2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5ccaeddb-dc84-4cc2-9f73-4a70950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:21:30.000Z" ,
"modified" : "2019-05-02T13:21:30.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5ccaeddb-dc84-4cc2-9f73-4a70950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:21:30.000Z" ,
"modified" : "2019-05-02T13:21:30.000Z" ,
"name" : "OSINT - Goblin Panda continues to target Vietnam" ,
"published" : "2019-05-02T13:25:38Z" ,
"object_refs" : [
"observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f" ,
"url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f" ,
"x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f" ,
"indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f" ,
"indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f" ,
"indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f" ,
"indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f" ,
"indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f" ,
"indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f" ,
"indicator--5ccaee32-0310-4075-8920-4337950d210f" ,
"indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f" ,
"indicator--5ccaee7b-9258-45b6-9420-4bba950d210f" ,
"indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f" ,
"indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f" ,
"vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f" ,
"indicator--6af30035-5440-401a-976b-bc64ed82ad01" ,
"x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493" ,
"indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f" ,
"x-misp-object--61bf2686-6262-435a-9039-372f43219b6e" ,
"indicator--f9c0db13-b132-48c2-bf17-631eff339a1f" ,
"x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e" ,
"indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61" ,
"x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723" ,
"relationship--2e42749e-9de1-4367-9f63-e54fb183ece8" ,
"relationship--41257a4e-3f6f-4f25-aa92-05f46851c4ba" ,
"relationship--bc8c683f-be60-4d0c-82d5-354ab0474a34" ,
"relationship--74e310c2-8ca5-4436-b4f5-0e933cce34b1"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:threat-actor=\"Hellsing\"" ,
"misp-galaxy:malpedia=\"NewCore RAT\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:17:36.000Z" ,
"modified" : "2019-05-02T13:17:36.000Z" ,
"first_observed" : "2019-05-02T13:17:36Z" ,
"last_observed" : "2019-05-02T13:17:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f" ,
"value" : "https://medium.com/@Sebdraven/goblin-panda-continues-to-target-vietnam-bc2f0f56dcd6"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:17:59.000Z" ,
"modified" : "2019-05-02T13:17:59.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Chinese actors have changed the rtf exploit following my different articles and Anomali article https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain\r\n\r\nBut In march a researcher of Anomali @aRtAGGI made a link very interesting between Icefog and an article targeting Mongelian speaker https://threatrecon.nshc.net/2019/04/30/sectorb06-using-mongolian-language-in-lure-document/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[file:name = 'Shortcuts\\\\QcLite.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[file:name = 'Shortcuts\\\\QcConsol.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[domain-name:value = 'web.hcmuafgh.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-0310-4075-8920-4337950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.29.56.62']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:18:42.000Z" ,
"modified" : "2019-05-02T13:18:42.000Z" ,
"pattern" : "[url:value = 'http://web.hcmuafgh.com:4357/link?url=maOVmKGmMDU1&enpl=OXcoVQ==&encd=XARIZTE=']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:18:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee7b-9258-45b6-9420-4bba950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:55.000Z" ,
"modified" : "2019-05-02T13:19:55.000Z" ,
"description" : "The dll is a variant of the newcoreRAT with many similarities with" ,
"pattern" : "[file:hashes.SHA256 = '05d0ad2bcc1c6e2752a231bc36d07a841f075a0a32a3a62abaafddbdafd72f62']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:19:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:55.000Z" ,
"modified" : "2019-05-02T13:19:55.000Z" ,
"description" : "The dll is a variant of the newcoreRAT with many similarities with" ,
"pattern" : "[file:hashes.SHA256 = '5a592b92ffcbea75e458726cecc7f159b8f71c46b80de30bac2a48006ac1e1b3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:19:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:55.000Z" ,
"modified" : "2019-05-02T13:19:55.000Z" ,
"description" : "The dll is a variant of the newcoreRAT with many similarities with" ,
"pattern" : "[file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:19:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:21:14.000Z" ,
"modified" : "2019-05-02T13:21:14.000Z" ,
"name" : "CVE-2017\u00e2\u20ac\u201c11882" ,
"labels" : [
"misp:type=\"vulnerability\"" ,
"misp:category=\"Payload delivery\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2017\u00e2\u20ac\u201c11882"
}
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6af30035-5440-401a-976b-bc64ed82ad01" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:21.000Z" ,
"modified" : "2019-05-02T13:19:21.000Z" ,
"pattern" : "[file:hashes.MD5 = '6d2e6a61eede06fa9d633ce151208831' AND file:hashes.SHA1 = 'f764163f3912376ebcabaf1cf3a60b6bc74561be' AND file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:19:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:21.000Z" ,
"modified" : "2019-05-02T13:19:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-05-02T11:28:30" ,
"category" : "Other" ,
"uuid" : "8a8e9657-f185-4b4a-a864-9dfd038906ce"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3/analysis/1556796510/" ,
"category" : "Payload delivery" ,
"uuid" : "a0b8060b-4c47-4415-8ee8-481d250cdbaf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "15/69" ,
"category" : "Payload delivery" ,
"uuid" : "8d0ecb1f-84c3-4e39-85e6-5382f49cc22c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:21.000Z" ,
"modified" : "2019-05-02T13:19:21.000Z" ,
"pattern" : "[file:hashes.MD5 = '109d51899c832287d7ce1f70b5bd885d' AND file:hashes.SHA1 = 'daa69d1b1abc00139b1d73d075921ab93137598d' AND file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:19:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:21.000Z" ,
"modified" : "2019-05-02T13:19:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-29T23:04:06" ,
"category" : "Other" ,
"uuid" : "5e67a2b3-2334-4dd1-b4da-148e54772693"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770/analysis/1556579046/" ,
"category" : "Payload delivery" ,
"uuid" : "2861f6a6-f61f-4226-8b1a-5552c3c1fa06"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/70" ,
"category" : "Payload delivery" ,
"uuid" : "f186be1f-70d3-4b2d-8f82-32aa84b64c0b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:21.000Z" ,
"modified" : "2019-05-02T13:19:21.000Z" ,
"pattern" : "[file:hashes.MD5 = '84fca27bc75f40194c95534b07838d6c' AND file:hashes.SHA1 = '9520a18e9f6d4f6f014aa576b8843cdff176f701' AND file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:19:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:19:21.000Z" ,
"modified" : "2019-05-02T13:19:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-05-01T10:35:55" ,
"category" : "Other" ,
"uuid" : "e051a82c-c83e-4283-8de4-161be247465f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6/analysis/1556706955/" ,
"category" : "Payload delivery" ,
"uuid" : "8a0a6690-a7e6-449b-9c8d-6afd65d8be44"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/58" ,
"category" : "Payload delivery" ,
"uuid" : "bab1b9f2-f67e-493b-912e-525dcaa79d9c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:20:33.000Z" ,
"modified" : "2019-05-02T13:20:33.000Z" ,
"pattern" : "[file:hashes.MD5 = '1b19175c41b9a9881b23b4382cc5935f' AND file:hashes.SHA1 = '3752656c024284ea63421d70235ec48d76a95df3' AND file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-02T13:20:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-02T13:20:34.000Z" ,
"modified" : "2019-05-02T13:20:34.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-04-29T23:04:01" ,
"category" : "Other" ,
"comment" : "The dll is a variant of the newcoreRAT with many similarities with" ,
"uuid" : "a6e30d35-1912-4743-86bb-917b906bfc44"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76/analysis/1556579041/" ,
"category" : "Payload delivery" ,
"comment" : "The dll is a variant of the newcoreRAT with many similarities with" ,
"uuid" : "f6aba0fc-493d-46cd-809d-fb34b7ade2cb"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/70" ,
"category" : "Payload delivery" ,
"comment" : "The dll is a variant of the newcoreRAT with many similarities with" ,
"uuid" : "35ac479c-bae6-42e5-a362-b3477657ef04"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--2e42749e-9de1-4367-9f63-e54fb183ece8" ,
"created" : "2019-05-02T13:19:21.000Z" ,
"modified" : "2019-05-02T13:19:21.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--6af30035-5440-401a-976b-bc64ed82ad01" ,
"target_ref" : "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--41257a4e-3f6f-4f25-aa92-05f46851c4ba" ,
"created" : "2019-05-02T13:19:22.000Z" ,
"modified" : "2019-05-02T13:19:22.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f" ,
"target_ref" : "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--bc8c683f-be60-4d0c-82d5-354ab0474a34" ,
"created" : "2019-05-02T13:19:22.000Z" ,
"modified" : "2019-05-02T13:19:22.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f" ,
"target_ref" : "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--74e310c2-8ca5-4436-b4f5-0e933cce34b1" ,
"created" : "2019-05-02T13:20:34.000Z" ,
"modified" : "2019-05-02T13:20:34.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61" ,
"target_ref" : "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}