misp-circl-feed/feeds/circl/misp/5d0c8dcc-eae0-4020-b1d0-5526950d210f.json

723 lines
32 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5d0c8dcc-eae0-4020-b1d0-5526950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:53:14.000Z",
"modified": "2019-06-21T15:53:14.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5d0c8dcc-eae0-4020-b1d0-5526950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:53:14.000Z",
"modified": "2019-06-21T15:53:14.000Z",
"name": "OSINT - Hide \u00e2\u20ac\u02dcN Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP",
"published": "2019-06-21T15:53:29Z",
"object_refs": [
"x-misp-attribute--5d0c9804-7248-45ae-ab57-47fa950d210f",
"observed-data--5d0c9e1b-623c-4552-9a6c-41e1950d210f",
"url--5d0c9e1b-623c-4552-9a6c-41e1950d210f",
"indicator--5d0cae62-69cc-495e-932c-478e950d210f",
"indicator--5d0cae78-e888-4c47-b54e-42b5950d210f",
"indicator--5d0caf46-8778-4c85-b528-41cf950d210f",
"indicator--5d0cb1e1-86b0-4d8c-8c6b-4283950d210f",
"indicator--5d0cb1fd-b8a8-44a1-bde0-4b6e950d210f",
"indicator--5d0cb217-01d4-460f-bb99-20b8950d210f",
"indicator--5d0cb4d6-883c-4e2b-89b6-4bc1950d210f",
"indicator--5d0cb4e8-48d8-492e-88e4-48bf950d210f",
"indicator--6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b",
"x-misp-object--360b84b9-09a3-414f-a88d-558b8503d0eb",
"indicator--c3d5088e-84f5-4ef5-b213-67beb35b4e23",
"x-misp-object--46bcd5b2-85e1-4961-ad0c-add96cfc111c",
"indicator--50675af8-63e6-45fc-8705-fe07a29bcf6a",
"x-misp-object--5fc7be9f-fde9-45be-a619-1952b90e8506",
"indicator--9803a8e8-e8b7-4708-9565-3f261694a5cb",
"x-misp-object--20480301-47fb-4a64-81c9-8aa80a18dc89",
"indicator--4e6b8d5b-af14-4a65-833d-5e41861d39a3",
"x-misp-object--599d8b4a-50a0-4a83-a25a-dd8b2879fe32",
"indicator--40227e50-2444-4a4a-80fe-fe4eeddd8a0c",
"x-misp-object--4aaab1e9-b177-41dc-b0a3-891174e327a5",
"relationship--db05f36f-6416-4de0-8c24-f8a283381fe8",
"relationship--ea2c80ab-d4d2-4bc7-b8f1-3f62b0bb3f9a",
"relationship--6a430c2b-7912-41e8-926f-fc1c1f2a1ed5",
"relationship--2b58e456-daec-4dae-aa18-3ab577c09771",
"relationship--f2c87731-66b0-4483-ab75-bed25363003e",
"relationship--5123d16f-8d4f-43dd-8596-26822880e319"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:botnet=\"Hide and Seek\"",
"misp-galaxy:malpedia=\"Hide and Seek\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"\tmalware_classification:malware-category=\"Botnet\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d0c9804-7248-45ae-ab57-47fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T08:40:36.000Z",
"modified": "2019-06-21T08:40:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "The Hide \u00e2\u20ac\u02dcN Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.\r\n\r\nSince its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).\r\n\r\nThis post details a variant of the family first seen on the 21st of February 2019, incorporating two new exploits \u00e2\u20ac\u201c CVE-2018-20062 which targets ThinkPHP installations, and CVE-2019-7238, a Remote Code Execution (RCE) vulnerability in Sonatype Nexus Repository Manager (NXRM) 3 software installations.\r\n\r\nWhile the ThinkPHP exploit has already been seen employed by several Mirai variants, the only other instance of the CVE-2019-7238 vulnerability being exploited in the wild has been by the DDG botnet. Our research, outlined below, shows that the Hide \u00e2\u20ac\u02dcN Seek botnet incorporated this exploit back in February 2019, even before the DDG botnet."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d0c9e1b-623c-4552-9a6c-41e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T09:06:35.000Z",
"modified": "2019-06-21T09:06:35.000Z",
"first_observed": "2019-06-21T09:06:35Z",
"last_observed": "2019-06-21T09:06:35Z",
"number_observed": 1,
"object_refs": [
"url--5d0c9e1b-623c-4552-9a6c-41e1950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d0c9e1b-623c-4552-9a6c-41e1950d210f",
"value": "https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0cae62-69cc-495e-932c-478e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:16:02.000Z",
"modified": "2019-06-21T10:16:02.000Z",
"pattern": "[file:hashes.SHA256 = '49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0cae78-e888-4c47-b54e-42b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:16:24.000Z",
"modified": "2019-06-21T10:16:24.000Z",
"pattern": "[file:hashes.SHA256 = 'd068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:16:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0caf46-8778-4c85-b528-41cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:19:50.000Z",
"modified": "2019-06-21T10:19:50.000Z",
"pattern": "[file:hashes.SHA256 = '1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:19:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0cb1e1-86b0-4d8c-8c6b-4283950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:30:57.000Z",
"modified": "2019-06-21T10:30:57.000Z",
"pattern": "[file:hashes.SHA256 = 'c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:30:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0cb1fd-b8a8-44a1-bde0-4b6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:31:25.000Z",
"modified": "2019-06-21T10:31:25.000Z",
"pattern": "[file:hashes.SHA256 = '0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:31:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0cb217-01d4-460f-bb99-20b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:31:51.000Z",
"modified": "2019-06-21T10:31:51.000Z",
"pattern": "[file:hashes.SHA256 = '73df4e952c581afc427fa18fa2d0bcfa409c1814cd872a3ccf05d44f934ce780']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:31:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0cb4d6-883c-4e2b-89b6-4bc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:43:34.000Z",
"modified": "2019-06-21T10:43:34.000Z",
"pattern": "[file:hashes.SHA256 = '500dd4c1a5c24495c3bb8173ce5c7b15ba3344aef855090b9b9585b2bfeea974']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:43:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d0cb4e8-48d8-492e-88e4-48bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T10:43:52.000Z",
"modified": "2019-06-21T10:43:52.000Z",
"pattern": "[file:hashes.SHA256 = '7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T10:43:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:47.000Z",
"modified": "2019-06-21T15:52:47.000Z",
"pattern": "[file:hashes.MD5 = 'cc4662e589e8fa58d26f1a8d1c0da21f' AND file:hashes.SHA1 = '15c5554d24169096e756beee8c15e96c6708f06c' AND file:hashes.SHA256 = '1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T15:52:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--360b84b9-09a3-414f-a88d-558b8503d0eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:48.000Z",
"modified": "2019-06-21T15:52:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-13T22:39:35",
"category": "Other",
"uuid": "56d8e60e-215c-4291-8f44-dfeb61084447"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382/analysis/1560465575/",
"category": "Payload delivery",
"uuid": "c1da88a6-b89a-436f-90a0-dac5f2040c94"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/57",
"category": "Payload delivery",
"uuid": "fa401d1d-e971-4d5b-96d4-5f9a142d1c6f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c3d5088e-84f5-4ef5-b213-67beb35b4e23",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:48.000Z",
"modified": "2019-06-21T15:52:48.000Z",
"pattern": "[file:hashes.MD5 = '01a9c99b6c8b812b61ddda76ee5c1899' AND file:hashes.SHA1 = 'e919ad0e40298f1f79d67c2e8ccdbb0acdde5a2b' AND file:hashes.SHA256 = '7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T15:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--46bcd5b2-85e1-4961-ad0c-add96cfc111c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:48.000Z",
"modified": "2019-06-21T15:52:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-18T19:16:22",
"category": "Other",
"uuid": "a9cd7679-ab30-44f0-a181-a34756f08f3f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7/analysis/1560885382/",
"category": "Payload delivery",
"uuid": "052fb771-186d-402c-8be5-02ea4657c5ae"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/55",
"category": "Payload delivery",
"uuid": "22f740bd-ce13-43d6-b566-5d09c5cfd814"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--50675af8-63e6-45fc-8705-fe07a29bcf6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:48.000Z",
"modified": "2019-06-21T15:52:48.000Z",
"pattern": "[file:hashes.MD5 = '6de70812923df430cff73fcf66830e6d' AND file:hashes.SHA1 = '13cc834fbf30e32146ae1be4a6bbba5b7be41ae3' AND file:hashes.SHA256 = '49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T15:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5fc7be9f-fde9-45be-a619-1952b90e8506",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:48.000Z",
"modified": "2019-06-21T15:52:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-13T22:39:35",
"category": "Other",
"uuid": "3c70bbea-cf02-4b93-8295-b3b4a116c77c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f/analysis/1560465575/",
"category": "Payload delivery",
"uuid": "a330507d-9192-4e56-ad08-eeb3401a64ab"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/58",
"category": "Payload delivery",
"uuid": "0ef769b9-de75-41b6-86d4-e97d6edef792"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9803a8e8-e8b7-4708-9565-3f261694a5cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:48.000Z",
"modified": "2019-06-21T15:52:48.000Z",
"pattern": "[file:hashes.MD5 = 'f54c7e19bc1db3b3897b6fe81a403db0' AND file:hashes.SHA1 = '20ee3e5634a7a826a68ec858474f65cd58190870' AND file:hashes.SHA256 = '0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T15:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--20480301-47fb-4a64-81c9-8aa80a18dc89",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-14T16:31:05",
"category": "Other",
"uuid": "ad41b356-c3b3-4dcd-855e-7bd45c6d2891"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369/analysis/1560529865/",
"category": "Payload delivery",
"uuid": "4f643b42-1af6-49d6-b5e8-43f72941844a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/50",
"category": "Payload delivery",
"uuid": "baa30bab-f182-4eb5-bba6-db9551c005d1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4e6b8d5b-af14-4a65-833d-5e41861d39a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
"pattern": "[file:hashes.MD5 = '7c48b82ee08fbf7b4f4190b0973dfd5c' AND file:hashes.SHA1 = '1b278755efb2fefde2c32be6d0aa329ae35a9fc6' AND file:hashes.SHA256 = 'd068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T15:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--599d8b4a-50a0-4a83-a25a-dd8b2879fe32",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-13T22:39:39",
"category": "Other",
"uuid": "e850ba03-ed6c-474a-ae87-db0f0c31551d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1/analysis/1560465579/",
"category": "Payload delivery",
"uuid": "4ed5c275-ec23-49f5-accf-23d17dfd73b8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/55",
"category": "Payload delivery",
"uuid": "6aeb3a94-650e-4c76-99da-75e53081eaba"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--40227e50-2444-4a4a-80fe-fe4eeddd8a0c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
"pattern": "[file:hashes.MD5 = '784ab23904c34c2033b8ab3fbb18645d' AND file:hashes.SHA1 = '75374fe86e63b1c60b02be4ebe3770a58a4423e1' AND file:hashes.SHA256 = 'c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-21T15:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4aaab1e9-b177-41dc-b0a3-891174e327a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-21T08:57:11",
"category": "Other",
"uuid": "67e1c498-a970-46de-8907-61e496935893"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d/analysis/1561107431/",
"category": "Payload delivery",
"uuid": "e57632b1-769b-4c66-bd28-0c73fdb20fa5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/57",
"category": "Payload delivery",
"uuid": "528491e6-7f21-401a-9749-cb93d8c6fa29"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--db05f36f-6416-4de0-8c24-f8a283381fe8",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b",
"target_ref": "x-misp-object--360b84b9-09a3-414f-a88d-558b8503d0eb"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ea2c80ab-d4d2-4bc7-b8f1-3f62b0bb3f9a",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--c3d5088e-84f5-4ef5-b213-67beb35b4e23",
"target_ref": "x-misp-object--46bcd5b2-85e1-4961-ad0c-add96cfc111c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6a430c2b-7912-41e8-926f-fc1c1f2a1ed5",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--50675af8-63e6-45fc-8705-fe07a29bcf6a",
"target_ref": "x-misp-object--5fc7be9f-fde9-45be-a619-1952b90e8506"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2b58e456-daec-4dae-aa18-3ab577c09771",
"created": "2019-06-21T15:52:49.000Z",
"modified": "2019-06-21T15:52:49.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--9803a8e8-e8b7-4708-9565-3f261694a5cb",
"target_ref": "x-misp-object--20480301-47fb-4a64-81c9-8aa80a18dc89"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f2c87731-66b0-4483-ab75-bed25363003e",
"created": "2019-06-21T15:52:50.000Z",
"modified": "2019-06-21T15:52:50.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--4e6b8d5b-af14-4a65-833d-5e41861d39a3",
"target_ref": "x-misp-object--599d8b4a-50a0-4a83-a25a-dd8b2879fe32"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5123d16f-8d4f-43dd-8596-26822880e319",
"created": "2019-06-21T15:52:50.000Z",
"modified": "2019-06-21T15:52:50.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--40227e50-2444-4a4a-80fe-fe4eeddd8a0c",
"target_ref": "x-misp-object--4aaab1e9-b177-41dc-b0a3-891174e327a5"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}