2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5d832991-f5e4-4623-945f-4bf6950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:59:17.000Z" ,
"modified" : "2019-09-19T12:59:17.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5d832991-f5e4-4623-945f-4bf6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:59:17.000Z" ,
"modified" : "2019-09-19T12:59:17.000Z" ,
"name" : "OSINT - New Gootkit Banking Trojan campaign against Italian Companies and Users." ,
"published" : "2019-09-19T13:09:44Z" ,
"object_refs" : [
"x-misp-attribute--5d8379b5-a06c-4378-92f3-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-9278-44d9-ba81-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-8ca4-42bf-a750-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-6ce8-44b5-861c-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-a79c-4138-bd9b-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-a554-4a3c-a460-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-bb98-40a1-9f0d-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-ffd8-421c-86ff-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-a01c-4e29-aff6-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-7d04-4b3e-ba6f-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-0ef4-4904-881d-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-eef0-42d9-9f25-c1bb950d210f" ,
"x-misp-attribute--5d8379b5-b3b0-4eab-86a2-c1bb950d210f" ,
"indicator--5d837a94-cb00-4865-b2c8-c1c3950d210f" ,
"indicator--5d837a94-7960-4cb7-a565-c1c3950d210f" ,
"indicator--5d837a94-b35c-4ba9-80d4-c1c3950d210f" ,
"indicator--5d837a94-af68-40ed-85e3-c1c3950d210f" ,
"indicator--5d837a94-be98-448c-9a29-c1c3950d210f" ,
"indicator--5d837a94-2fd4-407b-99f3-c1c3950d210f" ,
"observed-data--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"network-traffic--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"observed-data--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"network-traffic--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"x-misp-object--5d832cb5-cc3c-43b6-ad5c-4c04950d210f" ,
"indicator--6bbf9a7d-6542-429f-ac4a-333de70ae74b" ,
"x-misp-object--3434304f-aa8f-4e7a-ac4a-4bce602af10e" ,
"indicator--2d9d2fde-e283-457f-af6a-c2ed2d413a2b" ,
"x-misp-object--5e753062-9287-4953-9bdb-0dd05bbbffa7" ,
2023-06-24 09:36:52 +00:00
"relationship--8982e920-8f0e-414c-9ac8-4b8448d38048" ,
"relationship--726bf3f9-67a7-4ed4-a314-691d101308f8"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:topic=\"finance\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:tool=\"GootKit\"" ,
"misp-galaxy:malpedia=\"GootKit\"" ,
"misp-galaxy:financial-fraud=\"Malware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
2023-04-21 13:25:09 +00:00
]
2023-06-14 17:31:25 +00:00
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-a06c-4378-92f3-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Unicredit"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-9278-44d9-ba81-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "In-Bank"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-8ca4-42bf-a750-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Cedacri"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-6ce8-44b5-861c-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Intesa Sanpaolo"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-a79c-4138-bd9b-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Groupe Banque Populaire"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-a554-4a3c-a460-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Poste Italiane"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-bb98-40a1-9f0d-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Cr\u00c3\u00a9dit Agricole"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-ffd8-421c-86ff-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "CariParma"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-a01c-4e29-aff6-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Cr\u00c3\u00a9dit Coop\u00c3\u00a9ratif"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-7d04-4b3e-ba6f-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "BNP Paribas"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-0ef4-4904-881d-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Caisse D'Epargne"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-eef0-42d9-9f25-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Banco BPM"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d8379b5-b3b0-4eab-86a2-c1bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:51:01.000Z" ,
"modified" : "2019-09-19T12:51:01.000Z" ,
"labels" : [
"misp:type=\"target-org\"" ,
"misp:category=\"Targeting data\""
] ,
"x_misp_category" : "Targeting data" ,
"x_misp_type" : "target-org" ,
"x_misp_value" : "Raiffeisen"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d837a94-cb00-4865-b2c8-c1c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:54:44.000Z" ,
"modified" : "2019-09-19T12:54:44.000Z" ,
"description" : "Dropurl" ,
"pattern" : "[url:value = 'https://itp.surfpapara.com/b807112.bin']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:54:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
2023-04-21 13:25:09 +00:00
]
2023-06-14 17:31:25 +00:00
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d837a94-7960-4cb7-a565-c1c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:54:44.000Z" ,
"modified" : "2019-09-19T12:54:44.000Z" ,
"pattern" : "[domain-name:value = 'itp.surfpapara.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:54:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d837a94-b35c-4ba9-80d4-c1c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:54:44.000Z" ,
"modified" : "2019-09-19T12:54:44.000Z" ,
"description" : "C2 (gootkit)" ,
"pattern" : "[url:value = 'https://web.mavensd.org/200']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:54:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d837a94-af68-40ed-85e3-c1c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:54:44.000Z" ,
"modified" : "2019-09-19T12:54:44.000Z" ,
"pattern" : "[domain-name:value = 'web.mavensd.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:54:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d837a94-be98-448c-9a29-c1c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:54:44.000Z" ,
"modified" : "2019-09-19T12:54:44.000Z" ,
"pattern" : "[domain-name:value = 'cdn.areascans.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:54:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d837a94-2fd4-407b-99f3-c1c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:54:44.000Z" ,
"modified" : "2019-09-19T12:54:44.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.141.27.101']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:54:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:55:13.000Z" ,
"modified" : "2019-09-19T12:55:13.000Z" ,
"first_observed" : "2019-09-19T12:55:13Z" ,
"last_observed" : "2019-09-19T12:55:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"src_ref" : "ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d837ab1-3664-49ea-aca3-4514e387cbd9" ,
"value" : "89.238.181.100"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:55:13.000Z" ,
"modified" : "2019-09-19T12:55:13.000Z" ,
"first_observed" : "2019-09-19T12:55:13Z" ,
"last_observed" : "2019-09-19T12:55:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"src_ref" : "ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d837ab1-bf58-441a-ac3e-418fe387cbd9" ,
"value" : "46.166.176.152"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5d832cb5-cc3c-43b6-ad5c-4c04950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T07:29:47.000Z" ,
"modified" : "2019-09-19T07:29:47.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\"" ,
"osint:source-type=\"pastie-website\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "New Gootkit Banking Trojan campaign against Italian Companies and Users.\r\nhttps://blog.yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/\r\nIOCs:\r\nhttps://pastebin.com/6P5NWa1U\r\n#Gootkit #Banking #Trojan #Malware" ,
"category" : "Other" ,
"uuid" : "5d832cb5-4318-4aa8-a51e-4e22950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5d832cb5-5874-420a-92bd-4fb4950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "embedded-link" ,
"value" : "https://t.co/3yyykFMc1R?amp=1" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5d832cb5-a7bc-4969-8d1d-4dab950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "Bank_Security" ,
"category" : "Other" ,
"uuid" : "5d832cb5-b220-45ea-9690-4d2f950d210f"
} ,
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://mobile.twitter.com/Bank_Security/status/1174556512980819968" ,
"category" : "External analysis" ,
"uuid" : "5d832cb5-c344-49e8-a1a4-47b4950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "state" ,
"value" : "Informative" ,
"category" : "Other" ,
"uuid" : "5d832cdd-7090-4089-88f3-46ca950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2019-09-19T07:31:00" ,
"category" : "Other" ,
"uuid" : "5d832cdd-6b08-4374-8c0f-4d43950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "embedded-link" ,
"value" : "https://t.co/9luSvWSO2e?amp=1" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5d832e6b-6108-463f-9d4d-46ea950d210f"
} ,
{
"type" : "link" ,
"object_relation" : "embedded-link" ,
"value" : "https://blog.yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/" ,
"category" : "External analysis" ,
"to_ids" : true ,
"uuid" : "5d832e6b-010c-4433-b25e-470c950d210f"
} ,
{
"type" : "link" ,
"object_relation" : "embedded-link" ,
"value" : "https://pastebin.com/6P5NWa1U" ,
"category" : "External analysis" ,
"to_ids" : true ,
"uuid" : "5d832e6b-abfc-4b0c-b672-465c950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6bbf9a7d-6542-429f-ac4a-333de70ae74b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:52:04.000Z" ,
"modified" : "2019-09-19T12:52:04.000Z" ,
"pattern" : "[file:hashes.MD5 = 'eb2a050f3c7b6fa0dc1d455232e786f3' AND file:hashes.SHA1 = 'da03a783b590c9c998b593b9701cb227322856b9' AND file:hashes.SHA256 = '67a96b2a5657bf39971c50e1b0e7f08f742b62bb1dffe45398298806d2e9fdba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:52:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3434304f-aa8f-4e7a-ac4a-4bce602af10e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:52:04.000Z" ,
"modified" : "2019-09-19T12:52:04.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-09-19T05:45:56" ,
"category" : "Other" ,
"comment" : "vbs" ,
"uuid" : "a7a82bfa-e573-4fe9-8ce4-a1c1b03717f4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/67a96b2a5657bf39971c50e1b0e7f08f742b62bb1dffe45398298806d2e9fdba/analysis/1568871956/" ,
"category" : "Payload delivery" ,
"comment" : "vbs" ,
"uuid" : "603f9363-bbf0-4a65-8917-3251a4739791"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "12/56" ,
"category" : "Payload delivery" ,
"comment" : "vbs" ,
"uuid" : "4c4adb3b-c544-4ec3-b57f-4343cabfb5d7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2d9d2fde-e283-457f-af6a-c2ed2d413a2b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:52:04.000Z" ,
"modified" : "2019-09-19T12:52:04.000Z" ,
"pattern" : "[file:hashes.MD5 = '41db936a62634ba98b33051da243632a' AND file:hashes.SHA1 = 'f074c230441a9b682fb5cc4dae8615d4ad1a3fa5' AND file:hashes.SHA256 = 'c18c2e2636ebf84eec95f59b16c3091d02d57ac9f1b9d79fb61e160fb1a32a73']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-09-19T12:52:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5e753062-9287-4953-9bdb-0dd05bbbffa7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-09-19T12:52:05.000Z" ,
"modified" : "2019-09-19T12:52:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-09-18T13:39:42" ,
"category" : "Other" ,
"comment" : "exe" ,
"uuid" : "72ea703a-87e2-421b-9abe-f5c5cc0fe8f1"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c18c2e2636ebf84eec95f59b16c3091d02d57ac9f1b9d79fb61e160fb1a32a73/analysis/1568813982/" ,
"category" : "Payload delivery" ,
"comment" : "exe" ,
"uuid" : "e4eeee01-bbc4-41e0-816b-381eb061278f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/69" ,
"category" : "Payload delivery" ,
"comment" : "exe" ,
"uuid" : "ebd702a3-5b3b-4264-a959-8e9bebc5db73"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--8982e920-8f0e-414c-9ac8-4b8448d38048" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-09-19T12:52:05.000Z" ,
"modified" : "2019-09-19T12:52:05.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--6bbf9a7d-6542-429f-ac4a-333de70ae74b" ,
"target_ref" : "x-misp-object--3434304f-aa8f-4e7a-ac4a-4bce602af10e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--726bf3f9-67a7-4ed4-a314-691d101308f8" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-09-19T12:52:05.000Z" ,
"modified" : "2019-09-19T12:52:05.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--2d9d2fde-e283-457f-af6a-c2ed2d413a2b" ,
"target_ref" : "x-misp-object--5e753062-9287-4953-9bdb-0dd05bbbffa7"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}