-45b7-b9dd-f7427a1e2da5",
|
||
|
"created": "2019-01-25T11:18:20.000Z",
|
||
|
"modified": "2019-01-25T11:18:20.000Z",
|
||
|
"relationship_type": "related-to",
|
||
|
"source_ref": "indicator--5c4af036-b57c-4b44-985c-031b950d210f",
|
||
|
"target_ref": "indicator--5c4af051-b338-4305-8d8d-4f8a950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--22847e28-5882-40c8-9f0d-3bec6e498c2f",
|
||
|
"created": "2019-01-25T13:15:27.000Z",
|
||
|
"modified": "2019-01-25T13:15:27.000Z",
|
||
|
"relationship_type": "related-to",
|
||
|
"source_ref": "indicator--5c4b0bc7-7f40-45b1-96fe-8be6950d210f",
|
||
|
"target_ref": "indicator--5c4b0bd9-bd80-46d9-b847-8d1a950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--dc6b8256-ed31-4e9b-878c-c9835e2ab226",
|
||
|
"created": "2019-01-25T13:51:32.000Z",
|
||
|
"modified": "2019-01-25T13:51:32.000Z",
|
||
|
"relationship_type": "sends-to",
|
||
|
"source_ref": "indicator--5c4b11d4-3980-4c76-ada5-8be5950d210f",
|
||
|
"target_ref": "indicator--5c4b12f7-e344-45a6-a676-032a950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2623a545-5582-42ad-9343-bb75e1323689",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--91795e9b-d1f7-4b0d-9d92-5a431928fc67",
|
||
|
"target_ref": "x-misp-object--e43f1762-16e7-491d-a6dd-8ee0c9e9c6fb"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--23bea76e-aa75-4eb2-ab66-d58832a1702d",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--698c4d77-fd4f-4218-bb4c-f168514b3290",
|
||
|
"target_ref": "x-misp-object--4dca79f2-944f-4a42-8bc1-87b40e8dea17"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--7733e18d-e9f1-4ea6-8154-ab968c0093e1",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--2ee04d28-127c-48b5-b8cd-ff204584eb06",
|
||
|
"target_ref": "x-misp-object--2ac1303d-bab9-480b-8106-1372dc9a3f18"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--17dac2ee-ffb7-4a78-930e-24482747984a",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--dcf6dd23-a9cb-4176-82cd-a1988b844b08",
|
||
|
"target_ref": "x-misp-object--957e75e7-4f8d-4295-af73-93b1a7ac8d5f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f12fb5b7-503d-499d-99ed-2270cadacfd2",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--b5acf42a-4872-4868-bb13-4103b0302591",
|
||
|
"target_ref": "x-misp-object--12075022-7ba4-4194-9d70-ed925f904ad8"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--14f9af89-29c5-4173-9f6b-251062727b43",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--702ffaf3-4607-4b11-9de2-58d0a7dd5c02",
|
||
|
"target_ref": "x-misp-object--ce51d85e-e171-4924-beaf-f0bc4bc44088"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--aa1afed9-d2eb-4cfd-be8e-87692d7fb52c",
|
||
|
"created": "2019-01-25T16:01:40.000Z",
|
||
|
"modified": "2019-01-25T16:01:40.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--b7e34830-062d-4d26-b446-7ae06fa24f0f",
|
||
|
"target_ref": "x-misp-object--4108724c-1ab6-4fb3-9238-7c2de72a12d1"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|