2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5cbd7391-72f0-4905-a438-428102de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:52.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:52.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5cbd7391-72f0-4905-a438-428102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:52.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:52.000Z",
|
|
|
|
"name": "OSINT - Nueva campa\u00c3\u00b1a del grupo ruso TA505 dirigida a Chile y Argentina. #ServHelper",
|
|
|
|
"published": "2019-04-22T08:09:31Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81",
|
|
|
|
"url--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81",
|
|
|
|
"indicator--5cbd73c0-69a8-4d14-baf1-499402de0b81",
|
|
|
|
"indicator--5cbd73c0-3b2c-4cf8-92f1-4f7802de0b81",
|
|
|
|
"indicator--5cbd73c0-b9b0-4164-bc9a-4bf802de0b81",
|
|
|
|
"indicator--5cbd73c0-5134-4712-a2d6-480102de0b81",
|
|
|
|
"indicator--5cbd73c0-454c-4592-95e6-46dc02de0b81",
|
|
|
|
"indicator--5cbd73c0-1da8-4680-b28e-4e1002de0b81",
|
|
|
|
"indicator--5cbd73c0-8a98-49b2-8a25-4ea202de0b81",
|
|
|
|
"indicator--5cbd73c0-d208-4a04-b984-4c4602de0b81",
|
|
|
|
"indicator--5cbd73c0-5028-425f-86c7-478e02de0b81",
|
|
|
|
"indicator--5cbd73c0-00ac-41d6-9513-4d4102de0b81",
|
|
|
|
"indicator--5cbd73dd-3aac-471f-bd19-4ab602de0b81",
|
|
|
|
"indicator--5cbd73dd-ce0c-438a-942b-4ee902de0b81",
|
|
|
|
"indicator--5cbd73dd-d580-4456-a5ca-475202de0b81",
|
|
|
|
"indicator--5cbd73dd-6fb8-4055-9ba6-474602de0b81",
|
|
|
|
"indicator--5cbd73dd-de54-442c-a322-4f7e02de0b81",
|
|
|
|
"indicator--5cbd73dd-6fe8-4c75-b4a6-45e802de0b81",
|
|
|
|
"indicator--5cbd73dd-1bd8-4bf5-b02c-4cb502de0b81",
|
|
|
|
"indicator--5cbd73dd-af2c-4136-8e4d-409c02de0b81",
|
|
|
|
"indicator--5cbd73dd-47f8-4911-b957-4e2602de0b81",
|
|
|
|
"indicator--5cbd73dd-5c18-468d-ab34-498102de0b81",
|
|
|
|
"indicator--5cbd73dd-6a5c-4822-8777-4a0a02de0b81",
|
|
|
|
"indicator--5cbd73dd-bcfc-4824-a499-425302de0b81",
|
|
|
|
"indicator--5cbd73dd-4390-4a98-9a65-492302de0b81",
|
|
|
|
"indicator--5cbd73dd-fb5c-49ed-af22-41a602de0b81",
|
|
|
|
"indicator--5cbd73de-e6dc-4dcd-83fd-456102de0b81",
|
|
|
|
"indicator--5cbd73de-1ba8-426f-b998-48e002de0b81",
|
|
|
|
"indicator--5cbd73de-7c74-450a-8290-494802de0b81",
|
|
|
|
"indicator--5cbd73de-ce04-4fc5-9616-435302de0b81",
|
|
|
|
"observed-data--5cbd7456-69a4-4301-97d6-446e02de0b81",
|
|
|
|
"url--5cbd7456-69a4-4301-97d6-446e02de0b81",
|
|
|
|
"observed-data--5cbd7456-1df0-46c1-88c0-49dd02de0b81",
|
|
|
|
"url--5cbd7456-1df0-46c1-88c0-49dd02de0b81",
|
|
|
|
"observed-data--5cbd7456-c4f4-4727-9bf2-468902de0b81",
|
|
|
|
"url--5cbd7456-c4f4-4727-9bf2-468902de0b81",
|
|
|
|
"observed-data--5cbd747a-c9dc-4ae2-9b67-4add02de0b81",
|
|
|
|
"url--5cbd747a-c9dc-4ae2-9b67-4add02de0b81",
|
|
|
|
"observed-data--5cbd747a-8040-41b7-b544-463102de0b81",
|
|
|
|
"url--5cbd747a-8040-41b7-b544-463102de0b81",
|
|
|
|
"observed-data--5cbd747a-ed34-4317-b5f9-429e02de0b81",
|
|
|
|
"url--5cbd747a-ed34-4317-b5f9-429e02de0b81",
|
|
|
|
"observed-data--5cbd747a-45d8-4b70-82c1-415802de0b81",
|
|
|
|
"url--5cbd747a-45d8-4b70-82c1-415802de0b81",
|
|
|
|
"indicator--867e47bb-adf7-4381-8be6-79dbf5b5e71f",
|
|
|
|
"x-misp-object--b0f25fa4-e9f8-4d03-b5f8-12232b08aeec",
|
|
|
|
"indicator--c3404a75-0222-4173-a99c-60c536dc87d7",
|
|
|
|
"x-misp-object--764657dd-1a00-429d-895f-7c1f6c74eb9d",
|
|
|
|
"indicator--e4348e28-8e87-413d-8e10-f163befd21f8",
|
|
|
|
"x-misp-object--8dc3390e-0e31-4519-861b-46753f4a7724",
|
|
|
|
"indicator--65feef59-f0fd-4662-817d-27c02ac07886",
|
|
|
|
"x-misp-object--54adb423-5c15-424e-bc70-e6467f11fa55",
|
|
|
|
"indicator--effbb231-e3e3-46a3-8749-115ffc451f75",
|
|
|
|
"x-misp-object--cfc10358-f02b-4f0b-83d4-92776013927b",
|
|
|
|
"indicator--1eed6e2d-c5e6-4150-8ccd-d3bc96796553",
|
|
|
|
"x-misp-object--3c563bb6-6ef9-4565-b392-ee9f00d5ff07",
|
|
|
|
"indicator--301a91c9-b7e0-4a0c-9294-c4c998ef4833",
|
|
|
|
"x-misp-object--c6c7b545-e03a-4539-8f5c-214bf4702bdf",
|
|
|
|
"indicator--b4a8764f-f7fc-4571-9b2b-bc9f3283ca04",
|
|
|
|
"x-misp-object--7ff4854a-c7d8-4af1-8173-0cdf26b50991",
|
2023-06-24 09:36:52 +00:00
|
|
|
"relationship--53bc98f6-02e1-493f-af6e-445e4845bfb6",
|
|
|
|
"relationship--74a09492-1781-43d1-b3cc-1f6570d77a92",
|
|
|
|
"relationship--3d302eb4-e620-4cf3-9ca0-6bfc99d440fb",
|
|
|
|
"relationship--a852d138-0714-4109-95dd-417523a06be1",
|
|
|
|
"relationship--257110b7-f205-45bd-85ca-cceef2c3bbf8",
|
|
|
|
"relationship--bc312619-9094-4d55-b0ca-5b8a1b3cb4fd",
|
|
|
|
"relationship--cf088b6f-2d50-46ce-a73a-a38d83e78391",
|
|
|
|
"relationship--8180e507-b1a8-4438-aed4-796a8c010f7e"
|
2023-06-14 17:31:25 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:threat-actor=\"TA505\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"osint:source-type=\"blog-post\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:17.000Z",
|
|
|
|
"first_observed": "2019-04-22T07:56:17Z",
|
|
|
|
"last_observed": "2019-04-22T07:56:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd73a2-b97c-4e99-b1fc-4a5402de0b81",
|
|
|
|
"value": "https://medium.com/@1ZRR4H/nueva-campa%C3%B1a-del-grupo-ruso-ta505-dirigida-a-chile-y-argentina-servhelper-1dc3bfbff0c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-69a8-4d14-baf1-499402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'canyoning-austria.at/dashost']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-3b2c-4cf8-92f1-4f7802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'profan.es/dashost']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-b9b0-4164-bc9a-4bf802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'kerrison.com/dashost']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-5134-4712-a2d6-480102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'globe-trotterltd.com/dashost']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-454c-4592-95e6-46dc02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = '195.123.227.20/dashost']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-1da8-4680-b28e-4e1002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'http://houusha33.icu/jquery/jquery.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-8a98-49b2-8a25-4ea202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'http://joisff333.icu/jquery/jquery.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-d208-4a04-b984-4c4602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'http://91.201.67.96/cyf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-5028-425f-86c7-478e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.232.130.161']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73c0-00ac-41d6-9513-4d4102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:56:48.000Z",
|
|
|
|
"modified": "2019-04-22T07:56:48.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.123.227.79']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-3aac-471f-bd19-4ab602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI3DA2.tmp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-ce0c-438a-942b-4ee902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-d580-4456-a5ca-475202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI419D.tmp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-6fb8-4055-9ba6-474602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-de54-442c-a322-4f7e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsu4228.tmp\\\\ns4229.tmp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-6fe8-4c75-b4a6-45e802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-1bd8-4bf5-b02c-4cb502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsu4228.tmp\\\\nsExec.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-af2c-4136-8e4d-409c02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-47f8-4911-b957-4e2602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\repotaj.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-5c18-468d-ab34-498102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-6a5c-4822-8777-4a0a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI777D.tmp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-bcfc-4824-a499-425302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-4390-4a98-9a65-492302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\Installer\\\\MSI7D8B.tmp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73dd-fb5c-49ed-af22-41a602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73de-e6dc-4dcd-83fd-456102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:17.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:17.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsl7E55.tmp\\\\nsExec.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73de-1ba8-426f-b998-48e002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:18.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:18.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\pegas.dll']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73de-7c74-450a-8290-494802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:18.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:18.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cbd73de-ce04-4fc5-9616-435302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:57:18.000Z",
|
|
|
|
"modified": "2019-04-22T07:57:18.000Z",
|
|
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\nsl7E55.tmp\\\\ns7E66.tmp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:57:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd7456-69a4-4301-97d6-446e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:52.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:52.000Z",
|
|
|
|
"first_observed": "2019-04-22T08:06:52Z",
|
|
|
|
"last_observed": "2019-04-22T08:06:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd7456-69a4-4301-97d6-446e02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"automatic-analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd7456-69a4-4301-97d6-446e02de0b81",
|
|
|
|
"value": "https://app.any.run/tasks/804f1ace-cd13-48b6-8b9a-87a983cfce5a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd7456-1df0-46c1-88c0-49dd02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:52.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:52.000Z",
|
|
|
|
"first_observed": "2019-04-22T08:06:52Z",
|
|
|
|
"last_observed": "2019-04-22T08:06:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd7456-1df0-46c1-88c0-49dd02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"automatic-analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd7456-1df0-46c1-88c0-49dd02de0b81",
|
|
|
|
"value": "https://app.any.run/tasks/1546da9a-d3b0-4e2d-a1e7-90c58b54b134"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd7456-c4f4-4727-9bf2-468902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:52.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:52.000Z",
|
|
|
|
"first_observed": "2019-04-22T08:06:52Z",
|
|
|
|
"last_observed": "2019-04-22T08:06:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd7456-c4f4-4727-9bf2-468902de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"automatic-analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd7456-c4f4-4727-9bf2-468902de0b81",
|
|
|
|
"value": "https://app.any.run/tasks/5d68c43e-15b2-48c0-bcbe-2a60f3112639"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd747a-c9dc-4ae2-9b67-4add02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:21.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:21.000Z",
|
|
|
|
"first_observed": "2019-04-22T08:06:21Z",
|
|
|
|
"last_observed": "2019-04-22T08:06:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd747a-c9dc-4ae2-9b67-4add02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"blog-post\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd747a-c9dc-4ae2-9b67-4add02de0b81",
|
|
|
|
"value": "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd747a-8040-41b7-b544-463102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:22.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:22.000Z",
|
|
|
|
"first_observed": "2019-04-22T08:06:22Z",
|
|
|
|
"last_observed": "2019-04-22T08:06:22Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd747a-8040-41b7-b544-463102de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"blog-post\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd747a-8040-41b7-b544-463102de0b81",
|
|
|
|
"value": "https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd747a-ed34-4317-b5f9-429e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:21.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:21.000Z",
|
|
|
|
"first_observed": "2019-04-22T08:06:21Z",
|
|
|
|
"last_observed": "2019-04-22T08:06:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd747a-ed34-4317-b5f9-429e02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"blog-post\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd747a-ed34-4317-b5f9-429e02de0b81",
|
|
|
|
"value": "https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5cbd747a-45d8-4b70-82c1-415802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T08:06:22.000Z",
|
|
|
|
"modified": "2019-04-22T08:06:22.000Z",
|
|
|
|
"first_observed": "2019-04-22T08:06:22Z",
|
|
|
|
"last_observed": "2019-04-22T08:06:22Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5cbd747a-45d8-4b70-82c1-415802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"blog-post\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5cbd747a-45d8-4b70-82c1-415802de0b81",
|
|
|
|
"value": "https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--867e47bb-adf7-4381-8be6-79dbf5b5e71f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e2347a65b30ccc5b2c4230daaeefb897' AND file:hashes.SHA1 = '64c7047898371e81bfc58b8fda6da7892a92108d' AND file:hashes.SHA256 = '79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--b0f25fa4-e9f8-4d03-b5f8-12232b08aeec",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-20T08:04:42",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2872b77c-20e0-45c0-b8fb-449e42a8cbc4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec/analysis/1555747482/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a9d51e83-3cf6-4cb5-b0bb-68a7f55d6a1a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "2/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a2840024-acc7-4c8a-84ff-2032ad1920b7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c3404a75-0222-4173-a99c-60c536dc87d7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1f49d8af9be9e915d54b2441c4a79adf' AND file:hashes.SHA1 = '1ee4f809c693e31f34bc6d8153664a6dc2c3e499' AND file:hashes.SHA256 = 'b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--764657dd-1a00-429d-895f-7c1f6c74eb9d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-16T07:40:38",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9478771f-ebde-47ad-947f-6653868b43c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782/analysis/1555400438/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "5e7f9759-3199-4c01-ab49-772bfc783dc7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "0/69",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "77aa48f9-ee53-4b88-bfd4-2cff08cb987b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--e4348e28-8e87-413d-8e10-f163befd21f8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4a8198fca604a78dd210803aebd5cbba' AND file:hashes.SHA1 = '06f232210e507f09f01155e7d0cb5389b8a31042' AND file:hashes.SHA256 = '9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--8dc3390e-0e31-4519-861b-46753f4a7724",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-19T13:34:35",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "296b39c0-8c18-48de-951a-875ebd5df7c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e/analysis/1555680875/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "a8e091a7-599d-4c76-984e-68c366c8ecb6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "39/71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ff153d9d-15f1-4e2f-8821-ea5f6d40212e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--65feef59-f0fd-4662-817d-27c02ac07886",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a8024347a2bb59bd5cfbde2311f16a20' AND file:hashes.SHA1 = '8ab7dd5b6583f2ff847a970deb591a34a230fa81' AND file:hashes.SHA256 = '64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--54adb423-5c15-424e-bc70-e6467f11fa55",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:34.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-22T00:20:43",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4b216a59-481f-4845-af8f-3138132c3eee"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8/analysis/1555892443/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1ad96739-a571-4915-a14c-1a140c5a29de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "28/54",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9c5cae44-8305-4195-88cb-f11ac62651e4"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--effbb231-e3e3-46a3-8749-115ffc451f75",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4ca90e372982c864b8eae6d95161a213' AND file:hashes.SHA1 = 'ad35fa0b3799562931b4bfa3abd057214b8721ff' AND file:hashes.SHA256 = '843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--cfc10358-f02b-4f0b-83d4-92776013927b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-22T04:38:01",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d9399e02-1c95-4d3c-a3f9-aff3d110e29b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c/analysis/1555907881/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "dc01f50c-1875-4765-bf0c-6b67b07bae6a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "41/67",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "b128e9ae-2522-447a-bc5d-9038e98e83de"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--1eed6e2d-c5e6-4150-8ccd-d3bc96796553",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2f05a4a116a3b152c2a5eabf048f43e8' AND file:hashes.SHA1 = 'd18ef08bf13de20442613a899c4cd07b96d27f8c' AND file:hashes.SHA256 = 'fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3c563bb6-6ef9-4565-b392-ee9f00d5ff07",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-21T04:19:37",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d58e5a6b-3da3-4ccb-a166-473ca9de5928"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6/analysis/1555820377/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "fd8b3cb3-390f-45c1-9336-f0907da82030"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/65",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "653716ec-3a07-4e78-8df5-300768b2ca6f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--301a91c9-b7e0-4a0c-9294-c4c998ef4833",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '329d3e86fb9fca6a656742c6aa8ee13e' AND file:hashes.SHA1 = '6c76baa8f4f45f5d68b00f88847d42b99fd896e5' AND file:hashes.SHA256 = '7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c6c7b545-e03a-4539-8f5c-214bf4702bdf",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-21T03:35:28",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8e3a6c60-4adf-4a24-a9a5-849ea01b718a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50/analysis/1555817728/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "4b6b23d6-7a81-40de-ae0a-d3beda6b01b8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/68",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "bcec37f0-fe53-4db7-b109-04b9c34f1ccc"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b4a8764f-f7fc-4571-9b2b-bc9f3283ca04",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2c0b36a448fe7131cfb4fbc1a960da2b' AND file:hashes.SHA1 = 'a99e98129f380b8e60f7005b21db2b79edd66dc4' AND file:hashes.SHA256 = '75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-04-22T07:58:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7ff4854a-c7d8-4af1-8173-0cdf26b50991",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-04-15T15:05:01",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b80e6745-fd52-427a-a191-2b39e1bd91bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36/analysis/1555340701/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "87f84fda-1348-4d28-9f69-7bc895c36a71"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "28/60",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "7be490c9-16be-4efd-84ca-cedde0d3165f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--53bc98f6-02e1-493f-af6e-445e4845bfb6",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--867e47bb-adf7-4381-8be6-79dbf5b5e71f",
|
|
|
|
"target_ref": "x-misp-object--b0f25fa4-e9f8-4d03-b5f8-12232b08aeec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--74a09492-1781-43d1-b3cc-1f6570d77a92",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:35.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:35.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--c3404a75-0222-4173-a99c-60c536dc87d7",
|
|
|
|
"target_ref": "x-misp-object--764657dd-1a00-429d-895f-7c1f6c74eb9d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--3d302eb4-e620-4cf3-9ca0-6bfc99d440fb",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:36.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:36.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--e4348e28-8e87-413d-8e10-f163befd21f8",
|
|
|
|
"target_ref": "x-misp-object--8dc3390e-0e31-4519-861b-46753f4a7724"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--a852d138-0714-4109-95dd-417523a06be1",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:36.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:36.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--65feef59-f0fd-4662-817d-27c02ac07886",
|
|
|
|
"target_ref": "x-misp-object--54adb423-5c15-424e-bc70-e6467f11fa55"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--257110b7-f205-45bd-85ca-cceef2c3bbf8",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:36.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:36.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--effbb231-e3e3-46a3-8749-115ffc451f75",
|
|
|
|
"target_ref": "x-misp-object--cfc10358-f02b-4f0b-83d4-92776013927b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--bc312619-9094-4d55-b0ca-5b8a1b3cb4fd",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:36.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:36.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--1eed6e2d-c5e6-4150-8ccd-d3bc96796553",
|
|
|
|
"target_ref": "x-misp-object--3c563bb6-6ef9-4565-b392-ee9f00d5ff07"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--cf088b6f-2d50-46ce-a73a-a38d83e78391",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:36.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:36.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--301a91c9-b7e0-4a0c-9294-c4c998ef4833",
|
|
|
|
"target_ref": "x-misp-object--c6c7b545-e03a-4539-8f5c-214bf4702bdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-06-24 09:36:52 +00:00
|
|
|
"id": "relationship--8180e507-b1a8-4438-aed4-796a8c010f7e",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2019-04-22T07:58:36.000Z",
|
|
|
|
"modified": "2019-04-22T07:58:36.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--b4a8764f-f7fc-4571-9b2b-bc9f3283ca04",
|
|
|
|
"target_ref": "x-misp-object--7ff4854a-c7d8-4af1-8173-0cdf26b50991"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|