2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5dc3249f-6ebc-44fd-b78d-448d02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T20:00:02.000Z" ,
"modified" : "2019-11-06T20:00:02.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5dc3249f-6ebc-44fd-b78d-448d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T20:00:02.000Z" ,
"modified" : "2019-11-06T20:00:02.000Z" ,
"name" : "OSINT - BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0" ,
"published" : "2019-11-06T20:02:52Z" ,
"object_refs" : [
"indicator--5dc324da-8930-4832-84ae-428102de0b81" ,
"indicator--5dc324da-3aa8-4672-a5c8-461502de0b81" ,
"indicator--5dc324da-4734-4603-be54-44eb02de0b81" ,
"indicator--5dc324da-7284-4a03-880f-4c9d02de0b81" ,
"indicator--5dc324da-eef0-4d5e-bc21-4c5402de0b81" ,
"indicator--5dc324da-7f9c-4659-abea-402a02de0b81" ,
"x-misp-attribute--5dc32571-aa74-4179-8f74-42bc02de0b81" ,
"indicator--5dc325b9-7018-496a-b223-4b7602de0b81" ,
"indicator--5dc325b9-a748-403f-abcc-428c02de0b81" ,
"observed-data--5dc325e5-6214-4a8f-bf43-441102de0b81" ,
"url--5dc325e5-6214-4a8f-bf43-441102de0b81" ,
"indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9" ,
"x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1" ,
"indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c" ,
"x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317" ,
"indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb" ,
"x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91" ,
"indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97" ,
"x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568" ,
"indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92" ,
"x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad" ,
"indicator--25d7c94e-5aad-4634-878d-15010c84f0aa" ,
"x-misp-object--f10bc385-bc29-4069-8374-abc49782561a" ,
2024-04-05 12:15:17 +00:00
"relationship--d741a727-322c-4637-930f-80edfb2ad847" ,
"relationship--22408634-ee41-4ea2-b767-2f2a9879772a" ,
"relationship--dbe0e066-4162-43e6-a951-89ab2e50892d" ,
"relationship--c4405d26-6b1e-4c59-826a-7acb5fcf4f77" ,
"relationship--c64db77e-c64d-4e88-ae51-61eb118343f9" ,
"relationship--1c9e16db-d688-4121-8a64-7d72594ae13c"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:malpedia=\"Dridex\"" ,
"misp-galaxy:malpedia=\"FriedEx\"" ,
"misp-galaxy:ransomware=\"Bitpaymer\"" ,
"misp-galaxy:threat-actor=\"INDRIK SPIDER\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc324da-8930-4832-84ae-428102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:54:02.000Z" ,
"modified" : "2019-11-06T19:54:02.000Z" ,
"description" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"pattern" : "[file:hashes.SHA256 = '51d8618ec86159327e883615ad8989c7638172cf801f65ab0367e5b2e6af596a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:54:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc324da-3aa8-4672-a5c8-461502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:54:02.000Z" ,
"modified" : "2019-11-06T19:54:02.000Z" ,
"description" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"pattern" : "[file:hashes.SHA256 = 'd4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:54:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc324da-4734-4603-be54-44eb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:54:02.000Z" ,
"modified" : "2019-11-06T19:54:02.000Z" ,
"description" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"pattern" : "[file:hashes.SHA256 = '0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:54:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc324da-7284-4a03-880f-4c9d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:54:02.000Z" ,
"modified" : "2019-11-06T19:54:02.000Z" ,
"description" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"pattern" : "[file:hashes.SHA256 = 'bfb7e62ba4ad5975e68a1beefb045cb72e056911fd7a8b070a15029dfcbbefe1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:54:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc324da-eef0-4d5e-bc21-4c5402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:54:02.000Z" ,
"modified" : "2019-11-06T19:54:02.000Z" ,
"description" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"pattern" : "[file:hashes.SHA256 = 'bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:54:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc324da-7f9c-4659-abea-402a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:54:02.000Z" ,
"modified" : "2019-11-06T19:54:02.000Z" ,
"description" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"pattern" : "[file:hashes.SHA256 = '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:54:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5dc32571-aa74-4179-8f74-42bc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:56:33.000Z" ,
"modified" : "2019-11-06T19:56:33.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "CrowdStrike\u00c2\u00ae Intelligence has identified a new ransomware variant identifying itself as BitPaymer. This new variant was behind a series of ransomware campaigns beginning in June 2019, including attacks against the City of Edcouch, Texas and the Chilean Ministry of Agriculture. \r\n\r\nWe have dubbed this new ransomware DoppelPaymer because it shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER. However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of INDRIK SPIDER have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc325b9-7018-496a-b223-4b7602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:57:45.000Z" ,
"modified" : "2019-11-06T19:57:45.000Z" ,
"description" : "DoppelPaymer" ,
"pattern" : "[file:hashes.SHA256 = '801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:57:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc325b9-a748-403f-abcc-428c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:57:45.000Z" ,
"modified" : "2019-11-06T19:57:45.000Z" ,
"description" : "Dridex 2.0" ,
"pattern" : "[file:hashes.SHA256 = '813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:57:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5dc325e5-6214-4a8f-bf43-441102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:58:29.000Z" ,
"modified" : "2019-11-06T19:58:29.000Z" ,
"first_observed" : "2019-11-06T19:58:29Z" ,
"last_observed" : "2019-11-06T19:58:29Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5dc325e5-6214-4a8f-bf43-441102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5dc325e5-6214-4a8f-bf43-441102de0b81" ,
"value" : "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:15.000Z" ,
"modified" : "2019-11-06T19:59:15.000Z" ,
"pattern" : "[file:hashes.MD5 = '1b5c3c458e31bede55145d0644e88d75' AND file:hashes.SHA1 = 'a21c84c6bf2e21d69fa06daaf19b4cc34b589347' AND file:hashes.SHA256 = '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:59:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:15.000Z" ,
"modified" : "2019-11-06T19:59:15.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-11-05T13:32:39" ,
"category" : "Other" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "590eabf8-daae-48fa-93f7-a6881b74188d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4/analysis/1572960759/" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "7de0a36e-6553-4bca-b8f3-2496fa7c6ae6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "15/71" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "28dc293f-7fb7-49e5-9c3e-8bee49d6f3b2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:15.000Z" ,
"modified" : "2019-11-06T19:59:15.000Z" ,
"pattern" : "[file:hashes.MD5 = '68f9b52895f4d34e74112f3129b3b00d' AND file:hashes.SHA1 = 'c5e2018bf7c0f314fed4fd7fe7e69fa2e648359e' AND file:hashes.SHA256 = 'd4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:59:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:16.000Z" ,
"modified" : "2019-11-06T19:59:16.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-11-05T15:07:41" ,
"category" : "Other" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "2d422e88-d201-4694-bbd7-866a38115bf8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f/analysis/1572966461/" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "3e29cdd3-6698-46ac-a2e0-37658066a1a7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/71" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "4d55f6ac-dcd5-4ac6-8eca-d33081e4708a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:16.000Z" ,
"modified" : "2019-11-06T19:59:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '6365fe1d37545c71cbe2719ac7831bdd' AND file:hashes.SHA1 = '9356d660cebd2604ec4e72967f44678741331d5a' AND file:hashes.SHA256 = '0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:59:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:17.000Z" ,
"modified" : "2019-11-06T19:59:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-11-04T12:24:35" ,
"category" : "Other" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "2087010a-da8e-4132-b113-308e02d41f06"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc/analysis/1572870275/" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "d1cd1211-5d23-4442-94c1-6973a0b3e6cf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "14/70" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "72338110-8f9a-4c07-ab93-d926bbe4fe0e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:17.000Z" ,
"modified" : "2019-11-06T19:59:17.000Z" ,
"pattern" : "[file:hashes.MD5 = '47bc14f741779c3a7450adeeb66bb7e8' AND file:hashes.SHA1 = '980842b405d6df5385503044e102ad4a5d8b8573' AND file:hashes.SHA256 = '813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:59:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:17.000Z" ,
"modified" : "2019-11-06T19:59:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-11-04T12:37:45" ,
"category" : "Other" ,
"comment" : "Dridex 2.0" ,
"uuid" : "4bd2567e-f3c3-4af6-8878-5cebbb3ee30f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a/analysis/1572871065/" ,
"category" : "Payload delivery" ,
"comment" : "Dridex 2.0" ,
"uuid" : "f70fc547-6175-4e7d-aa3c-09fdcae120b9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "54/69" ,
"category" : "Payload delivery" ,
"comment" : "Dridex 2.0" ,
"uuid" : "094fb53d-08d6-44e0-9a00-ca0890f5175d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:18.000Z" ,
"modified" : "2019-11-06T19:59:18.000Z" ,
"pattern" : "[file:hashes.MD5 = '9141d1d189afc2e300121e71a211c925' AND file:hashes.SHA1 = 'ee5ac27425616878a932516000c04dedbde5b715' AND file:hashes.SHA256 = '801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:59:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:18.000Z" ,
"modified" : "2019-11-06T19:59:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-11-04T23:59:41" ,
"category" : "Other" ,
"comment" : "DoppelPaymer" ,
"uuid" : "0bb87c96-21b6-4b12-997c-d8e329e3678d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b/analysis/1572911981/" ,
"category" : "Payload delivery" ,
"comment" : "DoppelPaymer" ,
"uuid" : "556bfa2e-6a6d-405a-a050-051f2ba65972"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "54/68" ,
"category" : "Payload delivery" ,
"comment" : "DoppelPaymer" ,
"uuid" : "26ceb39d-61ca-4f10-a6d9-d565989705e2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--25d7c94e-5aad-4634-878d-15010c84f0aa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:18.000Z" ,
"modified" : "2019-11-06T19:59:18.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b365af317ae730a67c936f21432b9c71' AND file:hashes.SHA1 = 'a0bdfac3ce1880b32ff9b696458327ce352e3b1d' AND file:hashes.SHA256 = 'bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-11-06T19:59:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f10bc385-bc29-4069-8374-abc49782561a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-11-06T19:59:18.000Z" ,
"modified" : "2019-11-06T19:59:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-11-05T08:08:47" ,
"category" : "Other" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "35be71bd-7536-4d04-8ef0-608d868fe3ce"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4/analysis/1572941327/" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "5d316b72-97a1-4935-bf13-366b77f8c6fd"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/71" ,
"category" : "Payload delivery" ,
"comment" : "Encrypted PE Files Embedded in DoppelPaymer" ,
"uuid" : "1d009b4d-d054-4cbe-bef2-6d8b6d5e9112"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--d741a727-322c-4637-930f-80edfb2ad847" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-11-06T19:59:18.000Z" ,
"modified" : "2019-11-06T19:59:18.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--bca0440a-4555-4587-b5a2-a541bd2a4dc9" ,
"target_ref" : "x-misp-object--b9af0b6b-5e5d-43a1-84c7-21e1357665f1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--22408634-ee41-4ea2-b767-2f2a9879772a" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-11-06T19:59:19.000Z" ,
"modified" : "2019-11-06T19:59:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9ae6b1c8-d364-4e47-acf7-f6730fb4465c" ,
"target_ref" : "x-misp-object--b440661e-36e3-4b91-86ff-fa8760b84317"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--dbe0e066-4162-43e6-a951-89ab2e50892d" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-11-06T19:59:19.000Z" ,
"modified" : "2019-11-06T19:59:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--756d7b88-3347-4a0c-9fef-01dbddfd34bb" ,
"target_ref" : "x-misp-object--6d1c9b11-06c8-4813-9485-89269e343f91"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--c4405d26-6b1e-4c59-826a-7acb5fcf4f77" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-11-06T19:59:19.000Z" ,
"modified" : "2019-11-06T19:59:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c04e4714-a1ca-4318-98d3-a46cf6d6ad97" ,
"target_ref" : "x-misp-object--e943e2d5-8dec-4e03-8469-ee47c09f2568"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--c64db77e-c64d-4e88-ae51-61eb118343f9" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-11-06T19:59:19.000Z" ,
"modified" : "2019-11-06T19:59:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--2a17501a-3480-46f0-b0bd-5888c2ee8c92" ,
"target_ref" : "x-misp-object--7fb41421-37ea-4910-ac68-319d59bdcbad"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--1c9e16db-d688-4121-8a64-7d72594ae13c" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-11-06T19:59:20.000Z" ,
"modified" : "2019-11-06T19:59:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--25d7c94e-5aad-4634-878d-15010c84f0aa" ,
"target_ref" : "x-misp-object--f10bc385-bc29-4069-8374-abc49782561a"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}