{ "type": "bundle", "id": "bundle--f42c106c-df01-47f3-bc36-16072ad63856", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T17:03:08.000Z", "modified": "2021-01-04T17:03:08.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--f42c106c-df01-47f3-bc36-16072ad63856", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T17:03:08.000Z", "modified": "2021-01-04T17:03:08.000Z", "name": "OSINT - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone", "published": "2021-01-04T17:03:16Z", "object_refs": [ "indicator--74cad156-91d4-4974-b45f-7dbeb17136da", "indicator--ce22c70e-aed4-477b-89e9-c3c934680be5", "indicator--c10872fb-d88c-4fd9-a771-56df55a78bff", "indicator--ef97aee5-b10e-44fa-ae8e-8b0a3d19fa07", "indicator--4dd3eeeb-40cf-42c5-83f0-442b5cd71412", "indicator--97983cdb-aa74-4026-80d9-72b93ef80cd2", "indicator--8887629b-f7cb-4078-b0c0-4db1e158bfe1", "indicator--0001119d-bf8f-4b18-bc94-0551defeee01", "indicator--86fd6c5f-646f-456c-98f2-443650a75cbe", "indicator--d12dbf66-cb05-44b1-bca5-6802702927d9", "indicator--85bd8fad-1b6c-4866-81e5-0eec1fc1fa73", "indicator--b750e368-8934-4a0c-bbb0-5b4f6a93ab30", "indicator--f3290617-afee-4fcf-962a-68de76943435", "indicator--729ab1fc-b1a7-46db-93ae-3bce6e19fe7c", "indicator--2e06bc1e-0b19-4ddd-8841-84f4e7c6a663", "indicator--16f9c440-2d03-4db8-892d-5f1aef5295ca", "indicator--ad87bbda-1151-4032-9c4b-33522697dd8e", "indicator--e6869c8c-a730-4dc9-8516-0fc6a5153563", "indicator--5ab2b408-2c9a-42d1-8213-f4b5e20df9ee", "indicator--398b7b2a-ead6-4110-b27d-3b03a7b99327", "indicator--b5737c7e-c8a6-4bb4-8ac0-d2599667c83e", "indicator--1e44deb7-a2ce-4888-9387-cadd1be2becd", "indicator--7b24b7dc-2e80-4f03-b3de-eae1bf1613e9", "indicator--5d253cb8-2d35-4f37-b3b7-f49dca5e1c7a", "indicator--92fade3e-4fc5-4b67-bc5d-3c72683e3910", "indicator--78f388e0-1508-4821-95fb-7151f6a14ea0", "indicator--c38a6e7b-93a2-40a3-9e75-9753ec9ef77e", "indicator--4ed9ae76-5fa1-4108-bf9a-a782051b2bd5", "indicator--18f811ca-2711-4885-ac29-67e176a9a05a", "indicator--01e1230e-fbb8-424e-a362-604526bf2932", "observed-data--0b2ac814-f902-4a9f-aa6a-546adc9359b1", "url--0b2ac814-f902-4a9f-aa6a-546adc9359b1", "observed-data--89476747-0a89-4792-a4a3-e0f76594d982", "url--89476747-0a89-4792-a4a3-e0f76594d982", "observed-data--cb99b28c-e340-43f6-8a41-7a8bc4697fcf", "url--cb99b28c-e340-43f6-8a41-7a8bc4697fcf", "observed-data--5770293d-dd1b-4b28-8d80-f87293a78227", "url--5770293d-dd1b-4b28-8d80-f87293a78227", "indicator--cea95fda-2dd9-4676-8768-f558f0d39e71", "x-misp-object--0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0", "indicator--6417c999-3922-4576-9d5e-b4ae50bbb0bf", "x-misp-object--f1901695-8474-4b6a-b9fd-b373c4244b0c", "indicator--6a026bd8-e76d-4ec8-8dc5-94ad88664df9", "x-misp-object--5f216e8e-983a-4f0c-a17d-370a5cfeb0fc", "indicator--36070fb1-d674-440d-9065-7622c438995e", "x-misp-object--2710f1fd-4267-4340-a33d-ff4a6fdc3928", "indicator--e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa", "x-misp-object--6a310603-3817-4d42-9183-709a7188d99c", "indicator--7ad93f35-96c7-4529-adcc-cc1280740c0e", "x-misp-object--7aa9a533-360b-4b85-8b54-d39e921b834b", "indicator--a17e2776-7f1d-4cad-a29d-9ab5dd2d173b", "x-misp-object--1d6a338a-3388-4226-85fb-ff12991aa9d4", "indicator--cc04c553-5a60-4526-acdc-e6d437440d5b", "x-misp-object--cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa", "indicator--63287a79-1c3f-4036-9873-158e0d81f3d4", "x-misp-object--9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d", "indicator--37ec2791-fa7e-409f-b36c-71f1a301a829", "x-misp-object--bf78eda4-f2d2-4141-a2eb-f3f4a70022be", "indicator--5d6bce96-6c85-4124-a0de-ed5f89f5d956", "x-misp-object--0d39fbbc-c621-4cd1-accb-adaa28dc54d1", "indicator--127fd835-cce8-4ec3-9081-3d846eb2e59a", "x-misp-object--61e087cf-2194-4de6-8557-d6cc07ee69d1", "indicator--61f03b5a-cae9-483c-a8b9-d9dac895f784", "x-misp-object--a5610b99-9939-4579-b6f7-0ef544c12c5c", "indicator--caf4d1ae-260f-491d-b2e9-415b3dd62938", "x-misp-object--25fc14c1-06c3-4eba-b8cb-58094ee9649f", "indicator--7acd8111-ca39-4ca7-8c71-803b109fdbb1", "x-misp-object--f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918", "indicator--29426b95-4459-42eb-a768-16505e1b377c", "x-misp-object--849ff98d-f0ec-47fa-9637-45dbb8dc304e", "indicator--e81e457d-a6d4-4660-a30d-436c4a6feed7", "x-misp-object--462c4e22-eee2-42e5-80c2-0f6a72bb7805", "indicator--0a65ede5-747d-473a-965e-b8cfffe90acd", "x-misp-object--945c2cb2-2d0d-431d-a383-2dbf46b0087a", "indicator--e01e6532-7d60-4367-aa1f-1a34f155ed9d", "x-misp-object--e36355e9-1dae-426d-93bc-662bbd33defc", "x-misp-object--20f9ac21-e557-46c7-b6a7-014870661f3d", "relationship--ad5fbfe2-c8fc-4cf2-a07e-c40bba81fe88", "relationship--1a0ce1cd-b491-4ca7-ab4e-8bec25afae23", "relationship--e6009bc4-ebe2-4b51-b387-19da95e53ad8", "relationship--e00c551a-3b00-47c1-9994-9d5afe6be30a", "relationship--2b044799-2dfb-4d20-b4d8-4c531227ca40", "relationship--d982c429-1f88-48de-acc6-0e911f653b72", "relationship--ef35c09f-3596-45f8-9a86-bf00fcf2384a", "relationship--e49fe6ce-908f-4726-a045-0080ed8d95c8", "relationship--0e8c60c0-33d1-458f-b645-2e714842ed32", "relationship--90ce690b-df90-4c6d-b1cb-ac759c172f1c", "relationship--bce92ad4-59ea-4e7b-bb54-a80e00f309a7", "relationship--918522e4-9422-4147-8709-9243fdbca6f9", "relationship--a8694ba0-ae52-44ab-9931-3ccb31222666", "relationship--f2e05636-2999-4f30-bd6a-a4ed230f1af4", "relationship--afe81144-fe1c-4938-8eb0-e7e0c18b9149", "relationship--59623775-3607-46ca-8497-3a90715f2800", "relationship--b50b81eb-df9b-44ed-a551-5c152c15a199", "relationship--586ab7f7-894d-4c35-a7c8-49794d1d25e1", "relationship--894a35f7-76f7-45dd-b4ae-cd249142fa27" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:ransomware=\"Egregor\"", "type:OSINT", "osint:lifetime=\"perpetual\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74cad156-91d4-4974-b45f-7dbeb17136da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:21.000Z", "modified": "2021-01-04T16:55:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.153.242.129']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce22c70e-aed4-477b-89e9-c3c934680be5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:21.000Z", "modified": "2021-01-04T16:55:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.8.117.148']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c10872fb-d88c-4fd9-a771-56df55a78bff", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:21.000Z", "modified": "2021-01-04T16:55:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.11.19.70']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ef97aee5-b10e-44fa-ae8e-8b0a3d19fa07", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:21.000Z", "modified": "2021-01-04T16:55:21.000Z", "description": "On port 81", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.12.104.241' AND network-traffic:dst_port = '81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4dd3eeeb-40cf-42c5-83f0-442b5cd71412", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:21.000Z", "modified": "2021-01-04T16:55:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.238.0.233']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--97983cdb-aa74-4026-80d9-72b93ef80cd2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8887629b-f7cb-4078-b0c0-4db1e158bfe1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0001119d-bf8f-4b18-bc94-0551defeee01", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--86fd6c5f-646f-456c-98f2-443650a75cbe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d12dbf66-cb05-44b1-bca5-6802702927d9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = 'c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85bd8fad-1b6c-4866-81e5-0eec1fc1fa73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b750e368-8934-4a0c-bbb0-5b4f6a93ab30", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3290617-afee-4fcf-962a-68de76943435", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--729ab1fc-b1a7-46db-93ae-3bce6e19fe7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2e06bc1e-0b19-4ddd-8841-84f4e7c6a663", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16f9c440-2d03-4db8-892d-5f1aef5295ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = 'ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad87bbda-1151-4032-9c4b-33522697dd8e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e6869c8c-a730-4dc9-8516-0fc6a5153563", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ab2b408-2c9a-42d1-8213-f4b5e20df9ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--398b7b2a-ead6-4110-b27d-3b03a7b99327", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = 'f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5737c7e-c8a6-4bb4-8ac0-d2599667c83e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = 'a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1e44deb7-a2ce-4888-9387-cadd1be2becd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7b24b7dc-2e80-4f03-b3de-eae1bf1613e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d253cb8-2d35-4f37-b3b7-f49dca5e1c7a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:55:46.000Z", "modified": "2021-01-04T16:55:46.000Z", "pattern": "[file:hashes.SHA256 = '932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:55:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92fade3e-4fc5-4b67-bc5d-3c72683e3910", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:57:56.000Z", "modified": "2021-01-04T16:57:56.000Z", "pattern": "[url:value = 'http://185.238.0.233/p.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--78f388e0-1508-4821-95fb-7151f6a14ea0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:57:56.000Z", "modified": "2021-01-04T16:57:56.000Z", "pattern": "[url:value = 'http://185.238.0.233/b.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c38a6e7b-93a2-40a3-9e75-9753ec9ef77e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:57:56.000Z", "modified": "2021-01-04T16:57:56.000Z", "pattern": "[url:value = 'http://185.238.0.233/sed.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ed9ae76-5fa1-4108-bf9a-a782051b2bd5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:57:56.000Z", "modified": "2021-01-04T16:57:56.000Z", "pattern": "[url:value = 'http://185.238.0.233/hnt.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18f811ca-2711-4885-ac29-67e176a9a05a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:57:56.000Z", "modified": "2021-01-04T16:57:56.000Z", "pattern": "[url:value = 'http://185.238.0.233/88/k057.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01e1230e-fbb8-424e-a362-604526bf2932", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:57:56.000Z", "modified": "2021-01-04T16:57:56.000Z", "pattern": "[url:value = 'http://185.238.0.233/newsvc.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:57:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--0b2ac814-f902-4a9f-aa6a-546adc9359b1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:58:36.000Z", "modified": "2021-01-04T16:58:36.000Z", "first_observed": "2021-01-04T16:58:36Z", "last_observed": "2021-01-04T16:58:36Z", "number_observed": 1, "object_refs": [ "url--0b2ac814-f902-4a9f-aa6a-546adc9359b1" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--0b2ac814-f902-4a9f-aa6a-546adc9359b1", "value": "http://egregoranrmzapcv.onion" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--89476747-0a89-4792-a4a3-e0f76594d982", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:58:36.000Z", "modified": "2021-01-04T16:58:36.000Z", "first_observed": "2021-01-04T16:58:36Z", "last_observed": "2021-01-04T16:58:36Z", "number_observed": 1, "object_refs": [ "url--89476747-0a89-4792-a4a3-e0f76594d982" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--89476747-0a89-4792-a4a3-e0f76594d982", "value": "https://egregornews.com/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--cb99b28c-e340-43f6-8a41-7a8bc4697fcf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:59:03.000Z", "modified": "2021-01-04T16:59:03.000Z", "first_observed": "2021-01-04T16:59:03Z", "last_observed": "2021-01-04T16:59:03Z", "number_observed": 1, "object_refs": [ "url--cb99b28c-e340-43f6-8a41-7a8bc4697fcf" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--cb99b28c-e340-43f6-8a41-7a8bc4697fcf", "value": "http://egregor4u5ipdzhv.onion/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5770293d-dd1b-4b28-8d80-f87293a78227", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T17:03:08.000Z", "modified": "2021-01-04T17:03:08.000Z", "first_observed": "2021-01-04T17:03:08Z", "last_observed": "2021-01-04T17:03:08Z", "number_observed": 1, "object_refs": [ "url--5770293d-dd1b-4b28-8d80-f87293a78227" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5770293d-dd1b-4b28-8d80-f87293a78227", "value": "https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cea95fda-2dd9-4676-8768-f558f0d39e71", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = '6f600974c45eec97016c1259e769a4ef' AND file:hashes.SHA1 = '56eed20ea731d28d621723130518ac00bf50170d' AND file:hashes.SHA256 = '9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-10T13:44:49+00:00", "category": "Other", "uuid": "68dc4419-0558-4181-aac0-33425fea6cb1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44/detection/f-9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44-1607607889", "category": "Payload delivery", "uuid": "a97d258a-9e81-4c9e-9659-07d83003b101" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/70", "category": "Payload delivery", "uuid": "69c54bcd-2fac-4b08-947d-f1880226c469" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6417c999-3922-4576-9d5e-b4ae50bbb0bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = '666f8d920f85f9afffcf0865a98efe69' AND file:hashes.SHA1 = '50c3b800294f7ee4bde577d99f2118fc1c4ba3b9' AND file:hashes.SHA256 = 'a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f1901695-8474-4b6a-b9fd-b373c4244b0c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-01-01T01:23:15+00:00", "category": "Other", "uuid": "0ed85fbd-cdd8-46d4-87f7-3dfb7e70a3a6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436/detection/f-a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436-1609464195", "category": "Payload delivery", "uuid": "d427a8db-0175-4a1e-bc32-e841722bf97d" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/70", "category": "Payload delivery", "uuid": "b81fbf40-c112-44b1-9366-0d8c2846bd81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a026bd8-e76d-4ec8-8dc5-94ad88664df9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = '44a7085f729b68073b5c67bbc66829cc' AND file:hashes.SHA1 = '3c03a1c61932bec2b276600ea52bd2803285ec62' AND file:hashes.SHA256 = '8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5f216e8e-983a-4f0c-a17d-370a5cfeb0fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-16T04:36:39+00:00", "category": "Other", "uuid": "725a8741-821a-4741-a137-0ccb3cbcefc6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9/detection/f-8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9-1608093399", "category": "Payload delivery", "uuid": "9179348f-4a1a-44ec-9815-a9ea77fbc764" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "uuid": "54d0daea-80c1-4c7b-b699-df7297fda21e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--36070fb1-d674-440d-9065-7622c438995e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = '0de24cec66ef9d1042be7cf12b87cfc4' AND file:hashes.SHA1 = 'f7bf7cea89c6205d78fa42d735d81c1e5c183041' AND file:hashes.SHA256 = '765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2710f1fd-4267-4340-a33d-ff4a6fdc3928", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-30T16:37:33+00:00", "category": "Other", "uuid": "ac4775d8-ee5b-4a8e-91d0-03f5b96c4c7d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab/detection/f-765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab-1609346253", "category": "Payload delivery", "uuid": "b42811b0-e68d-4112-8bef-0f0b2b26d98f" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "uuid": "06f4bbfc-4e7d-4970-9ae8-daa558eac376" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = 'de3110dce011088cd4add1950a49182f' AND file:hashes.SHA1 = 'c9da06e3dbf406aec50bc145cba1a50b26db853a' AND file:hashes.SHA256 = '608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6a310603-3817-4d42-9183-709a7188d99c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-21T17:59:21+00:00", "category": "Other", "uuid": "bb6ce9f3-8294-4fb8-9753-3a1ae637117e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9/detection/f-608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9-1608573561", "category": "Payload delivery", "uuid": "60ee03df-ac46-4f1f-aca3-643d09828360" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/59", "category": "Payload delivery", "uuid": "d21dd424-5f59-48c8-a6ee-eee1e5351484" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7ad93f35-96c7-4529-adcc-cc1280740c0e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = '8ba3a9d73903bd252f8d99a682d60858' AND file:hashes.SHA1 = '95aea6b24ed28c6ad13ec8d7a6f62652b039765e' AND file:hashes.SHA256 = '444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7aa9a533-360b-4b85-8b54-d39e921b834b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-18T09:52:23+00:00", "category": "Other", "uuid": "85c93da2-41a1-44b0-8784-988e39573a27" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459/detection/f-444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459-1608285143", "category": "Payload delivery", "uuid": "5f66e7da-826a-4534-bba7-10be772693e4" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/60", "category": "Payload delivery", "uuid": "c8292808-01e1-4b7d-90bf-7e5ac0658be6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a17e2776-7f1d-4cad-a29d-9ab5dd2d173b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = '81bc3a2409991325c6e71a06f6b7b881' AND file:hashes.SHA1 = '38c88de0ece0451b0665f3616c02c2bad77a92a2' AND file:hashes.SHA256 = '2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1d6a338a-3388-4226-85fb-ff12991aa9d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-08T20:04:16+00:00", "category": "Other", "uuid": "92bc8035-bb6f-41df-b3f9-e7ff6069e140" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf/detection/f-2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf-1607457856", "category": "Payload delivery", "uuid": "65b1dcd2-5e1b-4719-8227-efe85a684534" }, { "type": "text", "object_relation": "detection-ratio", "value": "60/68", "category": "Payload delivery", "uuid": "e56f42fc-a7e1-44e9-9414-b15c9b0dc269" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc04c553-5a60-4526-acdc-e6d437440d5b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = '65c320bc5258d8fa86aa9ffd876291d3' AND file:hashes.SHA1 = 'f0215aac7be36a5fedeea51d34d8f8da2e98bf1b' AND file:hashes.SHA256 = '3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-30T20:10:05+00:00", "category": "Other", "uuid": "4ba34256-f6e3-409d-8332-ba577e0089aa" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f/detection/f-3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f-1609359005", "category": "Payload delivery", "uuid": "4f355ba2-6e10-463c-8a3c-93e2da3801f4" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/69", "category": "Payload delivery", "uuid": "22758bee-983d-42b5-baa6-90e1fd51f3d5" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--63287a79-1c3f-4036-9873-158e0d81f3d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = 'ac33fea4c2a9bbca3559142838441f84' AND file:hashes.SHA1 = '948ef8caef5c1254be551cab8a64c687ea0faf84' AND file:hashes.SHA256 = '932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-14T11:31:47+00:00", "category": "Other", "uuid": "baf8c5c4-3ffa-4b3c-8a7b-5db8ecf65cce" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e/detection/f-932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e-1607945507", "category": "Payload delivery", "uuid": "9d7c9c90-3058-4d18-97a6-65208b383b65" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/69", "category": "Payload delivery", "uuid": "133c7204-a320-4187-a1a1-1fa4bd6bf8a6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37ec2791-fa7e-409f-b36c-71f1a301a829", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "pattern": "[file:hashes.MD5 = 'dd8e8bfb45fcd5f0621fe7085bfcab94' AND file:hashes.SHA1 = '5c99dc80ca69ce0f2d9b4f790ec1b57dba7153c9' AND file:hashes.SHA256 = '3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--bf78eda4-f2d2-4141-a2eb-f3f4a70022be", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:45.000Z", "modified": "2021-01-04T16:56:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-08T20:09:40+00:00", "category": "Other", "uuid": "f75f6008-fdbd-462d-bdf6-8f7672cac8c9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07/detection/f-3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07-1607458180", "category": "Payload delivery", "uuid": "0ef96a24-1aae-43c8-8eb2-313fa5da5247" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "uuid": "fef98c19-fc83-4f9e-97e5-8e362c74f5fa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d6bce96-6c85-4124-a0de-ed5f89f5d956", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = '427105821263afeeccca05b43ea8dac4' AND file:hashes.SHA1 = 'fa33fd577f5eb4813bc69dce891361871cda860c' AND file:hashes.SHA256 = 'ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0d39fbbc-c621-4cd1-accb-adaa28dc54d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-11T02:01:31+00:00", "category": "Other", "uuid": "2b9f29fa-7853-4d53-8f1e-4f071446260a" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541/detection/f-ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541-1607652091", "category": "Payload delivery", "uuid": "906ebc1b-79c6-4ff3-8511-7957be0613ac" }, { "type": "text", "object_relation": "detection-ratio", "value": "56/69", "category": "Payload delivery", "uuid": "d7057a80-58ca-46bc-9ed9-f963f64db534" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--127fd835-cce8-4ec3-9081-3d846eb2e59a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = 'd1aa0f26f557addd45e0d9fa4afecf15' AND file:hashes.SHA1 = 'f1603f1ddf52391b16ee9e73e68f5dd405ab06b0' AND file:hashes.SHA256 = '14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--61e087cf-2194-4de6-8557-d6cc07ee69d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-10T13:38:09+00:00", "category": "Other", "uuid": "4b0ed049-19e4-4a70-b98c-8546be0bb996" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4/detection/f-14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4-1607607489", "category": "Payload delivery", "uuid": "17a86c25-81fe-4efb-8974-2ec27a3becf5" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/70", "category": "Payload delivery", "uuid": "45fc5816-e164-4d0c-ad32-7d0a032fff7b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--61f03b5a-cae9-483c-a8b9-d9dac895f784", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = 'a922987d1488e2dede7e39a99faf98bb' AND file:hashes.SHA1 = 'beb48c2a7ff957d467d9199c954b89f8411d3ca8' AND file:hashes.SHA256 = '6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a5610b99-9939-4579-b6f7-0ef544c12c5c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-08T20:11:25+00:00", "category": "Other", "uuid": "955783ef-594a-4568-9ee5-2060ea06f5c7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780/detection/f-6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780-1607458285", "category": "Payload delivery", "uuid": "d9d5b5f4-927b-4fe0-8588-fec22f046b5f" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/67", "category": "Payload delivery", "uuid": "125abda7-c445-4392-9360-90659bc8e334" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--caf4d1ae-260f-491d-b2e9-415b3dd62938", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = '5f9fcbdf7ad86583eb2bbcaa5741d88a' AND file:hashes.SHA1 = '03cdec4a0a63a016d0767650cdaf1d4d24669795' AND file:hashes.SHA256 = '004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--25fc14c1-06c3-4eba-b8cb-58094ee9649f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-11T07:11:00+00:00", "category": "Other", "uuid": "b3eaf74a-395b-4275-a76e-34645aa838ef" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a/detection/f-004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a-1607670660", "category": "Payload delivery", "uuid": "1eb92100-b695-4ea4-b11d-30b077c28e35" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/68", "category": "Payload delivery", "uuid": "cab0b346-6344-4ad3-ba1b-0be27594a40f" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7acd8111-ca39-4ca7-8c71-803b109fdbb1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = '9b7ccaa2ae6a5b96e3110ebcbc4311f6' AND file:hashes.SHA1 = '3cc616d959eb2fe59642102f0565c0e55ee67dbc' AND file:hashes.SHA256 = 'c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-08T20:00:16+00:00", "category": "Other", "uuid": "7dc497a6-6dec-4c1d-8716-86e884ee2bc1" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1/detection/f-c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1-1607457616", "category": "Payload delivery", "uuid": "26fbafe0-c40b-4933-81aa-3653f0a2d151" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/70", "category": "Payload delivery", "uuid": "a91bf725-a902-4dc0-8f12-c1f15b39cf96" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--29426b95-4459-42eb-a768-16505e1b377c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = '1d6aa29e98d3f54b8c891929c34eb426' AND file:hashes.SHA1 = 'ceca1a691c736632b3e98f2ed5b028d33c0f3c64' AND file:hashes.SHA256 = '3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--849ff98d-f0ec-47fa-9637-45dbb8dc304e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-10T13:40:24+00:00", "category": "Other", "uuid": "e713fa1f-3407-4696-99ba-846f34eeb4c0" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63/detection/f-3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63-1607607624", "category": "Payload delivery", "uuid": "6fd7add1-2a7a-4097-8eef-8839fe071b96" }, { "type": "text", "object_relation": "detection-ratio", "value": "55/70", "category": "Payload delivery", "uuid": "68c02290-85de-4630-9b2d-9106a094a6df" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e81e457d-a6d4-4660-a30d-436c4a6feed7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = 'c3c7a97da396085eb48953e638c3c9c6' AND file:hashes.SHA1 = '8768cf56e12a81d838e270dca9b82d30c35d026e' AND file:hashes.SHA256 = '3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--462c4e22-eee2-42e5-80c2-0f6a72bb7805", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2021-01-04T14:00:43+00:00", "category": "Other", "uuid": "fcb06cd2-9f93-4579-aa43-ef446a3626cb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55/detection/f-3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55-1609768843", "category": "Payload delivery", "uuid": "e448de8a-c8cf-4672-9eaa-d62bca982226" }, { "type": "text", "object_relation": "detection-ratio", "value": "58/70", "category": "Payload delivery", "uuid": "955136df-ae25-4596-922c-3f1b554cb5eb" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a65ede5-747d-473a-965e-b8cfffe90acd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = 'c96df334b5ed70473ec6a58a545208b6' AND file:hashes.SHA1 = 'f6ad7b0a1d93b7a70e286b87f423119daa4ea4df' AND file:hashes.SHA256 = '4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--945c2cb2-2d0d-431d-a383-2dbf46b0087a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-26T00:01:37+00:00", "category": "Other", "uuid": "8da44018-bdf1-4bad-a949-816ad3937766" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97/detection/f-4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97-1608940897", "category": "Payload delivery", "uuid": "ae1dbfb3-805c-40a6-b58e-e0b87b70f693" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/69", "category": "Payload delivery", "uuid": "9f07ad66-dba8-41ca-8e09-2f9c0d00da46" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e01e6532-7d60-4367-aa1f-1a34f155ed9d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "pattern": "[file:hashes.MD5 = '7375083934dd17f0532da3bd6770ab25' AND file:hashes.SHA1 = 'ac6d919b313bbb18624d26745121fca3e4ae0fd3' AND file:hashes.SHA256 = 'f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2021-01-04T16:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e36355e9-1dae-426d-93bc-662bbd33defc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:56:46.000Z", "modified": "2021-01-04T16:56:46.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2020-12-29T02:03:45+00:00", "category": "Other", "uuid": "0a6d34f2-2cae-42ef-bafa-11f877992855" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/gui/file/f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c/detection/f-f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c-1609207425", "category": "Payload delivery", "uuid": "7a28e9c0-fe81-4c22-9f51-c63b948bfccc" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/60", "category": "Payload delivery", "uuid": "38dc5c8c-cbd8-492c-bf51-a4bea9f621fe" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--20f9ac21-e557-46c7-b6a7-014870661f3d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2021-01-04T16:59:53.000Z", "modified": "2021-01-04T16:59:53.000Z", "labels": [ "misp:name=\"crypto-material\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "type", "value": "RSA", "category": "Other", "uuid": "b2776f5a-08af-446f-b299-3653172e3443" }, { "type": "text", "object_relation": "private", "value": "pWEzuKkw9nY82VRKYfrw4f4wvrnfnKEApQ5JTkf/YQPzxJtJmwKUjXV759aYQnPIZdGN1RUckdpMZWiYGmsWFYzkNJZpsPihvk9c14zLJDJdmpitYvoy22JFox9iBHqhFAjDC37kzpVH6bafVABdUgUdr0r2EzK+ysJBiR0Ge28ToH94wJTXwBC7hi3G42vk4KmLncPm55NUuz9ZzQ+xqovtN/RyDNL8MDbW4lHWe9Lmi5qlNN/ckIgwDh+sI1rO/T+DmS1Uoo62QWeYTgmlRaCp91AfeC7mNFkXvXUVMs3GlqpIrgbMLPBbBi04sra/pmXp9oteZK4b1fAWKgDZ2B0f11AiX9SFIpJn8odT+Z0tVL2H8IKvANB1507SGq3S2JR3a6SLGODy3yjm3vwfnyaVqL1gNNudkDc5dLVx0tavBj2h5v1PMDCFYpuSZ56qYY1VeQfA56bsPKI2J102ztOktaFmU9jI3G3oxBCV9j1JKOJhltPRjyXAmg9o3sqB5VCxPzmMIL+bxJnEelHdBzVdRpY4pPyEPmdrn2mQ5sXwIA1RfdvF9JruxQF/0yl2WKqK0CE4pKazQWdrYdQaLTPCdMxZv7JKO8Dy5vyHBW08+UTJEuEiQa6Q/1qVkGipUPgK4Wpg3iP6xas9SaV1ovy1o2yC0beVhD+Ean6/5/lfIiG1w/ouzyq0Vprhfmr59ftnduimCDgAPi9mv2Fzg1BcGYt5P0qE7Ya0ycGFyvNvS2eoiA5mjvN67R6jeJ8JF0fPnz7O2QMldjZj0uVfAoMHlgaRP74vOKfOzFHCiPhyXwe8V9Wd3xjctlG4PCVMuUvYn7BFSW82AMefXIWTeIhHD4UdoAuZ3sHsgsFyyaTdVo1WCEWJtMMN0FOyhF0m1R5ozQPJSyuaOUzrDU1fKD57v3Cf5T860kath1w+CQAeWXdbXSR0mvN45rPgYN24qVvvB6kle5Vr20x0EZJ4viCERcreKcJqOV/0GwZU4BR8jUGQkokgD3UvJQf0Vu4mIv6vLZUtvRvEl3URsZNWh7nnKR5jjq3Tx911IH+UQznFncGD402REUpyADZpv0aRfyMZzZFecaxlo/EMS8lhkeukkZQJiwXJH2SV77olADcOfnaOQEq+YU23kRJf+YOdKW3E9NsqF1MKLTdn5+31ka4OyN7wed9HVyJj+clXkNT/YJkS/E869Hm1MPBQv+25451tiXgGcKo/9L5BFmmy77TxYuZMjuRVIanXWwK8tQ+kz0gEj1BG4I477yrhqN2yaQQ2cZ7QhpNPFlnsereCoI8rNBRBp/VgxKS+AKqkKj9UyghlABrYlRypEsM7FDC44tvDJILfb+9IL70qEe+BdPmIIv4/HWHJSEI7K9MWLah7cX4OGLG2eqT9pSkLISFvyEM+9ylo3WYWx2G0m5s0r7O+jRAOdZ1Joy5eGx7PPRCnVcEv0IyhNnFpz4HsNibUAR664rZ+Os05SDNitn3t8RgtAcvTdNHAbtNGLZZj/7KFIyGb1f37teR9/oty8BFsaHhRNVHx22+u+AFR/HbucnbY+prvzAWY3dpjQIO2O+3HoCuz2MXx5gFIfJ0pIA6V9px/j4LOPGPfN159CRItKeOy3ZLtKByaD+FwHBzYHpIWgCvL2vWo+eRWF66oYNvDhB5yVtDgXx0LU789ypKu/vjuvo7obGEoF3NoxJhmNS4DfVMzsy4YdBRhHrBfF36a8ahFSBApu9cd0RmuT09hKmV7m+EGGCXr+MNvzlFQSMzt5Ce5Mj9w507PN/IDLQz8h6236WGZSH2iM2PGUq/UF1wADoHSjPXRcfPparHHHPTcZZkil4HMWP6Y+gDlN0BKKl9ntqyd8QiiqDqwcJIZZG4Jm6lRIhvpBZ14P+z83zePzjMNhVkNVnU4sfDRaemkxZFPF+hGM/PEvqFuEOsX4LfWxOpwLAf+OLLpe71+6QdKDAcwf6553t0TOPCqGr3B+flGGAhi0pqCeAsB0KzS28MakLBxJQPkR/E+F0tHmwBYCCl0haxZnBZ9rJVApq2rAAENA2gQLPaStc0DzrdkIRY6r789la7OzAUqvcTyX8fq/xfYJpz+zUt4PUcVWxoO1+1g9+BpCAlPgZEkIKSbqoSNtkeIMz65CthNiCsX817p8nqBb4BdpcuCihoL49fK6fn/WUnj3xaTiQuNDnvcW9NARgIzqu2lvsZa+qvDBW99gsaeLb4feNlGqZUk98zht7GvywgFEAEYASCAAigAOg5QAEgAWABGAFMAMgAAAEIiQgAwADIARAAwAEYAMwAyAEEAMQBDADkAMgBFADAAOAAAAEqQAXwAQQA6AFIAXwAwAC8AMAB8AEMAOgBGAF8ANAA0ADMAMAA4AC8ANwA2ADQANAA3AHwARAA6AEMAXwAwAC8AMAB8AEUAOgBGAF8AMQA3ADEANgA0ADQALwAyADAAOQA3ADEANAA5AHwARgA6AEYAXwAyADkANAA5ADQANQAvADIAMAA0ADcAOAA2ADgAfAAAAFIQagBnAHIAYQBuAGoAYQAAAGgDckBXAGkAbgBkAG8AdwBzACAAUwBlAHIAdgBlAHIAIAAyADAAMQAyACAAUgAyACAAUwB0AGEAbgBkAGEAcgBkAAAAehJJAE0AUABSAEkATQBJAFMAAAA=", "category": "Other", "uuid": "02863d35-aab0-4536-88d8-3b04ae1eb74d" }, { "type": "text", "object_relation": "origin", "value": "malware-extraction", "category": "Other", "uuid": "8b7fe772-37c8-4029-8805-442991a0c6e3" } ], "x_misp_meta_category": "misc", "x_misp_name": "crypto-material" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ad5fbfe2-c8fc-4cf2-a07e-c40bba81fe88", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cea95fda-2dd9-4676-8768-f558f0d39e71", "target_ref": "x-misp-object--0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1a0ce1cd-b491-4ca7-ab4e-8bec25afae23", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6417c999-3922-4576-9d5e-b4ae50bbb0bf", "target_ref": "x-misp-object--f1901695-8474-4b6a-b9fd-b373c4244b0c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e6009bc4-ebe2-4b51-b387-19da95e53ad8", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6a026bd8-e76d-4ec8-8dc5-94ad88664df9", "target_ref": "x-misp-object--5f216e8e-983a-4f0c-a17d-370a5cfeb0fc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e00c551a-3b00-47c1-9994-9d5afe6be30a", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--36070fb1-d674-440d-9065-7622c438995e", "target_ref": "x-misp-object--2710f1fd-4267-4340-a33d-ff4a6fdc3928" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2b044799-2dfb-4d20-b4d8-4c531227ca40", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa", "target_ref": "x-misp-object--6a310603-3817-4d42-9183-709a7188d99c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d982c429-1f88-48de-acc6-0e911f653b72", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7ad93f35-96c7-4529-adcc-cc1280740c0e", "target_ref": "x-misp-object--7aa9a533-360b-4b85-8b54-d39e921b834b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ef35c09f-3596-45f8-9a86-bf00fcf2384a", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a17e2776-7f1d-4cad-a29d-9ab5dd2d173b", "target_ref": "x-misp-object--1d6a338a-3388-4226-85fb-ff12991aa9d4" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e49fe6ce-908f-4726-a045-0080ed8d95c8", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--cc04c553-5a60-4526-acdc-e6d437440d5b", "target_ref": "x-misp-object--cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0e8c60c0-33d1-458f-b645-2e714842ed32", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--63287a79-1c3f-4036-9873-158e0d81f3d4", "target_ref": "x-misp-object--9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90ce690b-df90-4c6d-b1cb-ac759c172f1c", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--37ec2791-fa7e-409f-b36c-71f1a301a829", "target_ref": "x-misp-object--bf78eda4-f2d2-4141-a2eb-f3f4a70022be" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bce92ad4-59ea-4e7b-bb54-a80e00f309a7", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--5d6bce96-6c85-4124-a0de-ed5f89f5d956", "target_ref": "x-misp-object--0d39fbbc-c621-4cd1-accb-adaa28dc54d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--918522e4-9422-4147-8709-9243fdbca6f9", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--127fd835-cce8-4ec3-9081-3d846eb2e59a", "target_ref": "x-misp-object--61e087cf-2194-4de6-8557-d6cc07ee69d1" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a8694ba0-ae52-44ab-9931-3ccb31222666", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--61f03b5a-cae9-483c-a8b9-d9dac895f784", "target_ref": "x-misp-object--a5610b99-9939-4579-b6f7-0ef544c12c5c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f2e05636-2999-4f30-bd6a-a4ed230f1af4", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--caf4d1ae-260f-491d-b2e9-415b3dd62938", "target_ref": "x-misp-object--25fc14c1-06c3-4eba-b8cb-58094ee9649f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--afe81144-fe1c-4938-8eb0-e7e0c18b9149", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7acd8111-ca39-4ca7-8c71-803b109fdbb1", "target_ref": "x-misp-object--f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--59623775-3607-46ca-8497-3a90715f2800", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--29426b95-4459-42eb-a768-16505e1b377c", "target_ref": "x-misp-object--849ff98d-f0ec-47fa-9637-45dbb8dc304e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b50b81eb-df9b-44ed-a551-5c152c15a199", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e81e457d-a6d4-4660-a30d-436c4a6feed7", "target_ref": "x-misp-object--462c4e22-eee2-42e5-80c2-0f6a72bb7805" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--586ab7f7-894d-4c35-a7c8-49794d1d25e1", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0a65ede5-747d-473a-965e-b8cfffe90acd", "target_ref": "x-misp-object--945c2cb2-2d0d-431d-a383-2dbf46b0087a" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--894a35f7-76f7-45dd-b4ae-cd249142fa27", "created": "1970-01-01T00:00:00.000Z", "modified": "1970-01-01T00:00:00.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e01e6532-7d60-4367-aa1f-1a34f155ed9d", "target_ref": "x-misp-object--e36355e9-1dae-426d-93bc-662bbd33defc" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }