misp-circl-feed/feeds/circl/stix-2.1/5c912339-5ab4-4226-a5b2-9fc2950d210f.json

975 lines
43 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c912339-5ab4-4226-a5b2-9fc2950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:16:29.000Z",
"modified": "2019-03-19T17:16:29.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c912339-5ab4-4226-a5b2-9fc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:16:29.000Z",
"modified": "2019-03-19T17:16:29.000Z",
"name": "LockerGoga - yara rules",
"published": "2019-03-19T17:17:56Z",
"object_refs": [
"observed-data--5c912348-2ec0-4864-b4c0-9abd950d210f",
"url--5c912348-2ec0-4864-b4c0-9abd950d210f",
"indicator--5c912364-5284-4c79-a948-287f950d210f",
"indicator--5c912364-5e3c-422f-aad8-287f950d210f",
"indicator--5c912364-a690-4ac1-b9e9-287f950d210f",
"indicator--5c912364-c830-48fd-9a06-287f950d210f",
"indicator--5c912364-5194-42e5-9028-287f950d210f",
"indicator--5c912364-4118-4277-b547-287f950d210f",
"indicator--5c912364-5ab4-448c-b7f5-287f950d210f",
"indicator--5c912364-1a50-4191-b106-287f950d210f",
"indicator--5c912379-4278-4663-bf46-4cbc950d210f",
"indicator--5c9123ca-0b0c-49f1-8b86-20ae950d210f",
"indicator--a3f2530b-30fe-41cd-b059-ad99969eff30",
"x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8",
"indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0",
"x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8",
"indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
"x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60",
"indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51",
"x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e",
"indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1",
"x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d",
"indicator--14547b7b-c28e-4574-8cc4-106899809c9e",
"x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe",
"indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43",
"x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43",
"indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4",
"x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597",
"indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac",
"x-misp-object--817671be-adde-446b-ac04-6532dd96a481",
"relationship--29a830ed-ec3d-4a9f-bc91-2111d8e574eb",
"relationship--84d5e3fa-a416-46a0-8614-4019ed4ee644",
"relationship--51e39c2a-f0b5-43ad-b2a2-1629dbd32199",
"relationship--a4743e77-af11-4f7e-9616-b10e5179ac95",
"relationship--3999eb81-6232-430c-b78b-0809ad41607a",
"relationship--a1d504f7-ce1c-49cd-90f9-a8b98c2ff656",
"relationship--558f5497-da20-465d-982f-807946cdee4f",
"relationship--c92e384b-21c7-4b10-bdc3-a8063741e2dc",
"relationship--a061ea8e-a7a6-48ad-ae0f-7ca0bf662ea4"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:ransomware=\"LockerGoga\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c912348-2ec0-4864-b4c0-9abd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:13:44.000Z",
"modified": "2019-03-19T17:13:44.000Z",
"first_observed": "2019-03-19T17:13:44Z",
"last_observed": "2019-03-19T17:13:44Z",
"number_observed": 1,
"object_refs": [
"url--5c912348-2ec0-4864-b4c0-9abd950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c912348-2ec0-4864-b4c0-9abd950d210f",
"value": "https://pastebin.com/5LCC0HNp"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-5284-4c79-a948-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-5e3c-422f-aad8-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-a690-4ac1-b9e9-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = 'bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-c830-48fd-9a06-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-5194-42e5-9028-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-4118-4277-b547-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-5ab4-448c-b7f5-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912364-1a50-4191-b106-287f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:12.000Z",
"modified": "2019-03-19T17:14:12.000Z",
"pattern": "[file:hashes.SHA256 = 'f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c912379-4278-4663-bf46-4cbc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:14:33.000Z",
"modified": "2019-03-19T17:14:33.000Z",
"description": "Ransom notes",
"pattern": "[file:hashes.SHA256 = 'b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:14:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c9123ca-0b0c-49f1-8b86-20ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:54.000Z",
"modified": "2019-03-19T17:15:54.000Z",
"pattern": "[rule lockergoga {\r\n meta:\r\n description = \"LockerGoga Ransomware\"\r\n author = \"jeFF0Falltrades\"\r\n hash = \"bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f\"\r\n \r\n strings:\r\n $dinkum = \"licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED\" wide ascii nocase\r\n $ransom_1 = \"You should be thankful that the flaw was exploited by serious people and not some rookies.\" wide ascii nocase\r\n $ransom_2 = \"Your files are encrypted with the strongest military algorithms RSA4096 and AES-256\" wide ascii nocase\r\n $str_1 = \"(readme-now\" wide ascii nocase\r\n $mlcrosoft = \"Mlcrosoft\" wide ascii nocase\r\n $cert_1 = \"16 Australia Road Chickerell\" wide ascii nocase\r\n $cert_2 = { 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF } // MIKL LIMITED\r\n $cert_3 = { 3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF } // CCOMODO RSA Code Signing CA\r\n $cert_4 = { 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D } // COMODO SECURE\r\n \r\n condition:\r\n 4 of them\r\n}]",
"pattern_type": "yara",
"valid_from": "2019-03-19T17:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a3f2530b-30fe-41cd-b059-ad99969eff30",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:25.000Z",
"modified": "2019-03-19T17:15:25.000Z",
"pattern": "[file:hashes.MD5 = '2e2e4988a49f8b22d5909cf1964851cb' AND file:hashes.SHA1 = 'cd3f6121705a3df9156d823b7da34c4745588ac5' AND file:hashes.SHA256 = 'b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:25.000Z",
"modified": "2019-03-19T17:15:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-04T05:50:46",
"category": "Other",
"comment": "Ransom notes",
"uuid": "64db9dc1-3590-4b94-8372-48dd723f7d61"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7/analysis/1549259446/",
"category": "Payload delivery",
"comment": "Ransom notes",
"uuid": "88349f79-00a6-44e8-a104-5a643c5a2515"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/56",
"category": "Payload delivery",
"comment": "Ransom notes",
"uuid": "4a13a84f-9f6b-42b4-b5eb-411be8e0a106"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"pattern": "[file:hashes.MD5 = '164f72dfb729ca1e15f99d456b7cf811' AND file:hashes.SHA1 = 'f92339e73c7e901c0c852d8e65615cfb588a4ff6' AND file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-19T13:53:33",
"category": "Other",
"uuid": "a678d856-09a1-49ad-bd69-59488e77d3b7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29/analysis/1553003613/",
"category": "Payload delivery",
"uuid": "ca56e3c8-2c6c-4848-ba56-ff6ce2b3d5d3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/71",
"category": "Payload delivery",
"uuid": "5794acde-ad4f-4ba3-8562-a92204ad10a6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"pattern": "[file:hashes.MD5 = '174e3d9c7b0380dd7576187c715c4681' AND file:hashes.SHA1 = '31fbfe814628db3b459ddc87bf5ed538700db17a' AND file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-12T13:06:36",
"category": "Other",
"uuid": "3a5e67c7-c74a-4315-9175-065963d5a8e4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4/analysis/1552395996/",
"category": "Payload delivery",
"uuid": "c30aefba-5765-4246-8a36-0145c476abee"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "27/69",
"category": "Payload delivery",
"uuid": "56f36d81-5d79-4378-918a-276b2d12f9aa"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"pattern": "[file:hashes.MD5 = '4da135516f3da1c6ca04d17f83b99e65' AND file:hashes.SHA1 = '127b2c4403995d35622487bd250d673d74b613b9' AND file:hashes.SHA256 = 'bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-19T13:40:41",
"category": "Other",
"uuid": "312ca56e-c396-4c37-884e-b7ebbf0bff58"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3/analysis/1553002841/",
"category": "Payload delivery",
"uuid": "508ee025-224d-4c90-84d2-fc69ce4ebabf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/58",
"category": "Payload delivery",
"uuid": "eab40452-c7e1-43b7-9b51-15f8ffcd6477"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"pattern": "[file:hashes.MD5 = 'a1d732aa27e1ca2ae45a189451419ed5' AND file:hashes.SHA1 = '50f5a5ec13d21d4df119140547d63bc40f93b079' AND file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-12T12:39:49",
"category": "Other",
"uuid": "b1e65ff2-9d0e-43f3-9c2b-4baadd8cc1d1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a/analysis/1552394389/",
"category": "Payload delivery",
"uuid": "edfa165d-5946-473b-963c-46fe77f0d672"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/69",
"category": "Payload delivery",
"uuid": "fea3eff1-2ffe-4120-8ab6-c8351102e057"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--14547b7b-c28e-4574-8cc4-106899809c9e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"pattern": "[file:hashes.MD5 = '52340664fe59e030790c48b66924b5bd' AND file:hashes.SHA1 = '73171ffa6dfee5f9264e3d20a1b6926ec1b60897' AND file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-19T16:58:13",
"category": "Other",
"uuid": "b5962ae5-9f5f-4139-b4f8-32c00cf915a9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f/analysis/1553014693/",
"category": "Payload delivery",
"uuid": "184fef18-605c-425d-bfc6-ab172d04ecd3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/70",
"category": "Payload delivery",
"uuid": "4f40e57e-6c7e-4bd2-8790-69a88b362277"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:26.000Z",
"modified": "2019-03-19T17:15:26.000Z",
"pattern": "[file:hashes.MD5 = '3ebca21b1d4e2f482b3eda6634e89211' AND file:hashes.SHA1 = '37cdd1e3225f8da596dc13779e902d8d13637360' AND file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-13T20:19:57",
"category": "Other",
"uuid": "4d51e5b0-2f13-4636-80e7-04ef5a36146a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77/analysis/1552508397/",
"category": "Payload delivery",
"uuid": "520eb8ef-0225-4e1f-ae81-0401eddd9f4e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/70",
"category": "Payload delivery",
"uuid": "1258ab17-ba69-4fd4-b328-6fc04f405d9d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"pattern": "[file:hashes.MD5 = 'e8c7c902bcb2191630e10a80ddf9d5de' AND file:hashes.SHA1 = 'e00ec019409a078e9819e09d0f3915cb41fc131f' AND file:hashes.SHA256 = 'f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-26T19:40:39",
"category": "Other",
"uuid": "ecaf0112-f076-4391-9080-21996a134b7a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192/analysis/1551210039/",
"category": "Payload delivery",
"uuid": "c417809f-4161-4ce4-8ce7-29842ceaf1e8"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "47/69",
"category": "Payload delivery",
"uuid": "76fedccf-0b16-464e-b7e4-110651d1c6e9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"pattern": "[file:hashes.MD5 = '9cad8641ac79688e09c5fa350aef2094' AND file:hashes.SHA1 = '3da0a217bbda09561780f52f163a6aafeb721d60' AND file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-03-19T17:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--817671be-adde-446b-ac04-6532dd96a481",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-18T09:59:21",
"category": "Other",
"uuid": "8428c83d-d250-47d1-b7cc-ceed25f03b61"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c/analysis/1552903161/",
"category": "Payload delivery",
"uuid": "0caaa8c4-1527-47bd-9e69-976486cbe6d7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/66",
"category": "Payload delivery",
"uuid": "23f17631-48af-4ea1-a977-57a2fa95234d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--29a830ed-ec3d-4a9f-bc91-2111d8e574eb",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a3f2530b-30fe-41cd-b059-ad99969eff30",
"target_ref": "x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--84d5e3fa-a416-46a0-8614-4019ed4ee644",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0",
"target_ref": "x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--51e39c2a-f0b5-43ad-b2a2-1629dbd32199",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe",
"target_ref": "x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a4743e77-af11-4f7e-9616-b10e5179ac95",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51",
"target_ref": "x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3999eb81-6232-430c-b78b-0809ad41607a",
"created": "2019-03-19T17:15:27.000Z",
"modified": "2019-03-19T17:15:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1",
"target_ref": "x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a1d504f7-ce1c-49cd-90f9-a8b98c2ff656",
"created": "2019-03-19T17:15:28.000Z",
"modified": "2019-03-19T17:15:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--14547b7b-c28e-4574-8cc4-106899809c9e",
"target_ref": "x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--558f5497-da20-465d-982f-807946cdee4f",
"created": "2019-03-19T17:15:28.000Z",
"modified": "2019-03-19T17:15:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43",
"target_ref": "x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c92e384b-21c7-4b10-bdc3-a8063741e2dc",
"created": "2019-03-19T17:15:28.000Z",
"modified": "2019-03-19T17:15:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4",
"target_ref": "x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a061ea8e-a7a6-48ad-ae0f-7ca0bf662ea4",
"created": "2019-03-19T17:15:28.000Z",
"modified": "2019-03-19T17:15:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac",
"target_ref": "x-misp-object--817671be-adde-446b-ac04-6532dd96a481"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}