misp-circl-feed/feeds/circl/stix-2.1/5abf6421-c1b8-477b-a9d2-9c0902de0b81.json

1074 lines
388 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5abf6421-c1b8-477b-a9d2-9c0902de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:46:24.000Z",
"modified": "2018-03-31T10:46:24.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5abf6421-c1b8-477b-a9d2-9c0902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:46:24.000Z",
"modified": "2018-03-31T10:46:24.000Z",
"name": "OSINT - Crypter-as-a-Service Helps jRAT Fly Under The Radar",
"published": "2018-03-31T10:46:39Z",
"object_refs": [
"observed-data--5abf642d-5fa8-4bac-bf78-73e102de0b81",
"url--5abf642d-5fa8-4bac-bf78-73e102de0b81",
"indicator--5abf6444-4ca4-45dd-8726-be5302de0b81",
"indicator--5abf6445-9c80-40f4-a5ac-be5302de0b81",
"indicator--5abf6445-2224-46ea-84ca-be5302de0b81",
"indicator--5abf6446-89d4-4118-883c-be5302de0b81",
"indicator--5abf6446-c920-40b2-9756-be5302de0b81",
"indicator--5abf6447-4110-4acd-926f-be5302de0b81",
"indicator--5abf6447-68f0-439b-82ed-be5302de0b81",
"indicator--5abf6448-ef50-4db5-af30-be5302de0b81",
"observed-data--5abf659e-4cb8-4867-934a-bffd02de0b81",
"file--5abf659e-4cb8-4867-934a-bffd02de0b81",
"artifact--5abf659e-4cb8-4867-934a-bffd02de0b81",
"observed-data--5abf65e2-70f8-455b-a6a7-73e602de0b81",
"file--5abf65e2-70f8-455b-a6a7-73e602de0b81",
"artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81",
"indicator--5abf6633-5e18-4ccb-88ed-bdd602de0b81",
"x-misp-attribute--5abf66b8-94b4-4306-bc6b-9b3a02de0b81",
"indicator--5abf66e1-b310-4869-bcf2-bca202de0b81",
"indicator--5abf66e2-5c9c-4390-ba87-bca202de0b81",
"observed-data--5abf66fd-8984-4e4c-9b22-bdd602de0b81",
"url--5abf66fd-8984-4e4c-9b22-bdd602de0b81",
"indicator--9f8377a2-614a-4c95-b23c-9843916ce750",
"x-misp-object--4887e799-a946-45b9-b17d-829e83965fb8",
"indicator--506f740b-a199-4f1e-b7ba-67e253b26d05",
"x-misp-object--19044ae8-56c6-4576-b6d2-67ea8f010aa1",
"indicator--ebbafa48-355a-4f73-9227-d05329f24cb7",
"x-misp-object--fc2df7b7-772d-4ad1-97fb-be696f3a14d2",
"indicator--bf58b01a-22fa-49d9-82b7-e3bfad752bd0",
"x-misp-object--c9dec079-cde4-4d06-ac74-b79ef362ad00",
"indicator--4496c403-6bc9-4d06-9f90-c56776eaaa02",
"x-misp-object--faaf775c-f3bc-4c06-986d-0eda27ef4706",
"indicator--e063f17d-444d-4129-ae42-2a5fe0de69cc",
"x-misp-object--c825cfef-d1db-481f-a382-9735dd1720cb",
"indicator--45b7f55b-64f2-4363-807a-aa68041fb61b",
"x-misp-object--92284358-1b21-472b-9385-89fb4fa7e8ef",
"indicator--7eebf218-879f-46fc-a3cc-d636fd99abe7",
"x-misp-object--e91e2a7b-10e6-4190-9b38-817b7eced5b9",
2023-12-14 14:30:15 +00:00
"relationship--df3317f0-d897-43fe-a6b6-82aa8f880d2e",
"relationship--f713d0bc-b2d1-4d8d-9c96-a09d73e9bbaa",
"relationship--7c691d8b-993e-4704-a0e5-37521028a189",
"relationship--c89f9b37-5b62-406d-9274-297162fd11a9",
"relationship--5515c780-11eb-4d8b-b867-b86c30029477",
"relationship--56d24eb0-76d8-4808-b92b-6d02510bfcb9",
"relationship--db31e2f1-428f-4166-82d1-e1708a39c415",
"relationship--f43c162c-e8ce-4b57-a20a-abb3e0753f8f"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:rat=\"jRAT\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:tool=\"qrat\"",
"misp-galaxy:rat=\"Quaverse\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abf642d-5fa8-4bac-bf78-73e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:38:54.000Z",
"modified": "2018-03-31T10:38:54.000Z",
"first_observed": "2018-03-31T10:38:54Z",
"last_observed": "2018-03-31T10:38:54Z",
"number_observed": 1,
"object_refs": [
"url--5abf642d-5fa8-4bac-bf78-73e102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5abf642d-5fa8-4bac-bf78-73e102de0b81",
"value": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Crypter-as-a-Service-Helps-jRAT-Fly-Under-The-Radar/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6444-4ca4-45dd-8726-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:44.000Z",
"modified": "2018-03-31T10:34:44.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = '1eb3f344a0274bfa38c67f6b10650dcf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6445-9c80-40f4-a5ac-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:45.000Z",
"modified": "2018-03-31T10:34:45.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = '64d72c5c86d3638034cd83178abcb82f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6445-2224-46ea-84ca-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:45.000Z",
"modified": "2018-03-31T10:34:45.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = 'c52247ecffb2f7a42ef6fa0336671545']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6446-89d4-4118-883c-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:46.000Z",
"modified": "2018-03-31T10:34:46.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = 'ae77ffba57049418e5a720bf77d178a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6446-c920-40b2-9756-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:46.000Z",
"modified": "2018-03-31T10:34:46.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = '2f021a10804ac5db5ceb43b42f785a23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6447-4110-4acd-926f-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:47.000Z",
"modified": "2018-03-31T10:34:47.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = 'daa0833d16cd9b6937803d1637284ad1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6447-68f0-439b-82ed-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:47.000Z",
"modified": "2018-03-31T10:34:47.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = '6392741705126cb97a837cbb046cfe73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6448-ef50-4db5-af30-be5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:34:48.000Z",
"modified": "2018-03-31T10:34:48.000Z",
"description": "Analyzed samples",
"pattern": "[file:hashes.MD5 = '8ae2c573bc0e0492efeabe78495c591e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:34:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abf659e-4cb8-4867-934a-bffd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:42:26.000Z",
"modified": "2018-03-31T10:42:26.000Z",
"first_observed": "2018-03-31T10:42:26Z",
"last_observed": "2018-03-31T10:42:26Z",
"number_observed": 1,
"object_refs": [
"file--5abf659e-4cb8-4867-934a-bffd02de0b81",
"artifact--5abf659e-4cb8-4867-934a-bffd02de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5abf659e-4cb8-4867-934a-bffd02de0b81",
"name": "6a01676411d5a7970b01b7c95a2ed1970b-800wi.png",
"content_ref": "artifact--5abf659e-4cb8-4867-934a-bffd02de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5abf659e-4cb8-4867-934a-bffd02de0b81",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAfAAAAQACAYAAAAeBgtYAAAgAElEQVR4XuxdB3gU1dr+UkkIEKoQOqJeARUEBRVsiIqKAooUFZArKCrYCyqIAtcKolcQEUVUUEQRUEAUsAFi91p+C0rvLfSQnv95z8k3e/bszO4Sk5DNfvs8eZKdnTlz5p3Jvuf9akxBQUEByUsQEAQEAUFAEBAEIgqBGCHwiLpfMllBQBAQBAQBQUAhIAQuD4IgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4P/gGSgoKPgHR5fMoRkZGbR//341eOXKlSklJaVkTlQMo8bExBTDKDKEICAICALRiYAQuHHfbULOz88nbIuLi1N75ebmEkjHfB8bG0v4wX55eXnqM+zD7+Pj49WxPBb2xefYF7/NY82xsD+fx+1YjM9j81g//PADjRgxgn799Vd1vjPPPJMefvhhOvnkk9UccD5s57F5HviMz2XOC9vxnudsH+s2L3Ms4BUKH8bLxtrt31EIPzq/pOSqBQFBwB2BqCdwLxWN7dnZ2ZSYmKiILycnR5FZhQoV1PusrCyKjY2h+PgERdbYF4QKQgIZZWdnUWJiBUVgIDIcn5SU5IyFYxISEtR7HIv9cDy2Z2Zmqs/wHufMycE89Fh5ebmUm5vnzAtj43yfffYZDRo0kLZu3arGyM8vUGNXr16dpkyZQl26dHHOzdeEY/ma8HhgHnjhc4yBa8QceF54j88wD32N2Q4euD5sw+c8FvbDdWh8MFaCgw/2Zyz1PHLVNdqLGyFy+eoSBAQBQUAI3EEgHNM3K08cBAIlijHIyJ9wQUYgbk3eeYpgmZyZYE1iA0kxseFYJm8QYG5ujiI6TdZ56sdrLHy2e/duevrpp+mll15SxM9KVqt7KP18Sk1NpZtvvpmGDBlCtWvXdoicCIsIf8Jlsva/pny1AME8eEGC68SxvLgxxwJeMTF6QeK7pniKjY0rvKZc51gQNxYbfI2MByvzUP+4ospDISSfCwKCQHlFIKoUeDjEbe8D1cmqFL+zsjL9lCQrbRAJyBoEXKGCVtpQqBiPFS/em+SNsUFcICtbaduq3VbHIMZNmzbRNddcQ99++60zBs6nzfxYAGgXAJvp27RpQ2+99RY1bNjQWRjYip+tByBnnhfmYloi+Jo0HrBEaKWNY1ml49iCArz3qXS9IMlV+GiVzthW8FP8GMt8hSLpUJ+X139euS5BQBCIbgSihsCDkbfbZ2wWZ3WsCRbqGEo7XpE1yIjVMt6DsPBeq/YcQowWiJDNzaaJnRUtiI5N2abSZhM7m6OZ+Jk0Z8+eTaNHj6a1a9c6ah2fYT/tgwd5k/oML8wB25s2bUrDhw+nrl27UsWKFdUiA3PQ5nptnsffPqXtM4tjzngxwUJpQ1Wz2wDXwcea1gNzLFNp88JIq/RcZx58P3ju/C8ajKiFxKP7i0yuXhCIRgSigsDDJW9zPw5Y8/l7tU+bfbQgM1NZMxnZxM/+XxA5m8UD/b8+n7aptFmlYsHAQWaIMEdg2quvvur4zs1gMiZr/NYEqP3heDHRwhc/YMAAeuyxx/z80Kb1AHNkpY3fpqmf/eNsPeAFCvvHtdsA16Txsokfpn4QPbsR8B7H+kzuMLFrcz0vSux/TjfCFhKPxq8wuWZBIHoRiFoCN8naJni8523aLO4jFCY2jgAH6cE/jveHDx9WJmQQmqmGzffYbipM81y8WPAdC+XsS1Vbt24tPfroo7RkyVJFzDqqXM8V/m7Mg89lK28em03seN+hQwd65JFHqHnzZsrcznMz58ELAZ4nj2u+Z3XP8zDnDFwqVkx2gv04Mt0ka7ZMsGrnhYBN3iZBe5G1kHj0fpnJlQsC0YZAuSdwL/M432j+3O23adrWatjnw2bVycFrMGnPmjWL1q1b55ixTbJmYuHzaDO3j5w54EybwGEKR6R3niJl3nfr1i20a9fuwrQuTk3TyhpjMXnD/83EzsFsvvdIe/OlsdWsWZPS0uoUzkWntXEqGROo15z1vNRVOgsWJnM+tlKlSmqhMHjwYBURb5rYgS9HouOcHMXOWLE74EiIXAg82r7C5HoFgehFIOoI3E15u5E3yET7vHUeNytvX/Q4fMfxSnE//vjjNHHihMKgNW26ZlM7K1j8dlPHtsLVhKvTtEIra30ukCgTJ8jZn7w1IZsWATf/OD4PJH7/Y/XYgb51PlYvIrRlgAPnsL9W++3plVemUlpamhNdb6azYQz2j2O+wN2NwE1yt4md/42FxKP3C02uXBCIJgTKNYG7mcaDKW/TnM1ky/5eM00sO1sTO4jp66+/pmuu6UO7du1ygsaCkTdI0ke4WmnzeZn4tDlbR4+bxG8qbah0TfTahO4j/rzCeWjlzqbxQJXuU+2BKt1eROgFCSwCdmCcJm+d+87zYIsBL0DY1D9w4EB68skn/ZS26VvX/nLk0+vIfCZwL9L2MqkLgUfTV5hcqyAQvQhEJYG7KW6TvPlvjjwHUfoKtGQ7Udh4bJCWdccddzjpVDbhMrG5K1xvRWuTd6BP23dsoGoH4aKKmvZr+x/rvmiw88eDK21T8fMiQke5B/rafYuI0047jeBqqFq1qiJ7Jm+2anAUu6m+wyVxm7SFxKP3S02uXBCIFgSihsCD+bqZsM3fpo8bpASy4WA2rRR1AZY335xB9957nxNpbZrJ/ZW1t2k7NFn7TOpuJKkVbiBZszqGydwXie5T7W7m+2BjIWWMyBwrmPIOdCO0bNmS3nnnHapWrZrjnjCD2WBSZ0sB5sGR92Y0um1Wt9W5mNGj5atLrlMQEASigsDDJW9Wz9gfZM0vKHEmb3zGqV4gn9dff13lVXP0uen/bdSoETVp0sRRw2ZeM5ubbZM+E6hJTOx
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abf65e2-70f8-455b-a6a7-73e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:42:26.000Z",
"modified": "2018-03-31T10:42:26.000Z",
"first_observed": "2018-03-31T10:42:26Z",
"last_observed": "2018-03-31T10:42:26Z",
"number_observed": 1,
"object_refs": [
"file--5abf65e2-70f8-455b-a6a7-73e602de0b81",
"artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5abf65e2-70f8-455b-a6a7-73e602de0b81",
"name": "6a0133f264aa62970b01bb09fd6017970d-800wi.gif",
"content_ref": "artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81",
"payload_bin": "R0lGODlhqQL9Aff/AImIh/vbjffYs6qqqg9w17i3uPz8tezBdv//4C+M3aCfn9//////69/f35VteLj+/ovZ+Pu1XY4vAPPz86jMyMXz9Km3ycLCwl22/t2OL8W7urnb83FucNjY2NPS02siSwBduaSJkAABiExNTfz8yrZeALyZqW93naSHZrdXgP+3n7Khpl+3t+zr6+Pj4nTB/pbcuc3NzQAvjpa028nV5FoAcOz//5KTo82wncjIyNbw01sALQtbXf/kmX3D3sioTVOg3qSou8+ogPDDlNPRyS+JlJ7j/wAAAN+23tnViMF0IdHOzazw8Nf8/OLa1Xyr2cTd4b6DZqrb8NjV1NeHj///wBg5gCMjdYelu/zP38TAvtrY1YYvgiFLmr29v0uNySksUfXw55/e3kue4wBVmpPG9tPZ3FxaKpF6P4fX/22RuyIjJFwAACl6wJ5LJFRl2Rk2Xy4AXf7tzY20jfzhtDZQzK6wswABLq+cgc7u/3+y5TUuh4/f///IkqTK9gQn4d/i5QAAXbSzssfGw87Jya6urX0nJ8zQ0vDww9TV10Ci5tuWV9nW2C8AgdvZ2Ln7vvj42VInJ4qx9rHo/9fm9J/r/0U8Z6vN7MvKyOHh4djZ2+r079vc3b7cxtv7tLHK8I5ZYYfS8MPFx6WgrS4AAKinqOzo5mXG/qSprOjp6uuzg0+t7GY5ZvDw2u/u7i4ALqteL9rw8Obm5cfM0R5esN3c2biW2pOJ2tva21dlhNjYvHediNDP0NXZ1d3Ak+fn6F623jlchNv83gAvs4DZ/bKy+Piyss/Mybb+4Oj/5P7m5EYyqZ1TAJzE5f/vwX0qAGJgYeHp9cj/3uP/zI/e34jW1qqMQYYsWf/y1f/qnYB92//4x0/A9vLLrHWczwUnX6urzsSi3C4uANUODl4uAPDwrN/fn/Dwylqs8PDw0s7w8KS72uGfT8vLzMjHyaqnm4HJpcJ9KaHBlv/43wAuLuDfw7LAztm6prnfksPYuNacddvq+fj4+PDw8P///////yH/C05FVFNDQVBFMi4wAwEAAAAh/wtYTVAgRGF0YVhNUDw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTM4IDc5LjE1OTgyNCwgMjAxNi8wOS8xNC0wMTowOTowMSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTcgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkQwREEyMTU1MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkQwREEyMTU2MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6RDBEQTIxNTMyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RDBEQTIxNTQyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQFlgD/ACwAAAAAqQL9AQAI/wAHCBxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJEqK/kyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTyhSotKnTp1CjSp1KtarVq1izasXJdKvXr2DDih1LtqzZs1q7ol3Ltq3bt3Djyp17Ui3du3jz6t3Lt+9au34DCx5MuLBhw4BZ0vhyCQqUw5AjS55MubLPxCoptfnypY1nb5Qsix5NurTpu5hRzmjj4wmQL6896zlNu7bt27iVpvZ3qc2TOV9oBSsCxEfnJ7mTK1/OvOkNBc+jQ1eQVEGLlamo20zNr02wLxLaWP/59o1WmyJ62kRbicDEOpXdbuSJKWdUnvb3Tcxv6Uv6jUv47RSgSwOeVN9+7OnX3IIMNkiTditBaFR2qaTUggIVbjdAS5cUYcV3cHCgxghw+LaZNwkOgGB79tGEX4EtDQjjTTOqVCOBCjqo44463tCSj0lld50/QnK1IUtfBGPFACMA0MBJuXRh3hNtJFjAJSjRYUGOMr3IZYw53ujilwkiGJOYPKap5mkSptSmURemEmdOqbXRxQkc4OEPAyfZY4UanFVpownqmLDAnjjooKAceDy3gT/xQbeOl/nN54ukZZ7UXi8KKIBlgF4e8xyW/sjRKQWLQjfKAu0VMIowJnD/6qk/Xrq6gKkKoGrmmrz2KhqQKwEbZKdDGtlSG99oQYQCThAhCADQWNFZZ2X68qgc4CSjX3vXtkiroZQWOKOMJgRhAx2jNAHqtu75g666JjwaX6Xu+tHep+XacKCX+Morn68AB1zVdP5Bh9SbJyFc1IU3FHtTamp8w8s8RAAAAB4aYGKFd0UImhJ+2NpwzwYgr3rSyCc/Gq6CdES3K7nzzcPufJR+m0fINjMa3aQKDmhtzTijKfDQRNMlbEpHT2hdkcay5MU3dkwQRhithGHKORrI0MWdZTKAQy/g2FDyof5Y6+57NlNa3wJevxxmzzOnDffNYedssqZzI0py3EGT/1n034C/pbDCQs3pj+EaurTHNyEIYgrVptSzwjdWdGFPpgLM6mW3bBuKd6X40RH2gYPut24eXj/aMr2bQyrfvSiti+XaNXPr+q6B5647WUmf1LtQTJ8UPE27HfLNCNBA44ACGhCRixVXBMNPpgxocGiAuP7bH3TZzoyf1zcEUYjbpufdsgJbss4ydLqW2ukNPNNsQgHQqRy3u+z7vfv+/GNF8P+EAwqGVtKC371kN/7wAjQKUQg8cCB547EEIPpHwQpaUDIIJBIneOGFQgAADN/IhSkuSMISmjAvGUTJBLxwAkuMYnonjKEMZ1iWFNLwhjjMoVdsqMMe+vCHSeEhEP+HSMQiNs2ISEyiEol3pCU68YlPFCIUp0jFE0qxiljM4v6uqMUuelFgAumHGMdIxjKa8YxoTKMa18jGNrrxjXCMoxznSMc62vGOeMyjHvfIxz768Y+ADKQgB0nINoaxkIhMpCIXychGOvKRkIykJCdJyUrK8ZCWzKQmN8nJTnryk6AMpSgpiclRmvKUqEylKlfJyla6sh+
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf6633-5e18-4ccb-88ed-bdd602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:42:59.000Z",
"modified": "2018-03-31T10:42:59.000Z",
"description": "One thing we noticed right away is that all the samples we collected attempted to download a jar file from https://vvrhhhnaijyj6s2m[.]onion[dot]top. We followed the onion link and found it is a service hosted by QUAverse.",
"pattern": "[url:value = 'https://vvrhhhnaijyj6s2m.onion.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:42:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5abf66b8-94b4-4306-bc6b-9b3a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:45:12.000Z",
"modified": "2018-03-31T10:45:12.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Support Tool\""
],
"x_misp_category": "Support Tool",
"x_misp_comment": "Config of jRAT",
"x_misp_type": "text",
"x_misp_value": "{\r\n\t\"NETWORK\": [\r\n\t\t{\r\n\t\t\t\"PORT\": 1999,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PORT\": 4987,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t}\r\n\t],\r\n\t\"INSTALL\": true,\r\n\t\"MODULE_PATH\": \"taM/Xkc/WE.xFP\",\r\n\t\"PLUGIN_FOLDER\": \"cHvEFmnnAYl\",\r\n\t\"JRE_FOLDER\": \"syeyIK\",\r\n\t\"JAR_FOLDER\": \"WEAvkYONVeS\",\r\n\t\"JAR_EXTENSION\": \"OSTZIm\",\r\n\t\"ENCRYPT_KEY\": \"gGgQBEKfxHgELZmseiHwZkjdB\",\r\n\t\"DELAY_INSTALL\": 2,\r\n\t\"NICKNAME\": \"User\",\r\n\t\"VMWARE\": false,\r\n\t\"PLUGIN_EXTENSION\": \"oCYYC\",\r\n\t\"WEBSITE_PROJECT\": \"https://jrat.io\",\r\n\t\"JAR_NAME\": \"dzjQhyXWvSo\",\r\n\t\"SECURITY\": [\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=\\\".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Open-File Security Warning\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Environment]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\Environment]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Disable Zone Checking\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"ConsentPromptBehaviorAdmin\\\"=dword:00000000\\r\\n\\\"ConsentPromptBehaviorUser\\\"=dword:00000000\\r\\n\\\"EnableLUA\\\"=dword:00000000\\r\\n\\\"PromptOnSecureDesktop\\\"=dword:00000000\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"UserAccountControlSettings.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"User Account Control\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableTaskMgr\\\"=dword:00000002\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"Taskmgr.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Task Manager\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableConfig\\\"=dword:00000001\\r\\n\\\"DisableSR\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\SystemRestore]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Restore System\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"ProcessHacker.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Process Hacker\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"procexp.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"MsConfig\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"MSASCui.exe\",\r\n\t\t\t\t\"MsMpEng.exe\",\r\n\t\t\t\t\"MpUXSrv.exe\",\r\n\t\t\t\t\"MpCmdRun.exe\",\r\n\t\t\t\t\"NisSrv.exe\",\r\n\t\t\t\t\"ConfigSecurityPolicy.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Windows Defender\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PRO
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf66e1-b310-4869-bcf2-bca202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:45:53.000Z",
"modified": "2018-03-31T10:45:53.000Z",
"description": "On port 1999",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.127.99.225' AND network-traffic:dst_port = '1999']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:45:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abf66e2-5c9c-4390-ba87-bca202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:45:54.000Z",
"modified": "2018-03-31T10:45:54.000Z",
"description": "On port 4987",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.127.99.225' AND network-traffic:dst_port = '4987']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:45:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abf66fd-8984-4e4c-9b22-bdd602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:46:21.000Z",
"modified": "2018-03-31T10:46:21.000Z",
"first_observed": "2018-03-31T10:46:21Z",
"last_observed": "2018-03-31T10:46:21Z",
"number_observed": 1,
"object_refs": [
"url--5abf66fd-8984-4e4c-9b22-bdd602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5abf66fd-8984-4e4c-9b22-bdd602de0b81",
"value": "https://pastebin.com/raw/PvKLJAWP"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9f8377a2-614a-4c95-b23c-9843916ce750",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:19.000Z",
"modified": "2018-03-31T10:36:19.000Z",
"pattern": "[file:hashes.MD5 = '2f021a10804ac5db5ceb43b42f785a23' AND file:hashes.SHA1 = 'edcbc508c19118f11daac029020f2a55f5cdc115' AND file:hashes.SHA256 = 'a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4887e799-a946-45b9-b17d-829e83965fb8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:18.000Z",
"modified": "2018-03-31T10:36:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771/analysis/1522272575/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64a2-60b8-4859-8de4-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/60",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64a2-1e6c-4181-bf62-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-28T21:29:35",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64a2-300c-4d8e-93e1-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--506f740b-a199-4f1e-b7ba-67e253b26d05",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:22.000Z",
"modified": "2018-03-31T10:36:22.000Z",
"pattern": "[file:hashes.MD5 = 'ae77ffba57049418e5a720bf77d178a5' AND file:hashes.SHA1 = 'ff179cd437f2e4b93758adbe77e19e34610074ec' AND file:hashes.SHA256 = 'eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--19044ae8-56c6-4576-b6d2-67ea8f010aa1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:20.000Z",
"modified": "2018-03-31T10:36:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050/analysis/1522335324/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64a4-4468-4e18-9d35-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/59",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64a5-7660-4946-bbb2-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-29T14:55:24",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64a5-0124-4e58-a6dd-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ebbafa48-355a-4f73-9227-d05329f24cb7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:24.000Z",
"modified": "2018-03-31T10:36:24.000Z",
"pattern": "[file:hashes.MD5 = '6392741705126cb97a837cbb046cfe73' AND file:hashes.SHA1 = '54b13ce9069beee3cd0a2ffe3bb404d5d92144ed' AND file:hashes.SHA256 = 'aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fc2df7b7-772d-4ad1-97fb-be696f3a14d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:22.000Z",
"modified": "2018-03-31T10:36:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c/analysis/1522121609/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64a7-1990-458d-a62d-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/59",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64a7-7ba0-45e3-9966-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-27T03:33:29",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64a7-98c0-4d7e-9346-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf58b01a-22fa-49d9-82b7-e3bfad752bd0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:26.000Z",
"modified": "2018-03-31T10:36:26.000Z",
"pattern": "[file:hashes.MD5 = '64d72c5c86d3638034cd83178abcb82f' AND file:hashes.SHA1 = 'cf1f9dba740778df3bea9a7903b030aa9b916d90' AND file:hashes.SHA256 = '7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c9dec079-cde4-4d06-ac74-b79ef362ad00",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:25.000Z",
"modified": "2018-03-31T10:36:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964/analysis/1522274126/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64a9-d1d4-49a9-8a98-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/49",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64aa-f510-47f9-9a22-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-28T21:55:26",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64aa-e2d8-4be0-a606-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4496c403-6bc9-4d06-9f90-c56776eaaa02",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:29.000Z",
"modified": "2018-03-31T10:36:29.000Z",
"pattern": "[file:hashes.MD5 = '1eb3f344a0274bfa38c67f6b10650dcf' AND file:hashes.SHA1 = 'a495a93bec5e5cd234dc13c680e15a5e331d19b1' AND file:hashes.SHA256 = '8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--faaf775c-f3bc-4c06-986d-0eda27ef4706",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:27.000Z",
"modified": "2018-03-31T10:36:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f/analysis/1522335418/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64ab-d81c-4d74-b375-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/59",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64ac-ea60-4fcb-95bf-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-29T14:56:58",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64ac-6abc-4be2-a17a-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e063f17d-444d-4129-ae42-2a5fe0de69cc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:31.000Z",
"modified": "2018-03-31T10:36:31.000Z",
"pattern": "[file:hashes.MD5 = 'c52247ecffb2f7a42ef6fa0336671545' AND file:hashes.SHA1 = '82822da7d5cf63fd472895c389d0a7e8a9e698c7' AND file:hashes.SHA256 = '8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c825cfef-d1db-481f-a382-9735dd1720cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:30.000Z",
"modified": "2018-03-31T10:36:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55/analysis/1522276988/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64ae-d24c-44f7-a725-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64ae-332c-4626-86e2-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-28T22:43:08",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64ae-8c44-4904-b8c6-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--45b7f55b-64f2-4363-807a-aa68041fb61b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:34.000Z",
"modified": "2018-03-31T10:36:34.000Z",
"pattern": "[file:hashes.MD5 = 'daa0833d16cd9b6937803d1637284ad1' AND file:hashes.SHA1 = 'ae7a6b6235a4d827cef54152bca237a30cff9f1e' AND file:hashes.SHA256 = '445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--92284358-1b21-472b-9385-89fb4fa7e8ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:32.000Z",
"modified": "2018-03-31T10:36:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c/analysis/1522142541/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64b0-3598-45c7-a58c-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/59",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64b1-43c4-4ce3-9e6c-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-27T09:22:21",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64b1-50c0-46e8-b52d-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7eebf218-879f-46fc-a3cc-d636fd99abe7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:36.000Z",
"modified": "2018-03-31T10:36:36.000Z",
"pattern": "[file:hashes.MD5 = '8ae2c573bc0e0492efeabe78495c591e' AND file:hashes.SHA1 = '3fd3e9a0b0e9cfceccbc0fef6eb19da2e066bc6e' AND file:hashes.SHA256 = 'a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-31T10:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e91e2a7b-10e6-4190-9b38-817b7eced5b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-31T10:36:34.000Z",
"modified": "2018-03-31T10:36:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993/analysis/1522275361/",
"category": "External analysis",
"comment": "Analyzed samples",
"uuid": "5abf64b2-c0d8-4443-8392-4fee02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/59",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64b3-3f1c-4128-bddf-4fee02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-28T22:16:01",
"category": "Other",
"comment": "Analyzed samples",
"uuid": "5abf64b3-f7e0-4ada-bc17-4fee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--df3317f0-d897-43fe-a6b6-82aa8f880d2e",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:35.000Z",
"modified": "2018-03-31T10:36:35.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9f8377a2-614a-4c95-b23c-9843916ce750",
"target_ref": "x-misp-object--4887e799-a946-45b9-b17d-829e83965fb8"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f713d0bc-b2d1-4d8d-9c96-a09d73e9bbaa",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:35.000Z",
"modified": "2018-03-31T10:36:35.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--506f740b-a199-4f1e-b7ba-67e253b26d05",
"target_ref": "x-misp-object--19044ae8-56c6-4576-b6d2-67ea8f010aa1"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--7c691d8b-993e-4704-a0e5-37521028a189",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:36.000Z",
"modified": "2018-03-31T10:36:36.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ebbafa48-355a-4f73-9227-d05329f24cb7",
"target_ref": "x-misp-object--fc2df7b7-772d-4ad1-97fb-be696f3a14d2"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--c89f9b37-5b62-406d-9274-297162fd11a9",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:36.000Z",
"modified": "2018-03-31T10:36:36.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bf58b01a-22fa-49d9-82b7-e3bfad752bd0",
"target_ref": "x-misp-object--c9dec079-cde4-4d06-ac74-b79ef362ad00"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--5515c780-11eb-4d8b-b867-b86c30029477",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:36.000Z",
"modified": "2018-03-31T10:36:36.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4496c403-6bc9-4d06-9f90-c56776eaaa02",
"target_ref": "x-misp-object--faaf775c-f3bc-4c06-986d-0eda27ef4706"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--56d24eb0-76d8-4808-b92b-6d02510bfcb9",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:36.000Z",
"modified": "2018-03-31T10:36:36.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e063f17d-444d-4129-ae42-2a5fe0de69cc",
"target_ref": "x-misp-object--c825cfef-d1db-481f-a382-9735dd1720cb"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--db31e2f1-428f-4166-82d1-e1708a39c415",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:36.000Z",
"modified": "2018-03-31T10:36:36.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--45b7f55b-64f2-4363-807a-aa68041fb61b",
"target_ref": "x-misp-object--92284358-1b21-472b-9385-89fb4fa7e8ef"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f43c162c-e8ce-4b57-a20a-abb3e0753f8f",
2023-04-21 14:44:17 +00:00
"created": "2018-03-31T10:36:36.000Z",
"modified": "2018-03-31T10:36:36.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7eebf218-879f-46fc-a3cc-d636fd99abe7",
"target_ref": "x-misp-object--e91e2a7b-10e6-4190-9b38-817b7eced5b9"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}