2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5c5201f6-e414-4dc2-be61-4f4502de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:03:39.000Z" ,
"modified" : "2019-01-30T20:03:39.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5c5201f6-e414-4dc2-be61-4f4502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:03:39.000Z" ,
"modified" : "2019-01-30T20:03:39.000Z" ,
"name" : "OSINT - Cisco Job Posting Targets Korean Candidates" ,
"published" : "2019-01-30T20:05:21Z" ,
"object_refs" : [
"observed-data--5c520202-8d5c-44ca-8470-40ce02de0b81" ,
"url--5c520202-8d5c-44ca-8470-40ce02de0b81" ,
"x-misp-attribute--5c520214-741c-4008-8f48-e23902de0b81" ,
"observed-data--5c520233-b77c-4045-b967-4abc02de0b81" ,
"domain-name--5c520233-b77c-4045-b967-4abc02de0b81" ,
"indicator--5c520245-4460-41ab-b89e-405b02de0b81" ,
"indicator--5c520257-fdd4-4c61-8b0f-445902de0b81" ,
"observed-data--5c52027a-a0a8-492d-8ed5-43ee02de0b81" ,
"domain-name--5c52027a-a0a8-492d-8ed5-43ee02de0b81" ,
"observed-data--5c52027a-b1b0-45dd-8c9c-4ac702de0b81" ,
"domain-name--5c52027a-b1b0-45dd-8c9c-4ac702de0b81" ,
"observed-data--5c5202d0-e2fc-4be4-bf46-406f02de0b81" ,
"file--5c5202d0-e2fc-4be4-bf46-406f02de0b81" ,
"artifact--5c5202d0-e2fc-4be4-bf46-406f02de0b81" ,
"indicator--db2f6f9a-9fd2-4815-ab19-3e80b630afee" ,
"x-misp-object--83ffea5f-5ac1-4359-a694-73fe84275425" ,
"indicator--30e63e4f-a33b-4e63-85a6-37485fb077a2" ,
"x-misp-object--4dcb8302-c888-44dc-bb62-d35f09261019" ,
2024-04-05 12:15:17 +00:00
"relationship--11ecd1dc-3352-4521-a37d-fa55f4be60de" ,
"relationship--add14986-14a5-47f3-a1b6-e616e600d223"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c520202-8d5c-44ca-8470-40ce02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T19:58:58.000Z" ,
"modified" : "2019-01-30T19:58:58.000Z" ,
"first_observed" : "2019-01-30T19:58:58Z" ,
"last_observed" : "2019-01-30T19:58:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5c520202-8d5c-44ca-8470-40ce02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5c520202-8d5c-44ca-8470-40ce02de0b81" ,
"value" : "https://blog.talosintelligence.com/2019/01/fake-korean-job-posting.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5c520214-741c-4008-8f48-e23902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T19:59:16.000Z" ,
"modified" : "2019-01-30T19:59:16.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Cisco Talos recently observed a targeted malware campaign being leveraged in an attempt to compromise specific organizations. The infection vector associated with this campaign was a Microsoft Word document that was disguised as a job posting for Cisco Korea, and leveraged legitimate content available as part of job postings on various websites. EST Security also described this campaign in a blog post this week. This malicious Office document appears to have been the initial portion of what was designed to be a multi-stage infection process. \r\n\r\nDuring our analysis of this campaign, we located additional samples that we believe are linked to multiple previous campaigns associated with the same threat actor. Each of the campaigns leveraged malicious documents and initial stage payloads that all featured similar tactics, techniques, and procedures (TTP). Due to the targeted nature of this campaign, the lack of widespread indicator of compromise data, and the apparent nature of the targeting, this appears to be associated with a sophisticated attacker. This sort of attack has become more common as threat actors continue to target users to gain an initial foothold in environments. Organizations are encouraged to employ a defense-in-depth approach to security and disallow the execution of macros where possible."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c520233-b77c-4045-b967-4abc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:01:17.000Z" ,
"modified" : "2019-01-30T20:01:17.000Z" ,
"first_observed" : "2019-01-30T20:01:17Z" ,
"last_observed" : "2019-01-30T20:01:17Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5c520233-b77c-4045-b967-4abc02de0b81"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5c520233-b77c-4045-b967-4abc02de0b81" ,
"value" : "ilovesvc.com"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c520245-4460-41ab-b89e-405b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:00:05.000Z" ,
"modified" : "2019-01-30T20:00:05.000Z" ,
"description" : "the Office document" ,
"pattern" : "[file:hashes.SHA256 = 'bf27c1631ef64c1e75676375a85d48f8ae97e1ea9a5f67c2beefc02c609fc18b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-30T20:00:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c520257-fdd4-4c61-8b0f-445902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:00:23.000Z" ,
"modified" : "2019-01-30T20:00:23.000Z" ,
"description" : "PE32" ,
"pattern" : "[file:hashes.SHA256 = '1497ab6ddccf91ef7f2cd75ce020bb3bf39979210351deaa6e0025997ddfda5a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-30T20:00:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c52027a-a0a8-492d-8ed5-43ee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:00:58.000Z" ,
"modified" : "2019-01-30T20:00:58.000Z" ,
"first_observed" : "2019-01-30T20:00:58Z" ,
"last_observed" : "2019-01-30T20:00:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5c52027a-a0a8-492d-8ed5-43ee02de0b81"
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5c52027a-a0a8-492d-8ed5-43ee02de0b81" ,
"value" : "www.secuvision.co.kr"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c52027a-b1b0-45dd-8c9c-4ac702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:00:58.000Z" ,
"modified" : "2019-01-30T20:00:58.000Z" ,
"first_observed" : "2019-01-30T20:00:58Z" ,
"last_observed" : "2019-01-30T20:00:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5c52027a-b1b0-45dd-8c9c-4ac702de0b81"
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5c52027a-b1b0-45dd-8c9c-4ac702de0b81" ,
"value" : "www.syadplus.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c5202d0-e2fc-4be4-bf46-406f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:02:24.000Z" ,
"modified" : "2019-01-30T20:02:24.000Z" ,
"first_observed" : "2019-01-30T20:02:24Z" ,
"last_observed" : "2019-01-30T20:02:24Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c5202d0-e2fc-4be4-bf46-406f02de0b81" ,
"artifact--5c5202d0-e2fc-4be4-bf46-406f02de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c5202d0-e2fc-4be4-bf46-406f02de0b81" ,
"name" : "image11.jpg" ,
"content_ref" : "artifact--5c5202d0-e2fc-4be4-bf46-406f02de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5c5202d0-e2fc-4be4-bf46-406f02de0b81" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 4 Q B g R X h p Z g A A S U k q A A g A A A A C A D E B A g A H A A A A J g A A A G m H B A A B A A A A L g A A A A A A A A B H b 29 n b G U A A A M A A J A H A A Q A A A A w M j I w A q A E A A E A A A B A B g A A A 6 A E A A E A A A B 9 B A A A A A A A A P / b A I Q A A w I C C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C g g I C A g J C Q k I C A s N C g g N C A g J C A E D B A Q G B Q Y I B g Y I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I C A g I / 8 A A E Q g E f Q Z A A w E i A A I R A Q M R A f / E A B 0 A A Q A B B Q E B A Q A A A A A A A A A A A A A G A Q I E B Q c I C Q P / x A B o E A A B B A E C A w M F C A 4 I A g Y G A R U B A A I D B A U R E g Y T I Q c U M Q g V I k F R F h g z U 5 G S 0 d M j J D I 0 U l R h c X K B k 5 S y 8 A l C V X O V s b P U o c E X J T V D d N I m Y n W 0 w u E 2 R Y K E o 7 X x J 0 R W Y 3 a D o j e W 5 B l G Z G X E / 8 Q A G w E B A A I D A Q E A A A A A A A A A A A A A A A E D A g Q F B g f / x A B E E Q E A A Q I B C Q Q I B A Q F A w Q D A A A A A Q I R A w Q S E x U h M V F S k h Z B 0 e E F U 2 F x k a G i 0 g Y i M o E U Q m K T M 7 H B 4 v B D c o I H I 1 S y N E T C / 9 o A D A M B A A I R A x E A P w D 6 n W L A a C S d A F o Z + N Y W k g k j T p 4 K v G s x b C S F I A E E a 93 s H t T 3 e w e 1 S V E E a 93 s H t T 3 e w e 1 S V N U E a 93 s H t T 3 e w e 1 S U K u i C M + 72 D 2 p 7 v Y P a p K i i 4 j X u 9 g 9 q e 72 D 2 q S o p E a 93 s H t T 3 e w e 1 S b R N E E Z 93 s H t T 3 e w e 1 S b R N E E Z 93 s H t T 3 e w e 1 S b R N E E Z 93 s H t T 3 e w e 1 S b R N E E Z 93 s H t T 3 e w e 1 S b R N E E Z 93 s H t T 3 e w e 1 S V F F x G v d 7 B 7 U 93 s H t U m 0 T R S I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I z 7 v Y P a n u 9 g 9 q k 2 i a I I 9 B x t C 46 A n 9 S 3 t a w H D U H U F X l a H g u c u i B J 1 / w D v l B + P H n w B / U p I S o 3 x 58 A f 1 K R u U S L X P W m v 8 b U 4 v h b d a P 8 A T m j b / E 4 L w 35 b X H O U Z m T U o 2 L b G C o y Y x 1 Z J Q e g e Z H l s Z H o t a N X H 1 D R e W M v j s n M R z m X Z S Y u f 9 k E z y Y d u / n e k C e X s 9 I u P o + H V e n y X 0 J p q K M S r F i n P i 8 R 3 u H j + k p o q q o p o m b d / c + z W M z M U z B J D J H N G d Q H x O b I 0 k H Q 6 O a S D o f H r 0 W Y C v A / k p Y i h N j q k M p z 7 Z p J X s 305 c j D S a S 9 w B D 4 H N g Z / w C s f l X p n s O h d D b z F L m z S w 1 J 67 Y T Y l f P K 0 S Q c x w d L I S 53 U j T U r l Z R k e i q r i 8 z m 8 Y t e L x G z b 7 W / g 5 R n x T N t / B 2 B q u V r V c u b E 3 h u v z L 1 X m L y z w B i n 5 H O 5 q C x b u i K v I 0 w s h t z w t Z u c 4 d A x 7 f U N P A L r n / Q T W / G 8 p / i V v 61 b W L g U 4 U 2 q r 7 o n d x i 6 + q i K d 8913 S d 6 v a V 5 U 7 Y 8 I / G Z L B s r X L + y z a L Z m y 3 L E z X N b J B t G 17 y O u 9 w 9 n U r 1 U 1 Y 4 m D m U 0 1 X v F c T M f t N m N d G b E T e 91 y o S q r X 57 M t r x P l f r t Y N T p 4 / m V C p n E q o K 83 R d p B n t i W e e a G E a E R x F 3 U e I B D X D q f z e C 6 r R 7 Z a D 9 G i R w 9 W r 2 l v y l 3 r Q T 1 F j 1 b j Z A H M c H N P g Q Q Q V k I C I i A q E o V D u 1 L t E j x l S S y 8 b i 3 o x g 8 X u 9 Q H 5 f X 6 / B Z 0 U T X V F N M X m W F V U U x e U u c 5 U 3 r h X Z z e y s 9 a / f u u 5 b J q r 3 V o W 6 g x 7 W v c H 69 P S I 0 66 A 9 F 5 b 4 c z O W d 3 W e X J X Y a 0 9 h 0 T Z u f N K 1 j 2 v Y D u Z v Y C z 0 v A u C 6 e D 6 P n F m u N J T G Z 79 v s j 2 u b i Z f F G b O b V a q f Z s 9 s 7 X 0 d 1 V V q + H t R B C C / m k R R 6 y a b e Y d j f T 0 1 O 3 d 46 a + t b M F c q d k 29 t n U i b x d V E V F C V U R E B E R A R E Q E R E B E R A R E Q E R E B E R A R U K 0 H E f H l K m W i 3 b r 1 i / U s E 8 s c W 7 T x 27 y N d P y I J A i 1 + D z 0 N m M T V 5 Y 5 o n a 7 Z I n N e x 2 n j o 5 p I K z X v 0 6 / z o g v R R B / a z j B H z j k K Y i 5 n J 5 h s R b O a B u M e 7 d p v D R q W + K 2 m F 4 y q 2 Y n T V 7 M M 8 T N 26 S K R j 2 N 2 j V 2 r m u 0 G n 5 f B B u 0 W o w H F F e 0 z m 1 Z 4 r E e 4 t 5 k M j Z G b h p q 3 c 0 k a j X T T V W 4 j i 6 r Y f L F B Y h m k g c W T M j k a 98 T g S 3 b I 1 p 1 a 4 E E E E e p B u U U c x P a H R n m d X h u V p Z 2 b t 0 M c z H y t 2 f d a x t d u G 316 h L H a H Q Z Y F R 12 s 20 S A K 5 n j E x J G o H L L t 2 u g P Q B B I 0 V m q x a W X i k d I 2 O R j 3 R O 2 S B r g S x + g I a 8 D q 0 k E H r 6 i g z U W B F l 4 z K 6 A S M M z W C R 0 W 4 F 4 Y 46 B x a D u D T 4 A k L O Q V R Y N n L x s k j i d I x s k g c Y 4 y 4 B 7 w z Q v L W n q Q w E E k J B l 43 v k i b I x 0 k W 3 m M B B c z e N W 72 j q 3 c B q N f E d U G c i t c V g V s 3E90 r W S s c 6E7 Z m h z S Y n F u 8 N k A P o n a Q 7 r 6 k G x R R G X t Y x j Y + c 7 I 0 x F v M R k N m I M 5 j d S W b i 4 D c B 1 L f F S T G Z K O a N k s T 2 y R y N D m S M I c x 7 T 4 F r h q C D 7 U G U i w b O W j Z J H E 6 R j Z J t 3 K Y 5 w D 5 N j d z 9 j T o X b W 9 T p 4 K
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--db2f6f9a-9fd2-4815-ab19-3e80b630afee" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:03:38.000Z" ,
"modified" : "2019-01-30T20:03:38.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c067345667eded99610e51042a14081a' AND file:hashes.SHA1 = 'ea9bd89535c250c7bb7d98d10971ca586a574c53' AND file:hashes.SHA256 = '1497ab6ddccf91ef7f2cd75ce020bb3bf39979210351deaa6e0025997ddfda5a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-30T20:03:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--83ffea5f-5ac1-4359-a694-73fe84275425" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:03:39.000Z" ,
"modified" : "2019-01-30T20:03:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-07-03T03:11:00" ,
"category" : "Other" ,
"uuid" : "2f301aee-3a07-4315-a9fe-35f15b9d6423"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1497ab6ddccf91ef7f2cd75ce020bb3bf39979210351deaa6e0025997ddfda5a/analysis/1499051460/" ,
"category" : "External analysis" ,
"uuid" : "e6031ce3-dc7d-4d15-a1ea-635e060a2f02"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "32/62" ,
"category" : "Other" ,
"uuid" : "36547772-c3a7-4c9a-a7ad-cf22d140afe5"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--30e63e4f-a33b-4e63-85a6-37485fb077a2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:03:39.000Z" ,
"modified" : "2019-01-30T20:03:39.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fbd1cd15019c0dd6659a59bc93b8596f' AND file:hashes.SHA1 = '050dbe26683f5d39c8773da4a4b7d3dd28addc00' AND file:hashes.SHA256 = 'bf27c1631ef64c1e75676375a85d48f8ae97e1ea9a5f67c2beefc02c609fc18b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-30T20:03:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4dcb8302-c888-44dc-bb62-d35f09261019" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-30T20:03:39.000Z" ,
"modified" : "2019-01-30T20:03:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-30T10:52:43" ,
"category" : "Other" ,
"uuid" : "e27a0948-b861-4c5a-8bed-1e7733ad3f54"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/bf27c1631ef64c1e75676375a85d48f8ae97e1ea9a5f67c2beefc02c609fc18b/analysis/1548845563/" ,
"category" : "External analysis" ,
"uuid" : "61389d49-4a4d-4917-bbef-dce3db7cffae"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "34/58" ,
"category" : "Other" ,
"uuid" : "ae01b2c6-6e9f-4e1e-93e7-5fc722af7bcd"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--11ecd1dc-3352-4521-a37d-fa55f4be60de" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-30T20:03:39.000Z" ,
"modified" : "2019-01-30T20:03:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--db2f6f9a-9fd2-4815-ab19-3e80b630afee" ,
"target_ref" : "x-misp-object--83ffea5f-5ac1-4359-a694-73fe84275425"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--add14986-14a5-47f3-a1b6-e616e600d223" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-30T20:03:39.000Z" ,
"modified" : "2019-01-30T20:03:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--30e63e4f-a33b-4e63-85a6-37485fb077a2" ,
"target_ref" : "x-misp-object--4dcb8302-c888-44dc-bb62-d35f09261019"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}