{ "type": "bundle", "id": "bundle--5dfce305-c520-4a71-9094-47c702de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:26:15.000Z", "modified": "2019-12-20T15:26:15.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5dfce305-c520-4a71-9094-47c702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:26:15.000Z", "modified": "2019-12-20T15:26:15.000Z", "name": "OSINT - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking", "published": "2019-12-20T15:26:26Z", "object_refs": [ "observed-data--5dfce31d-72a0-4da4-9eb9-9a0402de0b81", "url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81", "indicator--5dfce36c-7cbc-46d0-896f-8bb502de0b81", "indicator--5dfce36c-ba98-465b-84b9-8bb502de0b81", "indicator--5dfce36c-478c-4cd0-8a28-8bb502de0b81", "indicator--5dfce36c-2118-4510-90a4-8bb502de0b81", "indicator--5dfce36c-6728-4ac9-aa75-8bb502de0b81", "indicator--5dfce36c-80f0-4c21-99d5-8bb502de0b81", "indicator--5dfce36c-d5f4-42b3-be96-8bb502de0b81", "indicator--5dfce36c-01b4-46b5-ad90-8bb502de0b81", "indicator--5dfce36d-f82c-4402-91d8-8bb502de0b81", "indicator--5dfce36d-a700-44a4-a66e-8bb502de0b81", "indicator--5dfce5c9-85d4-411c-9374-8ba102de0b81", "indicator--5dfce5c9-38f8-47e2-a063-8ba102de0b81", "indicator--5dfce5c9-3ce4-4157-8ab1-8ba102de0b81", "indicator--5dfce5c9-da10-4a2b-b7f2-8ba102de0b81", "indicator--5dfce5c9-b084-4b29-8b05-8ba102de0b81", "indicator--5dfce5c9-9d58-4ccf-90fd-8ba102de0b81", "indicator--5dfce5c9-6d9c-472f-a1cf-8ba102de0b81", "indicator--5dfce5c9-e0b4-451b-bb30-8ba102de0b81", "indicator--5dfce5c9-ce2c-4e36-a19e-8ba102de0b81", "indicator--7c234dae-875e-49ec-adb2-43a8033db0e0", "x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34", "indicator--69638f44-509c-45ab-80fc-97514283b206", "x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d", "indicator--bf7c8c32-31da-4197-998f-95a2eda8b415", "x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12", "indicator--94aaa7da-30e3-49e8-93a2-379fea74854b", "x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f", "indicator--71982da2-49c2-49f4-95eb-e45f05d9f424", "x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67", "indicator--3b6714ab-d534-449f-8eae-856904fe477b", "x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae", "indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8", "x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b", "indicator--ea68f105-92dd-4589-ac6b-19c493f351cc", "x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53", "indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7", "x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1", "relationship--33ba229f-8b6b-4214-9519-aa0dbbc9534b", "relationship--b258d21e-24ce-4c67-a66b-89736280cf3d", "relationship--a3c368dc-44aa-4ac1-a9cd-dc7e926abe98", "relationship--35d9b849-1449-43a3-b26d-ebab39f9ab9c", "relationship--5dba52e9-c079-467f-9a80-e7961efcbdeb", "relationship--9f120903-3d1d-493a-8ce5-9ce150987219", "relationship--2c670fd7-8c9f-4ce8-a64c-c69ac30a15b2", "relationship--c0ebaff2-72d8-4f75-8fac-43688609a0b2", "relationship--03fdd9a4-6fed-4f12-a51c-7bf2baac8015" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:threat-actor=\"TA505\"", "type:OSINT", "osint:lifetime=\"perpetual\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5dfce31d-72a0-4da4-9eb9-9a0402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:05:01.000Z", "modified": "2019-12-20T15:05:01.000Z", "first_observed": "2019-12-20T15:05:01Z", "last_observed": "2019-12-20T15:05:01Z", "number_observed": 1, "object_refs": [ "url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5dfce31d-72a0-4da4-9eb9-9a0402de0b81", "value": "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-7cbc-46d0-896f-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "WinDef Download URL", "pattern": "[url:value = 'http://96.9.211.157/sdf4r3r3/WinDef.msi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-ba98-465b-84b9-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "Predator C2", "pattern": "[url:value = 'https://soul-fly.xyz/api/gate.get']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-478c-4cd0-8a28-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "LDR_5622 URL1", "pattern": "[url:value = 'https://artrolife.club/fhj37f34fdd/file1.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-2118-4510-90a4-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "LDR_5622 URL2", "pattern": "[url:value = 'http://supremeconnect.xyz/fdfg83574gd/file2.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-6728-4ac9-aa75-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "Team Viewer Panel", "pattern": "[url:value = 'http://0926tv.xyz/mystt34834ujf37data/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-80f0-4c21-99d5-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "ServHelper NetSupport", "pattern": "[url:value = 'http://gabardine.xyz/log.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-d5f4-42b3-be96-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "ServHelper NetSupport", "pattern": "[url:value = 'http://kuarela.xyz/1.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36c-01b4-46b5-ad90-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:20.000Z", "modified": "2019-12-20T15:06:20.000Z", "description": "ServHelper NetSupport", "pattern": "[url:value = 'http://foxlnklnk.xyz/pf1.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36d-f82c-4402-91d8-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:21.000Z", "modified": "2019-12-20T15:06:21.000Z", "description": "ServHelper NetSupport", "pattern": "[url:value = 'http://cafafafa.xyz/pf1.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce36d-a700-44a4-a66e-8bb502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:06:21.000Z", "modified": "2019-12-20T15:06:21.000Z", "description": "ServHelper NetSupport", "pattern": "[url:value = 'http://letitbe.icu/2.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:06:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-85d4-411c-9374-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = '9aa1b6bb7d53b008b6529b4a2f6bfada']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-38f8-47e2-a063-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = 'a2e77ee41f4d4d3e8814d07d26ec5be3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-3ce4-4157-8ab1-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = '77f46b13d858f83c3ce5bdc6ffbc8a95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-da10-4a2b-b7f2-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = 'de70f256b9fd194f6844d7aa81b17b4e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-b084-4b29-8b05-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = '6954cee9db2533337e4425aceacc547b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-9d58-4ccf-90fd-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = 'a606d454b408b99aa9fc7ad774951621']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-6d9c-472f-a1cf-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = '92cc85c53e169b330fd8686d35259261']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-e0b4-451b-bb30-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = 'a511410d5889fca07a0dd0a8c84d6c8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5dfce5c9-ce2c-4e36-a19e-8ba102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:25.000Z", "modified": "2019-12-20T15:16:25.000Z", "pattern": "[file:hashes.MD5 = 'c3c226ec03f393103b9df764df50f0bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c234dae-875e-49ec-adb2-43a8033db0e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:42.000Z", "modified": "2019-12-20T15:16:42.000Z", "pattern": "[file:hashes.MD5 = 'de70f256b9fd194f6844d7aa81b17b4e' AND file:hashes.SHA1 = '8c14b7bc7d0f132b4a00062ebc84eca98074eb06' AND file:hashes.SHA256 = 'ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:42.000Z", "modified": "2019-12-20T15:16:42.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-01T14:13:53", "category": "Other", "uuid": "a5271e19-09e7-404f-9171-76cd45767dfc" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2/analysis/1569939233/", "category": "Payload delivery", "uuid": "61098a77-079f-4c1c-8c07-2e426ff525e8" }, { "type": "text", "object_relation": "detection-ratio", "value": "42/71", "category": "Payload delivery", "uuid": "5d708598-582e-4e90-b781-495f5bef2a27" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69638f44-509c-45ab-80fc-97514283b206", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:42.000Z", "modified": "2019-12-20T15:16:42.000Z", "pattern": "[file:hashes.MD5 = 'a511410d5889fca07a0dd0a8c84d6c8a' AND file:hashes.SHA1 = 'c470685e7f2b4c1c1ff5a544824becef1f81c0de' AND file:hashes.SHA256 = '1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:43.000Z", "modified": "2019-12-20T15:16:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T04:36:27", "category": "Other", "uuid": "948e4fae-219b-42ce-8ba9-44a92f8a3ae7" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a/analysis/1575347787/", "category": "Payload delivery", "uuid": "ac8f3242-6e1d-468d-8fc0-a841bdcec64d" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/68", "category": "Payload delivery", "uuid": "1b012b4e-a10b-4681-9094-735f8272c584" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf7c8c32-31da-4197-998f-95a2eda8b415", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:43.000Z", "modified": "2019-12-20T15:16:43.000Z", "pattern": "[file:hashes.MD5 = '9aa1b6bb7d53b008b6529b4a2f6bfada' AND file:hashes.SHA1 = 'e764a66692df3ecbfae0660a1d1e567be20e034d' AND file:hashes.SHA256 = 'd83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:43.000Z", "modified": "2019-12-20T15:16:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-11-15T10:55:08", "category": "Other", "uuid": "dfe11c11-1352-4103-89f1-ecac42bf7a8b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/d83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2/analysis/1573815308/", "category": "Payload delivery", "uuid": "536eee81-3ea3-4fb6-a0db-389783a109f2" }, { "type": "text", "object_relation": "detection-ratio", "value": "26/71", "category": "Payload delivery", "uuid": "c3ef49b9-4ed9-43b6-a1cd-cc2163ffd434" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94aaa7da-30e3-49e8-93a2-379fea74854b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:43.000Z", "modified": "2019-12-20T15:16:43.000Z", "pattern": "[file:hashes.MD5 = 'c3c226ec03f393103b9df764df50f0bc' AND file:hashes.SHA1 = '177f891063569d82f85fc931a5254f0c5acbee9f' AND file:hashes.SHA256 = 'c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:43.000Z", "modified": "2019-12-20T15:16:43.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-26T19:39:42", "category": "Other", "uuid": "e6c3486c-c499-4a99-b7b7-b2f48f92ee34" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0/analysis/1569526782/", "category": "Payload delivery", "uuid": "461ef55a-d9a5-4fb0-8e0b-1a04e2903a0f" }, { "type": "text", "object_relation": "detection-ratio", "value": "10/70", "category": "Payload delivery", "uuid": "671ac72d-aad7-426c-aa5d-0dabfe885696" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71982da2-49c2-49f4-95eb-e45f05d9f424", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:44.000Z", "modified": "2019-12-20T15:16:44.000Z", "pattern": "[file:hashes.MD5 = '6954cee9db2533337e4425aceacc547b' AND file:hashes.SHA1 = 'da3973333643735f740f832ebb914faedc3385fa' AND file:hashes.SHA256 = '70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:44.000Z", "modified": "2019-12-20T15:16:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-03T06:11:45", "category": "Other", "uuid": "7d9d833a-6c37-41f1-9a3b-687e60b43784" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72/analysis/1570083105/", "category": "Payload delivery", "uuid": "b13d1871-894a-46c6-a401-61de32ac5d85" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/70", "category": "Payload delivery", "uuid": "da84ee46-40da-4f54-8200-940c0eb3cde2" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3b6714ab-d534-449f-8eae-856904fe477b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:44.000Z", "modified": "2019-12-20T15:16:44.000Z", "pattern": "[file:hashes.MD5 = 'a2e77ee41f4d4d3e8814d07d26ec5be3' AND file:hashes.SHA1 = 'e07292223d53785c61e4d4e33126e71d69527cbd' AND file:hashes.SHA256 = '1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:44.000Z", "modified": "2019-12-20T15:16:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-03T04:36:19", "category": "Other", "uuid": "2dccaf5f-a350-4c18-94b1-aaf6f4bd97ff" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb/analysis/1575347779/", "category": "Payload delivery", "uuid": "22ba39fc-e09e-4737-9e98-a71026bbbc33" }, { "type": "text", "object_relation": "detection-ratio", "value": "38/63", "category": "Payload delivery", "uuid": "7cd33bde-eca9-40b1-a030-151bf7acbab8" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:44.000Z", "modified": "2019-12-20T15:16:44.000Z", "pattern": "[file:hashes.MD5 = '77f46b13d858f83c3ce5bdc6ffbc8a95' AND file:hashes.SHA1 = 'd08b44e8aed3aa013827d5aeef901fed360c57fb' AND file:hashes.SHA256 = '97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:44.000Z", "modified": "2019-12-20T15:16:44.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-09-27T17:09:02", "category": "Other", "uuid": "998f01f8-1c0f-4c68-9923-148dd4525864" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf/analysis/1569604142/", "category": "Payload delivery", "uuid": "537c2145-8681-4e28-8c31-9ba67d642300" }, { "type": "text", "object_relation": "detection-ratio", "value": "25/59", "category": "Payload delivery", "uuid": "e8cb3e8f-e0c7-473f-a527-6e3e712a9a67" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea68f105-92dd-4589-ac6b-19c493f351cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:45.000Z", "modified": "2019-12-20T15:16:45.000Z", "pattern": "[file:hashes.MD5 = '92cc85c53e169b330fd8686d35259261' AND file:hashes.SHA1 = '4d30c482886f3369731914f6db4100e84fa8cf27' AND file:hashes.SHA256 = 'ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:45.000Z", "modified": "2019-12-20T15:16:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-12-14T05:52:55", "category": "Other", "uuid": "d5d1c38a-ccc9-491d-812e-a5b0f06223ee" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248/analysis/1576302775/", "category": "Payload delivery", "uuid": "e3f4fa91-809b-4420-8245-bf5f47417265" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/71", "category": "Payload delivery", "uuid": "4a882389-39f1-47d2-b8fe-01c261f76fbf" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:45.000Z", "modified": "2019-12-20T15:16:45.000Z", "pattern": "[file:hashes.MD5 = 'a606d454b408b99aa9fc7ad774951621' AND file:hashes.SHA1 = '5963233ae8e9382178169a2efe236598dfc7466c' AND file:hashes.SHA256 = 'c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-20T15:16:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-20T15:16:45.000Z", "modified": "2019-12-20T15:16:45.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-10-07T10:31:06", "category": "Other", "uuid": "9d29948f-941b-4229-8319-2e1d7912082f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715/analysis/1570444266/", "category": "Payload delivery", "uuid": "57bade74-adee-47a2-acb1-283f69e39be2" }, { "type": "text", "object_relation": "detection-ratio", "value": "4/56", "category": "Payload delivery", "uuid": "1cfe29e5-5c2b-48e3-b459-750ed560cd08" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--33ba229f-8b6b-4214-9519-aa0dbbc9534b", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--7c234dae-875e-49ec-adb2-43a8033db0e0", "target_ref": "x-misp-object--0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--b258d21e-24ce-4c67-a66b-89736280cf3d", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--69638f44-509c-45ab-80fc-97514283b206", "target_ref": "x-misp-object--9f3593c3-2cb3-4192-a97e-5722f1e1ae4d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a3c368dc-44aa-4ac1-a9cd-dc7e926abe98", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--bf7c8c32-31da-4197-998f-95a2eda8b415", "target_ref": "x-misp-object--c4a78b93-68c9-4dfc-940d-72bcb366da12" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--35d9b849-1449-43a3-b26d-ebab39f9ab9c", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--94aaa7da-30e3-49e8-93a2-379fea74854b", "target_ref": "x-misp-object--92edb5af-e2af-4ff2-866d-9a9c87a75b8f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5dba52e9-c079-467f-9a80-e7961efcbdeb", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--71982da2-49c2-49f4-95eb-e45f05d9f424", "target_ref": "x-misp-object--b5df2442-478c-4296-b836-bab32bb0fc67" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9f120903-3d1d-493a-8ce5-9ce150987219", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3b6714ab-d534-449f-8eae-856904fe477b", "target_ref": "x-misp-object--22c0164b-71a4-4a76-b04e-ed9894751cae" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2c670fd7-8c9f-4ce8-a64c-c69ac30a15b2", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--09a93a47-f8a4-4c0f-b36b-1f176b4434a8", "target_ref": "x-misp-object--c9c85791-3555-477e-9b9f-4ac28c080f8b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--c0ebaff2-72d8-4f75-8fac-43688609a0b2", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--ea68f105-92dd-4589-ac6b-19c493f351cc", "target_ref": "x-misp-object--66903195-a97f-4dcd-9282-66d1a8c48d53" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--03fdd9a4-6fed-4f12-a51c-7bf2baac8015", "created": "2019-12-20T15:16:47.000Z", "modified": "2019-12-20T15:16:47.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f0b007bd-4038-4c0f-bb89-03e6f0e131f7", "target_ref": "x-misp-object--2ac81cf5-9a0c-4527-955d-02e0bd5eadd1" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }