{ "type": "bundle", "id": "bundle--5dbae98e-7974-4480-86db-44be950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:40.000Z", "modified": "2019-12-10T09:24:40.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5dbae98e-7974-4480-86db-44be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:40.000Z", "modified": "2019-12-10T09:24:40.000Z", "name": "OSINT - Dans l\u00e2\u20ac\u2122\u00c5\u201cil de notre CyberSOC : la campagne malspam Aggah diversifie ses outils", "published": "2019-12-10T09:25:12Z", "object_refs": [ "observed-data--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f", "url--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f", "indicator--5dc033f3-d78c-4fb5-bae5-e94f950d210f", "indicator--5dc033f3-0808-4286-b34c-e94f950d210f", "indicator--5dc033f3-a64c-4132-9e4a-e94f950d210f", "indicator--5dc033f3-1b0c-4573-99df-e94f950d210f", "indicator--5dc033f3-6624-4d01-ab9b-e94f950d210f", "indicator--5dc033f3-e0e4-404a-bfdd-e94f950d210f", "indicator--5dc033f3-1850-4a19-97a5-e94f950d210f", "indicator--5dc033f3-09b8-4fc8-8f7f-e94f950d210f", "indicator--5dc033f3-85a4-409e-8612-e94f950d210f", "indicator--5dc033f3-30b8-471e-8f71-e94f950d210f", "indicator--5dc033f3-4abc-4c8a-8ac5-e94f950d210f", "indicator--5dc033f3-2ea4-49be-b641-e94f950d210f", "indicator--5dc033f3-209c-430c-a548-e94f950d210f", "indicator--5dc033f3-e3bc-45fa-bc71-e94f950d210f", "indicator--5dc033f3-3e90-4cc0-a319-e94f950d210f", "indicator--5dc04091-77d0-4ff0-ab41-4d09950d210f", "indicator--5dc04372-f128-4cb3-bdc0-46b1950d210f", "indicator--5dc02897-2454-4c3d-a82a-4974950d210f", "indicator--5dc028bf-36e8-4d96-b847-5503950d210f", "indicator--5dc02950-294c-4f7b-83d6-4a0b950d210f", "indicator--5dc0296c-f0a8-4327-9139-405d950d210f", "indicator--5dc0297c-ca38-46f0-b3ab-471c950d210f", "indicator--5dc02d45-2b1c-4958-a52f-4199950d210f", "indicator--5dc02d5b-fafc-430b-9c55-497c950d210f", "indicator--5dc02e92-1c20-4a65-bcdc-4680950d210f", "indicator--5dc02eb6-49b8-43d2-b886-5502950d210f", "indicator--5dc02ecc-fa44-493c-8ef5-5502950d210f", "indicator--5dc02ee8-3470-44aa-83b4-5502950d210f", "indicator--5dc02ef9-f6d8-4cc2-9d29-5502950d210f", "indicator--5dc02f2a-f568-457e-81b5-df66950d210f", "indicator--5dc02f5f-c2ec-401c-9d8c-df66950d210f", "indicator--5dc02f7e-d520-4255-8405-4cfb950d210f", "indicator--5dc02fb0-31f8-4064-aa9b-4574950d210f", "indicator--5dc02fc7-b278-4517-a872-4701950d210f", "indicator--5dc0300a-1c78-4639-8603-df80950d210f", "indicator--5dc030d7-9fe4-4004-849a-df80950d210f", "indicator--5dc030e9-7e6c-4b8b-b31a-5502950d210f", "indicator--5dc03101-76a8-4b60-a427-4f2d950d210f", "indicator--5dc03110-e910-404e-9d81-4e44950d210f", "indicator--5dc03125-2e64-41aa-b7c0-4f13950d210f", "indicator--5dc0313f-4a7c-4305-a77b-44ee950d210f", "indicator--5dc0314f-a250-41f2-bc6c-4fe3950d210f", "indicator--5dc0315d-b42c-4bd7-bf22-4095950d210f", "indicator--5dc0316f-ae4c-49ff-ae8b-4407950d210f", "indicator--5dc0335b-88e8-47b2-b741-df82950d210f", "indicator--5dc03369-ac10-4d04-af2b-df67950d210f", "observed-data--5dc038bd-a88c-46b1-bbef-4394950d210f", "email-message--5dc038bd-a88c-46b1-bbef-4394950d210f", "observed-data--5dc038d1-8a18-428c-9989-e94f950d210f", "email-message--5dc038d1-8a18-428c-9989-e94f950d210f", "indicator--5dc03906-ffc0-44c6-a50a-df81950d210f", "indicator--d670c680-69d6-426d-a298-c0ff391db8e7", "x-misp-object--5a211825-b90f-4f28-8d80-2ccca44fb240", "indicator--4001f135-f142-448f-8f86-90d6ddf6342b", "x-misp-object--fad7d3d0-90ab-430b-840d-7d8a2b18ac51", "indicator--4ebb5413-89fe-40e4-a59f-e5c6a1b7313e", "x-misp-object--693be22d-e312-4294-9171-2d8065cddd54", "indicator--92ae76c5-8973-4515-938d-b878ca91368e", "x-misp-object--dffbc7d4-cd65-4cb2-9090-32a89e4e174f", "indicator--c4cded67-8b32-4ee4-b39f-d17a501a2cf3", "x-misp-object--d5ef38d1-b501-4ae1-9249-6707886ea81b", "indicator--c64bda57-fb58-499b-a870-74140ecb73c3", "x-misp-object--8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e", "indicator--0ec33fed-1a2a-485e-939f-f40425ebc54c", "x-misp-object--c0bce316-ef56-42c6-811e-7dca12ecf919", "indicator--f1e1d01c-6f5f-4204-9d86-34227fa834ed", "x-misp-object--78cebe26-6eb1-4f08-b500-312923e761c9", "relationship--8eaa227e-af1f-4f77-a5ea-4ed57d5737d4", "relationship--2dda5e0f-7009-44ce-b34d-e57d5db33eac", "relationship--2f057755-238e-4cd6-8f25-2293e4e98845", "relationship--90fa3488-e6ae-4e04-90ec-b77513796fba", "relationship--3e4d1c3e-bd5e-48e3-a5af-637bc0b76556", "relationship--970c8cc8-b5a1-4d59-98da-fa2b9c9fd816", "relationship--c58094ea-692c-4229-a7b1-03dc0f723703", "relationship--0168381a-fff2-4a49-8a7c-4034e6a6ec5f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"", "misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"", "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"", "misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"", "misp-galaxy:mitre-attack-pattern=\"Mshta - T1170\"", "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"", "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\"", "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-10-31T14:08:05.000Z", "modified": "2019-10-31T14:08:05.000Z", "first_observed": "2019-10-31T14:08:05Z", "last_observed": "2019-10-31T14:08:05Z", "number_observed": 1, "object_refs": [ "url--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5dbaeac5-a3c0-48f3-b0c1-46c2950d210f", "value": "https://cyberdefense.orange.com/fr/blog/dans-loeil-de-notre-cybersoc-la-campagne-malspam-aggah-diversifie-ses-outils/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-d78c-4fb5-bae5-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[url:value = '88.150.221.123/1/inc/0f176165c9879d.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-0808-4286-b34c-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[url:value = '216.170.126.123/otu/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-a64c-4132-9e4a-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[url:value = '185.215.148.217/ghost/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-1b0c-4573-99df-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[url:value = '216.170.126.107/done/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-6624-4d01-ab9b-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[url:value = '216.170.126.107/xmen/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-e0e4-404a-bfdd-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[url:value = '216.170.126.146/ahsan/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-1850-4a19-97a5-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'dennisss.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-09b8-4fc8-8f7f-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'mozila-system.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-85a4-409e-8612-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'hetro.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-30b8-471e-8f71-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'kimkinzo.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-4abc-4c8a-8ac5-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[file:name = '?docora.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-2ea4-49be-b641-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'fishwdme.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-209c-430c-a548-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'john-osas11.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-e3bc-45fa-bc71-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'ccmorgan.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc033f3-3e90-4cc0-a319-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:21:39.000Z", "modified": "2019-11-04T14:21:39.000Z", "description": "C2", "pattern": "[domain-name:value = 'sukw.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:21:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc04091-77d0-4ff0-ab41-4d09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T15:15:29.000Z", "modified": "2019-11-04T15:15:29.000Z", "pattern": "[domain-name:value = 'newandupdates1234.blogspot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T15:15:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc04372-f128-4cb3-bdc0-46b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T15:27:46.000Z", "modified": "2019-11-04T15:27:46.000Z", "pattern": "[domain-name:value = 'asdiamecwecw8cew.blogspot.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T15:27:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02897-2454-4c3d-a82a-4974950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:33:11.000Z", "modified": "2019-11-04T13:33:11.000Z", "description": "C2", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.170.126.107') AND network-traffic:dst_port = '777']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:33:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc028bf-36e8-4d96-b847-5503950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:33:51.000Z", "modified": "2019-11-04T13:33:51.000Z", "description": "NanoCore", "pattern": "[file:hashes.SHA256 = '83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:33:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02950-294c-4f7b-83d6-4a0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:36:16.000Z", "modified": "2019-11-04T13:36:16.000Z", "description": "NanoCore", "pattern": "[file:hashes.SHA256 = '35cf9dd2e966cbbf772bc8a8863eca048ce48728ad0fb9bad994b62247291171']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:36:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0296c-f0a8-4327-9139-405d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:36:44.000Z", "modified": "2019-11-04T13:36:44.000Z", "description": "NanoCore", "pattern": "[file:hashes.SHA256 = 'fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:36:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0297c-ca38-46f0-b3ab-471c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:37:00.000Z", "modified": "2019-11-04T13:37:00.000Z", "description": "NanoCore", "pattern": "[file:hashes.SHA256 = 'a2d86ca90f364341238ad4b6ce42eabad6462ca8b85d2e36d276a5a76a400e93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:37:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02d45-2b1c-4958-a52f-4199950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:53:09.000Z", "modified": "2019-11-04T13:53:09.000Z", "description": "NanoCore", "pattern": "[file:hashes.SHA256 = '0f0faa6ff820888c44e60adc0b9d0044ae626d3ae5adfca9251db655d360430a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:53:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02d5b-fafc-430b-9c55-497c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:53:31.000Z", "modified": "2019-11-04T13:53:31.000Z", "description": "ASyncRAT", "pattern": "[file:hashes.SHA256 = '516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:53:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02e92-1c20-4a65-bcdc-4680950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:58:42.000Z", "modified": "2019-11-04T13:58:42.000Z", "description": "NanoCore", "pattern": "[file:hashes.SHA256 = '732501083e18c0e7843986197a9cc78b4c70844ae2a5260d8e0863b4566840f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:58:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02eb6-49b8-43d2-b886-5502950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:59:18.000Z", "modified": "2019-11-04T13:59:18.000Z", "description": "NanoCore", "pattern": "[file:hashes.SHA256 = 'a37c8ab7a8b6c8686e5d7a911c9f389131eb1da8abab9228f63442f4cc0586b9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:59:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02ecc-fa44-493c-8ef5-5502950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T13:59:40.000Z", "modified": "2019-11-04T13:59:40.000Z", "description": "Azorult", "pattern": "[file:hashes.SHA256 = '6079cdba30c72c4097545444a61945adb4cf03ebbf531b8efb6c3f29633f01e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T13:59:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02ee8-3470-44aa-83b4-5502950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:00:08.000Z", "modified": "2019-11-04T14:00:08.000Z", "description": "Azorult", "pattern": "[file:hashes.SHA256 = '970f0dc60fd3a57dc97194313d8455e8e888ed480cadd7548096537c96c6130d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:00:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02ef9-f6d8-4cc2-9d29-5502950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:00:25.000Z", "modified": "2019-11-04T14:00:25.000Z", "description": "Azorult", "pattern": "[file:hashes.SHA256 = '48b730f6fe4a94cfc4af81fdb4420d3a749f7602b4dfd6663e9e5af91cb3f886']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:00:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02f2a-f568-457e-81b5-df66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:01:14.000Z", "modified": "2019-11-04T14:01:14.000Z", "description": "Azorult", "pattern": "[file:hashes.SHA256 = 'ba516bfa4d18a3890ae5599973d0583523379eeddce6ba08668f9278453bc9ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02f5f-c2ec-401c-9d8c-df66950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:02:07.000Z", "modified": "2019-11-04T14:02:07.000Z", "description": "Azorult", "pattern": "[file:hashes.SHA256 = 'fd40f1fafffe22687d820fed80f152bf8e30ce8a4b7d40ff8ff8acaf42c8517b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:02:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02f7e-d520-4255-8405-4cfb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:02:38.000Z", "modified": "2019-11-04T14:02:38.000Z", "description": "Azorult", "pattern": "[file:hashes.SHA256 = '6497ff8cb227ecd6a75db4379b8f9d849b542b59fd30dd49c6d9ef0977cacd14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:02:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02fb0-31f8-4064-aa9b-4574950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:03:28.000Z", "modified": "2019-11-04T14:03:28.000Z", "description": "Azorult", "pattern": "[file:hashes.SHA256 = '92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:03:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc02fc7-b278-4517-a872-4701950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:03:51.000Z", "modified": "2019-11-04T14:03:51.000Z", "description": "AgentTesla", "pattern": "[file:hashes.SHA256 = 'd0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:03:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0300a-1c78-4639-8603-df80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:04:58.000Z", "modified": "2019-11-04T14:04:58.000Z", "description": "AgentTesla", "pattern": "[file:hashes.SHA256 = '6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:04:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc030d7-9fe4-4004-849a-df80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:08:23.000Z", "modified": "2019-11-04T14:08:23.000Z", "description": "Remcos", "pattern": "[file:hashes.SHA256 = '2ed3b831531428a2f172284d9d5a0e91bb1b478a900d74abe7d581c782d7de03']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:08:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc030e9-7e6c-4b8b-b31a-5502950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:08:41.000Z", "modified": "2019-11-04T14:08:41.000Z", "description": "FormBook", "pattern": "[file:hashes.SHA256 = '778715947a04a421044f4903f5b28eb80f67c545c21a515f25535984166bb273']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:08:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc03101-76a8-4b60-a427-4f2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:09:05.000Z", "modified": "2019-11-04T14:09:05.000Z", "description": "RevengeRAT", "pattern": "[file:hashes.SHA256 = '9f0f88e296786e48c29d77da3418ef2d148ba19db10dcb59aa5dbff2c65cd505']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:09:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc03110-e910-404e-9d81-4e44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:09:20.000Z", "modified": "2019-11-04T14:09:20.000Z", "description": "RevengeRAT", "pattern": "[file:hashes.SHA256 = '7fbb03fcff280da369566274170df592afc639eb6a1bfd8470dca1cd7254ad46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:09:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc03125-2e64-41aa-b7c0-4f13950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:09:41.000Z", "modified": "2019-11-04T14:09:41.000Z", "description": "Dll", "pattern": "[file:hashes.SHA256 = '5c57e599f74e543bf1cae580ebb42beaa3a5ec01a18c59dfa533fa04fbf33456']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:09:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0313f-4a7c-4305-a77b-44ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:10:07.000Z", "modified": "2019-11-04T14:10:07.000Z", "description": "Dll", "pattern": "[file:hashes.SHA256 = 'e73adcf6f04ba13e215f240081024bdd0656e661f43bb9f4b96509d59c0b6ce5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:10:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0314f-a250-41f2-bc6c-4fe3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:10:23.000Z", "modified": "2019-11-04T14:10:23.000Z", "description": "Dll", "pattern": "[file:hashes.SHA256 = '84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:10:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0315d-b42c-4bd7-bf22-4095950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:10:37.000Z", "modified": "2019-11-04T14:10:37.000Z", "description": "Dll", "pattern": "[file:hashes.SHA256 = 'db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:10:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0316f-ae4c-49ff-ae8b-4407950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:10:55.000Z", "modified": "2019-11-04T14:10:55.000Z", "description": "Dll", "pattern": "[file:hashes.SHA256 = 'e1598720dbe7fe3595b0c323c5ad4de231744568acc1f9b00a855642ebea9676']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:10:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc0335b-88e8-47b2-b741-df82950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:19:07.000Z", "modified": "2019-11-04T14:19:07.000Z", "description": "C2", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '35.226.30.217')]", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:19:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc03369-ac10-4d04-af2b-df67950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:19:21.000Z", "modified": "2019-11-04T14:19:21.000Z", "description": "C2", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.150.221.123')]", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:19:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5dc038bd-a88c-46b1-bbef-4394950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:42:05.000Z", "modified": "2019-11-04T14:42:05.000Z", "first_observed": "2019-11-04T14:42:05Z", "last_observed": "2019-11-04T14:42:05Z", "number_observed": 1, "object_refs": [ "email-message--5dc038bd-a88c-46b1-bbef-4394950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5dc038bd-a88c-46b1-bbef-4394950d210f", "is_multipart": false, "subject": "Payment Remittance" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5dc038d1-8a18-428c-9989-e94f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:42:25.000Z", "modified": "2019-11-04T14:42:25.000Z", "first_observed": "2019-11-04T14:42:25Z", "last_observed": "2019-11-04T14:42:25Z", "number_observed": 1, "object_refs": [ "email-message--5dc038d1-8a18-428c-9989-e94f950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5dc038d1-8a18-428c-9989-e94f950d210f", "is_multipart": false, "subject": "Price Request" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dc03906-ffc0-44c6-a50a-df81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-11-04T14:43:18.000Z", "modified": "2019-11-04T14:43:18.000Z", "pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\' AND windows-registry-key:values[0].name = 'WinUpdate']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-11-04T14:43:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d670c680-69d6-426d-a298-c0ff391db8e7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:36.000Z", "modified": "2019-12-10T09:24:36.000Z", "pattern": "[file:hashes.MD5 = '6d4204febbce6bb6802f63a5a823ad67' AND file:hashes.SHA1 = 'b6911feb8a13d2a946a2f74043a624c886af33b1' AND file:hashes.SHA256 = 'db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5a211825-b90f-4f28-8d80-2ccca44fb240", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:36.000Z", "modified": "2019-12-10T09:24:36.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-28T02:31:00", "category": "Other", "comment": "Dll", "uuid": "add0b46d-6efc-4253-a2a6-820b0c5a300e" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f/analysis/1572229860/", "category": "Payload delivery", "comment": "Dll", "uuid": "cac6e1e1-3ab6-4360-9845-421bb3455db6" }, { "type": "text", "object_relation": "detection-ratio", "value": "14/68", "category": "Payload delivery", "comment": "Dll", "uuid": "65299516-f9e2-4960-8e56-faf6303d5a32" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4001f135-f142-448f-8f86-90d6ddf6342b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:37.000Z", "modified": "2019-12-10T09:24:37.000Z", "pattern": "[file:hashes.MD5 = '12fef1dbfcd31084bff43508a7669459' AND file:hashes.SHA1 = '78e5dfca951eab2ade99fdebb7de692cdd02c147' AND file:hashes.SHA256 = '92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--fad7d3d0-90ab-430b-840d-7d8a2b18ac51", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:37.000Z", "modified": "2019-12-10T09:24:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-09T21:55:56", "category": "Other", "comment": "Azorult", "uuid": "68b7ac2e-4d1b-4ef7-b6b3-b0209dc787ba" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e/analysis/1570658156/", "category": "Payload delivery", "comment": "Azorult", "uuid": "ad11e621-a6c3-4a38-a4f0-b9959975fd56" }, { "type": "text", "object_relation": "detection-ratio", "value": "59/69", "category": "Payload delivery", "comment": "Azorult", "uuid": "6232f040-8fdd-43ce-8658-08cab4bb7c18" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ebb5413-89fe-40e4-a59f-e5c6a1b7313e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:38.000Z", "modified": "2019-12-10T09:24:38.000Z", "pattern": "[file:hashes.MD5 = '1660ca53c025465e9b0628246b1047f3' AND file:hashes.SHA1 = '8b3b10b3fa61017a02e013dcabb67eb8eeaa7ed9' AND file:hashes.SHA256 = 'd0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--693be22d-e312-4294-9171-2d8065cddd54", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:38.000Z", "modified": "2019-12-10T09:24:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-23T12:51:58", "category": "Other", "comment": "AgentTesla", "uuid": "f7ef0e54-13ec-41eb-a33e-d72d49258b76" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1/analysis/1571835118/", "category": "Payload delivery", "comment": "AgentTesla", "uuid": "0feac6f1-cddd-4ef0-9758-0bd0a966fc74" }, { "type": "text", "object_relation": "detection-ratio", "value": "41/70", "category": "Payload delivery", "comment": "AgentTesla", "uuid": "cc87a812-0dae-441d-8345-630aa04d3708" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92ae76c5-8973-4515-938d-b878ca91368e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:38.000Z", "modified": "2019-12-10T09:24:38.000Z", "pattern": "[file:hashes.MD5 = '57084aec24c40f6834428b38ef72b967' AND file:hashes.SHA1 = '24dd9c52e1c1ef03cda76c7a9e5887170ada12eb' AND file:hashes.SHA256 = '83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--dffbc7d4-cd65-4cb2-9090-32a89e4e174f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:38.000Z", "modified": "2019-12-10T09:24:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-20T11:44:02", "category": "Other", "comment": "NanoCore", "uuid": "456dfb89-0a24-4933-9ebd-30ae24723027" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced/analysis/1571571842/", "category": "Payload delivery", "comment": "NanoCore", "uuid": "fc64fe4a-f7db-457e-b67e-f8dd8d93a595" }, { "type": "text", "object_relation": "detection-ratio", "value": "57/68", "category": "Payload delivery", "comment": "NanoCore", "uuid": "6caa5df3-8e4f-4f70-97bf-0fdf57745619" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4cded67-8b32-4ee4-b39f-d17a501a2cf3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:39.000Z", "modified": "2019-12-10T09:24:39.000Z", "pattern": "[file:hashes.MD5 = '61f6f2296d99b469078db1cb5d36bf65' AND file:hashes.SHA1 = 'f03aa226cc7aeb12a3190b3ccc8a2db68ffd1587' AND file:hashes.SHA256 = 'fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d5ef38d1-b501-4ae1-9249-6707886ea81b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:39.000Z", "modified": "2019-12-10T09:24:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-13T12:32:04", "category": "Other", "comment": "NanoCore", "uuid": "231d8b6a-d8f5-4f91-8d14-3c13201efae9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33/analysis/1570969924/", "category": "Payload delivery", "comment": "NanoCore", "uuid": "e65af2d7-3fa7-4d88-b92d-074c869b7389" }, { "type": "text", "object_relation": "detection-ratio", "value": "60/70", "category": "Payload delivery", "comment": "NanoCore", "uuid": "d5dbf1e4-14fb-492e-a36e-5433f7500168" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c64bda57-fb58-499b-a870-74140ecb73c3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:39.000Z", "modified": "2019-12-10T09:24:39.000Z", "pattern": "[file:hashes.MD5 = 'a5de91f73a5e75aa7e33954fd0adda13' AND file:hashes.SHA1 = '07b518b86eca57bc9534c9b955d1809f9f66f080' AND file:hashes.SHA256 = '84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:39.000Z", "modified": "2019-12-10T09:24:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-28T03:26:27", "category": "Other", "comment": "Dll", "uuid": "aea636b1-9152-49df-8c25-55266a813659" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6/analysis/1569641187/", "category": "Payload delivery", "comment": "Dll", "uuid": "423be0e6-f07a-44cc-a07c-5d12ebb9bd78" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/67", "category": "Payload delivery", "comment": "Dll", "uuid": "73e7f2b3-941d-4727-86bf-ab089e83ff03" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0ec33fed-1a2a-485e-939f-f40425ebc54c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:40.000Z", "modified": "2019-12-10T09:24:40.000Z", "pattern": "[file:hashes.MD5 = '9257e5b74cf52683b168602036f19d3f' AND file:hashes.SHA1 = 'cdd025adf4d4b616a703378a05915a36dedcbe9a' AND file:hashes.SHA256 = '516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c0bce316-ef56-42c6-811e-7dca12ecf919", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:40.000Z", "modified": "2019-12-10T09:24:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-29T15:05:37", "category": "Other", "comment": "ASyncRAT", "uuid": "007438bf-4ab7-41b1-8d4c-2569dbb74a59" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/analysis/1572361537/", "category": "Payload delivery", "comment": "ASyncRAT", "uuid": "4e5958e9-9ee1-4023-833e-d9d30a89393f" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/71", "category": "Payload delivery", "comment": "ASyncRAT", "uuid": "771cbfda-bc1e-49a0-82ff-341ab0bb1022" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f1e1d01c-6f5f-4204-9d86-34227fa834ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:40.000Z", "modified": "2019-12-10T09:24:40.000Z", "pattern": "[file:hashes.MD5 = '0638dff86bcdbebe8dc9c9d0bece613b' AND file:hashes.SHA1 = 'e7ec733b91eece465192ebe2d62bb5fd14a135c3' AND file:hashes.SHA256 = '6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-10T09:24:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--78cebe26-6eb1-4f08-b500-312923e761c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-10T09:24:40.000Z", "modified": "2019-12-10T09:24:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-25T06:30:50", "category": "Other", "comment": "AgentTesla", "uuid": "77b6b35b-d50d-4041-b505-20115a28c312" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5/analysis/1571985050/", "category": "Payload delivery", "comment": "AgentTesla", "uuid": "21a8e5ac-802a-4506-bcdd-6b69d3419a47" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/68", "category": "Payload delivery", "comment": "AgentTesla", "uuid": "cadc000e-d4db-47db-9bd1-ee1ec522e9d6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8eaa227e-af1f-4f77-a5ea-4ed57d5737d4", "created": "2019-12-10T09:24:40.000Z", "modified": "2019-12-10T09:24:40.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d670c680-69d6-426d-a298-c0ff391db8e7", "target_ref": "x-misp-object--5a211825-b90f-4f28-8d80-2ccca44fb240" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2dda5e0f-7009-44ce-b34d-e57d5db33eac", "created": "2019-12-10T09:24:41.000Z", "modified": "2019-12-10T09:24:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4001f135-f142-448f-8f86-90d6ddf6342b", "target_ref": "x-misp-object--fad7d3d0-90ab-430b-840d-7d8a2b18ac51" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2f057755-238e-4cd6-8f25-2293e4e98845", "created": "2019-12-10T09:24:41.000Z", "modified": "2019-12-10T09:24:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--4ebb5413-89fe-40e4-a59f-e5c6a1b7313e", "target_ref": "x-misp-object--693be22d-e312-4294-9171-2d8065cddd54" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--90fa3488-e6ae-4e04-90ec-b77513796fba", "created": "2019-12-10T09:24:41.000Z", "modified": "2019-12-10T09:24:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--92ae76c5-8973-4515-938d-b878ca91368e", "target_ref": "x-misp-object--dffbc7d4-cd65-4cb2-9090-32a89e4e174f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3e4d1c3e-bd5e-48e3-a5af-637bc0b76556", "created": "2019-12-10T09:24:41.000Z", "modified": "2019-12-10T09:24:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c4cded67-8b32-4ee4-b39f-d17a501a2cf3", "target_ref": "x-misp-object--d5ef38d1-b501-4ae1-9249-6707886ea81b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--970c8cc8-b5a1-4d59-98da-fa2b9c9fd816", "created": "2019-12-10T09:24:41.000Z", "modified": "2019-12-10T09:24:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c64bda57-fb58-499b-a870-74140ecb73c3", "target_ref": "x-misp-object--8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c58094ea-692c-4229-a7b1-03dc0f723703", "created": "2019-12-10T09:24:41.000Z", "modified": "2019-12-10T09:24:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0ec33fed-1a2a-485e-939f-f40425ebc54c", "target_ref": "x-misp-object--c0bce316-ef56-42c6-811e-7dca12ecf919" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0168381a-fff2-4a49-8a7c-4034e6a6ec5f", "created": "2019-12-10T09:24:41.000Z", "modified": "2019-12-10T09:24:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f1e1d01c-6f5f-4204-9d86-34227fa834ed", "target_ref": "x-misp-object--78cebe26-6eb1-4f08-b500-312923e761c9" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }