{ "type": "bundle", "id": "bundle--5d13bc95-ecbc-4af9-b684-423602de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:50:47.000Z", "modified": "2019-06-26T18:50:47.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d13bc95-ecbc-4af9-b684-423602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:50:47.000Z", "modified": "2019-06-26T18:50:47.000Z", "name": "Soft Cell case - guessed indicators (via Twitter discussion)", "published": "2019-06-26T18:52:05Z", "object_refs": [ "observed-data--5d13bca8-77cc-4742-90d0-4e1502de0b81", "url--5d13bca8-77cc-4742-90d0-4e1502de0b81", "indicator--5d13bce5-dd84-486e-a09b-415002de0b81", "indicator--5d13bce6-acc4-4222-8d5d-4f7602de0b81", "indicator--5d13bce6-80a8-4a42-a24d-462b02de0b81", "indicator--5d13bce6-ee08-479c-a459-4e7b02de0b81", "indicator--5d13bce6-c1c4-47f5-9dab-486e02de0b81", "indicator--5d13bce6-ac00-4d05-9a1c-43a002de0b81", "indicator--5d13bcfe-4314-4e44-b0c2-43c702de0b81", "indicator--5d13bcfe-9fd8-4d8c-9b64-4c0c02de0b81", "indicator--5d13bcfe-60e4-4863-82dc-412f02de0b81", "indicator--5d13bd31-d2ac-4a2e-99e7-4e7902de0b81", "indicator--5d13bd32-2c90-4102-b8b4-4ba602de0b81", "observed-data--5d13bdd1-5c0c-49b8-8671-4b3302de0b81", "url--5d13bdd1-5c0c-49b8-8671-4b3302de0b81", "observed-data--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "network-traffic--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "observed-data--5d13bde4-31ac-4368-922a-5385e387cbd9", "network-traffic--5d13bde4-31ac-4368-922a-5385e387cbd9", "ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9", "observed-data--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "network-traffic--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "indicator--a84950f4-4292-4648-a458-571a4adf25a9", "x-misp-object--b5a0e459-5c77-470f-9237-ebbbc696c22d", "indicator--f04d4630-aae5-4603-b43a-f905aacf83c5", "x-misp-object--21e4d20a-add1-41f7-84c2-c38beaafd633", "indicator--18448777-1668-45b1-a0d5-821d348e970c", "x-misp-object--cf10a26e-de17-4073-9445-50f0519dce18", "indicator--eceee0ff-b9ce-47fd-b34e-ee27ec26f394", "x-misp-object--6cae530d-e8f6-4513-95e4-0ccddf9c7a84", "indicator--9ab69867-6fa8-49ec-96f2-8276c622a426", "x-misp-object--baca908c-f701-4c24-8c83-4b5840ba7558", "relationship--589cebbf-c931-460d-95e7-d073c1346133", "relationship--cb83a59b-fa7f-496a-82b7-7931823db96a", "relationship--42d5408c-cdb3-474e-8e0b-22bf24f54fa0", "relationship--113a47c9-ea59-4ecf-a3e0-e485ca666bf1", "relationship--5d619c97-cfa4-4f81-8af4-2ea03c4ddb4b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d13bca8-77cc-4742-90d0-4e1502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:42:48.000Z", "modified": "2019-06-26T18:42:48.000Z", "first_observed": "2019-06-26T18:42:48Z", "last_observed": "2019-06-26T18:42:48Z", "number_observed": 1, "object_refs": [ "url--5d13bca8-77cc-4742-90d0-4e1502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d13bca8-77cc-4742-90d0-4e1502de0b81", "value": "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bce5-dd84-486e-a09b-415002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:43:49.000Z", "modified": "2019-06-26T18:43:49.000Z", "description": "A few C2s associated with the hashes Tom posted:", "pattern": "[domain-name:value = 'asyspy256.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:43:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bce6-acc4-4222-8d5d-4f7602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:43:50.000Z", "modified": "2019-06-26T18:43:50.000Z", "description": "A few C2s associated with the hashes Tom posted:", "pattern": "[domain-name:value = 'cvdfhjh1231.myftp.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:43:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bce6-80a8-4a42-a24d-462b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:43:50.000Z", "modified": "2019-06-26T18:43:50.000Z", "description": "A few C2s associated with the hashes Tom posted:", "pattern": "[domain-name:value = 'dffwescwer4325.myftp.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:43:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bce6-ee08-479c-a459-4e7b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:43:50.000Z", "modified": "2019-06-26T18:43:50.000Z", "description": "A few C2s associated with the hashes Tom posted:", "pattern": "[domain-name:value = 'hotkillmail9sddcc.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:43:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bce6-c1c4-47f5-9dab-486e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:43:50.000Z", "modified": "2019-06-26T18:43:50.000Z", "description": "A few C2s associated with the hashes Tom posted:", "pattern": "[domain-name:value = 'rosaf112.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:43:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bce6-ac00-4d05-9a1c-43a002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:43:50.000Z", "modified": "2019-06-26T18:43:50.000Z", "description": "A few C2s associated with the hashes Tom posted:", "pattern": "[domain-name:value = 'sz2016rose.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:43:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bcfe-4314-4e44-b0c2-43c702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:44:14.000Z", "modified": "2019-06-26T18:44:14.000Z", "description": "Based on the writeup, likely associated file", "pattern": "[file:hashes.SHA256 = 'fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:44:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bcfe-9fd8-4d8c-9b64-4c0c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:44:14.000Z", "modified": "2019-06-26T18:44:14.000Z", "description": "Based on the writeup, likely associated file", "pattern": "[file:hashes.SHA256 = '12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:44:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bcfe-60e4-4863-82dc-412f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:44:14.000Z", "modified": "2019-06-26T18:44:14.000Z", "description": "Based on the writeup, likely associated file", "pattern": "[file:hashes.SHA256 = 'c81dd8dd3623181cbc117ca7255e6ea530f770c05624c6896362f03fbfc06280']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:44:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bd31-d2ac-4a2e-99e7-4e7902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:05.000Z", "modified": "2019-06-26T18:45:05.000Z", "description": "Adding two more hashes of mal-ssMUIDLL.dlls:", "pattern": "[file:hashes.SHA256 = '5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:45:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bd32-2c90-4102-b8b4-4ba602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:06.000Z", "modified": "2019-06-26T18:45:06.000Z", "description": "Adding two more hashes of mal-ssMUIDLL.dlls:", "pattern": "[file:hashes.SHA256 = '95817d8c742dd667225273847ea15f46445ab1439e634c05785084af7cb39a58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:45:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d13bdd1-5c0c-49b8-8671-4b3302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:47:45.000Z", "modified": "2019-06-26T18:47:45.000Z", "first_observed": "2019-06-26T18:47:45Z", "last_observed": "2019-06-26T18:47:45Z", "number_observed": 1, "object_refs": [ "url--5d13bdd1-5c0c-49b8-8671-4b3302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d13bdd1-5c0c-49b8-8671-4b3302de0b81", "value": "https://twitter.com/tlansec/status/1143451202736336896" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:48:04.000Z", "modified": "2019-06-26T18:48:04.000Z", "first_observed": "2019-06-26T18:48:04Z", "last_observed": "2019-06-26T18:48:04Z", "number_observed": 1, "object_refs": [ "network-traffic--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "src_ref": "ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d13bde4-1b68-4c06-ae4c-5385e387cbd9", "value": "210.56.60.240" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d13bde4-31ac-4368-922a-5385e387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:48:04.000Z", "modified": "2019-06-26T18:48:04.000Z", "first_observed": "2019-06-26T18:48:04Z", "last_observed": "2019-06-26T18:48:04Z", "number_observed": 1, "object_refs": [ "network-traffic--5d13bde4-31ac-4368-922a-5385e387cbd9", "ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d13bde4-31ac-4368-922a-5385e387cbd9", "src_ref": "ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d13bde4-31ac-4368-922a-5385e387cbd9", "value": "45.121.48.106" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:48:04.000Z", "modified": "2019-06-26T18:48:04.000Z", "first_observed": "2019-06-26T18:48:04Z", "last_observed": "2019-06-26T18:48:04Z", "number_observed": 1, "object_refs": [ "network-traffic--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "src_ref": "ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d13bde4-9e8c-42cb-bfc9-5385e387cbd9", "value": "45.77.226.209" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a84950f4-4292-4648-a458-571a4adf25a9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:52.000Z", "modified": "2019-06-26T18:45:52.000Z", "pattern": "[file:hashes.MD5 = 'e435b961048c2fecc2e8e697dc9bd666' AND file:hashes.SHA1 = '5d17fd6904db389040767f8474ca88be4b43de07' AND file:hashes.SHA256 = 'fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:45:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b5a0e459-5c77-470f-9237-ebbbc696c22d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-25T22:39:22", "category": "Other", "comment": "Based on the writeup, likely associated file", "uuid": "6759f955-ea4a-4d4f-a238-5936eeed21a3" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab/analysis/1561502362/", "category": "Payload delivery", "comment": "Based on the writeup, likely associated file", "uuid": "fdd7a321-97b2-4ce4-a4e7-ff904f5c71de" }, { "type": "text", "object_relation": "detection-ratio", "value": "49/71", "category": "Payload delivery", "comment": "Based on the writeup, likely associated file", "uuid": "c9f21984-4969-42ba-9260-08f63be6d4d2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f04d4630-aae5-4603-b43a-f905aacf83c5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "pattern": "[file:hashes.MD5 = '185ad2bfaa924571c492ee1d3f281bac' AND file:hashes.SHA1 = '722dc399e6048127e52843075fd652006b8c85a4' AND file:hashes.SHA256 = '95817d8c742dd667225273847ea15f46445ab1439e634c05785084af7cb39a58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:45:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--21e4d20a-add1-41f7-84c2-c38beaafd633", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-25T04:55:52", "category": "Other", "comment": "Adding two more hashes of mal-ssMUIDLL.dlls:", "uuid": "42fed8da-db9b-4cce-9cae-f00f52b51482" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/95817d8c742dd667225273847ea15f46445ab1439e634c05785084af7cb39a58/analysis/1561438552/", "category": "Payload delivery", "comment": "Adding two more hashes of mal-ssMUIDLL.dlls:", "uuid": "c0e15224-5bc2-4290-8766-dc9654b59d5c" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/67", "category": "Payload delivery", "comment": "Adding two more hashes of mal-ssMUIDLL.dlls:", "uuid": "2a6f9f10-9e74-4f1c-a56b-dd93c48c5faa" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18448777-1668-45b1-a0d5-821d348e970c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "pattern": "[file:hashes.MD5 = 'fb8c172c964e6740963eb223407a917c' AND file:hashes.SHA1 = '4448a3cd278d6c7b85987f0c9ba5dfeef7be8dad' AND file:hashes.SHA256 = '12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:45:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--cf10a26e-de17-4073-9445-50f0519dce18", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-25T22:39:18", "category": "Other", "comment": "Based on the writeup, likely associated file", "uuid": "1213473d-68a4-4940-a71b-9f786124f235" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71/analysis/1561502358/", "category": "Payload delivery", "comment": "Based on the writeup, likely associated file", "uuid": "6a5f1012-9ec0-4c37-825d-28343f4b1bc3" }, { "type": "text", "object_relation": "detection-ratio", "value": "52/72", "category": "Payload delivery", "comment": "Based on the writeup, likely associated file", "uuid": "94582d67-0fce-45f4-ba0b-96e6f7e46aaf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eceee0ff-b9ce-47fd-b34e-ee27ec26f394", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "pattern": "[file:hashes.MD5 = '89d0cdd3617c118c6ba1a720e9f9bd62' AND file:hashes.SHA1 = 'b69594d1fc9d44bb89fa09cacfbf61723b7fe1bd' AND file:hashes.SHA256 = 'c81dd8dd3623181cbc117ca7255e6ea530f770c05624c6896362f03fbfc06280']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:45:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--6cae530d-e8f6-4513-95e4-0ccddf9c7a84", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-06-25T22:39:23", "category": "Other", "comment": "Based on the writeup, likely associated file", "uuid": "4116418a-2b61-46a0-a3a2-f0a8519e5d9b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c81dd8dd3623181cbc117ca7255e6ea530f770c05624c6896362f03fbfc06280/analysis/1561502363/", "category": "Payload delivery", "comment": "Based on the writeup, likely associated file", "uuid": "9f8cf8f5-392a-4d3e-aeed-d86554b90293" }, { "type": "text", "object_relation": "detection-ratio", "value": "54/72", "category": "Payload delivery", "comment": "Based on the writeup, likely associated file", "uuid": "3ba84440-48e6-4138-b1e2-b28e6bd10df8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9ab69867-6fa8-49ec-96f2-8276c622a426", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:53.000Z", "modified": "2019-06-26T18:45:53.000Z", "pattern": "[file:hashes.MD5 = '9a97ddbb141d01ce0b1b994399cfb7dc' AND file:hashes.SHA1 = 'e841a63e47361a572db9a7334af459ddca11347a' AND file:hashes.SHA256 = '5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:45:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--baca908c-f701-4c24-8c83-4b5840ba7558", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:45:54.000Z", "modified": "2019-06-26T18:45:54.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-02-14T01:23:14", "category": "Other", "comment": "Adding two more hashes of mal-ssMUIDLL.dlls:", "uuid": "6e0656fd-9975-4200-b7f4-601aed707e4f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5bf80b871278a29f356bd42af1e35428aead20cd90b0c7642247afcaaa95b022/analysis/1550107394/", "category": "Payload delivery", "comment": "Adding two more hashes of mal-ssMUIDLL.dlls:", "uuid": "03c6dda3-fceb-466b-a741-59590d4dd000" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/69", "category": "Payload delivery", "comment": "Adding two more hashes of mal-ssMUIDLL.dlls:", "uuid": "779f1fd3-da3e-4e43-b7e7-580f9fbf9296" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--589cebbf-c931-460d-95e7-d073c1346133", "created": "2019-06-26T18:45:54.000Z", "modified": "2019-06-26T18:45:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a84950f4-4292-4648-a458-571a4adf25a9", "target_ref": "x-misp-object--b5a0e459-5c77-470f-9237-ebbbc696c22d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cb83a59b-fa7f-496a-82b7-7931823db96a", "created": "2019-06-26T18:45:54.000Z", "modified": "2019-06-26T18:45:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f04d4630-aae5-4603-b43a-f905aacf83c5", "target_ref": "x-misp-object--21e4d20a-add1-41f7-84c2-c38beaafd633" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--42d5408c-cdb3-474e-8e0b-22bf24f54fa0", "created": "2019-06-26T18:45:54.000Z", "modified": "2019-06-26T18:45:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--18448777-1668-45b1-a0d5-821d348e970c", "target_ref": "x-misp-object--cf10a26e-de17-4073-9445-50f0519dce18" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--113a47c9-ea59-4ecf-a3e0-e485ca666bf1", "created": "2019-06-26T18:45:54.000Z", "modified": "2019-06-26T18:45:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--eceee0ff-b9ce-47fd-b34e-ee27ec26f394", "target_ref": "x-misp-object--6cae530d-e8f6-4513-95e4-0ccddf9c7a84" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5d619c97-cfa4-4f81-8af4-2ea03c4ddb4b", "created": "2019-06-26T18:45:54.000Z", "modified": "2019-06-26T18:45:54.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9ab69867-6fa8-49ec-96f2-8276c622a426", "target_ref": "x-misp-object--baca908c-f701-4c24-8c83-4b5840ba7558" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }