{ "type": "bundle", "id": "bundle--5c912339-5ab4-4226-a5b2-9fc2950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:16:29.000Z", "modified": "2019-03-19T17:16:29.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5c912339-5ab4-4226-a5b2-9fc2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:16:29.000Z", "modified": "2019-03-19T17:16:29.000Z", "name": "LockerGoga - yara rules", "published": "2019-03-19T17:17:56Z", "object_refs": [ "observed-data--5c912348-2ec0-4864-b4c0-9abd950d210f", "url--5c912348-2ec0-4864-b4c0-9abd950d210f", "indicator--5c912364-5284-4c79-a948-287f950d210f", "indicator--5c912364-5e3c-422f-aad8-287f950d210f", "indicator--5c912364-a690-4ac1-b9e9-287f950d210f", "indicator--5c912364-c830-48fd-9a06-287f950d210f", "indicator--5c912364-5194-42e5-9028-287f950d210f", "indicator--5c912364-4118-4277-b547-287f950d210f", "indicator--5c912364-5ab4-448c-b7f5-287f950d210f", "indicator--5c912364-1a50-4191-b106-287f950d210f", "indicator--5c912379-4278-4663-bf46-4cbc950d210f", "indicator--5c9123ca-0b0c-49f1-8b86-20ae950d210f", "indicator--a3f2530b-30fe-41cd-b059-ad99969eff30", "x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8", "indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0", "x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8", "indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe", "x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60", "indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51", "x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e", "indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1", "x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d", "indicator--14547b7b-c28e-4574-8cc4-106899809c9e", "x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe", "indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43", "x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43", "indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4", "x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597", "indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac", "x-misp-object--817671be-adde-446b-ac04-6532dd96a481", "relationship--d26f4ab0-1b49-4a5e-80aa-88c3b898e25c", "relationship--c284f47b-5a3d-4abb-9205-aa06c750b256", "relationship--df3d1119-ae03-4df0-824f-6d3c5d9f3693", "relationship--719ca5ee-ec85-4e91-817c-1beb3e18d1a2", "relationship--e456272f-79d5-44fe-a3b3-9cb89dc560b9", "relationship--d8cf859c-0ef7-469b-a2e9-b71a62d54287", "relationship--99ebc509-f9ce-404b-9f87-f262817be589", "relationship--5c6e7ff8-61a5-4c03-9c55-781c3fa83859", "relationship--c90bbd6c-eec8-4b2b-b9fc-19f773358d71" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:ransomware=\"LockerGoga\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c912348-2ec0-4864-b4c0-9abd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:13:44.000Z", "modified": "2019-03-19T17:13:44.000Z", "first_observed": "2019-03-19T17:13:44Z", "last_observed": "2019-03-19T17:13:44Z", "number_observed": 1, "object_refs": [ "url--5c912348-2ec0-4864-b4c0-9abd950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c912348-2ec0-4864-b4c0-9abd950d210f", "value": "https://pastebin.com/5LCC0HNp" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-5284-4c79-a948-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-5e3c-422f-aad8-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-a690-4ac1-b9e9-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = 'bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-c830-48fd-9a06-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-5194-42e5-9028-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-4118-4277-b547-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-5ab4-448c-b7f5-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912364-1a50-4191-b106-287f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:12.000Z", "modified": "2019-03-19T17:14:12.000Z", "pattern": "[file:hashes.SHA256 = 'f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c912379-4278-4663-bf46-4cbc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:14:33.000Z", "modified": "2019-03-19T17:14:33.000Z", "description": "Ransom notes", "pattern": "[file:hashes.SHA256 = 'b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:14:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c9123ca-0b0c-49f1-8b86-20ae950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:54.000Z", "modified": "2019-03-19T17:15:54.000Z", "pattern": "[rule lockergoga {\r\n meta:\r\n description = \"LockerGoga Ransomware\"\r\n author = \"jeFF0Falltrades\"\r\n hash = \"bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f\"\r\n \r\n strings:\r\n $dinkum = \"licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED\" wide ascii nocase\r\n $ransom_1 = \"You should be thankful that the flaw was exploited by serious people and not some rookies.\" wide ascii nocase\r\n $ransom_2 = \"Your files are encrypted with the strongest military algorithms RSA4096 and AES-256\" wide ascii nocase\r\n $str_1 = \"(readme-now\" wide ascii nocase\r\n $mlcrosoft = \"Mlcrosoft\" wide ascii nocase\r\n $cert_1 = \"16 Australia Road Chickerell\" wide ascii nocase\r\n $cert_2 = { 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF } // MIKL LIMITED\r\n $cert_3 = { 3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF } // CCOMODO RSA Code Signing CA\r\n $cert_4 = { 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D } // COMODO SECURE\r\n \r\n condition:\r\n 4 of them\r\n}]", "pattern_type": "yara", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a3f2530b-30fe-41cd-b059-ad99969eff30", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:25.000Z", "modified": "2019-03-19T17:15:25.000Z", "pattern": "[file:hashes.MD5 = '2e2e4988a49f8b22d5909cf1964851cb' AND file:hashes.SHA1 = 'cd3f6121705a3df9156d823b7da34c4745588ac5' AND file:hashes.SHA256 = 'b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:25.000Z", "modified": "2019-03-19T17:15:25.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-04T05:50:46", "category": "Other", "comment": "Ransom notes", "uuid": "64db9dc1-3590-4b94-8372-48dd723f7d61" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7/analysis/1549259446/", "category": "Payload delivery", "comment": "Ransom notes", "uuid": "88349f79-00a6-44e8-a104-5a643c5a2515" }, { "type": "text", "object_relation": "detection-ratio", "value": "2/56", "category": "Payload delivery", "comment": "Ransom notes", "uuid": "4a13a84f-9f6b-42b4-b5eb-411be8e0a106" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "pattern": "[file:hashes.MD5 = '164f72dfb729ca1e15f99d456b7cf811' AND file:hashes.SHA1 = 'f92339e73c7e901c0c852d8e65615cfb588a4ff6' AND file:hashes.SHA256 = '8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-19T13:53:33", "category": "Other", "uuid": "a678d856-09a1-49ad-bd69-59488e77d3b7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29/analysis/1553003613/", "category": "Payload delivery", "uuid": "ca56e3c8-2c6c-4848-ba56-ff6ce2b3d5d3" }, { "type": "text", "object_relation": "detection-ratio", "value": "48/71", "category": "Payload delivery", "uuid": "5794acde-ad4f-4ba3-8562-a92204ad10a6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "pattern": "[file:hashes.MD5 = '174e3d9c7b0380dd7576187c715c4681' AND file:hashes.SHA1 = '31fbfe814628db3b459ddc87bf5ed538700db17a' AND file:hashes.SHA256 = 'c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-12T13:06:36", "category": "Other", "uuid": "3a5e67c7-c74a-4315-9175-065963d5a8e4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4/analysis/1552395996/", "category": "Payload delivery", "uuid": "c30aefba-5765-4246-8a36-0145c476abee" }, { "type": "text", "object_relation": "detection-ratio", "value": "27/69", "category": "Payload delivery", "uuid": "56f36d81-5d79-4378-918a-276b2d12f9aa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "pattern": "[file:hashes.MD5 = '4da135516f3da1c6ca04d17f83b99e65' AND file:hashes.SHA1 = '127b2c4403995d35622487bd250d673d74b613b9' AND file:hashes.SHA256 = 'bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-19T13:40:41", "category": "Other", "uuid": "312ca56e-c396-4c37-884e-b7ebbf0bff58" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3/analysis/1553002841/", "category": "Payload delivery", "uuid": "508ee025-224d-4c90-84d2-fc69ce4ebabf" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/58", "category": "Payload delivery", "uuid": "eab40452-c7e1-43b7-9b51-15f8ffcd6477" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "pattern": "[file:hashes.MD5 = 'a1d732aa27e1ca2ae45a189451419ed5' AND file:hashes.SHA1 = '50f5a5ec13d21d4df119140547d63bc40f93b079' AND file:hashes.SHA256 = 'c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-12T12:39:49", "category": "Other", "uuid": "b1e65ff2-9d0e-43f3-9c2b-4baadd8cc1d1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a/analysis/1552394389/", "category": "Payload delivery", "uuid": "edfa165d-5946-473b-963c-46fe77f0d672" }, { "type": "text", "object_relation": "detection-ratio", "value": "45/69", "category": "Payload delivery", "uuid": "fea3eff1-2ffe-4120-8ab6-c8351102e057" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14547b7b-c28e-4574-8cc4-106899809c9e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "pattern": "[file:hashes.MD5 = '52340664fe59e030790c48b66924b5bd' AND file:hashes.SHA1 = '73171ffa6dfee5f9264e3d20a1b6926ec1b60897' AND file:hashes.SHA256 = 'bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-19T16:58:13", "category": "Other", "uuid": "b5962ae5-9f5f-4139-b4f8-32c00cf915a9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f/analysis/1553014693/", "category": "Payload delivery", "uuid": "184fef18-605c-425d-bfc6-ab172d04ecd3" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "uuid": "4f40e57e-6c7e-4bd2-8790-69a88b362277" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:26.000Z", "modified": "2019-03-19T17:15:26.000Z", "pattern": "[file:hashes.MD5 = '3ebca21b1d4e2f482b3eda6634e89211' AND file:hashes.SHA1 = '37cdd1e3225f8da596dc13779e902d8d13637360' AND file:hashes.SHA256 = '6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-13T20:19:57", "category": "Other", "uuid": "4d51e5b0-2f13-4636-80e7-04ef5a36146a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77/analysis/1552508397/", "category": "Payload delivery", "uuid": "520eb8ef-0225-4e1f-ae81-0401eddd9f4e" }, { "type": "text", "object_relation": "detection-ratio", "value": "50/70", "category": "Payload delivery", "uuid": "1258ab17-ba69-4fd4-b328-6fc04f405d9d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "pattern": "[file:hashes.MD5 = 'e8c7c902bcb2191630e10a80ddf9d5de' AND file:hashes.SHA1 = 'e00ec019409a078e9819e09d0f3915cb41fc131f' AND file:hashes.SHA256 = 'f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-26T19:40:39", "category": "Other", "uuid": "ecaf0112-f076-4391-9080-21996a134b7a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192/analysis/1551210039/", "category": "Payload delivery", "uuid": "c417809f-4161-4ce4-8ce7-29842ceaf1e8" }, { "type": "text", "object_relation": "detection-ratio", "value": "47/69", "category": "Payload delivery", "uuid": "76fedccf-0b16-464e-b7e4-110651d1c6e9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "pattern": "[file:hashes.MD5 = '9cad8641ac79688e09c5fa350aef2094' AND file:hashes.SHA1 = '3da0a217bbda09561780f52f163a6aafeb721d60' AND file:hashes.SHA256 = '5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-19T17:15:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--817671be-adde-446b-ac04-6532dd96a481", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-18T09:59:21", "category": "Other", "uuid": "8428c83d-d250-47d1-b7cc-ceed25f03b61" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c/analysis/1552903161/", "category": "Payload delivery", "uuid": "0caaa8c4-1527-47bd-9e69-976486cbe6d7" }, { "type": "text", "object_relation": "detection-ratio", "value": "40/66", "category": "Payload delivery", "uuid": "23f17631-48af-4ea1-a977-57a2fa95234d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d26f4ab0-1b49-4a5e-80aa-88c3b898e25c", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a3f2530b-30fe-41cd-b059-ad99969eff30", "target_ref": "x-misp-object--c651e649-6227-4ac6-b839-c687f8ccddc8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c284f47b-5a3d-4abb-9205-aa06c750b256", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c24dad78-fc4b-4faa-b6d4-206978031fe0", "target_ref": "x-misp-object--a1f92386-f661-4405-b608-ce07dc6cdda8" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--df3d1119-ae03-4df0-824f-6d3c5d9f3693", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a4edd78e-5cb3-4266-8a3e-7f433f9d5efe", "target_ref": "x-misp-object--0391f4cd-c590-4610-8edd-feda88fdfa60" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--719ca5ee-ec85-4e91-817c-1beb3e18d1a2", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--148fbc6a-699e-42fd-87aa-5af9754c0e51", "target_ref": "x-misp-object--2338f16c-ece6-4921-a483-16ad32d48b6e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e456272f-79d5-44fe-a3b3-9cb89dc560b9", "created": "2019-03-19T17:15:27.000Z", "modified": "2019-03-19T17:15:27.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5a84f101-86e6-43b0-ae3f-623dad8b69e1", "target_ref": "x-misp-object--cdea4921-8644-4b08-a9b8-0fe386daa01d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d8cf859c-0ef7-469b-a2e9-b71a62d54287", "created": "2019-03-19T17:15:28.000Z", "modified": "2019-03-19T17:15:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--14547b7b-c28e-4574-8cc4-106899809c9e", "target_ref": "x-misp-object--21a5c0a3-ff33-435e-8048-f51d57fc8afe" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--99ebc509-f9ce-404b-9f87-f262817be589", "created": "2019-03-19T17:15:28.000Z", "modified": "2019-03-19T17:15:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--166751f4-ec05-4231-a8a2-b1eb730b2c43", "target_ref": "x-misp-object--085034fb-0daf-44cd-b7c9-77c1d25e7c43" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c6e7ff8-61a5-4c03-9c55-781c3fa83859", "created": "2019-03-19T17:15:28.000Z", "modified": "2019-03-19T17:15:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--8d86fb01-876c-4da9-bc62-9fdc843554c4", "target_ref": "x-misp-object--a743676f-ccfc-4a6c-be5b-f87e8f5aa597" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c90bbd6c-eec8-4b2b-b9fc-19f773358d71", "created": "2019-03-19T17:15:28.000Z", "modified": "2019-03-19T17:15:28.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--718e18c1-0b60-45c7-9318-a2ca997d60ac", "target_ref": "x-misp-object--817671be-adde-446b-ac04-6532dd96a481" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }