misp-circl-feed/feeds/circl/stix-2.1/5ccaeddb-dc84-4cc2-9f73-4a70950d210f.json

674 lines
29 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5ccaeddb-dc84-4cc2-9f73-4a70950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:21:30.000Z",
"modified": "2019-05-02T13:21:30.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5ccaeddb-dc84-4cc2-9f73-4a70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:21:30.000Z",
"modified": "2019-05-02T13:21:30.000Z",
"name": "OSINT - Goblin Panda continues to target Vietnam",
"published": "2019-05-02T13:25:38Z",
"object_refs": [
"observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
"url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
"x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f",
"indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f",
"indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f",
"indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f",
"indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f",
"indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f",
"indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f",
"indicator--5ccaee32-0310-4075-8920-4337950d210f",
"indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f",
"indicator--5ccaee7b-9258-45b6-9420-4bba950d210f",
"indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f",
"indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f",
"vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f",
"indicator--6af30035-5440-401a-976b-bc64ed82ad01",
"x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493",
"indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f",
"x-misp-object--61bf2686-6262-435a-9039-372f43219b6e",
"indicator--f9c0db13-b132-48c2-bf17-631eff339a1f",
"x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e",
"indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61",
"x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723",
"relationship--f1215b21-4e99-4cbb-8343-d8906caabda1",
"relationship--d85cb4b2-f310-48bb-92e0-271dfadf99e8",
"relationship--083458a8-b1b6-497e-bfe5-de1c76a90ff4",
"relationship--e81d9e8e-3dc3-4e45-813f-21436823d665"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Hellsing\"",
"misp-galaxy:malpedia=\"NewCore RAT\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:17:36.000Z",
"modified": "2019-05-02T13:17:36.000Z",
"first_observed": "2019-05-02T13:17:36Z",
"last_observed": "2019-05-02T13:17:36Z",
"number_observed": 1,
"object_refs": [
"url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f",
"value": "https://medium.com/@Sebdraven/goblin-panda-continues-to-target-vietnam-bc2f0f56dcd6"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:17:59.000Z",
"modified": "2019-05-02T13:17:59.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Chinese actors have changed the rtf exploit following my different articles and Anomali article https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain\r\n\r\nBut In march a researcher of Anomali @aRtAGGI made a link very interesting between Icefog and an article targeting Mongelian speaker https://threatrecon.nshc.net/2019/04/30/sectorb06-using-mongolian-language-in-lure-document/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[file:name = 'Shortcuts\\\\QcLite.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[file:name = 'Shortcuts\\\\QcConsol.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[domain-name:value = 'web.hcmuafgh.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-0310-4075-8920-4337950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.29.56.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:18:42.000Z",
"modified": "2019-05-02T13:18:42.000Z",
"pattern": "[url:value = 'http://web.hcmuafgh.com:4357/link?url=maOVmKGmMDU1&enpl=OXcoVQ==&encd=XARIZTE=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee7b-9258-45b6-9420-4bba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:55.000Z",
"modified": "2019-05-02T13:19:55.000Z",
"description": "The dll is a variant of the newcoreRAT with many similarities with",
"pattern": "[file:hashes.SHA256 = '05d0ad2bcc1c6e2752a231bc36d07a841f075a0a32a3a62abaafddbdafd72f62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:19:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:55.000Z",
"modified": "2019-05-02T13:19:55.000Z",
"description": "The dll is a variant of the newcoreRAT with many similarities with",
"pattern": "[file:hashes.SHA256 = '5a592b92ffcbea75e458726cecc7f159b8f71c46b80de30bac2a48006ac1e1b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:19:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:55.000Z",
"modified": "2019-05-02T13:19:55.000Z",
"description": "The dll is a variant of the newcoreRAT with many similarities with",
"pattern": "[file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:19:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:21:14.000Z",
"modified": "2019-05-02T13:21:14.000Z",
"name": "CVE-2017\u00e2\u20ac\u201c11882",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2017\u00e2\u20ac\u201c11882"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6af30035-5440-401a-976b-bc64ed82ad01",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:21.000Z",
"modified": "2019-05-02T13:19:21.000Z",
"pattern": "[file:hashes.MD5 = '6d2e6a61eede06fa9d633ce151208831' AND file:hashes.SHA1 = 'f764163f3912376ebcabaf1cf3a60b6bc74561be' AND file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:19:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:21.000Z",
"modified": "2019-05-02T13:19:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-02T11:28:30",
"category": "Other",
"uuid": "8a8e9657-f185-4b4a-a864-9dfd038906ce"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3/analysis/1556796510/",
"category": "Payload delivery",
"uuid": "a0b8060b-4c47-4415-8ee8-481d250cdbaf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "15/69",
"category": "Payload delivery",
"uuid": "8d0ecb1f-84c3-4e39-85e6-5382f49cc22c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:21.000Z",
"modified": "2019-05-02T13:19:21.000Z",
"pattern": "[file:hashes.MD5 = '109d51899c832287d7ce1f70b5bd885d' AND file:hashes.SHA1 = 'daa69d1b1abc00139b1d73d075921ab93137598d' AND file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:19:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:21.000Z",
"modified": "2019-05-02T13:19:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-29T23:04:06",
"category": "Other",
"uuid": "5e67a2b3-2334-4dd1-b4da-148e54772693"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770/analysis/1556579046/",
"category": "Payload delivery",
"uuid": "2861f6a6-f61f-4226-8b1a-5552c3c1fa06"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/70",
"category": "Payload delivery",
"uuid": "f186be1f-70d3-4b2d-8f82-32aa84b64c0b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:21.000Z",
"modified": "2019-05-02T13:19:21.000Z",
"pattern": "[file:hashes.MD5 = '84fca27bc75f40194c95534b07838d6c' AND file:hashes.SHA1 = '9520a18e9f6d4f6f014aa576b8843cdff176f701' AND file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:19:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:19:21.000Z",
"modified": "2019-05-02T13:19:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-01T10:35:55",
"category": "Other",
"uuid": "e051a82c-c83e-4283-8de4-161be247465f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6/analysis/1556706955/",
"category": "Payload delivery",
"uuid": "8a0a6690-a7e6-449b-9c8d-6afd65d8be44"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/58",
"category": "Payload delivery",
"uuid": "bab1b9f2-f67e-493b-912e-525dcaa79d9c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:20:33.000Z",
"modified": "2019-05-02T13:20:33.000Z",
"pattern": "[file:hashes.MD5 = '1b19175c41b9a9881b23b4382cc5935f' AND file:hashes.SHA1 = '3752656c024284ea63421d70235ec48d76a95df3' AND file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-02T13:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-02T13:20:34.000Z",
"modified": "2019-05-02T13:20:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-04-29T23:04:01",
"category": "Other",
"comment": "The dll is a variant of the newcoreRAT with many similarities with",
"uuid": "a6e30d35-1912-4743-86bb-917b906bfc44"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76/analysis/1556579041/",
"category": "Payload delivery",
"comment": "The dll is a variant of the newcoreRAT with many similarities with",
"uuid": "f6aba0fc-493d-46cd-809d-fb34b7ade2cb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/70",
"category": "Payload delivery",
"comment": "The dll is a variant of the newcoreRAT with many similarities with",
"uuid": "35ac479c-bae6-42e5-a362-b3477657ef04"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f1215b21-4e99-4cbb-8343-d8906caabda1",
"created": "2019-05-02T13:19:21.000Z",
"modified": "2019-05-02T13:19:21.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6af30035-5440-401a-976b-bc64ed82ad01",
"target_ref": "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d85cb4b2-f310-48bb-92e0-271dfadf99e8",
"created": "2019-05-02T13:19:22.000Z",
"modified": "2019-05-02T13:19:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f",
"target_ref": "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--083458a8-b1b6-497e-bfe5-de1c76a90ff4",
"created": "2019-05-02T13:19:22.000Z",
"modified": "2019-05-02T13:19:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f",
"target_ref": "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e81d9e8e-3dc3-4e45-813f-21436823d665",
"created": "2019-05-02T13:20:34.000Z",
"modified": "2019-05-02T13:20:34.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61",
"target_ref": "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}